Server configurations

All of the bellow examples assume that:

  • MEDIA_ROOT is set to /media/psf/Home/Projects/django-private-files/testproject/static/
  • MEDIA_URL is set to /media/
  • Protected files are stored in two subfolders uploads and downloadables
  • Other static files stored in MEDIA_ROOT should be freely downloadable


If you serve your static content with Apache and have mod_xsendfile you can set FILE_PROTECTION_METHOD to xsendfile. Turn XSendFile on and deny access to the directory where you store your protected files (the value of upload_to appended to MEDIA_ROOT). Here’s an exmple of a vhost configuration with mod_xsendfile and mod_wsgi:

<VirtualHost *:80>
        ServerName django.test
        XSendFile on
        alias /adminmedia/ /media/psf/Home/Projects/django-private-files/testproject/static/
        alias /media/ /home/vasil/src/django-trunk/django/contrib/admin/media/
        WSGIDaemonProcess django-test user=vasil group=users threads=1 processes=5
        WSGIProcessGroup django-test
        WSGIScriptAlias / /media/psf/Home/Projects/django-private-files/testproject/django.wsgi

        <Directory /media/psf/Home/Projects/django-private-files/testproject>
            Order deny,allow
            Allow from all

        <Directory /media/psf/Home/Projects/django-private-files/testproject/static/uploads>
            Order deny,allow
            Deny from all

        <Directory /media/psf/Home/Projects/django-private-files/testproject/static/downloadables>
            Order deny,allow
            Deny from all

        <Directory /home/vasil/src/django-trunk/django/contrib/admin>
            Order deny,allow
            Allow from all

    ErrorLog /var/log/httpd/test.err.log


Lighttpd has the same mechanism of controlling access to files from a proxy backend. The following example proxies request to django running on fcgi:

$HTTP["host"] =~ "^django.test$" {
        server.errorlog = "/var/log/lighttpd/test-error.log"
        accesslog.filename = "/var/log/lighttpd/test-access.log"

        alias.url = (
           "/adminmedia" => "/home/vasil/src/django-trunk/django/contrib/admin/media/",
            "/media" => "/media/psf/Home/Projects/django-private-files/testproject/static/",

        fastcgi.server = (
           "/django.fcgi" => (
                "main" => (
                  # Use host / port instead of socket for TCP fastcgi
                "allow-x-send-file" => "enable",
                        "host" => "",
            "port" => 3033,
            "check-local" => "disable",

        url.access-deny = ( "/media/uploads/", "/media/downloadables/" )

        url.rewrite-once = (
                "^(/adminmedia.*)$" => "$1",
                "^(/media.*)$" => "$1",
                "^/django.fcgi(/.*)$" => "django.fcgi$1",
        "^(/.*)$" => "django.fcgi$1",


If you use nginx to serve your static files you can set the internal directive like so:

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

        keepalive_timeout  65;

    server {
    listen   80;
    server_name  django.test;

    location /uploads/{
        root /media/psf/Home/Projects/django-private-files/testproject/static;

    location /downloadables/{
        root /media/psf/Home/Projects/django-private-files/testproject/static;

   location /media/ {
        alias /media/psf/Home/Projects/django-private-files/testproject/static/;

   location /media/uploads/ {
        deny all;


   location /media/downloadables/ {
        deny all;

    location /adminmedia {
        alias   /home/vasil/src/django-trunk/django/contrib/admin/media;

    location / {
        # for a TCP host/port:
         fastcgi_pass   localhost:3033;

        # necessary parameter
        fastcgi_param PATH_INFO $fastcgi_script_name;

        include fastcgi.conf;

        # to deal with POST requests
        fastcgi_param REQUEST_METHOD $request_method;
        fastcgi_param CONTENT_TYPE $content_type;
        fastcgi_param CONTENT_LENGTH $content_length;


Table Of Contents

Previous topic


This Page