[users@httpd] Large file downloads certification, do not use PHP, and use apache authentication

[孙俊 <wi...@gmail.com>]

I think this situation is common

After logging in to the application, access a file link.
php comparing the relevant permissions correctly, the file is loaded into
memory, then sent to the client.
If this file is how to do when there is 1G? This will be a lot of server
resources, and the performance is very poor.

I think if the certification of the work handled by apache, not the
kind of user
name and password input boxes of the kind.

For example, php session passed to apache, so apache to use the session to
save the UID and password to access the database for authentication.
Or, use the HTTP head parameters, send the UID and password to authenticate
apache

When verified by the apache to send the file to the client, did not return
to the state by 302 when

Apache does not know such a feature?

(google translate)

我想这种情形很普遍

在登录到应用系统后，访问某个文件链接。
php将相关权限对比正确后，将文件加载到内存，再发送给客户端。
如果这个文件有1G时怎么办？这将会大量的服务器资源，而且性能非常差。

我想到如果将认证的工作交由apache处理，不是那种用户名和密码输入框的那种.

例如，php的会话传递给apache，让apache使用会话保存的UID和密码去访问数据库进行验证。
或者，使用HTTP head 参数，发送UID和密码传递给apache进行认证

当验证通过时由apache将文件发送给客户端，未通过时返回状态302

不知道apache有这样的功能吗？

Re: [users@httpd] Large file downloads certification, do not use PHP, and use apache authentication

["Sharl.Jimh.Tsin" <am...@gmail.com>]

check mod_auth module.

阿帕奇有这个功能，你找找。
在 2011-5-16 下午1:41，"孙俊" <wi...@gmail.com>写道：
> I think this situation is common
>
> After logging in to the application, access a file link.
> php comparing the relevant permissions correctly, the file is loaded into
> memory, then sent to the client.
> If this file is how to do when there is 1G? This will be a lot of server
> resources, and the performance is very poor.
>
> I think if the certification of the work handled by apache, not the
> kind of user
> name and password input boxes of the kind.
>
> For example, php session passed to apache, so apache to use the session to
> save the UID and password to access the database for authentication.
> Or, use the HTTP head parameters, send the UID and password to
authenticate
> apache
>
> When verified by the apache to send the file to the client, did not return
> to the state by 302 when
>
> Apache does not know such a feature?
>
> (google translate)
>
> 我想这种情形很普遍
>
> 在登录到应用系统后，访问某个文件链接。
> php将相关权限对比正确后，将文件加载到内存，再发送给客户端。
> 如果这个文件有1G时怎么办？这将会大量的服务器资源，而且性能非常差。
>
> 我想到如果将认证的工作交由apache处理，不是那种用户名和密码输入框的那种.
>
> 例如，php的会话传递给apache，让apache使用会话保存的UID和密码去访问数据库进行验证。
> 或者，使用HTTP head 参数，发送UID和密码传递给apache进行认证
>
> 当验证通过时由apache将文件发送给客户端，未通过时返回状态302
>
> 不知道apache有这样的功能吗？

Re: [users@httpd] Large file downloads certification, do not use PHP, and use apache authentication

[Ben Timby <bt...@gmail.com>]

2011/5/16 孙俊 <wi...@gmail.com>:
> I think this situation is common

Look into mod_xsendfile. You can do the authentication using PHP, then
instead of sending the file, simply send a header to apache, which
will cause it to send the file on your behalf.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org