I have been fumbling around with trying to protect Django's media files with no luck so far! I am simply trying to make it where ONLY admin users can access the media folder. Here is my Nginx file.
server {
listen 80;
server_name xxxxxxxxxx;
location = /favicon.ico {access_log off; log_not_found off;}
location /static/ {
alias /home/{site-name}/static_cdn/;
}
location /media/ {
internal;
root /home/{site-name}/;
}
location / {
this is setup and working. Didn't include Code though
}
My Url File
urlpatterns = [
url(r'^media/', views.protectedMedia, name="protect_media"),
]
And my view
def protectedMedia(request):
if request.user.is_staff:
response = HttpResponse()
response['Content-Type'] = ''
response['X-Accel-Redirect'] = request.path
return response
else:
return HttpResponse(status=400)
This is producing a 404 Not Found Nginx error. Does anything look blatantly wrong here? Thanks!
BTW, I have tried adding /media/ to the end of the root URL in the Nginx settings.
This is what fixed this issue thanks to @Paulo Almeida.
In the nginx file I changed what I previosly had too...
location /protectedMedia/ {
internal;
root /home/{site-name}/;
}
My url is...
url(r'^media/', views.protectedMedia, name="protect_media"),
And the View is...
def protectedMedia(request):
if request.user.is_staff:
response = HttpResponse(status=200)
response['Content-Type'] = ''
response['X-Accel-Redirect'] = '/protectedMedia/' + request.path
return response
else:
return HttpResponse(status=400)
This works perfectly! Now only admin users can access the media files stored in my media folder.