djangoubuntunginxsendfiledjango-media

Django and Nginx X-accel-redirect


I have been fumbling around with trying to protect Django's media files with no luck so far! I am simply trying to make it where ONLY admin users can access the media folder. Here is my Nginx file.

server {
    listen 80;
    server_name xxxxxxxxxx;

    location = /favicon.ico {access_log off; log_not_found off;}
    location /static/ {
          alias /home/{site-name}/static_cdn/;
   }
   location /media/ {
          internal;
          root /home/{site-name}/;
   }

   location / {
this is setup and working. Didn't include Code though

}

My Url File

urlpatterns = [
    url(r'^media/', views.protectedMedia, name="protect_media"),
] 

And my view

def protectedMedia(request):

    if request.user.is_staff:
        response = HttpResponse()
        response['Content-Type'] = ''
        response['X-Accel-Redirect'] = request.path
        return response

    else:
        return HttpResponse(status=400)

This is producing a 404 Not Found Nginx error. Does anything look blatantly wrong here? Thanks!

BTW, I have tried adding /media/ to the end of the root URL in the Nginx settings.


Solution

  • This is what fixed this issue thanks to @Paulo Almeida.

    In the nginx file I changed what I previosly had too...

       location /protectedMedia/ {
              internal;
              root /home/{site-name}/;
       }
    

    My url is...

    url(r'^media/', views.protectedMedia, name="protect_media"),
    

    And the View is...

    def protectedMedia(request):
    
        if request.user.is_staff:
            response = HttpResponse(status=200)
            response['Content-Type'] = ''
            response['X-Accel-Redirect'] = '/protectedMedia/' + request.path
            return response
    
        else:
            return HttpResponse(status=400)
    

    This works perfectly! Now only admin users can access the media files stored in my media folder.