logo标签列表

XSendFile在Apache 2.2中无法提供文件服务

apacheapache-modules
9

我正在使用mod_xsendfile(v0.12)来提供静态文件,其中Django基于用户和权限控制访问这些文件。

在我的配置文件中,我有:

XSendFile On
XSendFilePath e:/documents/

<Directory e:/Documents>
  Order allow,deny
  Allow from all
</Directory>

在我的Django代码中,我设置了如下的头部信息:
assert(isinstance(filename, FieldFile))

xsendfile = filename.name
if(platform.system() == 'Windows'):
    xsendfile = xsendfile.replace('\\', '/')

response = HttpResponse()
response['X-Sendfile'] = xsendfile
mimetype = mimetypes.guess_type(xsendfile)[0]
response['Content-Type'] = mimetype
response['Content-Length'] = filename.size

而在我的日志文件中,我得到:

[Fri Oct 22 08:54:22 2010] [error] [client 192.168.20.34] (20023)The given path
was above the root path: xsendfile: unable to find file:
e:/Documents/3/2010-10-20/TestDocument.pdf

在这个版本的mod_xsendfile中,
XSendFileAllowAbove On

生成错误:

Invalid command 'XSendFileAllowAbove', perhaps misspelled or defined by a module
not included in the server configuration

我认为这是因为他们添加了XSendFilePath白名单。还有其他人成功实现了吗?

2个回答
13

不要自己设置Content-Length。这只会让处理程序(比如在这种情况下的mod_wsgi)混淆。

在Windows上,你不仅必须提供驱动器的盘符,而且盘符必须是大写的(如果我没记错的话)!

我有一个可行的测试配置,如下所示:

<Directory "E:/">
  XSendFile on
  XSendFilePath E:/localhosts
</Directory>

我在E:/Apache2.2/htdocs/中编写的测试脚本之一如下所示:

<?php
  header('X-SendFile: E:/localhosts/archive.tar.bz2');
  header('Content-type: application/octet-stream');
  header('Content-disposition: attachment; filename="blob"');
?>

XSendFileAllowAbove已经在一段时间前被取消,取而代之的是XSendFilePath

1
在这一切中,我发现的另一件事是整个路径是大小写敏感的,即使你在Windows上。如果我在Linux上,我会立即想到这一点,但在Windows上,我忽略了这个问题。 驱动器号必须大写! - boatcoder
4

我在配置XSendfile路径时经常遇到很多问题。

这里我在Windows上测试了几种情况来查找问题(请跳至本文结尾查看结论和建议):

<?php

/* X-SENDFILE
 * This can be a b*tch to configure. So I'm writing various scenarios here so that I can rely on them in the future.
 * Example use: after re-installing XAMPP, after changing config file, in a new script, after some time without using it...
 * Tested on Windows 7 + XAMPP (Apache/2.4.3, PHP/5.4.7) + mod_xsendfile 1.0-P1 for Apache 2.4.x Win32
 */

/** Environment Debug **/
//echo dirname(__FILE__);   die();
//echo $_SERVER['DOCUMENT_ROOT'];   die();

/** The damn fucking path, with comments **/

// Local file in execution directory.
// Tested with: *no* XSendFilePath inside of the Apache config
// Result: works fine.
//header("X-Sendfile: " . 'localfile.zip' );

// Local file in execution directory + relative path
// Tested with: *no* XSendFilePath inside of the Apache config
// Result: works fine.
//header("X-Sendfile: " . '../xsendfile/localfile.zip' );

// Local file in execution directory + absolute pathS
// Tested with: *no* XSendFilePath inside of the Apache config
// Result: works fine and a lot of flexibility on the slash and letter drive format combinations *BUT* case-sensitive
//header("X-Sendfile: " . 'D:\Dropbox\XAMPP\web\tests\Languages\Apache\xsendfile\localfile.zip' );  // works fine
//header("X-Sendfile: " . '\Dropbox\XAMPP\web\tests\Languages\Apache\xsendfile\localfile.zip' );    // works fine
//header("X-Sendfile: " . 'D:/Dropbox/XAMPP/web/tests/Languages/Apache/xsendfile/localfile.zip' );  // works fine
//header("X-Sendfile: " . '/Dropbox/XAMPP/web/tests/Languages/Apache/xsendfile/localfile.zip' );    // works fine
//header("X-Sendfile: " . '/dropbox/XAMPP/web/tests/Languages/Apache/xsendfile/localfile.zip' );    // FAILS (case-sensitive)

// File in the XSendFilePath directory + Absolute path
// Tested with: XSendFilePath D:\Dropbox\XAMPP\web -- Mind the backward slashes
// Result: FAILS! error.log => [Wed Feb 20 19:08:02.617971 2013] [:error] [pid 15096:tid 1768] (20023)The given path was above the root path: [client ::1:56658] xsendfile: unable to find file: D:\\Dropbox\\XAMPP\\web\\xsfile.zip
//header("X-Sendfile: " . 'D:\Dropbox\XAMPP\web\xsfile.zip' );

// File in the XSendFilePath directory + Absolute path
// Tested with: XSendFilePath D:/Dropbox/XAMPP/web <== mind the forward slashes this time
// Result: WORKS! Conclusion: XSendFilePath needs use forward slashes on Windows AND we don't need any trailing slash in it.
header("X-Sendfile: " . 'D:\Dropbox\XAMPP\web\xsfile.zip' );

/** We might wanna test also:
 * - How does backward slashes in both XSendfilePath and the header combine?
 * - The use of subdirectories.
 * /

/** The rest of the headers (until otherwise stated, nothing special) **/
header("Content-Type: application/zip");
header("Content-Disposition: attachment; filename=\"" . 'blah.zip' . "\"");
header("Content-Transfer-Encoding: binary");
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");

/** Tell the script to stop (so the file download may start) **/
die();


?>

所以,对于在Windows上使用X-Sendfile,确保:

  • 在Apache配置中使用正斜杠(/)作为XSendfilePath的路径分隔符(必须);
  • 尽管我们在Windows上,但应区分路径大小写(必须);
  • 在任何地方都使用绝对路径(推荐);
  • XSendfilePath路径后不要加斜杠(/)(推荐)。

希望它能帮助到某些人! Fabien

你的回答被低估了,感谢你所有的测试。 - John
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接