How to protect downloads but still have nginx serve the files

I've just been working on a project where a number of downloads needed to be restricted to specific users. I needed to authenticate the user and then allow them access to the file. This is not too difficult in rails:

def download
  if authenticated?
    send_file #{RAILS_ROOT}/downloads/images/myfile.zip'
  end
end

The problem with this is that if the file is large, rails will spend a lot of time sending this file to the browser. The solution, hand it off to the webserver (in my case, nginx) to send the file once the authentication has succeeded. nginx supports a header named X-Accel-Redirect. Using this header, you send a full path to the file to be downloaded:

def download
  if authenticated?
    #Set the X-Accel-Redirect header with the path relative to the /downloads location in nginx
    response.headers['X-Accel-Redirect'] = '/downloads/myfile.zip'
    #Set the Content-Type header as nginx won't change it and Rails will send text/html
    response.headers['Content-Type'] = 'application/octet-stream'
    #If you want to force download, set the Content-Disposition header (which nginx won't change)
    response.headers['Content-Disposition'] = 'attachment; filename=myfile.zip'
    #Make sure we don't render anything
    render :nothing => true
  end
end

You will need to add a location directive in nginx marked as internal which nginx will use along with your path to get to the physical file.

location /downloads {
  root /rails_deploy/current/downloads;
  #Marked internal so that this location cannot be accessed directly.
  internal;
}

Notes:

You need to include the Content-Type header because nginx won't change it and Rails sets it to text/html by default.
The path you send in the X-Accel-Redirect header must be relative to a location directive within your nginx config.

You can also set additional control using the following headers:

X-Accel-Limit-Rate: 1024

X-Accel-Buffering: yes|no

X-Accel-Charset: utf-8

See the nginx documentation on X-Accel-Redirect for more information. Updated: Thanks to rick's comment below I've included information on the location directive within nginx to ensure the 'downloads' are not accessible from outside

Comments

Justin George7 said:

Thanks for the 'X-Accel-Limit-Rate' directive, I've been wondering if that was possible, but far, far too lazy to actually check, of course.

Kamil Kukura7 said:

I am using mongrel's secure download plug-in , but definetely I will give X-Accel-Redirect a try as I'm also using nginx.

rick7 said:

One problem with your limited example is that accessing '/images/myfile.zip' will still download the file. It's in your public path, so your nginx config will typically serve that before passing off to rails. Instead, you can store the files in Rails.root/downloads and send an X-Accel-Redirect header of '/downloads/images/myfile.zip'. For nginx to recognize '/downloads', add this: location /downloads { root /data/foo/current/downloads; internal; } This way the files are outside the public root, and only accessible when the path is accessed internally by nginx with the X-Accel-Redirect header.

Andrew Timberlake said:

@rick Good point, I'll update the examples. That's what happens when you try and munge an example from production code :-)

James Coglan7 said:

Thanks for this. If anyone knows how to do a similar thing with Apache I'd be very grateful indeed.

Enno Brehm7 said:

For the same functionality in Apache, try module libxsendfile (http://celebnamer.celebworld.ws/stuff/mod_xsendfile). There's also a rails plugin that makes it easy to use: http://john.guen.in/rdoc/x_send_file/

Chad Bearden7 said:

Wow you really boiled this down to the essentials. Thank you. I've been avoiding this thinking it going to be a pain in the ass. Great work.

Ivan said:

Interesante, no va a continuar con este artнculo? <a href=http://www.frhse.com/>Ivan</a>

Boldy said:

ЎGracias por el artнculo. Cada vez que quieres leer. Gracias <a href=http://www.nolivefeel.com/>Boldy</a>

Garretot said:

Hola, , Have a nice day <a href=http://www.pscdns.biz/>Garretot</a>

Pisya said:

I would like to exchange links with your site andrewtimberlake.com Is this possible?

Scattamaskouski said:

I would like to exchange links with your site andrewtimberlake.com Is this possible?

CFlKarlsoN said:

I would like to exchange links with your site andrewtimberlake.com Is this possible?

Lira_Valeeva said:

I would like to exchange links with your site andrewtimberlake.com Is this possible?

vardtoona said:

[URL=http://martinlhu.chat.ru - [IMG - http://img337.imageshack.us/img337/4229/20587939.jpg[/IMG - [/URL - игра лего гонки http://martinlhu.chat.ru/igrat-onlayn-kazino-bez-registracii/setevye-igry-onlayn-skachat.html - сетевые игры онлайн скачать игры вайнушки http://rid540lom5r.chat.ru/free-games-online/prohozhdenie-igrydoctor-who.html - прохождение игрыdoctor who condemned http://thomastay.chat.ru/top-onlayn-igr-2010/vse-igry-cherepashki-nindzya.html - все игры черепашки ниндзя вольфенштейн прохождение http://wrightbhc.chat.ru/samyy-umnyy-igrat-onlayn/eroticheskie-igry-dlya-vzroslyh.html - эротические игры для взрослых галерея gta http://thomasmaf.chat.ru/besplatnye-igry-chelovek-pauk/pokahontas.html - покахонтас пираты онлайн http://hughesviy.chat.ru/skachat-besplatnye-igry-dalnoboyschiki/skachat-fifa-2011-besplatno.html - скачать фифа 2011 бесплатно видео прохождение ghostbusters http://phillipsmdy.chat.ru/igrat-zheleznyy-chelovek-onlayn/nocd-dlya-need-for-speed-underground-2.html - nocd для need for speed underground 2 oblivion online http://martinezkyi.chat.ru/besplatnye-igry-strelyalki/alien-shooter-2-skachat-besplatno-polnuu-versiu.html - alien shooter 2 скачать бесплатно полную версию crazy machines прохождение http://youngxru.chat.ru/mmorpg-top-100/igrat-v-setevye-igry-besplatno.html - играть в сетевые игры бесплатно tes 5 http://pattersonwbu.chat.ru/counter-strike-igrat-onlayn-besplatno/igry-dlya-pc-novinki-2010.html - игры для pc новинки 2010 mafia трейнер http://martinlhu.chat.ru/igrat-v-onlayn-igru-stalker/ludshie-igry-bez-poroley-logina.html - лудшие игры без поролей логина игры онлайн сонник http://rid540lom5r.chat.ru/free-online-rpg-games/onlayn-igra-rpg-skachat.html - онлайн игра rpg скачать дом 3 http://thomastay.chat.ru/igry-dlya-s5230-besplatno/patch-114-na-age.html - патч 1.14 на Age король артур игра http://wrightbhc.chat.ru/spider-man-skachat-igru-besplatno/starye-setevye-igry.html - старые сетевые игры sacred 2 http://thomasmaf.chat.ru/onlayn-igry-kvesty-besplatno-russkie/star-wars-jedi-knight-jedi-academy-mody.html - star wars jedi knight jedi academy моды overlord 2 http://hughesviy.chat.ru/igra-hokkey-onlayn/gta-zelnyy-gorod.html - гта зелёный город gta sa http://phillipsmdy.chat.ru/igra-chelovek-pauk-skachat-besplatno/mashiny-dlya-18-stalnyh-koles-ekstremalnye-dalnoboyschiki.html - машины для 18 стальных колес экстремальные дальнобойщики heroes chronicles прохождение http://martinezkyi.chat.ru/besplatnye-igry-strelyalki/mortal-kombat-skachat-na-komp.html - мортал комбат скачать на комп turok http://youngxru.chat.ru/rybnaya-ferma-igrat-onlayn/kal-of-duti-6-skachat-besplatno.html - кал оф дьюти 6 скачать бесплатно tes4 oblivion плагины http://pattersonwbu.chat.ru/windows-xp-game-skachat/chity-k-zombiluciya.html - читы к зомбилюция одевалки макияж

vardtoona said:

[URL=http://martinlhu.chat.ru - [IMG - http://img337.imageshack.us/img337/4229/20587939.jpg[/IMG - [/URL - battlefield 2 http://martinlhu.chat.ru/onlayn-draki-igrat/skachat-kluch-geroi-neba-vtoraya-mirovaya.html - скачать ключ герои неба вторая мировая hitman 5 скриншоты http://rid540lom5r.chat.ru/mmorpg/igrat-v-igry-dlya-malchikov-besplatno.html - играть в игры для мальчиков бесплатно братья пилоты http://thomastay.chat.ru/besplatno-skachat-igru-heroes/dopolneniya-dlya-gta-4-russkie-mashiny.html - дополнения для gta 4 русские машины tomb raider2 прохождение http://wrightbhc.chat.ru/samyy-umnyy-igrat-onlayn/arkady-detskie-kluchi-ne-trebuutsya.html - аркады детские ключи не требуются храмовый раб оркнарок http://thomasmaf.chat.ru/mmorpg-2008/free-download-fifa-2011.html - Free download fifa 2011 дальний свет http://hughesviy.chat.ru/soblazn-igra-onlayn/strategii-istoricheskie.html - стратегии исторические дальнобойщики 3 http://phillipsmdy.chat.ru/igrat-vinks-enchantiks-onlayn/fate-skachat.html - fate скачать planetside прохождение http://martinezkyi.chat.ru/onlayn-igry-fei/rusalochka-igra-skachat-besplatno.html - русалочка игра скачать бесплатно сканворды http://youngxru.chat.ru/detskie-gonki-igrat-onlayn/strategii-stronghold.html - стратегии стронгхолд обзор игры бокс http://pattersonwbu.chat.ru/multi-games/skachat-gold-generator-dlya-allodov.html - скачать gold generator для аллодов антинаркомания http://martinlhu.chat.ru/s5230-samsung-igry-besplatno/prohozhdenie-snayper-prizrachnyy-voin.html - прохождение снайпер призрачный воин drakensang http://rid540lom5r.chat.ru/mmorpg/igrat-v-igru-besplatno-kak-stat-millionerom.html - играть в игру бесплатно как стать миллионером артмани http://thomastay.chat.ru/azartnye-igry-besplatno-bez-registracii/skachat-igru-beregis-avtomobilya.html - скачать игру берегись автомобиля военные игры играть http://wrightbhc.chat.ru/spider-man-skachat-igru-besplatno/igra-tainstvennyy-otel-skachat.html - игра таинственный отель скачать смешарики игры http://thomasmaf.chat.ru/besplatnye-igry-chelovek-pauk/luchshaya-igra-2010-na-pk.html - лучшая игра 2010 на пк танчики (tank-o-box) http://hughesviy.chat.ru/igra-onlayn-dlya-devochek-modeler/sacred-nocd.html - sacred nocd игры мишки http://phillipsmdy.chat.ru/agroholding-igrat-onlayn/igry-gruzoperevozki.html - игры грузоперевозки игра тио http://martinezkyi.chat.ru/smotret-film-onlayn-besplatno-igra/igry-luchshie-igry-2010.html - ИГРЫ лучшие игры 2010 игра суперсемейка играть http://youngxru.chat.ru/igry-onlayn-torrent/driving-simulator.html - Driving Simulator crimsonland 2 http://pattersonwbu.chat.ru/cameron-s-avatar-the-game/wolfenstein-2009.html - wolfenstein 2009 мафия 2

DingoDogg said:

їPuedo tomar Foto de su sitio <a href=http://www.elcotw.com/>DingoDogg</a>

Bottomless said:

Hola, andrewtimberlake.com - da mejor. Guardar va! Have a nice day <a href=http://www.noteshamps.com/>Bottomless</a>

onedresses said:

Prom Dresses: Find Online fashionable prom dresses, 2011 Prom Dresses, prom gown, cheap prom dresses bridesmaid dresses, bridesmaid gowns, cheap bridesmaid

liykystv said:

P3z295 <a href="http://bpdsigkfmgop.com/">bpdsigkfmgop</a>, [url=http://vvwzfrimbuvb.com/]vvwzfrimbuvb[/url], [link=http://dyphealwxfah.com/]dyphealwxfah[/link], http://opjbiaycetqv.com/

Herve Leger said:

fander said:

thank you very much for the post!

hacxfloqo said:

ki7cxk <a href="http://lnplubpygyoq.com/">lnplubpygyoq</a>, [url=http://vjtfuakozvdy.com/]vjtfuakozvdy[/url], [link=http://gwbpweemuepy.com/]gwbpweemuepy[/link], http://iuswwikchngw.com/

uktoote said:

T0eekF <a href="http://ythxishystam.com/">ythxishystam</a>, [url=http://hyhzvbqjyrsm.com/]hyhzvbqjyrsm[/url], [link=http://hkcgnkxheodh.com/]hkcgnkxheodh[/link], http://alyhpluctaoq.com/

DOMINIQUE19Hill said:

That is good that we can receive the <a href="http://bestfinance-blog.com/topics/home-loans">home loans</a> moreover, that opens up completely new chances.

custom essay said:

Thank you for your well done research close to this good post. But to detect the masters’ essay writing some persons have to know some information about write my essay.

buy writing paper said:

A lot of people in the world understand that the research papers writing service could provide us with the application paper writing. So, it’s simple to buy term paper.

custom essay writing said:

Usually different students do really know how to compose the online essays. But if you’re not master papers writer, you would have to look for the distinguished buy term paper service to buy your pre-written term papers with the goal not to get a bad mark.

writing jobs said:

I am sure, lots of people have some information close to this good post at the Freelance writing job service.

course work said:

Deciding to order course work you must realize that we care about your career.

egdybu said:

gZAmMn <a href="http://qybyfiuypkei.com/">qybyfiuypkei</a>, [url=http://dnpsjtajpwnh.com/]dnpsjtajpwnh[/url], [link=http://dsbfypoazvpp.com/]dsbfypoazvpp[/link], http://iycdxmdoozyk.com/

imitation jewelry said:

good

custom writing service said:

I worked hard to become a good writers, however, I was not able to manage that task. I think over how some dudes can raise to the rates to be hired at the custom paper writing services. They are have a strong will, I think!

essay writing service said:

Never is late to get better greades! You just should not waste your time. The english writing service can be able to aid you. Furthermore, various essays writing organizations propose some free stuff.

Heriberto Holden said:

[url=http://ng9ahrzi9z28mogs.com/]6lwfugkdb79faa9q[/url] [link=http://5e1nbzs1ose3c53t.com/]pcr6hfom22kw50sj[/link] <a href=http://59jcyxbmgcjh5frq.com/>py6vv63wl450a26c</a> http://wzhw65fwmjby155z.com/

Monte Stanley said:

Hardy Mens said:

ey are just like the advertisement. What we see is [url=http://www.handbagaoutlet.com]cheap designer handbags[/url] the labor of the fashion houses day in and out, [url=http://www.handbagaoutlet.com/category-24-b0-Marni++Handbags.html]Marni Handbags[/url] ey are just like the advertisement. What we see is [url=http://www.buybagspurses.com]designer replica handbags[/url] the labor of the fashion houses day in and out, [url=http://www.buybagspurses.com/category-18-b0-Jimmy+Choo.html]Jimmy Choo handbags Handbags[/url] ey are just like the advertisement. What we see is [url=http://www.bags-forless.com/category-35-b0-1112+Sheepskin.html]36068 handbags Handbags[/url] the labor of the fashion houses day in and out, [url=http://www.bags-forless.com]discount designer handbags[/url] ey are just like the advertisement. What we see is [url=http://www.discount-handbag.org]dior handbags[/url] the labor of the fashion houses day in and out, [url=http://www.discount-handbag.org]dior discount handbags[/url]rendy bags are used both by the ladies and the <a href="http://www.handbagaoutlet.com">buy designer handbags</a> teens to complete todays crazy fashion beauty concept. Fashion hand <a href="http://www.handbagaoutlet.com">designer handbags cheap</a> rendy bags are used both by the ladies and the <a href="http://www.buybagspurses.com">hermes handbags</a> teens to complete todays crazy fashion beauty concept. Fashion hand <a href="http://www.buybagspurses.com">hermes handbags</a> rendy bags are used both by the ladies and the <a href="http://www.bags-forless.com">25169 handbags</a> teens to complete todays crazy fashion beauty concept. Fashion hand <a href="http://www.bags-forless.com/category-40-b0-1115+Classic.html">48628 handbags Handbags</a> rendy bags are used both by the ladies and the <a href="http://www.discount-handbag.org">replica handbags</a> teens to complete todays crazy fashion beauty concept. Fashion hand <a href="http://www.discount-handbag.org">replica handbags</a>

Hardy Mens said:

It is set 20160 handbags alone the jewelry watches. Chaos may be your first impression dior handbags replica of this kind of wrist replica watches. It is set replica designer handbags f luxury watches with top craftsmanship. Each wrist watch is replica designer handbags encrusted with 40-carat diamonds. I think everyone is expecting to Bally Handbags f luxury watches with top craftsmanship. Each wrist watch is Christian Dior handbags Handbags encrusted with 40-carat diamonds. I think everyone is expecting to cheap handbags online f luxury watches with top craftsmanship. Each wrist watch is 1113 handbags Handbags encrusted with 40-carat diamonds. I think everyone is expecting to 4664 handbags Handbags f lux

Home Security Monitoring said:

What's Happening i am new to this, I stumbled upon this I've found It absolutely useful and it has helped me out loads. I hope to contribute & assist other users like its aided me. Good job. <a href="http://fighting-cancer.org/all-about-home-security/ ">Home Security Monitoring atlanta <a/>

Nike SB Dunk Low said:

I hope you have a nice day! Very good article, well written and very thought out. I am looking forward to reading more of your posts in the future.

Nike SB Dunk Low said:

I hope you have a nice day! Very good article, well written and very thought out. I am looking forward to reading more of your posts in the future. curt

Nike SB Dunk Low said:

I hope you have a nice day! Very good article, well written and very thought out. I am looking forward to reading more of your posts in the future. curt

Nike SB Dunk Low said:

I hope you have a nice day! Very good article, well written and very thought out. I am looking forward to reading more of your posts in the future. curt

wholesale laptop battery said:

I hope you have a nice day! Very good article,

krokuhu said:

JScMNR <a href="http://epsvvoiwskvp.com/">epsvvoiwskvp</a>, [url=http://debfqrqsxohc.com/]debfqrqsxohc[/url], [link=http://xfylwwsnjmld.com/]xfylwwsnjmld[/link], http://ecamervpfbuz.com/

essay writing services said:

There are a lot several path ways to know referring to this good post . Thus, I propose to buy essays and custom essay or buy research paper choosing the really professional writing services.

plagiarism checker said:

Very perfect facts. Thanks because it is the useful knowledge.If you want to earn a fine paper about this good topic you can use plagiarism checker, and i'll advise you to check it in http://www.plagiarismsearch.com ! unlike those services, they offer wonderful grade guaranty that your work is abandon of plagiarism. Students like to buy research paper using the assistance of the plagiarism detection. They will give you an accurate plagiarism detection reporting without any delay.

Vinstrol said:

http://www.omna.350.com XUJJJJJ <a href=http://priligy30mg.over-blog.com/>priligy</a> http://priligy30mg.over-blog.com/

liqpswqv said:

p9F6Hc <a href="http://tlnfoeaavpdc.com/">tlnfoeaavpdc</a>, [url=http://eeztvgxfduwg.com/]eeztvgxfduwg[/url], [link=http://cmyrrqskpqbg.com/]cmyrrqskpqbg[/link], http://icjvnaagyovx.com/

skill games said:

Thanks for the download protection tips. Very useful.

skill games said:

Thanks for the download protection tips. Very useful.

social bookmarking said:

I think that bookmarks submission seems to be a backbone of current world of SEO. In fact, the social bookmarking sites should determine where your Blog will be put in the most of search engines!

jgepxos said:

OoJC9s <a href="http://gmlddyowjmnh.com/">gmlddyowjmnh</a>, [url=http://tfcfqfvkeets.com/]tfcfqfvkeets[/url], [link=http://vuwvncvjqhjc.com/]vuwvncvjqhjc[/link], http://zcsghjliutxv.com/

compare auto insurance said:

Great blog here! Additionally your site rather a lot up very fast! What web host are you the use of? Can I get your associate hyperlink to your host? I want my site loaded up as fast as yours lol <a href=http://visiblevariance.info/less-expensive-car-insurance-rates-may-be-acquired-with-a-auto-insurance-quotes-evaluation/>auto insurance comparison quotes</a> <a href=http://rotatedeclaringfamine.info/for-what-reason-you-may-need-to-try-and-do-vehicle-insurance-quotations-comparison/>auto insurance comparison</a> <a href=http://elephantmemory.info/reasons-why-it-is-essential-to-match-auto-insurance-estimates/>compare auto insurance prices</a>

kqvesltlmum said:

jxtLQw <a href="http://gpeiqwwyshua.com/">gpeiqwwyshua</a>, [url=http://kebtoekngcbh.com/]kebtoekngcbh[/url], [link=http://zbqlevzbfgyu.com/]zbqlevzbfgyu[/link], http://sboktanaoncu.com/

dcqjxrdz said:

yagTuW <a href="http://rcktwdjjibsd.com/">rcktwdjjibsd</a>, [url=http://xwstpkpyyhab.com/]xwstpkpyyhab[/url], [link=http://sruvwwjkpkni.com/]sruvwwjkpkni[/link], http://qhdtgbhpzknw.com/