How can I use Apache to serve static content for a RoR app when I have only .htaccess access (and can't add Apache modules) [on Dreamhost shared server]

Question

Hi,

Are there any Rails/Apache gurus that might know if it's possible (and how) to have the ability for users to upload their content to my RoR application but then subsequent access to such static content would be:

a) served by APACHE web server [to avoid the overhead of going via Rails], but b) still want to have an authentication/authorisation check to occur before they can access the content

The constraint is I'm on http://dreamhost.com/ shared platform where I have only access to the Apache .htaccess file and I can't add my own Apache modules.

http://wiki.dreamhost.com/Apache http://wiki.dreamhost.com/Htaccess http://wiki.dreamhost.com/KB%5F/%5FUnix%5F/%5F.htaccess%5Ffiles

Thanks

Answer 1

You can do a redirect to static content, like

class ImagesController
  def show
    @image = Image.find(params[:id])
    if user_has_access_to @image
      redirect_to @image.bizarre_and_secret_image_location_that_is_served_by_apache
    else
      access_denied
    end
  end
end

It doesn't protect content completely, sure. Maybe making the static URLs temporary will help:

RewriteRule ^/images/RANDOMIZED_PREFIX_HERE/(.+)$ images/SECRET_IMAGE_LOCATION/$1 [L]

...now change the .htaccess file each hour. Of course the application should know the prefix, too.