I have a Rails application (with Nginx and Passenger) that save video files on the server. How can I restrict access to those files to logged in users with permissions to those files? I believe when I try to access a file such as www.mysite.com/videos/video1.flv it bypasses Rails correct? So Do I have to do something at Nginx level to restrict that a link to an article with instruction will be great. I'm using Rails 2.3.8
+1
A:
You can check the user credentials with rails and then issue a X-Accel-Redirect to nginx to make it serve the file from an hidden directory (see http://wiki.nginx.org/NginxXSendfile)
There's a walkthrough here; http://ramblingsonrails.com/how-to-protect-downloads-but-still-have-nginx-serve-the-files
hellvinz
2010-08-26 09:25:34