Limiting access to a static file with GAE
https://stackoverflow.com/questions/3692798
-
02-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
I have a static file that I don't want to be publicly available. Is there a way to limit access with app.yaml so that it can only be loaded by its own domain?
web2py based solutions are also welcomed as I'm using it on top of GAE.
Thanks!
해결책
You can limit access to it with 'login: required' to require login with a Google account, or 'login: admin' to restrict it to admins only. If you're only concerned about abuse, you probably want to look into the DOS API instead.
다른 팁
I assume you want to use web2py authentication for this. You have to follow a few simple rules. 1) files in app/static are public files. 2) files that you want to subject to authentication go in app/private. Then create you own web2py action to server the content of private/
@auth.requires()
def private():
import os
file = os.path.join(request.folder, 'private', request.args(0))
return response.stream(open(file,'rb'))
If you want to use the role based access control you need to store the filename in a database table and auth.add_permission to the group to the record.
You get faster responses and more competent responses if you ask questions to the web2py mailing list.
