Secure static media access in a Django site

Question

I\'m building a site where registered users can upload files. Those files are then served via Apache. Only users who are logged in should be able to access those files.

Answer 1

If you have freedom to switch from Apache to lighttpd, then the most straightforward solution would be to use mod_secdownload which would do exactly what you want, that is, provide application authentication while serving the actual files via web server.

However if you are stuck with Apache, then I suggest mod_auth_token, here they mention PHP but you can generate the token in Python or any other language. Using mod_auth_token you will be able to generate the token in your application, and then have web server serve the static file utilizing that token.