问题
I have a static file that I don't want to be publicly available. Is there a way to limit access with app.yaml so that it can only be loaded by its own domain?
web2py based solutions are also welcomed as I'm using it on top of GAE.
Thanks!
回答1:
You can limit access to it with 'login: required' to require login with a Google account, or 'login: admin' to restrict it to admins only. If you're only concerned about abuse, you probably want to look into the DOS API instead.
回答2:
I assume you want to use web2py authentication for this. You have to follow a few simple rules. 1) files in app/static are public files. 2) files that you want to subject to authentication go in app/private. Then create you own web2py action to server the content of private/
@auth.requires()
def private():
import os
file = os.path.join(request.folder, 'private', request.args(0))
return response.stream(open(file,'rb'))
If you want to use the role based access control you need to store the filename in a database table and auth.add_permission to the group to the record.
You get faster responses and more competent responses if you ask questions to the web2py mailing list.
来源:https://stackoverflow.com/questions/3692798/limiting-access-to-a-static-file-with-gae