In Drupal documentation is example for use private path like ../private (https://drupal.org/documentation/modules/file) but this type of private path generate unusable configuration for Nginx. I modify code for check type of private path and generate correct configuration.

For Xsendfile (for Apache) in latest version there is no directive XSendFileAllowAbove, for now there is XSendFilePath instead. I modify code for creating example configuration for this too.

For Xsendfile - i test xsendfile_file_transfer() function, but this not work for me. If i use full (real) path for X-sendfile header, files are transfered succesfully.

CommentFileSizeAuthor
#4 xsendfile-private_outside_docroot-2008728-4.patch5.56 KBthrnio
#1 correct-nginx-and-xsendfile-config-2008728.patch5.04 KBhavran
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

havran’s picture

havran CreditAttribution: havran commented
FileSize
correct-nginx-and-xsendfile-config-2008728.patch5.04 KB

Patch attached.

imadalin’s picture

imadalin CreditAttribution: imadalin commented

I get this one too in error log, there is no XSendFileAllowAbove in mod_xsendfile module

damien_vancouver’s picture

damien_vancouver CreditAttribution: damien_vancouver commented

@havran: Thanks for your patch. I will try and get it tested and committed soon.

@imadalin: Your problem is that you need to use XSendFilePath instead of XSendFileAllowAbove.

Here is the snippet I put in my Apache virtualhost files for XSendfile. Lines starting with # are comments and ignored by Apache. You will want to adjust the XSendFilePath to match the path to your private files directory.

# XSendFile provides fast private file transfer using
# Apache mod_xsendfile and the xsendfile Drupal module.
<IfModule mod_xsendfile.c>
  XSendFile on

  # You either need XSendFilePath (new) or XSendFileAllowAbove (old) options
  # enabled.  Which one depends on what version of mod_xsendfile your Apache
  # server has.  The wrong one will cause an Apache error.

  # mod_xsendfile >= 0.10 needs XSendFilePath /path/to/private/files/directory
  XSendFilePath /home/example.com/private_files_directory

  # mod_xsendfile < 0.10 only needs XSendFileAllowAbove On:  
  # XSendFileAllowAbove On
</IfModule>

If there is a problem with the path, the Apache error log will print out the path that it was trying to use. You can compare it to what's in your Apache virtualhost to diagnose a problem. It must match the real filesystem path (not a symbolic linked path) exactly.

thrnio’s picture

thrnio CreditAttribution: thrnio commented
Issue summary: View changes
FileSize
xsendfile-private_outside_docroot-2008728-4.patch5.56 KB

For the status report, xsendfile tests to see if the private directory is publicly accessible. When the private files directory is outside the docroot, xsendfile will request a URI like http://example.com/../private-files. If Apache returns a 400 Bad Request code when given a URI with /../ in it, then the status report says that the private files directory is publicly accessible.

Updating patch to check for any 4xx status code instead of 404 explicitly.