                                 mod_xsendfile

Overview

   mod_xsendfile  is  a  small  Apache2  module that processes X-SENDFILE
   headers registered by the original output handler.

   If  it  encounters  the  presence  of  such header it will discard all
   output and send the file specified by that header instead using Apache
   internals   including   all  optimizations  like  caching-headers  and
   sendfile or mmap if configured.

   It  is  useful  for  processing script-output of e.g. php, perl or any
   cgi.

Useful?

   Yep, it is useful.
     * Some applications require checking for special privileges.
     * Other  have  to  lookup values first (e.g.. from a DB) in order to
       correctly process a download request.
     * Or store values (download-counters come into mind).
     * etc.

  Benefits

     * Uses apache internals
     * Optimal delivery through senfile and mmap (if available).
     * Sets  correct  cache headers such as Etag and If-Modified-Since as
       if the file was statically served.
     * Processes    cache    headers    such    as    If-None-Match    or
       If-Modified-Since.

Download

     * mod_xsendfile.c (12kb)
     * mod_xsendfile-0.8.tar.gz (4kb)

Installation

    1. Grab the source.
    2. Compile and install
       apxs -cia mod_xsendfile.c
    3. Restart apache
    4. That's all.

Configuration

   There is just one directive

  XSendFile

   Description Enables or disables header processing
     Syntax    XSendFile on|off
     Default   XSendFile off
     Context   server config, virtual host, directory, .htaccess

   Setting XSendFile on will enable processing.

   The  file  specified  in X-SENDFILE header will be sent instead of the
   handler output.

   If the response lacks the X-SENDFILE header nothing is done.

  Example

   .htaccess

   <Files out.php>
   XSendFile on
   </Files>

   out.php

   <?php
   ...
   if ($user->isLoggedIn())
   {
       header("X-Sendfile: $somefile");
       header("Content-Type: application/octet-stream");
       header("Content-Disposition: attachment; file=\"$somefile\"");
       exit;
   }
   ?>
   <h1>Permission denied</h1>
   <p>Login first!</p>

Limitations / Issues / Security considerations

     * The Content-Encoding header - if present - will be dropped, as the
       module cannot know if it was set by intention of the programmer or
       the  handler.  E.g.  php  with output compression enabled will set
       this  header,  but  the replacement file send via mod_xsendfile is
       most likely not compressed.
     * The module is limited to only serving files from current directory
       or subdirectories of it.
     * The header key (X-SENDFILE) is not case-sensitive.
     * X-Sendfile will also send files that are otherwise protected (e.g.
       Deny from all). This includes .htaccess and such!
       At  least  as  long  as  one  has  regular file access permissions
       defined in the file system.
       But,  on  the  other  hand,  how  is this different from the usual
       scripting?

Credits

   The  idea  comes from lighttpd - A fast web server with minimal memory
   footprint.

   The  module  itself was inspired by many other Apache2 modules such as
   mod_rewrite, mod_headers and such and obviously core.c.

License

   Copyright 2006 by Nils Maier

   Licensed  under  the  Apache License, Version 2.0 (the "License"); you
   may not use this file except in compliance with the License.

   You may obtain a copy of the License at

   http://www.apache.org/licenses/LICENSE-2.0

   Unless  required  by  applicable law or agreed to in writing, software
   distributed  under  the  License  is  distributed on an "AS IS" BASIS,
   WITHOUT  WARRANTIES  OR  CONDITIONS  OF  ANY  KIND,  either express or
   implied.

   See  the  License  for the specific language governing permissions and
   limitations under the License.

Changes

  Version 0.8

     * This is the initial public release.
