Home > Software design >  Django Prevent that everyone can see /media Files
Django Prevent that everyone can see /media Files

Time:01-02

on my nginx server if people are using the /media path they can see a list of the whole folder with every file. How can I block that the people are seeing that, like with a 404 page. But I cant disable it in general because I refer to that path with images and stuff on other pages. So in conclusion I need to disable /media path for users but not for the server itself.

I'm using django.

Greetings and thanks for your help

CodePudding user response:

I think you just stumbled upon a common issue in Django. To me, there are several solutions, but there may be issues coming with the solution:

  • You can disable serving media files as static by nginx and django, and write routes that check some condition for each file pattern. This gives you a lot of flexibility (anything you can do in Django), but you will have worse performance, because Django need to sends the files instead of Nginx
  • I think there is a solution (never tested before) to only serve media files through NGINX internal backend, then having your Django do the checks, and then redirects internally to the corresponding file that NGINX will serve

EDIT: I think this answers explains the latter https://stackoverflow.com/a/43223478/9938410

CodePudding user response:

I suspect your nginx is configured with autoindex on which will generate a full directory listing for the path requested. When serving static content for your website, you typically will want to disable autoindex.

Nginx docs provide more details on these settings.

  • Related