...more recent posts
Finally: mod_auth_token Apache module. This is supposedly similar to LIGHTTPD's mod_secdownload. I think this will keep me from switching to LIGHTTPD as a web server. The way I'm handling it now is a bit convoluted (although I'm sort of glad I got it to work.) The issue is that you want your application logic (PHP for me) to do authentification, but you don't want it to serve large binary files (with fpassthrough or whatever) because that is really inefficient compared to just having Apache do it (without PHP.) This takes care of the problem by allowing you to generate a token in PHP (an md5 of the current timestamp and a 'secret') and then pass this token to Apache along with the file request. If the timestamp is new enough Apache will serve the file. I'm doing a similar thing by hand now - keeping the files outside the web root and then creating symlinks with PHP which I then erase on subsequent requests to the system. It works fine, but makes for some complex code that mod_auth_token will greatly simplify.
Now my only module wish is something to throttle traffic (I use mod_cband now since I'm running Apache 2) but allow for certain file extensions (or maybe all files served from specified directories) to burst to x kb/s for the first n bytes of the file. In other words, I'd like to be able to specify a max kb/s on a per virtual host basis (mod_cband does this perfectly,) but then to further allow for that limit to be bypassed for the first x bytes of particular files. The point is to facilitate fast and stutter free streaming starts. Maybe you would throttle bandwidth at 1 mb/s for a virtual host, but for .mp3 files you have it burst to 3 mb/s for the first 100 kb of the file (and then slow down to 1 mb/s for the rest of the file.)
Maybe I'll try to get in touch with the mod_cband guy. A little bit arcane, but I think people would like it.