Control of Web site video resources-access to video via URL is forbidden

general static file download is not through PHP, directly from the Web server sent to the client. But sometimes need to implement the file download permissions control, and so on, need to pass the PHP program to do permission verification. The simple and rude approach is to verify the permissions in the PHP program, and then read the contents of the file before sending it to the client. This approach does satisfy the requirements, but it is clear that sending static file content from PHP is far less efficient than sending static files directly from the Web server and consumes more resources. How can we implement dynamic permission verification and send static files efficiently? Such demand is certainly not an exception, and it is quite common. So, there is the Apache mod_xsendfile module, as well as the Nginx x-accel.

Apache Mod_xsendfile Module Homepage: https://tn123.org/mod_xsendfile/
In Debian, you can install this module directly apt-get install Libapache2-mod-xsendfile.
Note In Debian6, the Xsendfile module version in apt Warehouse is 0.9, while Xsendfilepath, xsendfileignorelastmodified, and Xsendfileignoreetag The directive was introduced in version 0.10. Therefore, the use of the Xsendfilepath command in version 0.9 will appear "Invalid command ' Xsendfilepath ', perhaps misspelled or defined by a module not included in T He server Configuration "error, the workaround is to use the 0.9 introduction of the XSENDFILEALLOWABOVE directive, or upgrade the Xsendfile module to the latest version(Recommended upgrade version)

Nginx X-accel Home:http://wiki.nginx.org/X-accel
Nginx does not need to install additional modules, directly configured on the line.
Note in Nginx, when the X-accel-redirect header is set, Nginx removes the backend application custom header (such as X-abc-def), leaving only the headers of some special back-end application settings (such as Content-type, Content-disposition, etc.), so there is no way to send a custom response header to the client. To prevent this from happening, you need to do some setup:

Location/protected/ {   internal;    /opt/www/files/;   Add_header X$upstream _http_x_abc_def;}

attention is $upstream _http_x_abc_def, not $upstream _x_abc_def
This will be able to tell Nginx to send static files, but also to send a custom HTTP response header

Control of Web site video resources-access to video via URL is forbidden