Limiting access to a static file with GAE

I have a static file that I don't want to be publicly available. Is there a way to limit access with app.yaml so that it can only be loaded by its own domain?

web2py based solutions are also welcomed as 开发者_开发问答I'm using it on top of GAE.

Thanks!

You can limit access to it with 'login: required' to require login with a Google account, or 'login: admin' to restrict it to admins only. If you're only concerned about abuse, you probably want to look into the DOS API instead.

I assume you want to use web2py authentication for this. You have to follow a few simple rules. 1) files in app/static are public files. 2) files that you want to subject to authentication go in app/private. Then create you own web2py action to server the content of private/

@auth.requires()
def private():
    import os
    file = os.path.join(request.folder, 'private', request.args(0))
    return response.stream(open(file,'rb'))

If you want to use the role based access control you need to store the filename in a database table and auth.add_permission to the group to the record.

You get faster responses and more competent responses if you ask questions to the web2py mailing list.