Então, depois de muito mais googling e um bate-papo com os caras do apache no IRC, parece impossível com o apache. Então, dei uma olhada no nginx e consegui encontrar uma solução usando X-Accel-Redirect com uma configuração como a que está no final dessa resposta.
Veja os posts relevantes no blog:
- link
-
server { listen 80; server_name example.com; location / { proxy_pass http://localhost:8000/; proxy_redirect http://localhost:8001 http://$host:8001; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } # Proxy download location ~* ^/internal_redirect/(.*?)/(.*) { # Do not allow people to mess with this location directly # Only internal redirects are allowed internal; # Location-specific logging access_log internal_redirect.access.log main; error_log internal_redirect.error.log debug; # Extract download url from the request set $download_uri $2; set $download_host $1; # Compose download url set $download_url http://$download_host/$download_uri?$args; # Set download request headers proxy_set_header Host $download_host; proxy_set_header Authorization ''; # The next two lines could be used if your storage # backend does not support Content-Disposition # headers used to specify file name browsers use # when save content to the disk # proxy_hide_header Content-Disposition; # add_header Content-Disposition 'attachment; filename="$args"'; # Do not touch local disks when proxying # content to clients proxy_max_temp_file_size 0; # Download the file and send it to client # This is where the magic happens proxy_pass $download_url; } }