The way to do this is by utilizing nginx as a reverse proxy for your
dynamic django (presumably apache) server and a peer media server
(presumably another nginx setup). Nginx has a great feature (as does
lighttpd) where you can have your page request come into django and
perform all the authN/authZ checks needed for your static content but
redirect the request to the static media server once approved.
Let's say you have a user profile with pictures and want the user to
have find grained privacy control on his pictures.
1. request for user profile comes into nginx proxy.
2. nginx proxy fwds request to django server which determines which
pics are appropriate to view (authorized) of that profile for the
logged in user.
3. the django server, rather than returning static links to the media
server, populates a field X-Accel-Redirect that points to the static
content on the media server.
4. nginx proxy sees the X-Accel-Redirect contents and resubmits the
request to the media server and returns its content instead of the
content from the django server.
5. user gets only the static content that the django server authorized
yet the load for the transfer is moved to the media server.
Good luck,
-- Ben