The approach we use for large files in our Python app is to set an X-Accel-Redirect header in a dynamic response to a location protected by the 'internal' directive.

That way your dynamic script is only responsible for access control and generating headers.

Apache supports similar functionality by setting a Location header on a 200 response from a CGI or mod_wsgi script.