#19319 closed Bug (fixed)
mod_wsgi docs need <Files wsgi.py> ...Require all granted</Files>
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Using Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 and Django 6.1 alpha (trunk)
After completing the polls tutorial, I got it running in apache/mod_wsgi, but I had to add an additional line not mentioned in Django documentation to httpd.conf: Require all granted. This also doesn't seem to be mentioned in the mod_wsgi documentation. I found it by trial and error and by looking through how access was granted to other directories in the automatically generated httpd.conf.
This is what the end of my httpd.conf looks like now:
WSGIScriptAlias / /home/colin/mysite/mysite/wsgi.py WSGIPythonPath /home/colin/mysite <Directory /home/colin/mysite/mysite> <Files wsgi.py> Order deny,allow Allow from all Require all granted </Files> </Directory>
Everything is as it's should be from Django documentation except I added 'Require all granted'. Here's the error that was logged by apache without that extra line:
[Sun Nov 18 12:42:41.330234 2012] [mpm_event:notice] [pid 5577:tid 140551381825280] AH00489: Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 configured -- resuming normal operations [Sun Nov 18 12:42:41.330825 2012] [core:notice] [pid 5577:tid 140551381825280] AH00094: Command line: '/usr/local/apache2/bin/httpd' [Sun Nov 18 12:44:09.842374 2012] [authz_core:error] [pid 5582:tid 140551143790336] [client 127.0.0.1:48490] AH01630: client denied by server configuration: /home/colin/mysite/mysite/wsgi.py
In the web browser, it would say I didn't have access to /polls (don't remember the exact wording).
After adding 'Require all granted', /polls works the same as it did in the tutorial.
Change History (10)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
Okay, more information.
You are likely encountering this because you have disabled mod_access_compat in Apache.
http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html
comment:3 Changed 10 years ago by
I think this is for the normal case and that the Django documentation needs to be updated.
I'm far too new to all of this to have disabled anything. I'm just going through the tutorials. The reason I'm using the latest dev/trunk versions of everything is that I saw that Django was about to support python 3 and being new also to python, I didn't see the point of doing everything with python 2 just to have to redo all my code a year from now (which might be how long it'll take me to get something useful done anyway).
So, anyway, as the link you provided says:
The directives provided by mod_access_compat<http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html>
have been deprecated by the new authz refactoring. Please see mod_authz_host<http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html>
And, if you go to the new mod_authz_host, it says to use Require as I ended up having to do. So, out of the box, without any reconfiguration on my part, I had to use Require. After reading the mod_authz_host page, I see that I could have just used Require local for my purposes. I think the Django documentation that I linked to in this ticket should be updated with information on mod_authz_host and Require since it will be necessary for any inexperienced person doing a new dev install of everything as I have done.
comment:4 Changed 10 years ago by
Just noticed I listed my version of Django as 6.1 Alpha. It's 1.6 Alpha, of course.
comment:5 Changed 10 years ago by
Now that you've pointed me to the Apache auth documentation, I also looked at http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html and found:
Require all
The all provider mimics the functionality the was previously provided by the 'Allow from all' and 'Deny from all' directives. This provider can take one of two arguments which are 'granted' or 'denied'. The following examples will grant or deny access to all requests.
Require all granted
Require all denied
So, actually, Django documentation should be updated by replacing 'Allow from all' with 'Require all granted', and maybe noting that if using Apache versions older than 2.4, you'd use 'Allow from all'.
comment:6 Changed 10 years ago by
| Summary: | https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/ need <Files wsgi.py> ...Require all granted</Files> → mod_wsgi docs need <Files wsgi.py> ...Require all granted</Files> |
|---|
comment:7 Changed 10 years ago by
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:9 Changed 10 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Are you using some sort of Apache authorisation provider to control access to the site?
As much as I can work out, 'Require all granted' is probably only needed with Apache 2.4 when using such an authorisation provider and not for the normal case.
If this is the case, extra steps to do when using an authorisation provider are probably outside of the scope of the Django documentation.