Code

Opened 17 months ago

Closed 10 months ago

Last modified 10 months ago

#19319 closed Bug (fixed)

mod_wsgi docs need <Files wsgi.py> ...Require all granted</Files>

Reported by: colinnkeenan@… Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Using Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 and Django 6.1 alpha (trunk)

After completing the polls tutorial, I got it running in apache/mod_wsgi, but I had to add an additional line not mentioned in Django documentation to httpd.conf: Require all granted. This also doesn't seem to be mentioned in the mod_wsgi documentation. I found it by trial and error and by looking through how access was granted to other directories in the automatically generated httpd.conf.

This is what the end of my httpd.conf looks like now:

WSGIScriptAlias / /home/colin/mysite/mysite/wsgi.py
WSGIPythonPath /home/colin/mysite

<Directory /home/colin/mysite/mysite>
<Files wsgi.py>
  Order deny,allow
  Allow from all
  Require all granted
</Files>
</Directory>

Everything is as it's should be from Django documentation except I added 'Require all granted'. Here's the error that was logged by apache without that extra line:

[Sun Nov 18 12:42:41.330234 2012] [mpm_event:notice] [pid 5577:tid 140551381825280] AH00489: Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 configured -- resuming normal operations
[Sun Nov 18 12:42:41.330825 2012] [core:notice] [pid 5577:tid 140551381825280] AH00094: Command line: '/usr/local/apache2/bin/httpd'
[Sun Nov 18 12:44:09.842374 2012] [authz_core:error] [pid 5582:tid 140551143790336] [client 127.0.0.1:48490] AH01630: client denied by server configuration: /home/colin/mysite/mysite/wsgi.py

In the web browser, it would say I didn't have access to /polls (don't remember the exact wording).

After adding 'Require all granted', /polls works the same as it did in the tutorial.

Attachments (0)

Change History (10)

comment:1 Changed 17 months ago by grahamd

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Are you using some sort of Apache authorisation provider to control access to the site?

As much as I can work out, 'Require all granted' is probably only needed with Apache 2.4 when using such an authorisation provider and not for the normal case.

If this is the case, extra steps to do when using an authorisation provider are probably outside of the scope of the Django documentation.

comment:2 Changed 17 months ago by grahamd

Okay, more information.

You are likely encountering this because you have disabled mod_access_compat in Apache.

http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html

comment:3 Changed 17 months ago by colinkeenan

I think this is for the normal case and that the Django documentation needs to be updated.

I'm far too new to all of this to have disabled anything. I'm just going through the tutorials. The reason I'm using the latest dev/trunk versions of everything is that I saw that Django was about to support python 3 and being new also to python, I didn't see the point of doing everything with python 2 just to have to redo all my code a year from now (which might be how long it'll take me to get something useful done anyway).

So, anyway, as the link you provided says:

The directives provided by mod_access_compat<http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html>
have been deprecated by the new authz refactoring. Please see mod_authz_host<http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html>

And, if you go to the new mod_authz_host, it says to use Require as I ended up having to do. So, out of the box, without any reconfiguration on my part, I had to use Require. After reading the mod_authz_host page, I see that I could have just used Require local for my purposes. I think the Django documentation that I linked to in this ticket should be updated with information on mod_authz_host and Require since it will be necessary for any inexperienced person doing a new dev install of everything as I have done.

comment:4 Changed 17 months ago by colinkeenan

Just noticed I listed my version of Django as 6.1 Alpha. It's 1.6 Alpha, of course.

comment:5 Changed 17 months ago by colinkeenan

Now that you've pointed me to the Apache auth documentation, I also looked at http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html and found:

Require all
The all provider mimics the functionality the was previously provided by the 'Allow from all' and 'Deny from all' directives. This provider can take one of two arguments which are 'granted' or 'denied'. The following examples will grant or deny access to all requests.

Require all granted
Require all denied

So, actually, Django documentation should be updated by replacing 'Allow from all' with 'Require all granted', and maybe noting that if using Apache versions older than 2.4, you'd use 'Allow from all'.

comment:6 Changed 17 months ago by aaugustin

  • Summary changed from https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/ need <Files wsgi.py> ...Require all granted</Files> to mod_wsgi docs need <Files wsgi.py> ...Require all granted</Files>

comment:7 Changed 17 months ago by claudep

  • Triage Stage changed from Unreviewed to Accepted

comment:8 Changed 12 months ago by claudep

#20322 was a duplicate.

comment:9 Changed 10 months ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from new to closed

In 7314007c5bf57b9184c0bd6a8246582dd2cb8179:

Fixed #19319 -- Updated example httpd.conf for Apache 2.4

Thanks colinnkeenan@ for the report.

comment:10 Changed 10 months ago by Tim Graham <timograham@…>

In 843802ec269d5c3676a7d3a021539008f8f5233d:

[1.5.x] Fixed #19319 -- Updated example httpd.conf for Apache 2.4

Thanks colinnkeenan@ for the report.

Backport of 7314007c5b from master

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.