Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#19319 closed Bug (fixed)

mod_wsgi docs need <Files> ...Require all granted</Files>

Reported by: colinnkeenan@… Owned by: nobody
Component: Documentation Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Using Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 and Django 6.1 alpha (trunk)

After completing the polls tutorial, I got it running in apache/mod_wsgi, but I had to add an additional line not mentioned in Django documentation to httpd.conf: Require all granted. This also doesn't seem to be mentioned in the mod_wsgi documentation. I found it by trial and error and by looking through how access was granted to other directories in the automatically generated httpd.conf.

This is what the end of my httpd.conf looks like now:

WSGIScriptAlias / /home/colin/mysite/mysite/
WSGIPythonPath /home/colin/mysite

<Directory /home/colin/mysite/mysite>
  Order deny,allow
  Allow from all
  Require all granted

Everything is as it's should be from Django documentation except I added 'Require all granted'. Here's the error that was logged by apache without that extra line:

[Sun Nov 18 12:42:41.330234 2012] [mpm_event:notice] [pid 5577:tid 140551381825280] AH00489: Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 configured -- resuming normal operations
[Sun Nov 18 12:42:41.330825 2012] [core:notice] [pid 5577:tid 140551381825280] AH00094: Command line: '/usr/local/apache2/bin/httpd'
[Sun Nov 18 12:44:09.842374 2012] [authz_core:error] [pid 5582:tid 140551143790336] [client] AH01630: client denied by server configuration: /home/colin/mysite/mysite/

In the web browser, it would say I didn't have access to /polls (don't remember the exact wording).

After adding 'Require all granted', /polls works the same as it did in the tutorial.

Change History (10)

comment:1 Changed 4 years ago by grahamd

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

Are you using some sort of Apache authorisation provider to control access to the site?

As much as I can work out, 'Require all granted' is probably only needed with Apache 2.4 when using such an authorisation provider and not for the normal case.

If this is the case, extra steps to do when using an authorisation provider are probably outside of the scope of the Django documentation.

comment:2 Changed 4 years ago by grahamd

Okay, more information.

You are likely encountering this because you have disabled mod_access_compat in Apache.

comment:3 Changed 4 years ago by colinkeenan

I think this is for the normal case and that the Django documentation needs to be updated.

I'm far too new to all of this to have disabled anything. I'm just going through the tutorials. The reason I'm using the latest dev/trunk versions of everything is that I saw that Django was about to support python 3 and being new also to python, I didn't see the point of doing everything with python 2 just to have to redo all my code a year from now (which might be how long it'll take me to get something useful done anyway).

So, anyway, as the link you provided says:

The directives provided by mod_access_compat<>
have been deprecated by the new authz refactoring. Please see mod_authz_host<>

And, if you go to the new mod_authz_host, it says to use Require as I ended up having to do. So, out of the box, without any reconfiguration on my part, I had to use Require. After reading the mod_authz_host page, I see that I could have just used Require local for my purposes. I think the Django documentation that I linked to in this ticket should be updated with information on mod_authz_host and Require since it will be necessary for any inexperienced person doing a new dev install of everything as I have done.

comment:4 Changed 4 years ago by colinkeenan

Just noticed I listed my version of Django as 6.1 Alpha. It's 1.6 Alpha, of course.

comment:5 Changed 4 years ago by colinkeenan

Now that you've pointed me to the Apache auth documentation, I also looked at and found:

Require all
The all provider mimics the functionality the was previously provided by the 'Allow from all' and 'Deny from all' directives. This provider can take one of two arguments which are 'granted' or 'denied'. The following examples will grant or deny access to all requests.

Require all granted
Require all denied

So, actually, Django documentation should be updated by replacing 'Allow from all' with 'Require all granted', and maybe noting that if using Apache versions older than 2.4, you'd use 'Allow from all'.

comment:6 Changed 4 years ago by Aymeric Augustin

Summary: need <Files> ...Require all granted</Files>mod_wsgi docs need <Files> ...Require all granted</Files>

comment:7 Changed 4 years ago by Claude Paroz

Triage Stage: UnreviewedAccepted

comment:8 Changed 3 years ago by Claude Paroz

#20322 was a duplicate.

comment:9 Changed 3 years ago by Tim Graham <timograham@…>

Resolution: fixed
Status: newclosed

In 7314007c5bf57b9184c0bd6a8246582dd2cb8179:

Fixed #19319 -- Updated example httpd.conf for Apache 2.4

Thanks colinnkeenan@ for the report.

comment:10 Changed 3 years ago by Tim Graham <timograham@…>

In 843802ec269d5c3676a7d3a021539008f8f5233d:

[1.5.x] Fixed #19319 -- Updated example httpd.conf for Apache 2.4

Thanks colinnkeenan@ for the report.

Backport of 7314007c5b from master

Note: See TracTickets for help on using tickets.
Back to Top