Opened 12 years ago

Closed 12 years ago

Last modified 12 years ago

#19319 closed Bug (fixed)

mod_wsgi docs need <Files wsgi.py> ...Require all granted</Files>

Reported by: colinnkeenan@… Owned by: nobody
Component: Documentation Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Using Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 and Django 6.1 alpha (trunk)

After completing the polls tutorial, I got it running in apache/mod_wsgi, but I had to add an additional line not mentioned in Django documentation to httpd.conf: Require all granted. This also doesn't seem to be mentioned in the mod_wsgi documentation. I found it by trial and error and by looking through how access was granted to other directories in the automatically generated httpd.conf.

This is what the end of my httpd.conf looks like now:

WSGIScriptAlias / /home/colin/mysite/mysite/wsgi.py
WSGIPythonPath /home/colin/mysite

<Directory /home/colin/mysite/mysite>
<Files wsgi.py>
  Order deny,allow
  Allow from all
  Require all granted
</Files>
</Directory>

Everything is as it's should be from Django documentation except I added 'Require all granted'. Here's the error that was logged by apache without that extra line:

[Sun Nov 18 12:42:41.330234 2012] [mpm_event:notice] [pid 5577:tid 140551381825280] AH00489: Apache/2.4.3 (Unix) mod_wsgi/4.0-TRUNK Python/3.2.3 configured -- resuming normal operations
[Sun Nov 18 12:42:41.330825 2012] [core:notice] [pid 5577:tid 140551381825280] AH00094: Command line: '/usr/local/apache2/bin/httpd'
[Sun Nov 18 12:44:09.842374 2012] [authz_core:error] [pid 5582:tid 140551143790336] [client 127.0.0.1:48490] AH01630: client denied by server configuration: /home/colin/mysite/mysite/wsgi.py

In the web browser, it would say I didn't have access to /polls (don't remember the exact wording).

After adding 'Require all granted', /polls works the same as it did in the tutorial.

Change History (10)

comment:1 by Graham Dumpleton, 12 years ago

Are you using some sort of Apache authorisation provider to control access to the site?

As much as I can work out, 'Require all granted' is probably only needed with Apache 2.4 when using such an authorisation provider and not for the normal case.

If this is the case, extra steps to do when using an authorisation provider are probably outside of the scope of the Django documentation.

comment:2 by Graham Dumpleton, 12 years ago

Okay, more information.

You are likely encountering this because you have disabled mod_access_compat in Apache.

http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html

comment:3 by colinkeenan, 12 years ago

I think this is for the normal case and that the Django documentation needs to be updated.

I'm far too new to all of this to have disabled anything. I'm just going through the tutorials. The reason I'm using the latest dev/trunk versions of everything is that I saw that Django was about to support python 3 and being new also to python, I didn't see the point of doing everything with python 2 just to have to redo all my code a year from now (which might be how long it'll take me to get something useful done anyway).

So, anyway, as the link you provided says:

The directives provided by mod_access_compat<http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html>
have been deprecated by the new authz refactoring. Please see mod_authz_host<http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html>

And, if you go to the new mod_authz_host, it says to use Require as I ended up having to do. So, out of the box, without any reconfiguration on my part, I had to use Require. After reading the mod_authz_host page, I see that I could have just used Require local for my purposes. I think the Django documentation that I linked to in this ticket should be updated with information on mod_authz_host and Require since it will be necessary for any inexperienced person doing a new dev install of everything as I have done.

comment:4 by colinkeenan, 12 years ago

Just noticed I listed my version of Django as 6.1 Alpha. It's 1.6 Alpha, of course.

comment:5 by colinkeenan, 12 years ago

Now that you've pointed me to the Apache auth documentation, I also looked at http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html and found:

Require all
The all provider mimics the functionality the was previously provided by the 'Allow from all' and 'Deny from all' directives. This provider can take one of two arguments which are 'granted' or 'denied'. The following examples will grant or deny access to all requests.

Require all granted
Require all denied

So, actually, Django documentation should be updated by replacing 'Allow from all' with 'Require all granted', and maybe noting that if using Apache versions older than 2.4, you'd use 'Allow from all'.

comment:6 by Aymeric Augustin, 12 years ago

Summary: https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/ need <Files wsgi.py> ...Require all granted</Files>mod_wsgi docs need <Files wsgi.py> ...Require all granted</Files>

comment:7 by Claude Paroz, 12 years ago

Triage Stage: UnreviewedAccepted

comment:8 by Claude Paroz, 12 years ago

#20322 was a duplicate.

comment:9 by Tim Graham <timograham@…>, 12 years ago

Resolution: fixed
Status: newclosed

In 7314007c5bf57b9184c0bd6a8246582dd2cb8179:

Fixed #19319 -- Updated example httpd.conf for Apache 2.4

Thanks colinnkeenan@ for the report.

comment:10 by Tim Graham <timograham@…>, 12 years ago

In 843802ec269d5c3676a7d3a021539008f8f5233d:

[1.5.x] Fixed #19319 -- Updated example httpd.conf for Apache 2.4

Thanks colinnkeenan@ for the report.

Backport of 7314007c5b from master

Note: See TracTickets for help on using tickets.
Back to Top