On 31 December 2010 08:49, ProgVal <[email protected]> wrote:
> Android handles line ends bad, so I send you a direct link to a file
> containing the config :
> https://github.com/HardwareWiki/HardwareWiki/raw/master/README
> Note that putting the websites in /home/apache is not my decision, but the
> system admin's one.
The bits I take issue with are:
<Location '/static'>
SetHandler None
</Location>
When using mod_wsgi at least, there is no reason for using SetHandler
to override handler used back to be None. The reason you have to in
your case is because you have used 'SetHandler wsgi-script'. That
shouldn't be done as a general rule. It is preferable to more specific
and use:
AddHandler wsgi-script .py
<Location />
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} !^/index.py
RewriteCond %{REQUEST_URI} !^/static/
RewriteRule ^(.*)$ index.py/$1 [PT]
Options Indexes MultiViews FollowSymLinks ExecCGI
SetHandler wsgi-script
Order allow,deny
Allow from all
</Location>
It is bad security practice to put:
Order allow,deny
Allow from all
inside of a Location block, especially for '/'.
Reason being that doing it this way gives permission to Apache to
serve up files from anywhere in the file system. Thus is somehow alias
got set up to refer to root of file system, anything, including stuff
in /etc could be downloaded.
You should really remove those lines from Location block and rely on
those in the Directory block for
'/home/apache/http/progval/HardwareWiki'. By restricting in to a
specific directory on the file system is much more secure.
You also have FollowSymLinks option. Unless you really need that you
shouldn't use it.
The SetHandler (now AddHandler), should also be in the directory block.
With a few other changes, would instead suggest something like:
DocumentRoot /home/apache/http/progval/HardwareWiki
<Directory "/home/apache/http/progval/HardwareWiki">
Options Indexes MultiViews FollowSymLinks ExecCGI
Order allow,deny
Allow from all
AddHandler wsgi-script .py
<Files "index.py">
Options Includes
SetOutputFilter INCLUDES
AcceptPathInfo On
</Files>
</Directory>
<Location />
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} !^/index.py
RewriteCond %{REQUEST_URI} !^/static/
RewriteRule ^(.*)$ index.py/$1 [PT]
</Location>
I have left the rewrite rules in Location block for now, but only
because can't be bother working out equivalent when it also is pushed
into the Directory block as well.
In short, it is always a bad idea to use a Location block for '/'.
You should also have a read of:
http://code.google.com/p/modwsgi/wiki/ConfigurationGuidelines#The_Apache_Alias_Directive
as I think that section likely gives you want you are needing. The
rewrite rules are simpler and also documents the fixup for SCRIPT_NAME
forced to be root of site.
Graham
> Le 30 déc. 2010 22:42, "Graham Dumpleton" <[email protected]> a
> écrit :
>> Post your current configuration so I can still point out the other
>> things potentially wrong with it. Unless that is you don't want to
>> know.
>>
>> Graham
>>
>> On 31 December 2010 08:33, ProgVal <[email protected]> wrote:
>>> Problem solved on IRC, including bad things in the config.
>>> Thanks for your help and you time.
>>>
>>> Le 30 déc. 2010 22:31, "Graham Dumpleton" <[email protected]> a
>>> écrit :
>>>
>>>>
>>>> Post the exact error messages you get in the Apache error log file for
>>>> the request.
>>>>
>>>> My talk and slides at:
>>>>
>>>>
>>>>
>>>> http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Conference_Presentations
>>>>
>>>> covers a couple of the reasons you might get Forbidden.
>>>>
>>>> BTW your configuration has a couple of other things done in a poor
>>>> way, but I'll comment on that later when have time.
>>>>
>>>> Graham
>>>>
>>>> On 31 December 2010 01:36, ProgVal <[email protected]> wrote:
>>>> > Hi,
>>>> >
>>>> > I have a problem with mod_wsgi: I have the same config at home and on
>>>> > the server, but it works at home (Debian), and not on the server
>>>> > (Gentoo): Apache returns a "Forbidden" error.
>>>> > the virtualhost: http://paste.pocoo.org/show/JM5fGuX5gh8Ezz30T2q6/
>>>> > the .htaccess: http://paste.pocoo.org/show/y1ewc2jlzOL3X0OEYK7n/
>>>> > mod_rewrite and mod_wsgi are both loaded
>>>> >
>>>> > Thank you in advance,
>>>> > ProgVal
>>>> >
>>>> > --
>>>> > You received this message because you are subscribed to the Google
>>>> > Groups "modwsgi" group.
>>>> > To post to this group, send email to [email protected].
>>>> > To unsubscribe from this group, send email to
>>>> > [email protected].
>>>> > For more options, visit this group at
>>>> > http://groups.google.com/group/modwsgi?hl=en.
>>>> >
>>>> >
>>>>
>>>> --
>>>> You received this message because you are subscribed to the Google
>>>> Groups
>>>> "modwsgi" group.
>>>> To post to this group, send email to [email protected].
>>>> To unsubscribe from this group, send email to
>>>> [email protected].
>>>> For more options, visit this group at
>>>> http://groups.google.com/group/modwsgi?hl=en.
>>>>
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "modwsgi" group.
>>> To post to this group, send email to [email protected].
>>> To unsubscribe from this group, send email to
>>> [email protected].
>>> For more options, visit this group at
>>> http://groups.google.com/group/modwsgi?hl=en.
>>>
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "modwsgi" group.
>> To post to this group, send email to [email protected].
>> To unsubscribe from this group, send email to
>> [email protected].
>> For more options, visit this group at
>> http://groups.google.com/group/modwsgi?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/modwsgi?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
