views:

830

answers:

1

hi,

i'm fairly new to django and just trying a couple simple experiments to get my feet wet. i'm running django 1.0, apache2 prefork and mod_wsgi. I'm trying to build a site with the following url structure

/
/members
/admin

the root is basically a public area.
the members path should be protected using basic-authentication (probably authenticated by apache)
the admin path should be protected using the built in django authentication.

following the examples in documentation i can basically protect the entire site with basic authentication, but that's not what i want.

except from virtual host config:

WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user

# Order allow,deny
# Allow from all
</Directory>

Can anyone help point me in the right direction (or flat out tell me =P) on how to make this possible?

thanks


edit: after playing around a little i discovered i can do something like:

WSGIScriptAlias / /django/rc/apache/django.wsgi
<Directory /django/rc/apache>
Order allow,deny
Allow from all
</Directory>

WSGIScriptAlias /members /django/rc/apache_httpauth/django.wsgi
<Directory /django/rc/apache_httpauth>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user

</Directory>

The django.wsgi file is basically the same file copied into another directory so that the WSGIScriptAlias is different. It's hack-ish but it works..

Is there a better way to do what i'd like?
Are there any downsides to doing it like this?

thanks

+2  A: 

Change:

<Directory /django/rc/apache_httpauth>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
</Directory>

to:

<Location /members>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/django/_HTPASSWD/.htpasswd"
Require valid-user
</Location>

I don't believe you should need:

WSGIScriptAlias /members /django/rc/apache_httpauth/django.wsgi
Graham Dumpleton
the entire site is done in django, not jsut the admin section.if i take out the WSGIScriptAlias, how does apache know how run the django site?i.e. /members is a web path that is defined in urls.py. it doesn't physically exist on the file system.btw i remember reading stuff on your blog for reference on django stuff in the past. just wanted to say thx.
w-
You still keep the first WSGIScriptAlias for mounting application at root of site, just get rid of the sub URL. I am presuming here that they ultimately address the same application. The Location directive is just apply the restriction to that subset of URLs for main application.
Graham Dumpleton
ahh i didn't notice that you specified the "Location" directive instead of the "Directory" directive. I'll try that tomorrow. thanks!
w-
I believe you mistyped "Directory" closing bracket, it should be </Location>
Mohamed Mansour
Fixed byt changing to Location for closing.
Graham Dumpleton