tags:

views:

72

answers:

2
+1  Q: 

Django with mod_wsgi returns 403 error

Hi!

I am trying to use Django with Apache (and mod_wsgi). With the default Django webserver everything was going well, but now I get 403 (access forbidden) error when trying to load the page. I searched previous posts here and read official docs but the solutions there weren't helpful.

Here are the lines from my httpd.conf:

WSGIScriptAlias / /home/karlis/django/apache/django.wsgi

<Directory /home/karlis/django/apache>
Order allow,deny
Allow from all
</Directory>

Alias /media/ /home/karlis/django/media

<Directory /home/karlis/django/media>
Order deny,allow
Allow from all
</Directory>

Permissions are set to 770 and there is sticky bit set to all folders under /home/karlis/django. I have django 1.2.3, mod_wsgi 3.2, apache 2.2.15 and I run Arch Linux.

What I am doing wrong here?

Thanks in advance! -skazhy

+2  A: 

Apache runs as a special user, it will not be able to read stuff with permissions of 770.

Watch the talk at:

http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Conference_Presentations

which explains things about permissions.

The key for working out the problem is what error message appears in your Apache error log. You do not even state what error messages you get in the log file. The talk linked to shows what those error messages might be and what they mean.

Graham Dumpleton  2010-09-20 07:27:50
A: 

Try this instead your directories statements:

<Location />
    Order Allow,Deny
    Allow from all
</Location>
Trunet  2010-09-20 07:45:35
I still get 403 error with this.
skazhy  2010-09-20 07:48:56
Do not do that, it is dangerous. If you do that, then if a URL mapping is stuffed up and points to parts of file system containing containing sensitive information, it will be readily downloadable. As a general rule, NEVER use Allow with Location. Instead, always pair it with Directory so you are specifically only allowing access to certain parts of file system known not to contain sensitive stuff.
Graham Dumpleton  2010-09-20 07:49:17

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django