My VHOST currently looks like:
<VirtualHost *:80>
DocumentRoot /data/sites/example_deploy
ServerName deploy.example.co.uk
<Directory "/data/sites/example_deploy">
Options +SymLinksIfOwnerMatch
AllowOverride All
Order allow,deny
Allow from all
AuthUserFile /data/confs/svn/htpasswd
AuthName "Example deployment example testing"
AuthType Basic
Require valid-user
</Directory>
</VirtualHost>
We have a URL /api that takes different parameters. Examples are:
/api/testing-bot-response/1234842823
/api/sql-deploy-response/stage/172bUd7s
What we are trying to achieve is that /api/* would not require a valid user and the HTaccess is satisfied before the request is made. The URL may be made up of more than 2 parameters.
I've researched the subject and have worked out that I need to use LocationMatch and pass the Satisfy parameter, however I am not sure how the regular expression should be formed.
I've resolved this issue. The trick is to use LocationMatch. Look at the below code:
$<LocationMatch "/api/*">
order allow,deny
allow from all
Satisfy any
</LocationMatch>
Related
I'm trying to match a URL with multiple params and use reverse proxy to load some other content, for some reason the Location Tag isn't working.
Following is my httpd.conf file
<Location "/tracker/">
ProxyPass "http://website.com:8290/track.js"
ProxyPassReverse "http://website.com:8290/track.js"
Order allow,deny
Allow from all
</Location>
<Location "/tracker/csc-event?p=([^\s]+)&s=([^\s]+)&v=([^\s]+)&e=([^\s]+)&c=([^\s]+)&n=([^\s]+)&f=([^\s]+)&l=([^\s]+)&i=([^\s]+)&j=([^\s]+)&k=([^\s]+)&w=([^\s]+)&h=([^\s]+)&t=([^\s]+)&x=([^\s]+)">
ProxyPass "http://website.com:8290/csc-event?p=([^\s]+)&s=([^\s]+)&v=([^\s]+)&e=([^\s]+)&c=([^\s]+)&n=([^\s]+)&f=([^\s]+)&l=([^\s]+)&i=([^\s]+)&j=([^\s]+)&k=([^\s]+)&w=([^\s]+)&h=([^\s]+)&t=([^\s]+)&x=([^\s]+)"
ProxyPassReverse "http://website.com:8290/csc-event?p=([^\s]+)&s=([^\s]+)&v=([^\s]+)&e=([^\s]+)&c=([^\s]+)&n=([^\s]+)&f=([^\s]+)&l=([^\s]+)&i=([^\s]+)&j=([^\s]+)&k=([^\s]+)&w=([^\s]+)&h=([^\s]+)&t=([^\s]+)&x=([^\s]+)"
Order allow,deny
Allow from all
</Location>
When I hit: https://website.com/tracker it works fine
But not with the other location, for eg If I hit:
https://website.com/tracker/csc-event?p=0%3Ajodv6q8w%3AdO9XGf6T4SCq7kz49hEEUwNvmkqR8Wxw&s=0%3Ajodv6q8w%3AHgkFFmKSZqdBB6E2C~F8xBKTHv8CGwbl&v=0%3AJ1gADq10d3pj1JL1lh4Dd7ZlLxQyl2~_&e=0%3AJ1gADq10d3pj1JL1lh4Dd7ZlLxQyl2~_0&c=jodvqubo&n=f&f=f&l=https%3A%2F%2Fwebsite.com%2F&i=11y&j=k8&k=1&w=mj&h=i9&t=pageView&x=-e1v043
It shows page not found error. What am I doing wrong? Is there some problem with regex or some other config problem?
If you want to use regex in a location directive you should add a tilde (~), but even then Location does not match the query string. Add /tracker/csc-event as a Location and check the query string inside that directive.
Also, proxypass preverses the query string, no need to add it.
This question already has an answer here:
why wamp server put online/ offline option is missing?
(1 answer)
Closed 6 years ago.
Whatever i do, cant acces local wamp through public ip adress.
I get following error message.
Forbidden
You don't have permission to access / on this server.
Apache/2.4.23 (Win64) PHP/5.6.25 Server at (my public ip) Port 80
Below i have pasted the part of httpd.cong that should regulate this.
Basically everything seems to be fine.
Wampserver is put online using its own menu item.
I have tried inserting below code into directory settings, does not help.
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
What am i missing ?
Thank you.
DocumentRoot "${INSTALL_DIR}/www"
<Directory "${INSTALL_DIR}/www/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options +Indexes +FollowSymLinks +Multiviews
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride all
#
# Controls who can get stuff from this server.
#
# onlineoffline tag - don't remove
Require all granted
</Directory>
#RiggsFolly- if you have read my question, you woul dknow it is nowhere near to the one you have marked it being duplicate with.
I was not asking why the menu item is not visible...
Seems if you have an already made virtual host file, the put online menu item does not issue the necessary changes to it.
In the vhosts file Changing Require local to Require all granted fixed the issue.
Strange....
# Virtual Hosts
#
<VirtualHost *:80>
ServerName localhost
DocumentRoot F:/wamp64/www
<Directory "F:/wamp64/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
#
I am trying to map a URL based on the filename it has to a fileshare directory.
Here is the URL that i am using
http://x.x.x.x/606547/abc.xyz.aaa/MOVIE/some.video.file-xxxxxxxx.nff?c=564378
(Where .nff is file extension).
And here is the ALiasMatch settings i have configured in default sites config file.
The apache2 is running on ubuntu.
AliasMatch ^/[.?]/(*.nff)$ /srv/samba/Assets/$1
<Directory "/srv/samba/Assets">
Options Indexes MultiViews FollowSymLinks
AllowOverride All
#Order deny,allow
#Deny from all
#Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
I am getting forbidden error when i runt hat URL in browser. I file directory/file permissions are correct.
Can you anyone please suggest is this problem with regex or problem with configuration ?
Your expression is incorrect, using a preceding * before the dot . will not be recognized.
Try using the following:
AliasMatch /([^/]*\.nff).*$ /srv/samba/Assets/$1
Can you try this regex instead:
AliasMatch /([^./]+\.nff)$ /srv/samba/Assets/$1
I'm deploying a Django 1.5 with two sites, each one is independent from the other one (each one has its own database), but these two sites are subdomains: one is new.mydomain.com and the other dev.mydomain.com. I'm using Apache with mod_wsgi.
The problem is: I'm Authenticating against Django’s user database from Apache correctly, but when I try to use Django groups with the Apache authentication I get the following situation:
I can login to one of the subdomains e.g. new without problems, but if I try to login to the other one (dev) I can't. Apache says that the user isn't in the allowed groups. Then if I restart Apache and try to login to dev (which was impossible before) then there is no problem here, but now it's impossible to login with the other subdomain new!
To sum up: I can't login to the two sudomains at the same time, no matter which (allowed) users I use.
The virtualhost for new subdomain is (the other one looks like this one changing paths):
<VirtualHost *:80>
ServerName new.mydomain.com
ServerAlias www.new.mydomain.com
ServerAdmin caumons#gmail.com
Alias /robots.txt /var/www/sites/master/EurekaStart.git/EurekaStart/robots.txt
Alias /favicon.ico /var/www/sites/master/EurekaStart.git/EurekaStart/static_collected/img/favicon.ico
Alias /static/ /var/www/sites/master/EurekaStart.git/EurekaStart/static_collected/
<Directory /var/www/sites/master/EurekaStart.git/EurekaStart/static_collected>
Order deny,allow
Allow from all
</Directory>
Alias /media/ /var/www/sites/master/EurekaStart.git/EurekaStart/media/
<Directory /var/www/sites/master/EurekaStart.git/EurekaStart/media>
Order deny,allow
Allow from all
</Directory>
WSGIDaemonProcess eureka-startups.com python-path=/var/www/sites/master/EurekaStart.git:/var/www/sites/master/EurekaStart.git/env/lib/python2.7/site-packages
WSGIProcessGroup eureka-startups.com
WSGIScriptAlias / /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py
<Directory /var/www/sites/master/EurekaStart.git/EurekaStart>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
<Location "/">
AuthType Basic
AuthName "Enter your guest user & password"
Require group guest
Require valid-user
AuthBasicProvider wsgi
WSGIAuthUserScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py
WSGIAuthGroupScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py
</Location>
ErrorLog /var/www/sites/master/EurekaStart.git/logs/apache/error.log
TransferLog /var/www/sites/master/EurekaStart.git/logs/apache/access.log
</VirtualHost>
The wsgi.py file for new subdomain looks like (the wsgi file for dev is exactly like this one):
import os
import sys
from django.core.handlers.wsgi import WSGIHandler
# We need to add the site's root path to sys.path when using Django Authentication for WSGI
SITE_PKG_PATH = os.path.abspath(os.path.dirname(__file__))
SITE_ROOT_PATH = os.path.abspath(os.path.join(SITE_PKG_PATH, '..'))
sys.path.append(SITE_ROOT_PATH)
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "EurekaStart.settings")
# This import MUST be done after setting `DJANGO_SETTINGS_MODULE`
import django.contrib.auth.handlers.modwsgi as modwsgi
def check_password(environ, user, password):
return modwsgi.check_password(environ, user, password)
def groups_for_user(environ, user):
return modwsgi.groups_for_user(environ, user)
application = WSGIHandler()
UPDATE 1:
Many thanks to#GrahamDumpleton :)
I've updated the apache config files and the way I was setting DJANGO_SETTINGS_MODULE. Now, the configuration regarding WSGI for Apache looks like:
In new site:
WSGIDaemonProcess eureka-startups.com python-path=/var/www/sites/master/EurekaStart.git:/var/www/sites/master/EurekaStart.git/env/lib/python2.7/site-packages
WSGIProcessGroup eureka-startups.com
<Location "/">
AuthType Basic
AuthName "Enter your guest user & password"
AuthBasicProvider wsgi
Require group guest
Require valid-user
WSGIAuthUserScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py application-group=eureka-startups.com
WSGIAuthGroupScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py application-group=eureka-startups.com
</Location>
In dev site:
WSGIDaemonProcess dev.eureka-startups.com python-path=/var/www/sites/dev/EurekaStart-dev.git:/var/www/sites/dev/EurekaStart-dev.git/env/lib/python2.7/site-packages
WSGIProcessGroup dev.eureka-startups.com
<Location "/">
AuthType Basic
AuthName "Eureka-Startups staff members only"
AuthBasicProvider wsgi
Require group dev
Require valid-user
WSGIAuthUserScript /var/www/sites/dev/EurekaStart-dev.git/EurekaStart/wsgi.py application-group=dev.eureka-startups.com
WSGIAuthGroupScript /var/www/sites/dev/EurekaStart-dev.git/EurekaStart/wsgi.py application-group=dev.eureka-startups.com
</Location>
How are you setting SESSION_COOKIE_DOMAIN?
https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-domain
and SESSION_COOKIE_NAME?
https://docs.djangoproject.com/en/dev/ref/settings/#session-cookie-name
Are they the same for both sites? The one for the domain should at least refer to the sub domain and not the main domain.
UPDATE 1
Instead of:
WSGIAuthUserScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py
WSGIAuthGroupScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py
use:
WSGIAuthUserScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py application-group=new.mydomain.com
WSGIAuthGroupScript /var/www/sites/master/EurekaStart.git/EurekaStart/wsgi.py application-group=new.mydomain.com
The Python code run by WSGIAuthUserScript and WSGIAuthGroupScript always runs in the Apache child worker processes, never in daemon mode process where the main web application is.
More of a problem in your case is that by default the code runs in the main interpreter (application group) context. Because you have two sites, the code will not be separated.
By using application-group option on those directives, you can force the code for each separate site to run in different sub interpreters of the process they run in. Use a different value for application-group for the other site.
You also cannot use:
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "EurekaStart.settings")
you must use:
os.environ["DJANGO_SETTINGS_MODULE"] = "EurekaStart.settings"
Using dict.setdefault() causes problems when used by more than one site in the same process, even though in different sub interpreters. For more details see:
http://blog.dscpl.com.au/2012/10/requests-running-in-wrong-django.html
I have a Django application with the following directory structure
/myapp/
/login/
/myapp_settings/
/subapp1/
/supapp2/
manage.py is in the myapp directory.
In the project's url.py I have URL settings like this:
urlpatterns = patterns('',
url(r'^subapp1/', include('subapp1.urls')),
url(r'^xhr/', include('subapp1.urls')),
url(r'^admin/', include(admin.site.urls)),
url(r'^subapp2/', include('smart_selects.urls')),
# Login / logout.
url(r'^login/$', 'django.contrib.auth.views.login'),
url(r'^logout/$', 'django.contrib.auth.views.logout', {'next_page': '/subapp1/'}, name='auth_logout'),
url(r'^logout/(?P<next_page>.*)/$', 'django.contrib.auth.views.logout', name='auth_logout_next'),
)
When deployed on the development runserver, everything links and loads correctly. When I deploy the entire myapp directory to the Django root on Apache, I find it's not linking as expected.
For example, if I link to example.com/login/, I get an Apache 404. I think it's because I don't have a virtual directory configuration defined for that specific directory.
I have the following set up in Apache for my application:
WSGIScriptAlias /myapp /var/www/django-projects/myapp/myapp_settings/wsgi.py
WSGIPythonPath /var/www/django-projects/myapp
Alias /media/ /var/www/django-projects/myapp/media/
Alias /static/ /var/www/django-projects/myapp/static/
<Directory /var/www/django-projects/myapp/static>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/django-projects/myapp/media>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/django-projects/myapp/myapp_settings/>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
Do I need an Alias and a Directory configuration for each URL pattern I use? If so, how can I redo my URL patterns so that I don't need to do this. I don't want to have to do all of this extra Apache configuration when I deploy the application.
EDIT: I modified my WSGIScriptAlias as suggest by Reinbach. It now reads WSGIScriptAlias / /var/www/django-projects/myapp/myapp_settings/wsgi.py. However, this still returns a 404. The error in the Apache log says
[Fri Sep 07 09:11:00 2012] [error] [client 192.189.x.x] File does not exist: /var/www/html/login
Notice that it's looking in /var/www/html (Default Apache root) instead of /var/www/django-projects
EDIT2: I'm attaching the VirtualHost block for this section
WSGIPythonPath /var/www/django-projects/myapp
<VirtualHost sub.example.com:80>
DocumentRoot /var/www/django-projects/myapp
ServerName sub.example.com
WSGIScriptAlias / /var/www/django-projects/myapp/myapp_settings/wsgi.py
Alias /robots.txt /var/www/django-projects/myapp/static/robots.txt
Alias /favicon.ico /var/www/django-projects/myapp/static/favicon.ico
AliasMatch ^/([^/]*\.css) /var/www/django-projects/myapp/static/css/$1
AliasMatch ^/([^/]*\.js) /var/www/django-projects/myapp/static/js/$1
AliasMatch ^/([^/]*\.png) /var/www/django-projects/myapp/static/images/$1
AliasMatch ^/([^/]*\.swf) /var/www/django-projects/myapp/static/swf/$1
Alias /media/ /var/www/django-projects/myapp/media/
Alias /static/ /var/www/django-projects/myapp/static/
<Directory /var/www/django-projects/myapp/static>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/django-projects/myapp/media>
Order deny,allow
Allow from all
</Directory>
<Directory /var/www/django-projects/myapp/myapp_settings/>
<Files wsgi.py>
Order deny,allow
Allow from all
</Files>
</Directory>
</VirtualHost>
I believe you want to change your WSGIScriptAlias as you currently have it expecting to handle example.com/myapp/login while your sample is showing you trying to use example.com/login
WSGIScriptAlias / /var/www/django-projects/myapp/myapp_settings/wsgi.py
See How to use Django with Apache and mod_wsgi
LONG STORY SHORT
Allow and Deny are deprecated since Apache 2.4.x, use Require all granted (or denied) instead.
THE LONG STORY
I'm encountering the same problem while trying to set up Django with Apache and mod_wsgi. I'm not entirely sure why this happens but when I comment out the following lines in the httpd.conf
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
#<Directory />
# AllowOverride none
# Require all denied
#</Directory>
everything works alright.
I'm not sure if this is the right and secure way to solve the problem, but I hope it might help.
P.S. I think this shouldn't cause much security troubles since root directory is aliased anyways:WSGIScriptAlias / /var/www/django-projects/myapp/myapp_settings/wsgi.py, but I may be worng.
P.P.S. Looks like the better solution would be to leave those lines uncommented, but change Order and Allow directives in favor of Require all granted. For example:
<Directory /var/www/django-projects/myapp/myapp_settings/>
<Files wsgi.py>
Require all granted
#Order deny,allow
#Allow from all
</Files>
</Directory>
However this is only a trial and error solution I could come up. I got no deep understanding why it works but Order and Allow doesn't.
P.P.P.S Oh, now I know what. Allow and Deny are deprecated since Apache 2.4.x. Good answer can be found here.