Django with mod_wsgi returns 403 error
Asked Answered
S

3

3

I am trying to use Django with Apache (and mod_wsgi). With the default Django webserver everything was going well, but now I get 403 (access forbidden) error when trying to load the page. I searched previous posts here and read official docs but the solutions there weren't helpful.

Here are the lines from my httpd.conf:

WSGIScriptAlias / /home/karlis/django/apache/django.wsgi

<Directory /home/karlis/django/apache>
Order allow,deny
Allow from all
</Directory>

Alias /media/ /home/karlis/django/media

<Directory /home/karlis/django/media>
Order deny,allow
Allow from all
</Directory>

Permissions are set to 770 and there is sticky bit set to all folders under /home/karlis/django. I have django 1.2.3, mod_wsgi 3.2, apache 2.2.15 and I run Arch Linux.

What I am doing wrong here?

Thanks in advance! -skazhy

Stoneblind answered 20/9, 2010 at 7:13 Comment(0)
P
1

Apache runs as a special user, it will not be able to read stuff with permissions of 770.

Watch the talk at:

http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Conference_Presentations

which explains things about permissions.

The key for working out the problem is what error message appears in your Apache error log. You do not even state what error messages you get in the log file. The talk linked to shows what those error messages might be and what they mean.

Phylissphyll answered 20/9, 2010 at 7:27 Comment(0)
B
1

There is one other gotcha:

Check your httpd.conf file for the following configuration:

<IfModule mime_module>
      AddHandler cgi-script .cgi .pl .py
</IfModule>

This will cause the error.

.py MUST NOT be configured as a CGI script

Bestiary answered 23/1, 2014 at 17:6 Comment(0)
A
0

Try this instead your directories statements:

<Location />
    Order Allow,Deny
    Allow from all
</Location>
Angary answered 20/9, 2010 at 7:45 Comment(1)
Do not do that, it is dangerous. If you do that, then if a URL mapping is stuffed up and points to parts of file system containing containing sensitive information, it will be readily downloadable. As a general rule, NEVER use Allow with Location. Instead, always pair it with Directory so you are specifically only allowing access to certain parts of file system known not to contain sensitive stuff.Phylissphyll

© 2022 - 2024 — McMap. All rights reserved.