[mod_python] Good example site with py, psp, and structure

Eric Brunson brunson at brunson.com
Wed Sep 20 13:24:40 EDT 2006

durumdara wrote:
> Hi !


> I want to understand the modpy technics, to I create good structure 
> for my new modpy site. An example needed.

I'm by no means an expert, but I think I can address a couple of your 
questions, I'm sure someone will correct me if I steer you wrong.

> I used PHP, Zope, CGI before this project.
I've used PHP and CGI, but never Zope, so I won't be able to make any 
comparisons to Zope.
> If I understand it good, I can specify one handler script for one 
> directory.
> Anywhere, where I specify a handler, the handler script working for 
> all .py (both for existing and not existing).

Not precisely (and someone please help out if I express this 
incorrectly).  You can add a handler for dealing with .py files in which 
case .py files will be handled by that handler, or you can set a handler 
for URLs, which will perform a sort of module resolution algorithm on 
the URL.  In the first case, which I'm least familiar with, if you 
associate a handler with a .py file, referencing a file that doesn't 
exist will give you a 404 error.

In the second case apache passes the URL to a python handler, like the 
supplied publisher handler, which is advertised to be modeled after 
Zope's publisher, but I don't know anything about that.  Say I have a 
directory called ip_management (which I do) and you access that 
directory via the URL "http://yourserver/ip_management", and in there 
you have a .htaccess file containing:

SetHandler python-program
PythonHandler mod_python.publisher

You have set the handler for that directory to be the 
mod_python.publisher handler, even if a file "example.html" exists in 
that directory, apache will not server the contents of that file when 
the URL "http://yourserver/ip_management/example.html" is requested.  It 
passes the URL to the specified handler and that python code decides 
what to do with it.  If your python code decides to look for a file with 
that name and serve the contents, then great, but it doesn't have to.

The mod_python.publisher will break the URL up and try to find a python 
module that will satisfy its own rules.  In a simple sense, it takes the 
part of the URL after the directory specification and tries to find a 
module that contains a function of the same name.  So 
"http://yourserver/ip_management/something/otherthing" will result in 
the publisher looking for a module called "something" with a function 
called "otherthing" inside it, then will execute the function 
"otherthing".  If at any point it doesn't find a file or directory with 
the module name it will look through a file called "index.py" for the 
function name.  If it finds a module that matches the fill path, i.e. 
"something.otherthing" then it will try to execute a function called 

You can write your own handler that will simply be passed the apache 
request object and you can do whatever  your heart desires with it.

> So if I need a centralized web application, I need to import a shared 
> module that helps me to start and finish to handle the process 
> (example:  pre - collect the important informations, make global 
> variables, open the db connections, open the session datas; post - 
> save the session if need, close the db connection, drop the content if 
> we have redirection, etc.). I thinking good ?

Sure, you can do whatever your heart desires in your handler.

> 1.)
> But I need to protect some area in the htdocs (restricted area). How 
> to I force it ? (auth module ?). I need to define to every dir I used 
> (httpd.conf) ?

There's an example of writing an auth handler in the documentation.  The 
publisher handler makes it super simple, simply defining a __auth__ 
object in the module, either a list, dict or function, you can 
authenticate a user using Basic HTTP Auth mechanism.  You can also 
define an __auth__ method within your method.  There is also a separate 
__access__ object that can restrict authenticated users do certain 

I personally let Apache do the authorization, then use __access__ to 
restrict access.  Your milage may vary.

> 2.)
> In Zope the header/footer objects used for handle the pre/post 
> actions, and the zpts/scripts used for make the content of the page.
> Is better to I use psp-s that call pre/post scripts, or is better if I 
> use py scripts, and they are get psp-s I need ?

I'm not qualified to judge your architecture.  I don't use PSP, I found 
it a bit cumbersome, I do all my processing in the handler, build my own 
sort of "mini DOM" objects that can render themselves.  Your way should 
work, whether there's a better design is a matter of taste.

> 3.)
> How to avoid to user type any .py to browser's address textbox, and 
> get same result that handler present ?
> Example: I use main.py for handle requests. The address is: 
> www.foo.hu/main.py.
> The user can type www.foo.hu/sux.py, and get same result !

It's up to the handler.  Using Apache's "AddHandler somehandler .py" to 
add a handler for python scripts will not serve a non-existent file, you 
will get a 404.  The publisher handler will not server content to a URL 
you have not defined in your code, you will get a 404.  If you write 
your own handler you can do whatever your heart desires.

> 4.)
> How to prevent the .py extension showing in the browser ?
> To I see (can type):
> www.foo.hu/
> or
> www.foo.hu/index
> not
> www.foo.hu/index.py.
> I want to protect my site - if anyone see it, he/she don't know, what 
> engine I used.

Please see the answer to #3.

> Thanks for your answers:
> dd

I'm still learning the intricacies of mod_python myself, but everything 
I've told you is very well documented.  Try reading through the docs, I 
had to go through them a few times before the puzzle pieces started 
falling into place.  It helps to have a passing understanding of the 
Apache API and the Apache request objects.

Hope that helped,

More information about the Mod_python mailing list