[mod_python] Protecting folders question

Olaf Stein steino at ccri.net
Sun Apr 15 15:30:59 EDT 2007

Hi all,

I am relatively new to mod_python and tried to find some online docs in this
topic, have not been very successful though.

Here is the scenario:

I have an app residing with htdocs/apps
Http.conf entries

<Directory /usr/local/apache/htdocs/apps/>
     SetHandler mod_python
     PythonHandler mod_python.publisher
     PythonDebug On


My html templates are sitting outside apps in /usr/local/apache/htdocs/tmpl
and I read those from there.

I also have a folder /usr/local/apache/htdocs/files where I copy files
uploaded by the users.

Now, obviously both these directories are viewable with a browser with no
restrictions (assuming one knows the entire path to a file, including the
file name).

I do not want anybody to have access those files without going through the

I protected the directories with htaccess.
Now I have the problem that the browser wants a username and password when
the app loads the templates.

The questions are then:
- Does this setup make sense at all or should I place those folders and
files somewhere else (e.g within the app handler folder).

- If this makes sense, how can I access the files from within the app
without having to enter credentials (basically going around the
authentication process)

Thanks in advance


More information about the Mod_python mailing list