[mod_python] Question.

Jorey Bump list at joreybump.com
Mon Jun 7 10:29:38 EDT 2004

Patrick Percot wrote:

> On Sun, 06 Jun 2004 23:30:24 -0500, Jon-Pierre Gentil <jgentil at sebistar.net> wrote
>>My program imports other modules.  I wish to place these modules outside
>>of the area that Apache can "serve" them, so that a malicious or curious
>>user cannot enter, for example,  www.foo.com/modulecode.py and either
>>view or execute the module.  Is there a way to move these below my
>>documentroot and have mod_apache still import them? 
> You can add this in your httpd.conf
> 	<Files *>
> 		PythonPath "sys.path + ['/path/to/my/hidden/modules']"
> 	</Files>
> And store your code in this path (/path/to/my/hidden/modules). 
> You can also add a .htaccess  file in all the directories you don't want
> Apache to display the content. Put these lines in .htaccess :
> Order Allow,Deny
> Deny from All

In some circumstances, it may be appropriate to simply put your modules 
where other third party modules are placed. This is typically 
/usr/lib/pythonX.X/site-packages/. Then it's already in your path and 
available for import. Name your packages carefully to avoid conflicts. 
Naturally, you need admin privileges to do this.

More information about the Mod_python mailing list