|
marinus van aswegen
mvanaswegen at gmail.com
Fri Oct 6 03:01:32 EDT 2006
Hi All I think i've just entered the real of apache config black magic. Just a quick report back. The to provide the necessary context, I would like to call my app http://url/app/function other resources like html files and images are in the same directory. A call to the url should redirect to app/index 1. I tried using the AddHandler but this forced me to add the .py extension 2. I tried using the SetHandler to force all calls to the directory to mod_python, this meant that other non python files could not be served. 3. I then tried Grahams suggestion of excluding certain file types and forcing them to the default handler. This worked however I ended up with a situation where the I could not invoke my app or serve the index.html file if the user requested the directory. For some strange reason the DirectoryIndex directive was being ignored. I assume this has something to do with the Publish and sethandler mix. Another bad side effect was that the user would be able to request the app.py directly and get the code (no no!) 4. Time for some black magic, I used the file directive to black all calls to pyc and py files (this is not a good security practise, It's much better to deny and explicitly permit than the other way around) I then set the handler depending on the content(see below). I read the config from my ubuntu box where with an AddHandler I was able to get Apache to behave like I wanted to and I found that I had to directory blocks one in the Vhost config and one in the main config file, I suspect there was some strange command interpolation going on there. There must be a cleaner way of doing this? <VirtualHost *:443> DocumentRoot "/opt/www" ServerName www.test.co.za SSLEngine on SSLCertificateFile /opt/keys/server.crt SSLCertificateKeyFile /opt/keys/server.key </VirtualHost> <Directory "/opt/www> # extend the pathon path so our python modules can be loaded PythonPath "['/modules'] + sys.path" # set the handler to mod_python + publisher so we can call url/python <Files ~ "^cmd$"> SetHandler mod_python </Files> PythonHandler mod_python.publisher PythonDebug On # only permit access to the following files <Files ~ "\.(gif|html|jpg|png)$"> SetHandler default-handler </Files> </Directory> On 10/5/06, marinus van aswegen <mvanaswegen at gmail.com> wrote: > > Hi Graham > > Thanks for the comments, I'm going to try and use the sethandler because I > don't want the .py extensions in the URL. I'll use the default handler to > serve static content i.e. jpegs. > > <Files *.jpg> > > SetHandler default-handler > </Files> > > I think there should be a big fat link on the mod_python front page to > your articles section. > > Regards > > Marinus > > PS the mod_python FAQ was a bit confusing on this topic > http://www.modpython.org/FAQ/faqw.py?req=all#2.17 > > > On 10/5/06, Graham Dumpleton <grahamd at dscpl.com.au> wrote: > > > > marinus van aswegen wrote .. > > > Hi All > > > > > > Let me pull this thread together. I had a working Apache2/mod_python > > setup > > > on Ubuntu. > > > Mod_python was setup so that I could call my python ap url/app/func > > > all worked fine until i moved my app to fedora. i just got the app > > > working again but apache wont serve any other files like images now. > > > will hit the faq when i get home later. > > > > And it is because you are using the SetHandler directive. By using that > > directive, all requests will be intercepted and sent through to > > mod_python. > > > > Read: > > > > http://www.dscpl.com.au/wiki/ModPython/Articles/SetHandlerVersusAddHandler > > > > > > It explains the difference between SetHandler and AddHandler. > > > > You may just want to use: > > > > AddHandler mod_python .py > > > > instead of SetHandler, but generally this means you need to use .py in > > your URLs for Python stuff. > > > > Graham > > > > > <SNIP> > > > > > > > > > LoadModule python_module modules/mod_python.so > > > > > > NameVirtualHost *:80 > > > > > > > > > <VirtualHost *:80> > > > DocumentRoot "/opt/www" > > > ServerName www.test.co.za > > > DirectoryIndex index.html > > > > > > </VirtualHost> > > > > > > > > > # Virtual host Virtual Host 0 > > > <VirtualHost *:443> > > > DocumentRoot "/opt/www" > > > ServerName www.test.co.za > > > > > > DirectoryIndex index.html > > > > > > SSLEngine on > > > SSLCertificateFile /keys/server.crt > > > SSLCertificateKeyFile /keys/server.key > > > > > > </VirtualHost> > > > > > > > > > > > > <VirtualHost *:80> > > > DocumentRoot "/opt/www.telic.co.za" > > > ServerName www.telic.co.za > > > </VirtualHost> > > > > > > > > > <Directory "/"> > > > Options FollowSymLinks > > > AllowOverride None > > > </Directory> > > > > > > <Directory "/opt/www"> > > > # extend the pathon path so our python modules can be loaded > > > PythonPath "['/opt/www'] + sys.path" > > > > > > # set the handler to mod_python + publisher so we can call > > url/python > > > SetHandler mod_python > > > > > > PythonHandler mod_python.publisher > > > > > > PythonDebug On > > > > > > # do not permit access to compiled python code > > > <Files *.pyc> > > > deny from all > > > </Files> > > > > > > > > > </Directory> > > > > > > > > > > > > > > > > > > > > > On 10/3/06, Eric Brunson < brunson at brunson.com> wrote: > > > > > > > > Colin Bean wrote: > > > > > Thanks for the correction, Eric; I've never actually done that and > > > > > assumed incorrectly. Shame on me for recommending something that > > I > > > > > haven't tried! > > > > > > > > No worries, we're all here to learn. :-) > > > > > > > > > > > > > > Marinus, what I should have asked originally was how apache was > > > > > failing with your config files (and what's in the error > > log). What > > > > > does your "limited success" mean? > > > > > > > > > > -Colin > > > > > > > > _______________________________________________ > > > > Mod_python mailing list > > > > Mod_python at modpython.org > > > > http://mailman.modpython.org/mailman/listinfo/mod_python > > > > > > > _______________________________________________ > > > Mod_python mailing list > > > Mod_python at modpython.org > > > http://mailman.modpython.org/mailman/listinfo/mod_python > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20061006/627fc00e/attachment-0001.html
|