[mod_python] AddHandler / SetHandler (black magic)

Graham Dumpleton grahamd at dscpl.com.au
Fri Oct 6 06:53:12 EDT 2006


On 06/10/2006, at 5:01 PM, marinus van aswegen wrote:

> Hi All
>
> I think i've just entered the real of apache config black magic.  
> Just a quick report back.
>
> The to provide the necessary context, I would like to call my app  
> http://url/app/function
> other resources like html files and images are in the same  
> directory. A call to the url should redirect to app/index
>
> 1. I tried using the AddHandler but this forced me to add the .py  
> extension

Use of AddHandler does not imply that .py must be used. This is  
explained
in my article. You do need to do more black magic Apache configuration
though to get it to work. I have made a slight change to the article  
to mention
AddHandler explicitly in the section which deals with resource  
extensions.

> 2. I tried using the SetHandler to force all calls to the directory  
> to mod_python, this meant that other non python files could not be  
> served.
> 3. I then tried Grahams suggestion of excluding certain file types  
> and forcing them to the default handler. This worked  however I  
> ended up with a situation where the I could not invoke my app or  
> serve the index.html file if the user requested the directory. For  
> some strange reason the DirectoryIndex directive was being ignored.  
> I assume this has something to do with the Publish and sethandler  
> mix. Another bad side effect was that the user would be able to  
> request the app.py directly and get the code (no no!)

That DirectoryIndex only comes into play when AddHandler is used and  
that
it is the responsibility of the handler to handle the request against  
the directory
when SetHandler was used was mentioned in my article. I have made a  
slight
change to the article now to make that more explicit that  
DirectoryIndex doesn't
apply when SetHandler is used.

> 4. Time for some black magic, I used the file directive to black  
> all calls to pyc and py files (this is not a good security  
> practise, It's much better to deny and explicitly permit than the  
> other way around) I then set the handler depending on the content 
> (see below).
>
> I read the config from my ubuntu box where with an AddHandler I was  
> able to get Apache to behave like I wanted to and I found that I  
> had to directory blocks one in the Vhost config and one in the main  
> config file, I suspect there was some strange command interpolation  
> going on there.  There must be a cleaner way of doing this?
>
> <VirtualHost *:443>
>      DocumentRoot "/opt/www"
>      ServerName www.test.co.za
>
>      SSLEngine on
>      SSLCertificateFile /opt/keys/server.crt
>      SSLCertificateKeyFile /opt/keys/server.key
> </VirtualHost>
>
> <Directory "/opt/www>
>
>     # extend the pathon path so our python modules can be loaded
>     PythonPath "['/modules'] + sys.path"
>
>     # set the handler to mod_python + publisher so we can call url/ 
> python
>     <Files ~ "^cmd$">
>         SetHandler mod_python
>     </Files>
>
>     PythonHandler mod_python.publisher
>     PythonDebug On
>
>     # only permit access to the following files
>     <Files ~ "\.(gif|html|jpg|png)$">
>         SetHandler default-handler
>     </Files>
>
> </Directory>

Try:

<Directory "/opt/www>

     # extend the pathon path so our python modules can be loaded
     PythonPath "['/modules'] + sys.path"

     AddHandler mod_python .py
     PythonHandler mod_python.publisher

     <Files *.pyc>
     deny from all
     </Files>

     PythonDebug On

     Options MultiViews
     MultiviewsMatch Handlers

     AddType text/html;qs=1.0 .py
     AddType text/html;qs=0.9 .html
     AddType text/plain;qs=0.8 .txt

     DirectoryIndex index.py

</Directory>

With this, requests against directory should get redirected to index.py
internally. You should also be able to access publisher code without
having to specific a .py extension. Ie., '/index' should work.

For anyone who missed the reference to the article originally, the URL
is:

   http://www.dscpl.com.au/wiki/ModPython/Articles/ 
SetHandlerVersusAddHandler

Graham

> On 10/5/06, marinus van aswegen <mvanaswegen at gmail.com> wrote: Hi  
> Graham
>
> Thanks for the comments, I'm going to try and use the sethandler  
> because I don't want the .py extensions in the URL. I'll use the  
> default handler to serve static content i.e. jpegs.
>
>
>
> SetHandler default-handler
> I think there should be a big fat link on the mod_python front page  
> to your articles section.
>
> Regards
>
> Marinus
>
> PS the mod_python FAQ was a bit confusing on this topic http:// 
> www.modpython.org/FAQ/faqw.py?req=all#2.17
>
>
>
> On 10/5/06, Graham Dumpleton <grahamd at dscpl.com.au > wrote: marinus  
> van aswegen wrote ..
> > Hi All
> >
> > Let me pull this thread together. I had a working Apache2/ 
> mod_python setup
> > on Ubuntu.
> > Mod_python was setup so that I could call my python ap url/app/func
> > all worked fine until i moved my app to fedora. i just got the app
> > working again but apache wont serve any other files like images now.
> > will hit the faq when i get home later.
>
> And it is because you are using the SetHandler directive. By using  
> that
> directive, all requests will be intercepted and sent through to  
> mod_python.
>
> Read:
>
>    http://www.dscpl.com.au/wiki/ModPython/Articles/ 
> SetHandlerVersusAddHandler
>
> It explains the difference between SetHandler and AddHandler.
>
> You may just want to use:
>
>   AddHandler mod_python .py
>
> instead of SetHandler, but generally this means you need to use .py in
> your URLs for Python stuff.
>
> Graham
>
> > <SNIP>
> >
> >
> > LoadModule python_module modules/mod_python.so
> >
> > NameVirtualHost *:80
> >
> >
> > <VirtualHost *:80>
> >     DocumentRoot "/opt/www"
> >     ServerName www.test.co.za
> >     DirectoryIndex index.html
> >
> > </VirtualHost>
> >
> >
> > # Virtual host Virtual Host 0
> > <VirtualHost *:443>
> >      DocumentRoot "/opt/www"
> >      ServerName www.test.co.za
> >
> >     DirectoryIndex index.html
> >
> >      SSLEngine on
> >      SSLCertificateFile /keys/server.crt
> >      SSLCertificateKeyFile /keys/server.key
> >
> > </VirtualHost>
> >
> >
> >
> > <VirtualHost *:80>
> >     DocumentRoot "/opt/www.telic.co.za"
> >     ServerName www.telic.co.za
> > </VirtualHost>
> >
> >
> > <Directory "/">
> >         Options FollowSymLinks
> >         AllowOverride None
> > </Directory>
> >
> > <Directory "/opt/www">
> >      # extend the pathon path so our python modules can be loaded
> >     PythonPath "['/opt/www'] + sys.path"
> >
> >     # set the handler to mod_python + publisher so we can call  
> url/python
> >     SetHandler mod_python
> >
> >     PythonHandler mod_python.publisher
> >
> >     PythonDebug On
> >
> >     # do not permit access to compiled python code
> >         <Files *.pyc>
> >             deny from all
> >         </Files>
> >
> >
> > </Directory>
> >
> >
> >
> >
> >
> >
> > On 10/3/06, Eric Brunson < brunson at brunson.com> wrote:
> > >
> > > Colin Bean wrote:
> > > > Thanks for the correction, Eric; I've never actually done  
> that and
> > > > assumed incorrectly.  Shame on me for recommending something  
> that I
> > > > haven't tried!
> > >
> > > No worries, we're all here to learn.  :-)
> > >
> > > >
> > > > Marinus, what I should have asked originally was how apache was
> > > > failing with your config files (and what's in the error  
> log).  What
> > > > does your "limited success" mean?
> > > >
> > > > -Colin
> > >
> > > _______________________________________________
> > > Mod_python mailing list
> > > Mod_python at modpython.org
> > > http://mailman.modpython.org/mailman/listinfo/mod_python
> > >
> > _______________________________________________
> > Mod_python mailing list
> > Mod_python at modpython.org
> > http://mailman.modpython.org/mailman/listinfo/mod_python
>
>
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python


More information about the Mod_python mailing list