Can you really deploy a Django application on Apache + mod_wsgi (the standard way) however with HTTP authentication while watching whole factor?
Essentially, I want an additional layer of HTTP security before any user, Django-authenticated or anonymous, is even in a position to achieve the application.
Is possible? If that's the case, where perform the Apache
auth directives go?
Yes, it is possible.
With mod_wsgi on
/, any assets to become supplied by apache have to be listed as aliases.
Auth directives and host limitations reside in
So I have disabled any apache access limitations on such things as css, and provided host/ip based use of another directory.
<VirtualHost *:80> Servername app.domain.example CustomLog logs/access_log combined ErrorLog logs/error_log DocumentRoot "/home/app/apache/app/html" Alias /media/ /home/app/apache/app/html/media/ <Location /> Options None AuthType Basic AuthName "Login Prompt" AuthUserFile /path/to/passwd.file Require valid-user </Location> <Location /media> Order allow,deny Allow from all Satisfy any </Location> WSGIDaemonProcess app user=app group=app processes=5 threads=1 display-name=app_WSGI WSGIProcessGroup app WSGIScriptAlias / /home/app/apache/app.wsgi </VirtualHost>
Sure, here's example in one site:
<VirtualHost *:80> ServerName djangoproject.domain.biz DocumentRoot "/home/user/websites/djangoproject/website/" WSGIDaemonProcess djangoproject python-path=/home/user/.virtualenvs/djangoproject/lib/python2 .6/site-packages/ user=user group=user threads=1 WSGIProcessGroup djangoproject WSGIScriptAlias / /home/user/websites/djangoproject/website/django.wsgi <Directory "/home/user/websites/djangoproject/website/"> Order deny,allow Allow from all AuthType Basic AuthName "By Invitation Only" AuthUserFile /etc/apache2/passwords Require valid-user </Directory> </VirtualHost>