0

I am attempting to configure Apache to host multiple django sites via mod_wsgi. The mod_wsgi setup tutorial gives an example configuration for this scenario where each app is in the same directory:

WSGIScriptAliasMatch ^/([^/]+) /usr/local/django/$1/apache/django.wsgi

<DirectoryMatch ^/usr/local/django/([^/]+)/apache>
    Order deny,allow
    Allow from all
</DirectoryMatch>

I'm trying to extend this example to add a password file created for each application to use http authentication. I figured I could do this by setting up a seperate parallel directory for each app and reference the matched directory name in the way that is done in WSGIScriptAliasMatch, like such:

WSGIScriptAliasMatch ^/([^/]+) /usr/local/django/$1/apache/django.wsgi

<DirectoryMatch ^/usr/local/django/([^/]+)/apache>
    AuthType Basic
    AuthUserFile /usr/local/django-auth/$1/users.passwd
    AuthGroupFile /dev/null
    Require valid-user
</DirectoryMatch>

I had assume that '$1' would expand to the parans matched by the regex for the DirectoryMatch, however I can't authenticate and my error log states:

No such file or directory: Could not open password file: /usr/local/django-auth/$1/users.passwd

So it seems like the '$1' isn't being expended to the matched app like I assumed it would. Is there any way to accomplish this? I don't want to have to add a new directive for each site as it pops up.

Mark Roddy
  • 777
  • 2
  • 11
  • 13

2 Answers2

0

AuthUserFile path is static and there is no way it can be expanded based on the URL.

You should perhaps instead look at:

http://code.google.com/p/modwsgi/wiki/AccessControlMechanisms

This would allow you to provide your own authentication provider. This could look at request information in the 'environ' dictionary passed to your check_password() function and based on that validate a user against a specific user database.

Graham Dumpleton
  • 6,090
  • 2
  • 21
  • 19
0

Note that, for DirectoryMatch directive, you cannot use non-named backrefences anyway:

https://httpd.apache.org/docs/2.4/mod/core.html#directorymatch

From 2.4.8 onwards, named groups and backreferences are captured and written to the environment with the corresponding name prefixed with "MATCH_" and in upper case. This allows elements of paths to be referenced from within expressions and modules like mod_rewrite. In order to prevent confusion, numbered (unnamed) backreferences are ignored. Use named groups instead.

<DirectoryMatch "^/var/www/combined/(?<sitename>[^/]+)">
    Require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
</DirectoryMatch>

... and not at all, for 2.2 (as the question's tag is)

https://httpd.apache.org/docs/2.2/mod/core.html#directorymatch

Directive

Description: Enclose directives that apply to file-system directories matching a regular expression and their subdirectories

Syntax:   <DirectoryMatch regex> ... </DirectoryMatch>

Context: server config, virtual host

Status: Core

Module: core

<DirectoryMatch> and </DirectoryMatch> are used to enclose a group of directives which will apply only to the named directory and sub-directories of that directory (and the files within), the same as <Directory>. However, it takes as an argument a regular expression. For example:

would match directories in /www/ that consisted of three numbers.

End-of-line character The end-of-line character ($) cannot be matched with this directive.

See also

<Directory> for a description of how regular expressions are mixed in with normal <Directory>s

How <Directory>, <Location> and <Files> sections work for an explanation of how these different sections are combined when a request is received
Stavros
  • 1
  • 2