How to force the use of SSL for some URL of my Django Application?

Question

I want to be sure that for some URL of my website, SSL will be use. I saw a lot of answer already on SO.

https://stackoverflow.com/questions/724968/force-redirect-to-ssl-for-all-pages-apart-from-one

So I think I will use mod_rewrite.

My question is more about how to configure the Virtual Host to run my Django Application over HTTP and over HTTPS without problems. I am using WSGI.

Is it a problem to just duplicate the configuration over *:443 and over *:80 ? How should I do to have the best configuration ?

Thank you.

Rémy

Answer 1

you can use a decorator on your views to make them only avail from ssl.

@secure_required
@login_required
def edit_member(request, slug):
    ...

http://www.redrobotstudios.com/blog/2009/02/18/securing-django-with-ssl/

Answer 2

It is fine to copy over the configuration for *:443, here's how I did it on my server:

<VirtualHost *:80>
        ServerName www.mydomain.tld
        ServerAlias mydomain.tld

        DocumentRoot /path/to/www
        <Directory /path/to/www>
                AllowOverride All
                Order allow,deny
                allow from all
                Options -MultiViews
        </Directory>

</VirtualHost>

<VirtualHost *:443>
        ServerName www.mydomain.tld
        ServerAlias mydomain.tld

        DocumentRoot /path/to/www
        <Directory /path/to/www>
                AllowOverride All
                Order allow,deny
                allow from all
                Options -MultiViews
        </Directory>

        SSLEngine On
        SSLCertificateFile /etc/ssl/private/mydomain.crt

</VirtualHost>

Be sure to activate SSL on the *:443 virtual host (SSLEngine), and have your certificate set-up also (SSLCertificateFile).

You will also need to activate the ssl module for Apache2, type as root:

a2enmod ssl