4

I'm getting a 403 error with my django project.

The only line I get in my error log is :

AH01630: client denied by server configuration: /srv/http/www/src/myproject/preprod_wsgi.py

The permissions for this file are :

-rwxr-xr-x 1 root root  552 Jul 30 04:24 preprod_wsgi.py

And the apache (VERSION : 2.4) conf file contains (amongst other things) :

LoadModule wsgi_module modules/mod_wsgi.so

<IfModule unixd_module>
    User http
    Group http
</IfModule>

<Directory />
    AllowOverride none
    Require all denied
</Directory>

#
# Others
#

Alias /robots.txt /srv/http/www/htdocs/static/robots.txt
Alias /favicon.ico /srv/http/www/htdocs/static/favicon.ico


Alias /media/ /srv/http/www/htdocs/media/
Alias /static/ /srv/http/www/htdocs/static/


<Directory "/srv/http/www/htdocs/static">
           Require all granted
</Directory>

<Directory "/srv/http/www/htdocs/media">
           Require all granted
</Directory>

<Files "/srv/http/www/src/myproject/preprod_wsgi.py">
       Require all granted
</Files>

#
# WSGI
#

WSGIDaemonProcess myproject python-path=/srv/http/www/src
WSGIScriptAlias / /srv/http/www/src/myproject/preprod_wsgi.py
WSGIPythonPath /srv/http/www/src

DocumentRoot "/srv/http/www/htdocs"
<Directory "/srv/http/www/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

ErrorLog "/srv/http/www/logs/error_log"
CustomLog "/srv/http/www/logs/access_log" common

LogLevel warn

Here is also the content of my preprod_wsgi.py file :

"""
WSGI config for soisbault project.

It exposes the WSGI callable as a module-level variable named ``application``.

For more information on this file, see
https://docs.djangoproject.com/en/1.8/howto/deployment/wsgi/
"""

import os, sys

from django.core.wsgi import get_wsgi_application

os.environ.setdefault("DJANGO_SETTINGS_MODULE", "myproject.preprod_settings")

application = get_wsgi_application()

ALLOWED_HOSTS is also set in my preprod_settings.py.

I tried to add access to this file with <Files> directive, and did a chmod 755 on it. But I can't figure out what I could do more.

How could I fix this? Feel free to ask more details if necessary.

Thank you in advance.

vmonteco
  • 14,136
  • 15
  • 55
  • 86
  • Why is the file (and presumably the rest of the project) owned by root? – Daniel Roseman Jul 31 '15 at 08:29
  • Please have a look at [the official documentation](https://docs.djangoproject.com/en/dev/howto/deployment/wsgi/modwsgi/). – Mischback Jul 31 '15 at 08:30
  • @DanielRoseman Good question. the whole project is in a docker container, I guess that the project's ownership was set at its copy during container building. But I runned a `chown -Rv http` and restarted the service and I still get this error. – vmonteco Jul 31 '15 at 08:33
  • @DanielRoseman (Anyway, with 755 permission, shouldn't httpd be able to execute the wsgi.py script even if it's owned by root?) – vmonteco Jul 31 '15 at 08:42
  • Are you sure that you have `ALLOWED_HOSTS = ['yourhost.com']` set in your django settings file, that will throw a 403 otherwise if debug is turned off. – olofom Jul 31 '15 at 09:03
  • @Mischback I already did and I didn't find what I could have forgot, do you think about something in particular? – vmonteco Jul 31 '15 at 09:29
  • @olofom It could have been it, indeed, but in my case ALLOWED_HOSTS is set, I'll update my post. – vmonteco Jul 31 '15 at 09:29

1 Answers1

13

It seems it was the <File> directive in apache that can't be used outside of a <Directory> directive.

<Files "/srv/http/www/src/myproject/preprod_wsgi.py">
       Require all granted
</Files>

I changed this to

<Directory "/srv/http/www/src/myproject">
       <Files "preprod_wsgi.py">
              Require all granted
       </Files>
</Directory>

And it worked. :)

vmonteco
  • 14,136
  • 15
  • 55
  • 86