WebFaction
Community site: login faq

I have https://dev.[domain].com set up for remote development.

Initially, I set it up to use Apache and put password protection in the httpd.conf file so it would only be accessible to me.

I'm new to Django and soon realized what I needed to do was "python manage.py runserver [port]" so that I wouldn't go insane running ./restart on Apache over and over again: http://docs.webfaction.com/software/django/troubleshooting.html#about-manage-py-runserver

Anyway, now I'm wondering if it's possible to have the same root folder password protection when I'm not longer using Apache.

Any ideas?

Thanks!

asked 26 Jan '11, 18:22

drewerd
2124
accept rate: 100%


I don't believe that the dev server includes any kind of mechanism for password protection.

Instead, you could use a static/cgi/php app at the front of your site and put your password protection in the .htaccess for that app. You can then use mod_rewrite to rewrite requests for the site to whatever port your dev server is listening on.

Hope that helps!

permanent link

answered 26 Jan '11, 18:57

seanf
12.2k41836
accept rate: 37%

I tried this, but can't figure out how I can only have the dev server allow connections through the mod_rewrite requests.

If I just run the "python manage.py runserver" command, it loads up the server:

-

Django version 1.2.4, using settings 'adherence.settings'

Development server is running at http://127.0.0.1:8000/

Quit the server with CONTROL-C.

-

But there is no way to access that outside of the server.

If I create a "Custom app (listening on port)", I have to associate it with a website entry and a URL, which is publicly accessible and defeats the purpose of the .htaccess.

(27 Jan '11, 18:55) drewerd

Create a custom app and run the dev server on the port assigned to that app, but don't assign the app to a site. Instead, assign the static app to the site, and in htaccess rewrite requests over to http://127.0.0.1:NNNNN (where NNNNN is the port assigned to your custom app).

(27 Jan '11, 19:01) seanf

Ah, that makes sense, but what kind of redirect?

RewriteEngine on

RewriteCond %{SERVER_PORT} !^29766$

RewriteRule ^(.*) http://127.0.0.1:29766%{REQUEST_URI}

The above is just reloading the browser to "http://127.0.0.1:29766/", which causes a Not available/"Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error." in Chrome because it's trying to load it from my computer.

Thanks for your help!

(27 Jan '11, 19:12) drewerd
1

You need to include the proxy flag on the rewrite rule, something like:

RewriteRule ^(.*) http:/127.0.0.1:29766/$1 [L,P]
(27 Jan '11, 19:30) seanf

Awesome, it worked!

Thanks for your help!

(27 Jan '11, 19:35) drewerd

Ha, yes I just noticed the mistake... since you commented about it, I'll leave it there for posterity :)

Anyway, glad I could help!

(27 Jan '11, 19:50) seanf

I've experienced some new issues and have been trying to figure it out myself, but I've had no luck so far.

With this rule (which does actually work fine, EXCEPT for the need for two slashes before the 127...):

RewriteRule ^(.*) http://127.0.0.1:29766/$1 [L,P]

At the URL: http://[domain].com/nonexistanturl/ (use non-existant URL so I can see the URL that is being requested with Django's debug 404 page)

Page not found (404)

Request URL: http://[domain].com,%20[domain].com/nonexistanturl/

I can't figure out why it has the domain twice separated by a comma and an escaped space.

(27 Jan '11, 20:20) drewerd

Most likely an issue with Django trying to populate the URL and the .htaccess file also trying to populate the url. A '%20' is a whitespace, " ". We would have to see the exact code being ran, you may submit a support ticket if you would like. The best practice is to not use the devserver for a production environment because of its limitations. You should develop on your computer and deploy finished products, that is what the devserver is technically for.

(27 Jan '11, 20:40) johns

You're right about that last point. I was trying to do something tricky by running dev on a remote server. Unnecessarily complicated. Thanks!

(28 Jan '11, 09:29) drewerd
showing 5 of 9 show 4 more comments

Generally, I believe you're not supposed to use the dev server in a production environment (whether you're using it for development or otherwise) because of the rather large resource consumption. It's usually better to do your development locally and then push only your production-level stuff up to the server.

With that said, if you're going to go this way anyway, it might just be easier to write a snippet of middleware that does the job for you:

# myapp/middleware.py
def process_request(self, request):

    from django.http import Http404

    ok_ips = ("a.b.c.d","e.f.g.h")
    if not request.get("HTTP_X_FORWARDED_FOR") in ok_ips:
        raise Http404
permanent link

answered 29 Jan '11, 00:55

danielquinn
1211310
accept rate: 14%

Would it be easier to use a decorator in your views.py file to restrict access while testing?

def privatize(f): def f2(request, *args, kwargs): if not (hasattr(settings, 'PRIVATE') and settings.PRIVATE) or (request.user.is_authenticated and request.user.is_staff): return f(request, *args, kwargs)
return f2

@privatize def my_view(request): pass

@privatize def my_other_view(request): pass

Then in settings.py, use PRIVATE = True for testing, and PRIVATE = False when you push it live.

That way only your superuser account will be able to access the protected views.

permanent link

answered 29 Jan '11, 11:49

tonyb82
1613
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×909
×113
×45

question asked: 26 Jan '11, 18:22

question was seen: 7,329 times

last updated: 29 Jan '11, 11:49

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM