WebFaction
Community site: login faq

Apache Basic Authentication for mod_wsgi (inc. Django) applications

3
3

I am trying to configure authentication in my mod_wsgi folder. Please assist.

Edit: This post (originally deleted by author) has been re-opened and modified from its original content to exclude customer-specific details.

asked 31 Oct '10, 01:37

glerm
36112
accept rate: 0%

edited 31 Oct '10, 02:54

ryans ♦♦
5.0k103960
4 Answers:
active answersoldest answersnewest answerspopular answers
6

This is accomplished by editing the httpd.conf for the Apache server that runs your mod_wsgi/Django application. First, add the following lines of code near the top of your mod_wsgi/Django application's httpd.conf file:

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_user_module modules/mod_authz_user.so

And then the following lines after the "WSGIScriptAlias" line (at the end of your httpd.conf):

<Location />
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user
</Location>

It is necessary to restart the Apache instance in order for these changes to take effect.

Note: You can protect a sub-path of an application (for example, /members) using:

<Location /members>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/path/to/.htpasswd"
Require valid-user
</Location>

Lastly, the 'htpasswd' command is used to create the .htpasswd file referenced above. More information on .htpasswd files (and other features of Apache Basic Authentication) can be found in the related guide for Static/CGI/PHP applications:

http://docs.webfaction.com/software/static.html#password-protecting-a-directory-with-a-static-cgi-php-app

permanent link

answered 31 Oct '10, 03:01

ryans ♦♦
5.0k103960
accept rate: 43%

edited 31 Oct '10, 03:02

This doesn't work with a mod_wsgi application!

(31 Jan '11, 09:16) khaz

Did you add the required modules to the top of your httpd.conf?

LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authz_user_module modules/mod_authz_user.so

(31 Jan '11, 10:05) tie

That worked to me just fine. For the ones (like me) that just copy-paste this piece of code, just remember at line "AuthUserFile" to subtitute '/path/to' with the path where .htpasswd file is. You should put the relevant path (e.g. AuthUserFile "../.htpasswd").

(02 Feb '12, 15:01) zafm

If using Apache 2.4, change the .htaccess file from:

<Files .*>
  order allow,deny
  deny from all
</Files>

to:

<Files .*>
  Require all denied
</Files>
(01 Apr '14, 12:48) source3

Thanks source3 - I needed to update the .htaccess directives to make it work.

(13 Mar '15, 12:23) mike
4

I have found that if you are using Django & mod_wsgi, you need to add the following configuration directive to your httpd.conf file:

WSGIPassAuthorization On

(see this old forum topic)

permanent link

answered 24 Feb '11, 09:51

redseam
4125
accept rate: 0%

edited 24 Feb '11, 09:53

Thanks - this fixed Tasty-Pie access problems for me.

(02 Apr '13, 22:34) kpd

This "WSGIPassAuthorization On" alone is enough to enable basic authentication for web2py. I guess it also applies to all web framework behind mod_wsgi.

(24 Jun '13, 00:37) iceberg

Made an account just to say that THIS IS THE CORRECT ANSWER and saved me 5 hours of debugging. Thanks!

(24 Oct '15, 07:14) caroso1222
3

You can also achieve this easily within django and login a django user. See this sample views.py:

import base64
from django.contrib.auth import authenticate
from django.http import HttpResponse
from django.shortcuts import render_to_response

def basic_auth(request):    
    if request.META.get('HTTP_AUTHORIZATION', 'whatever')[:5] == 'Basic':    
        auth = base64.b64decode(request.META.get('HTTP_AUTHORIZATION', 'none')[6:]).split(":")    
        if authenticate(username=auth[0], password=auth[1]) is not None:    
            return render_to_response('template.html', {})    
    response = HttpResponse()    
    response.status_code = 401    
    response['WWW-Authenticate'] = 'Basic realm="Basic Auth"'    
    return response
permanent link

answered 01 Nov '10, 12:19

lamusoftware
1971817
accept rate: 16%

edited 02 Nov '10, 07:21

Note to self - requires WSGIPassAuthorization On directive in .htaccess

(22 Nov '10, 06:57) lamusoftware
0

thanks - I too needed to

<Files .*> Require all denied </Files>

permanent link

answered 13 Mar '15, 12:22

mike
737
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×910
×57
×31
×25

question asked: 31 Oct '10, 01:37

question was seen: 20,996 times

last updated: 24 Oct '15, 07:14

Related questions

Connection refused on Django app

Please share the httpd.conf of a working Django app using virtualenv.

Installing apache modules with axps

InterfaceError: connection already closed

New django app fails with "Premature end of script headers: wsgi.py"

What are the steps to convert a Django application from Apache/mod_wsgi to Gunicorn?

authentication - Internal Server Error

REMOTE_ADDR header in django behind mod_wsgi apache

Another one question about memory consumption and Django

Django app keeps shutting down

                              
WEBFACTION
Home
REACH US
Email
SUPPORT
Control panel
Documentation
Q&A community site
Status blog
Support tickets
LEGAL
Terms of service
Acceptable use policy
Privacy policy
List of Data Subprocessors
Cookie Policy
Data Protection Addendum
Migration FAQ
© COPYRIGHT 2003-2021 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM