Django on Apache Wtih Mod_Wsgi (Linux) - 403 Forbidden

Django on apache wtih mod_wsgi (Linux) - 403 Forbidden

If this is exactly your config file then i doubt the path that you're using is wrong. Please fix that first.

Set WSGIScriptAlias this to correct path.

Then your WSGI file must look something like:

import os
import sys

os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

Apache mod_wsgi throwing error 403 Forbidden when deploying a Django project

Sorry, that I posted this a bit late. This was the final fix to my apache config that ultimately worked.

WSGIScriptAlias /basic /var/www/django/basic/basic/wsgi.py
WSGIPythonPath /var/www/django/basic/

<Directory /var/www/django/basic/basic>
    Options FollowSymLinks
    <Files wsgi.py>
        Order allow,deny
        Allow from all
    </Files>
</Directory>

Alias /static /var/www/django/basic/basic/static

And this is the final version of my wsgi.py file in python. The key line of code here was the PYTHON_EGG_CACHE. That variable was by default set to a directory that did not exist. I set it to /tmp/.python-eggs Make sure that .python-eggs has correct permissions for the apache user to read/write to it wherever you may place this file.

"""
WSGI config for basic project.

It exposes the WSGI callable as a module-level variable named ``application``.

For more information on this file, see
https://docs.djangoproject.com/en/1.6/howto/deployment/wsgi/
"""

import os
import sys

path = "/usr/local/django/basic/basic/apache"
    if path not in sys.path:
        sys.path.append(path)

os.environ['PYTHON_EGG_CACHE'] = '/tmp/.python-eggs'
os.environ.setdefault("DJANGO_SETTINGS_MODULE", "basic.settings")

#print os.getenv("DJANGO_SETTINGS_MODULE")
#print os.getenv("PYTHON_EGG_CACHE")
from django.core.wsgi import get_wsgi_application
application = get_wsgi_application()

Side note:

• A friendly reminder to make sure that every file in your django application is readable, (and writeable if needed) by the apache user. Git once overwrote a file to an old permission I had set up once and it took me a little time to figure out the permissions had changed without realizing it.

What is causing the '403 Forbidden error' in my Apache2 server? And how can I fix it? The available fixes on the web are not working for me

I've found a solution, for now at least. I ran a sudo chmod 777 on my home folder so that literally every single file is accessible. I heard that this solution was not recommendable, but for now it will do.

I still don't know why other solutions that were posted didn't work for me, because it was of my understanding that every file that was needed to fun the server was inside the django_project folder.

I will be looking into it a bit more though, because I don't know how secure it is to have everysingle file with permisions.

403 error on Apache Server with Django application

SELinux has its own system of granting access. Your process ever has to be granted to access files on filesystem depending on SELinux context. There are some default politics and contexts defined in SELinux those are usefull for default cases of your installation. Just web files are expected to be in '/var/www'. You can mostly check the current context of files or processes using switch '-Z', see

[root@localhost]#  ls -Z /var
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 www

Check the context of /srv/mysite

[root@localhost]#  ls -Z /srv
drwxr-xr-x. root root system_u:object_r:var_t:s0       mysite

The Apache HTTPD server is allowed to access files with SELinux type httpd_sys_content_t byt it is NOT allowed to access files with SELinux type var_t.

1. Change the SELinux type for your directory and check the context

[root@localhost]#  chcon -R -t  httpd_sys_content_t /srv/mysite
[root@localhost]#  ls -Z /srv
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mysite

Check if your webiste is working right now.

Till now it is not finished yet, while you relabel filesystem to default or if you use a daemon to check or relabel itself, you risk to lose your new labeling.

2. Make the default labaling for your directory

Create the default labeling by 'semange' and apply it on your directory by 'restorecon'

[root@localhost]#  semanage fcontext -a -t httpd_sys_content_t /srv/mysite
[root@localhost]#  restorecon -v -R /srv/mysite
[root@localhost]#  ls -Z /srv
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 mysite

Right now your SELinux labeling is fixed.

Note: It is possible regular expressions to define default context.

Debian: I'm not a Debian user, so the SELinux type can be a bit different, the principle is just the same, check the SELinux type of your apache directory and set it on your directory you want to be accessible from apache.

---

Read more at RedHat:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html

Fedora SELinux documentation:
http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/

Apache mod_wsgi error: Forbidden You don't have permission to access / on this server

The second directory block doesn't match where you have your WSGI script file installed. It is very bad practice though to stick the WSGI script file in a location where source code or other sensitive files exist, ie., same directory or sub directory. Instead you should stick it in a sub directory of its own. Thus:

WSGIScriptAlias / /home/wong2/Code/python/django2/atest/apache/setting.wsgi
<Directory "/home/wong2/Code/python/django2/atest/apache">
    Order allow,deny
    Allow from all
</Directory>

So, create 'apache' subdirectory under 'atest'. Move 'setting.wsgi' into that 'apache' subdirectory and change config to above.

Your problem also may be caused by restrictive permisions on your home directory as Apache cannot see inside.

Go watch:

http://code.google.com/p/modwsgi/wiki/WhereToGetHelp?tm=6#Conference_Presentations

as it explains these permissions problems as well as issues like where to stick your code and the WSGI script file.

Also read:

http://code.google.com/p/modwsgi/wiki/IntegrationWithDjango

Django Deployment: Error 403 Forbidden You don't have permission to access / on this server

Based on Maarten's comment, I have found the answer for this problem.

1. I need to change the access permissions of apache to read and execute the django project folder by using chmod. However, this later shows another problem below.

/etc/httpd/logs/error_log

failed to map segment from shared object permission denied mysql.

2. Then I found out the error shows that Python (in the virtual environment) is unable to execute the packages (mysqlclient). Hence, the solution can be found here, which to change the security context of “httpd_sys_script_exec_t” which allows Apache to execute.

I hope this helps anyone who encounters this problem. And if there are any bad practices or mistakes that I have made, please do leave a comment.

Thank you and have a nice day.

Apache 2.4 with mod_wsgi: 403 Forbidden, don't have permission to access /calbase on this server

The section:

<Directory /EquipmentCalibration/equipcale>
<Files wsgi.py>
Require all granted
</Files>
</Directory>

has a directory name which does match what is used in the WSGIScriptAlias directive. One uses equipcal and the other equipcale. They need to match in that segment name.

---

Related Topics