There are two issues, the first is that with Apache 2.4 you must use: Require wsgi-group authorized
The second is that WSGIAuthGroupScript is broken in Apache 2.4 anyway as Apache 2.4 changed the requirements imposed on auth provider modules as to how they need to work. This change in Apache 2.4, without mod_wsgi being changed to accommodate it, can cause a user to be allowed in even if they are not in the authorised group. There would be lots of strange errors messages in the Apache error log at the same time indicating of a problem, but if you didn't actually pay attention to the error log you might not be the wiser. The issue has already been fixed for mod_wsgi 4.3.0. Try using: https://github.com/GrahamDumpleton/mod_wsgi/archive/feature/4.3.0.tar.gz If you are on an older packaged binary version of mod_wsgi provided by a Linux distribution, there isn't much I can do for you very quickly as they in general will not patch old versions they bundle. The exception to that rule for Linux distributions is where the issue is a security vulnerability and you are using an LTS distribution. Even then, my experience is that they can take a few months to actually do it, which sort of makes the whole process of using binary packages from LTS Linux distributions in order to ensure they get security patches promptly rather pointless. Because though the issue can constitute being a security vulnerability, if not noticed that things are not working as intended from the error messages, I was moving towards creating a mod_wsgi 3.6 back port of the fix and going through the process of a CERT advisory to force them to patch old versions included with LTS distributions. The intent was to do that this week after I had gotten back from an overseas trip, but I was sick as dog after coming back. The recent issue about the problem is: https://github.com/GrahamDumpleton/mod_wsgi/issues/25 The patch if you want to apply it back on an older mod_wsgi version yourself can be found in: https://github.com/GrahamDumpleton/mod_wsgi/commit/dbc6471fb74c8a35bc5f188b0e802d844d7122bd Graham On 13/09/2014, at 3:26 AM, [email protected] wrote: > Below is an except from an Apache configuration that works fine with Apache > 2.2.x: > > <Directory /*> > AuthType Basic > AuthName "My Authentication" > AuthBasicProvider wsgi > WSGIAuthUserScript /etc/apache2/access.wsgi > Require valid-user > WSGIAuthGroupScript /etc/apache2/access.wsgi > Require group authorized > </Directory> > > With Apache 2.4.7 on Ubuntu 14.04, the Apache configtest fails with the > following report: > > Unknown Authz provider: group > > Loaded Modules: > core_module (static) > so_module (static) > watchdog_module (static) > http_module (static) > log_config_module (static) > logio_module (static) > version_module (static) > unixd_module (static) > access_compat_module (shared) > alias_module (shared) > auth_basic_module (shared) > authn_core_module (shared) > authn_file_module (shared) > authz_core_module (shared) > authz_host_module (shared) > authz_svn_module (shared) > authz_user_module (shared) > autoindex_module (shared) > cgid_module (shared) > dav_module (shared) > dav_svn_module (shared) > deflate_module (shared) > dir_module (shared) > env_module (shared) > filter_module (shared) > mime_module (shared) > mpm_event_module (shared) > negotiation_module (shared) > setenvif_module (shared) > socache_shmcb_module (shared) > ssl_module (shared) > status_module (shared) > wsgi_module (shared) > > Can you help? > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/modwsgi. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
