Thank you Graham for that, and for all your great work on mod_wsgi in general. I don't how I missed --include-file which is exactly what I was hoping for. Cheers
On Tuesday, January 30, 2018 at 1:43:08 AM UTC, Graham Dumpleton wrote: > > > > > On 30 Jan 2018, at 2:55 am, Philip White <[email protected] > <javascript:>> wrote: > > > > We're using mod_wsgi-express to run a Flask app under Apache, hosted in > a Docker container (on an EC2 instance in AWS). > > All is well, but a corporate security scan is throwing up a few > suggested security lockdowns, namely disabling TRACE support and > universally adding a couple of HTTP headers (X-Content-Type-Options and > Strict-Transport-Security). From what I see that seems to mean adding and > configuring a couple of Apache modules: rewrite_module (for the TRACE) and > headers_module. > > > > Is there any way to do this via mod_wsgi-express so it can still be > launched from a single command line? I've looked for a command line option > that does something like importing a user configuration block, but don't > see it. > > Or is the only option to use --setup-only to generate the httpd.conf > then script something to dynamically add the required configuration? > > You want either the --include-file option or --rewrite-rules options. > > --include-file FILE-PATH > Specify the path to an additional web server > configuration file to be included at the end of > the > generated web server configuration file. > --rewrite-rules FILE-PATH > Specify an alternate server configuration file > which > contains rewrite rules. Defaults to using the > 'rewrite.conf' stored under the server root > directory. > > Because rewrite rules are sensitive to where they are placed, the > --rewrite-rules option should be used if they need to be within the > Directory block corresponding to the document directory which is first > mapped when doing URL resolution. > > If you don't know if the Apache module you need is already loaded, use the > following form: > > <IfModule !version_module> > LoadModule version_module '${MOD_WSGI_MODULES_DIRECTORY}/mod_version.so' > </IfModule> > > MOD_WSGI_MODULES_DIRECTORY will be set as environment variable to correct > directory where Apache modules are installed. > > For strict transport security also see: > > --hsts-policy PARAMS Specify the HSTS policy that should be applied > when > HTTPS only connections are being enforced. > > Graham > > > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/modwsgi. For more options, visit https://groups.google.com/d/optout.
