You appear to have the correct modules loaded. They being: authz_core_module authz_host_module
The thing with access controls is that they are processed sequentially, so if one matches as true before gets to WSGIScriptAlias, that will take priority. So if you already have another directive earlier which matches, you will always be allowed in. For example any of the Require directives which pertain to the access phase. You also have: access_compat_module so you have to watch out for Allow directives as well. So I would check through your config file look for any other directives which allow by host in some way. Graham > On 26 Oct 2019, at 11:56 am, Jared Greenwald <[email protected]> wrote: > > was that the right info? > > On Wednesday, October 23, 2019 at 7:37:48 AM UTC-4, Jared Greenwald wrote: > It's a pretty stock install. I haven't really enabled/disabled anything > other than installing mod_wsgi and getting the main python stack setup. From > httpd -M... > > Loaded Modules: > core_module (static) > so_module (static) > http_module (static) > access_compat_module (shared) > actions_module (shared) > alias_module (shared) > allowmethods_module (shared) > auth_basic_module (shared) > auth_digest_module (shared) > authn_anon_module (shared) > authn_core_module (shared) > authn_dbd_module (shared) > authn_dbm_module (shared) > authn_file_module (shared) > authn_socache_module (shared) > authz_core_module (shared) > authz_dbd_module (shared) > authz_dbm_module (shared) > authz_groupfile_module (shared) > authz_host_module (shared) > authz_owner_module (shared) > authz_user_module (shared) > autoindex_module (shared) > cache_module (shared) > cache_disk_module (shared) > data_module (shared) > dbd_module (shared) > deflate_module (shared) > dir_module (shared) > dumpio_module (shared) > echo_module (shared) > env_module (shared) > expires_module (shared) > ext_filter_module (shared) > filter_module (shared) > headers_module (shared) > include_module (shared) > info_module (shared) > log_config_module (shared) > logio_module (shared) > mime_magic_module (shared) > mime_module (shared) > negotiation_module (shared) > remoteip_module (shared) > reqtimeout_module (shared) > rewrite_module (shared) > setenvif_module (shared) > slotmem_plain_module (shared) > slotmem_shm_module (shared) > socache_dbm_module (shared) > socache_memcache_module (shared) > socache_shmcb_module (shared) > status_module (shared) > substitute_module (shared) > suexec_module (shared) > unique_id_module (shared) > unixd_module (shared) > userdir_module (shared) > version_module (shared) > vhost_alias_module (shared) > dav_module (shared) > dav_fs_module (shared) > dav_lock_module (shared) > lua_module (shared) > mpm_event_module (shared) > proxy_module (shared) > lbmethod_bybusyness_module (shared) > lbmethod_byrequests_module (shared) > lbmethod_bytraffic_module (shared) > lbmethod_heartbeat_module (shared) > proxy_ajp_module (shared) > proxy_balancer_module (shared) > proxy_connect_module (shared) > proxy_express_module (shared) > proxy_fcgi_module (shared) > proxy_fdpass_module (shared) > proxy_ftp_module (shared) > proxy_http_module (shared) > proxy_scgi_module (shared) > proxy_wstunnel_module (shared) > systemd_module (shared) > cgid_module (shared) > wsgi_module (shared) > > On Tuesday, October 22, 2019 at 10:32:42 PM UTC-4, Graham Dumpleton wrote: > What mod_auth?? modules have you enabled in Apache? > >> On 23 Oct 2019, at 1:28 pm, Jared Greenwald <[email protected] <>> wrote: >> >> As I mentioned in a previous post, I'm attempting to convert an application >> from mod_python to mod_wsgi. One thing I need to replace is authenticated >> downloads via apache. Basically GET requests with headers set that can be >> picked out by python code and used to check against a database or other >> means. The checking code already exists, but it's just the apache->python >> plumbing that's needed. It seems like WSGIAccessScript would be the >> directive to use for this, but I'm not getting any of the results I expect. >> I have essentially the following in my apache config... >> >> Options Indexes FollowSymLinks >> Alias /my/download/path /my/local/download/dir >> <Directory /my/local/download/dir> >> WSGIAccessScript /my/script/dir/somescript.py >> </Directory> >> >> SetEnv CONFIG_FILE myconfigfile.conf >> WSGIDaemonProcess my-process processes=2 threads=15 display-name=%{GROUP} >> python-path='/my/script/dir/' processes=1 threads=5 >> WSGIProcessGroup my-process-group >> WSGIScriptAliasMatch ^/(apiurl1|apiurl2$) /my/script/dir/somescript.py >> <Directory /my/script/dir> >> Require all granted >> </Directory> >> >> The APIs served by the WSGIScriptAlias script directive seem to work just >> fine. I stubbed out the allow_access function to just return false to test >> out that it was working (to deny all) but when I attempt to download >> http://myserver.com/my/download/path/myfile >> <http://myserver.com/my/download/path/myfile>, I get the file just fine >> without an error. I'm not even sure if the allow_access call is being made >> or not. Am I missing something? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "modwsgi" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/modwsgi/5d2c62d8-775f-41a0-99cf-a2ec0658dac5%40googlegroups.com >> >> <https://groups.google.com/d/msgid/modwsgi/5d2c62d8-775f-41a0-99cf-a2ec0658dac5%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/modwsgi/971d99c2-52f4-443d-8130-872045c645c3%40googlegroups.com > > <https://groups.google.com/d/msgid/modwsgi/971d99c2-52f4-443d-8130-872045c645c3%40googlegroups.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/modwsgi/31C84B43-176B-45AB-8DBF-42ED11A21213%40gmail.com.
