On Mar 20, 6:18 am, "[email protected]" <[email protected]> wrote:
> Hi Edi,
>
>> <Directory "/proj/tiddlyweb/apache">
>> # Options Indexes FollowSymlinks MultiViews
>> # AllowOverride None
>> Order allow,deny
>> Allow from all
>> </Directory>
>
> Once you get these other issues solved you might try removing the
> <Directory> section from your config. I don't think it should be
> necessary; I don't use one from tiddlyweb.peermore.com, which is
> mod_wsgi under apache2.
When using mod_wsgi Apache has to be told it is okay to allow access
to the WSGI script file. That is, it has the same sort of security
requirements as CGI scripts and being able to use them. This isn't
mod_python, which totally ignores the Apache security model for what
can be accessed.
Thus, it would be required. The only time it might not is where one
incorrectly exposed the whole file system, which you shouldn't do
anyway, or you stuck the WSGI script file under document root which
was already exposed. The latter is okay, but only if it is just the
WSGI script file which is there. One should not put your whole
application code under document root or any other exposed directory as
then risk your source code being able to be downloaded. This is why it
is recommended that if putting WSGI script file with your application
code, that you create a special 'apache' subdirectory where the WSGI
script file is the only thing in it and only configure Apache to allow
access to that 'apache' subdirectory.
Graham
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"TiddlyWiki" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/TiddlyWiki?hl=en
-~----------~----~----~----~------~----~------~--~---
