On Jan 25, 4:15 am, Andrea Tomasini <[email protected]> wrote:
> On 24 Jan, 2009, at 15:36 , Graham Dumpleton wrote:
>
> Hi Graham :-)
>
> > I should have spotted it earlier. The following is wrong:
>
> > <Directory /var/www/project/trac/>
>
> > It should be:
>
> > <Directory /var/www/project/>
>
> > Because it was wrong you weren't even running in daemon mode but still
> > in embedded mode.
>
> Well this was it, now it works, also the locale settings ;-)
>
> > BTW, the mod_wsgi documentation says to put the WSGI script file in a
> > special subdirectory of its own, not in the parent directory to the
> > Trac instance. A subdirectory is used so that you are not telling
> > Apache that it could technically serve up files from your Trac
> > instance. A misconfiguration of your server could at the moment
> > technically allow people to download your Trac instance data because
> > of security on the file system being too loose.
>
> Fixed also this... thanks ;-)
Except that since you have Trac instance under /var/www/ then still
potentially exposed.
You shouldn't put the Trac instance anywhere under Apache document
root. It was only that you wrongly had it there in the first place
that the WSGI script was even half working. If it was elsewhere and
that path to Directory directive was wrong, you would have got
forbidden access as WSGI script file hadn't been marked as being
usable by Apache.
Graham
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Trac
Users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/trac-users?hl=en
-~----------~----~----~----~------~----~------~--~---
