Django + mod_wsgi + Apache = 403 Forbidden

Question

I'm getting this error on Debian all the time. No matter where I put my code.

I've already gone through all other questions on here and have't found anything useful in my case.

Here is the default site config:

WSGIScriptAlias / /home/user/Code/mysite/core/
WSGIPythonPath /home/user/Code/mysite/core/

<VirtualHost *:80>
        ServerAdmin user@site.com
        ServerName http://example.org
        Options -Indexes
        DocumentRoot /var/www/


        <Directory />
#               Options FollowSymLinks
                AllowOverride None
                Allow from all
        </Directory>


<Directory /home/user/Code/site/core/>
<Files wsgi.py>
Require all granted
</Files>
</Directory>

<Directory /var/www>
                Options FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
</Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.:
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Yeah, I know it's not a good practice to put the site in home folder, but it is really great for updating later. Also I've tried everything permission-wise. For now my home dir could be access and mutilated by a complete outsider, still to no avail. I'm losing patience here, as I've already lost the whole day trying to deploy this thing.

Several last lines in Apache log:

[ 2014-07-29 12:22:13.5464 7242/b7486700 agents/HelperAgent/Main.cpp:619 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.7219/generation-0/request
[ 2014-07-29 12:22:13.5540 7247/b6df2700 agents/LoggingAgent/Main.cpp:318 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.7219/generation-0/logging
[ 2014-07-29 12:22:13.5542 7239/b749e700 agents/Watchdog/Main.cpp:761 ]: All Phusion Passenger agents started!
[Tue Jul 29 12:22:13 2014] [notice] Apache/2.2.22 (Debian) PHP/5.4.4-14+deb7u12 mod_python/3.3.1 Python/2.7.3 mod_wsgi/3.3 Phusion_Passenger/4.0.23 configured -- resuming normal operations
[Tue Jul 29 12:22:18 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:22:20 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:22:21 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:22:21 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:22:22 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:22:22 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:22:24 2014] [error] [client 91.199.251.60] (13)Permission denied: access to / denied
[Tue Jul 29 12:23:06 2014] [error] [client 94.242.206.244] (13)Permission denied: access to /xmlrpc.php denied
~                   

I can give a bigger picture if needed.

Answer 1

What URL are you using to access the site?

There is quite a lot broken in this configuration. If this is a Django site, are you even following the Django docs on mod_wsgi setup?

Some of the things which are wrong are:

• ServerName should be a host name, not a URL so the VirtualHost would be ignored.
• The WSGIScriptAlias is outside of the VirtualHost and because the VirtualHost is ignored, the access permissions for Apache setup within it for the target directory are ignored and you would get a forbidden response.
• The WSGIScriptAlias is referring to a directory anyway, when likely it should be referring to the wsgi.py file.
• Setting Allow from all from Directory / is a security disaster waiting to happen.