Reputation: 1439
Django: Use htaccess to protect django app
I have a staging server with identical source code to the production server. I want to keep the public outside of the staging server so I thought of using htaccess to limit users to the staging server (and keep robots and strangers outside).
Somehow its not working for me.
I created the passwordfile
sudo htpasswd -cs /var/.passwd staging
I placed the .htaccess file in
/var/www/djangoapp/
.htaccess:
AuthUserFile /var/.passwd
AuthType Basic
AuthName "Just testing"
Require valid-user
I ensured:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Apache restart:
sudo service apache2 restart
The Django Application is still available for everybody. What am I doing wrong?
Upvotes: 1
Views: 3465
Answers (1)
Reputation: 1439
I found an alternative solution to the above goal without htaccess. I would like to share:
in 000-default-conf in the respective virtualhost section:
<Directory /var/www/djangoapp/djangoapp>
AuthUserFile /var/.htpasswd
AuthName "Just testing"
AuthType Basic
Require valid-user
<Files wsgi.py>
Require valid-user
</Files>
WSGIApplicationGroup %{GLOBAL}
</Directory>
Of course this solution works only if you have access to this config file on your server. Anyway it solved my issue. I could not figure out why the original setup in my question is not working for me.
Upvotes: 1
Related Questions
- Django prevent direct url access
- How to configure .htaccess Django deployment
- Password protect a whole django app
- Limit access to a django admin site through apache
- Very simple way of password protecting django app on OpenShift
- allow acces to files only via cgi
- How can I secure a Django site
- Securing Apache with Django authentication
- django authentication .htaccess static
- django - protect some web paths with basic authentication