Hey Tom,
Thanks, you rightly pointed out right security way to implement django. But
currently I am facing issue with implementing whatever way I tried.
Please suggest what is wrong in vhost file. Here is my host file. Please
take a look
WSGIPythonPath C:\Python27\Lib\site-packages
<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot "C:/Apache24/htdocs/testarhamcollections"
ServerName www.testarhamcollections.com
ServerAlias testarhamcollections.com
ErrorLog
"C:/Apache24/htdocs/testarhamcollections/logs/testarhamcollections.com-error.log"
CustomLog
"C:/Apache24/htdocs/testarhamcollections/logs/testarhamcollections.com-access.log"
common
<Directory c:/Apache24/htdocs/testarhamcollections>
Require all granted
</Directory>
WSGIScriptAlias / c:\Apache24\htdocs\testarhamcollections
Alias / "c:/Apache24/htdocs/testarhamcollections"
<Directory "c:/Apache24/htdocs/testarhamcollections/project1">
<Files "wsgi.py">
Require all granted
</Files>
</Directory>
</VirtualHost>
Also, you appreciate if you come on Google Hangout.
Regards,
Sarf
On 8 May 2017 at 23:22, 'Tom Evans' via Django users <
[email protected]> wrote:
> On Mon, May 8, 2017 at 11:08 AM, sarfaraz ahmed <[email protected]>
> wrote:
> > Hello Guys,
> > [ .. ]
> > This is conf file for Apache
> > ------------------------------------------------------------
> ------------------------------------------------------------
> ----------------------------------------------
> > <VirtualHost *:80>
> > ServerAdmin [email protected]
> > DocumentRoot "C:/Apache24/htdocs/testarhamcollections"
> > ServerName www.testarhamcollections.com
> > ServerAlias testarhamcollections.com
> > ErrorLog
> > "C:/Apache24/htdocs/testarhamcollections/logs/testarhamcollections.com-
> error.log"
> > CustomLog
> > "C:/Apache24/htdocs/testarhamcollections/logs/testarhamcollections.com-
> access.log"
> > common
> >
> > WSGIScriptAlias /
> > "c:/Apache24/htdocs/testarhamcollections/project1/wsgi.py"
> >
> > Alias / "c:/Apache24/htdocs/testarhamcollections"
> > Alias /static/ "c:/Apache24/htdocs/testarhamcollections/static/"
> > Alias /media/ "c:/Apache24/htdocs/testarhamcollections/static/
> media/"
>
> DANGER!
>
> Python/WSGI is not like PHP, the program files should not live in web
> accessible directory.
> Your WSGI script should not be in a web accessible directory.
> The only things that should be in a web accessible directory are your
> static htdocs, which are collected to that location by Django using
> the command "collectstatic".
>
> Your project files should be OUTSIDE the document root and NOT aliased
> into it in any way!
>
>
> A typical layout should look like so:
>
>
> c:/DjangoProjects/project_name
> ├── htdocs
> ├── logs
> ├── my_project
> │ ├── manage.py
> │ ├── my_app1
> │ │ ├── __init__.py
> │ │ ├── admin.py
> │ │ ├── apps.py
> │ │ ├── migrations
> │ │ │ └── __init__.py
> │ │ ├── models.py
> │ │ ├── tests.py
> │ │ └── views.py
> │ ├── my_app2
> │ │ ├── __init__.py
> │ │ ├── admin.py
> │ │ ├── apps.py
> │ │ ├── migrations
> │ │ │ └── __init__.py
> │ │ ├── models.py
> │ │ ├── tests.py
> │ │ └── views.py
> │ └── my_project
> │ ├── __init__.py
> │ ├── settings.py
> │ ├── urls.py
> │ └── wsgi.py
> └── my_virtual_env
>
> The only directory of those that should be web accessible is htdocs,
> and none of your code should live there.
>
> Cheers
>
> Tom
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/CAFHbX1JoAHqgWnyxeNMn1EwqaMnvf8fsahT8JW0nK2A9%2BYRoOQ%
> 40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Thanks with regards,
Sarfaraz Ahmed
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CAEPJdiztgf9ZC%3DNHAbh83dZUni1WigEHbdCAWOntRXCj%3D--o4Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
