How to authenticate against Django’s user database from Apache

    • Serve static/media files directly from Apache only to authenticated users.
    • Allow certain users to connect to a WebDAV share created with mod_dav.

    Note

    If you have installed a and want to use this default auth handler, it must support an is_active attribute. If you want to use group based authorization, your custom user must have a relation named ‘groups’, referring to a related object that has a ‘name’ field. You can also specify your own custom mod_wsgi auth handler if your custom cannot conform to these requirements.

    Note

    The use of WSGIApplicationGroup %{GLOBAL} in the configurations below presumes that your Apache instance is running only one Django application. If you are running more than one Django application, please refer to the Defining Application Groups section of the mod_wsgi docs for more information about this setting.

    Make sure that mod_wsgi is installed and activated and that you have followed the steps to set up .

    The WSGIAuthUserScript directive tells mod_wsgi to execute the function in specified wsgi script, passing the user name and password that it receives from the prompt. In this example, the WSGIAuthUserScript is the same as the WSGIScriptAlias that defines your application that is created by django-admin startproject.

    Using Apache 2.2 with authentication

    Make sure that mod_auth_basic and mod_authz_user are loaded.

    These might be compiled statically into Apache, or you might need to use LoadModule to load them dynamically in your httpd.conf:

    Finally, edit your WSGI script to tie Apache’s authentication to your site’s authentication mechanisms by importing the check_password function:

    The mod_wsgi provides additional details and information about alternative methods of authentication.

    mod_wsgi also provides functionality to restrict a particular location to members of a group.

    In this case, the Apache configuration should look like this:

    To support the WSGIAuthGroupScript directive, the same WSGI script mysite.wsgi must also import the function which returns a list groups the given user belongs to.

    Requests for /secret/ will now also require user to be a member of the “secret-agents” group.