Home / server / Questions / 73257
Accepted
Natim
Asked: 2009-10-11 07:56:32 +0800 CST

How to force the use of SSL for some URL of my Django Application?

  • 772

I want to be sure that for some URL of my website, SSL will be use. I saw a lot of answer already on SO.

https://stackoverflow.com/questions/724968/force-redirect-to-ssl-for-all-pages-apart-from-one

So I think I will use mod_rewrite.

My question is more about how to configure the Virtual Host to run my Django Application over HTTP and over HTTPS without problems. I am using WSGI.

Is it a problem to just duplicate the configuration over *:443 and over *:80 ? How should I do to have the best configuration ?

Thank you.

Rémy

apache-2.2

2 Answers

  1. Best Answer

    you can use a decorator on your views to make them only avail from ssl.

    @secure_required
@login_required
def edit_member(request, slug):
    ...

    http://www.redrobotstudios.com/blog/2009/02/18/securing-django-with-ssl/

    • 3

  2. It is fine to copy over the configuration for *:443, here's how I did it on my server:

    <VirtualHost *:80>
        ServerName www.mydomain.tld
        ServerAlias mydomain.tld

        DocumentRoot /path/to/www
        <Directory /path/to/www>
                AllowOverride All
                Order allow,deny
                allow from all
                Options -MultiViews
        </Directory>

</VirtualHost>

<VirtualHost *:443>
        ServerName www.mydomain.tld
        ServerAlias mydomain.tld

        DocumentRoot /path/to/www
        <Directory /path/to/www>
                AllowOverride All
                Order allow,deny
                allow from all
                Options -MultiViews
        </Directory>

        SSLEngine On
        SSLCertificateFile /etc/ssl/private/mydomain.crt

</VirtualHost>

    Be sure to activate SSL on the *:443 virtual host (SSLEngine), and have your certificate set-up also (SSLCertificateFile).

    You will also need to activate the ssl module for Apache2, type as root:

    a2enmod ssl
    • 0