Monday, March 13, 2023

Re: Django Admin

ok hope i am not adding to the confusion

I ran into this a while back

CSRF errors are usually (in my case anyways) triggered by apache SSL
setup etc

if you are running Apache + SSL you need to make sure the certificates
and the SNI ssl naming is setup correctly or the CSRF errors will
trigger randomly.

of course the ssl cert has to match the site name

this config assumes APACHE + WSGI + SSL etc. and you are running
multiple virtual sites under apache.

Also note the port 80 redirect (ie everything is directed to the SSL site)

if you are mixing ssl & non-ssl apache / django will get confused and
trip the CSRF error as well.

relative apache config (httpd.conf):

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

SSLSessionCache memcache:localhost:11211 <<-- only if using memcache.
</IfModule>


then my apache config for a site ?

admin.scom.ca ?

<VirtualHost *:80>
ServerName admin.scom.ca
ServerAlias admin.scom.ca
Redirect permanent / https://admin.scom.ca/
</VirtualHost>

<VirtualHost *:443>
ServerName admin.scom.ca
ServerAlias admin.scom.ca
DocumentRoot /www/admin.scom.ca

Alias /media/ /www/admin.scom.ca/media/
Alias /static/ /www/admin.scom.ca/statics/
Alias /statics/ /www/admin.scom.ca/statics/

<Directory "/www/admin.scom.ca/statics/">
Options FollowSymLinks
AllowOverride None
Require all granted
</Directory>

SSLEngine on
SSLProtocol all
SSLCertificateFile /www/admin.scom.ca/ssl/admin.scom.ca.crt
SSLCertificateKeyFile /www/admin.scom.ca/ssl/admin.scom.ca.key
SSLCertificateChainFile /www/admin.scom.ca/ssl/admin.scom.ca.chain



SuexecUserGroup www www

##Below only used if running WSGI##

WSGIDaemonProcess adminscomcassl user=www group=www processes=10 threads=20
WSGIProcessGroup adminscomcassl
WSGIApplicationGroup %{GLOBAL}
WSGIImportScript /www/admin.scom.ca/django.wsgi
process-group=adminscomcassl application-group=%{GLOBAL}

WSGIScriptAlias / /www/admin.scom.ca/django.wsgi

##End of WSGI##

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

<Directory "/www/admin.scom.ca/wp-content/uploads/">
<Files "*.php">
Order Deny,Allow
Deny from All
</Files>
</Directory>

<Directory /www/admin.scom.ca>
php_admin_value open_basedir /www/admin.scom.ca:/var/log/
</Directory>

<Directory /www/admin.scom.ca>
php_admin_value sys_temp_dir /www/admin.scom.ca/tmp/
</Directory>

<Directory /www/admin.scom.ca>
php_admin_value session.save_path /www/admin.scom.ca/tmp/
</Directory>

<Directory /www/admin.scom.ca>
php_admin_value soap.wsdl_cache_dir /www/admin.scom.ca/tmp/
</Directory>

<Directory /www/admin.scom.ca>
php_admin_value upload_tmp_dir /www/admin.scom.ca/tmp
</Directory>

<Directory "/www/admin.scom.ca">
AllowOverride All
php_value session.save_path "/www/admin.scom.ca/"
</Directory>

</VirtualHost>







Happy Monday !!!
Thanks - paul

Paul Kudla


Scom.ca Internet Services <http://www.scom.ca>
004-1009 Byron Street South
Whitby, Ontario - Canada
L1N 4S3

Toronto 416.642.7266
Main 1.866.411.7266
Fax 1.888.892.7266
Email paul@scom.ca

On 3/12/2023 5:44 AM, Muhammad Juwaini Abdul Rahman wrote:
> I think you need to add the following in settings.py:
>
> CSRF_TRUSTED_ORIGIN = ('<your_web_url>')
>
>
>
> On Sun, 12 Mar 2023 at 02:04, James Hunt <newbypassers@gmail.com
> <mailto:newbypassers@gmail.com>> wrote:
>
> Hi there. I am fairly new to Django but have had previous success
> with creating an app and being able to access the Admin page.
> Recently, if I attempt to access the admin page of a new Django app
> it throws the CSRF error upon trying to log in!!!
>
> I have attempted several ways to bypass this error including adding
> allowed hosts but I cant seem to get past this issue.
>
> Can someone please provide me with the definitive way of stopping
> CSRF error when simply trying to access the admin part of Django? I
> mean there are no post functions that really apply to this feature
> so I cant understand the CSRF token.
>
> I cant get past this issue which means I can never access the admin
> page!!
>
> Please help.
>
> Regards
>
> James
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/e13c7765-831e-45c5-b091-c8fcfbed19c5n%40googlegroups.com <https://groups.google.com/d/msgid/django-users/e13c7765-831e-45c5-b091-c8fcfbed19c5n%40googlegroups.com?utm_medium=email&utm_source=footer>.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to django-users+unsubscribe@googlegroups.com
> <mailto:django-users+unsubscribe@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAFKhtoRactd%2Bhg-3_m8d5MOKSYb0gp9J9m%2BjNM7naykJ8r3Kww%40mail.gmail.com <https://groups.google.com/d/msgid/django-users/CAFKhtoRactd%2Bhg-3_m8d5MOKSYb0gp9J9m%2BjNM7naykJ8r3Kww%40mail.gmail.com?utm_medium=email&utm_source=footer>.
>
> --
> This message has been scanned for viruses and
> dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
> believed to be clean.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/0f9a82dd-4d6e-9904-3e93-7cb190697ef6%40scom.ca.

No comments:

Post a Comment