django - Can portions of a python web app be secure while others are not? -
this question has answer here:
- serving secure django pages https 1 answer
i looking @ switching python/django web development. of application need port have admin sections of site being served on ssl while main interface not.
is there way serve admin portion of django app on ssl while rest of site on http?
its possible. if using nginx, how it:
under /etc/nginx/sites-available/default, add following below server tag , configure files appropriately:
#ssl support added listen 443 ssl; ssl_certificate /etc/ssl/ssl/nginx/server.crt; ssl_certificate_key /etc/ssl/ssl/nginx/server.key; ssl_protocols sslv3 tlsv1 tlsv1.1 tlsv1.2; ssl_ciphers high:!anull:!md5; then in middleware.py,
class securerequiredmiddleware(object): def __init__(self): self.paths = getattr(settings, 'secure_required_paths') self.enabled = self.paths , getattr(settings, 'https_support') def process_request(self, request): if self.enabled , not request.is_secure(): path in self.paths: if request.get_full_path().startswith(path): request_url = request.build_absolute_uri(request.get_full_path()) secure_url = request_url.replace('http://', 'https://') print self.paths, request_url, secure_url return httpresponsepermanentredirect(secure_url) return none then in settings.py,
.... middleware_classes = ( 'django.middleware.common.commonmiddleware', 'django.contrib.sessions.middleware.sessionmiddleware', 'django.middleware.csrf.csrfviewmiddleware', 'django.contrib.auth.middleware.authenticationmiddleware', 'django.contrib.messages.middleware.messagemiddleware', # uncomment next line simple clickjacking protection: 'django.middleware.clickjacking.xframeoptionsmiddleware', 'djo.middleware.securerequiredmiddleware', .... https_support = true secure_required_paths = ( r'/admin/', ) that should started.
Comments
Post a Comment