Apache Configuration Directives¶
Request Handlers¶
Python*Handler Directive Syntax¶
All request handler directives have the following syntax:
Python*Handler handler [handler ...] [ | .ext [.ext ...] ]
Where handler is a callable object that accepts a single argument - request object, and .ext is an optional file extension.
Multiple handlers can be specified on a single line, in which case they will be called sequentially, from left to right. Same handler directives can be specified multiple times as well, with the same result - all handlers listed will be executed sequentially, from first to last.
If any handler in the sequence returns a value other than
apache.OK or apache.DECLINED, then execution of all subsequent
handlers for that phase is aborted. What happens when either
apache.OK or apache.DECLINED is returned is dependent on which
phase is executing.
Note that prior to mod_python 3.3, if any handler in the sequence, no
matter which phase was executing, returned a value other than
apache.OK, then execution of all subsequent handlers for that phase
was aborted.
The list of handlers can optionally be followed by a | followed
by one or more file extensions. This would restrict the execution of
the handler to those file extensions only. This feature only works for
handlers executed after the trans phase.
A handler has the following syntax:
module[::object]
Where module can be a full module name (package dot notation is
accepted) or an actual path to a module code file. The module is loaded
using the mod_python module importer as implemented by the
apache.import_module() function. Reference should be made to
the documentation of that function for further details of how module
importing is managed.
The optional object is the name of an object inside the module.
Object can also contain dots, in which case it will be resolved from
left to right. During resolution, if mod_python encounters an object
of type <class>, it will try instantiating it passing it a single
argument, a request object.
If no object is specified, then it will default to the directive of
the handler, all lower case, with the word 'python'
removed. E.g. the default object for PythonAuthenHandler would be
authenhandler.
Example:
PythonAuthzHandler mypackage.mymodule::checkallowed
For more information on handlers, see Overview of a Request Handler.
Note
The '::' was chosen for performance reasons. In order
for Python to use objects inside modules, the modules first need to
be imported. Having the separator as simply a '.', would
considerably complicate process of sequentially evaluating every
word to determine whether it is a package, module, class etc. Using
the (admittedly un-Python-like) '::' removes the time-consuming
work of figuring out where the module part ends and the object
inside of it begins, resulting in a modest performance gain.
The handlers in this document are listed in order in which phases are processed by Apache.
Python*Handlers and Python path¶
If a Python*Handler directive is specified in a directory section
(i.e. inside a <Directory></Directory> or
<DirectoryMatch></DirectoryMatch> or in an .htaccess file),
then this directory is automatically prepended to the Python path
(sys.path) unless Python path is specified explicitely with the
PythonPath directive.
If a Python*Handler directive is specified in a location section
(i.e. inside <Location></Location> or
<LocationMatch></LocationMatch>), then no path modification is done
automatically and in most cases a PythonPath directive is required
to augment the path so that the handler module can be imported.
Also for Python*Handlers inside a location section mod_python
disables the phase of the request that maps the URI to a file on the
filesystem (ap_hook_map_to_storage). This is because there is
usually no link between path specified in <Location> and the
filesystem, while attempting to map to a filesystem location results
in unnecessary and expensive filesystem calls. Note that an important
side-effect of this is that once a request URI has been matched to a
<Location> containing a mod_python handler, all <Directory>
and <DirectoryMatch> directives and their contents are ignored for
this request.
PythonPostReadRequestHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host
Override: not None
Module: mod_python.c
This handler is called after the request has been read but before any other phases have been processed. This is useful to make decisions based upon the input header fields.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase is aborted.
Note
When this phase of the request is processed, the URI has not yet
been translated into a path name, therefore this directive could
never be executed by Apache if it could specified within
<Directory>, <Location>, <File> directives or in an
.htaccess file. The only place this directive is allowed is
the main configuration file, and the code for it will execute in
the main interpreter. And because this phase happens before any
identification of the type of content being requested is done
(i.e. is this a python program or a gif?), the python routine
specified with this handler will be called for ALL requests on
this server (not just python programs), which is an important
consideration if performance is a priority.
PythonTransHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host
Override: not None
Module: mod_python.c
This handler allows for an opportunity to translate the URI into an actual filename, before the server’s default rules (Alias directives and the like) are followed.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.DECLINED, then execution of all
subsequent handlers for this phase is aborted.
Note
At the time when this phase of the request is being processed, the
URI has not been translated into a path name, therefore this
directive will never be executed by Apache if specified within
<Directory>, <Location>, <File> directives or in an
.htaccess file. The only place this can be specified is the
main configuration file, and the code for it will execute in the
main interpreter.
PythonHeaderParserHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This handler is called to give the module a chance to look at the request headers and take any appropriate specific actions early in the processing sequence.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase is aborted.
PythonInitHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This handler is the first handler called in the request processing phases that is allowed both inside and outside :file`.htaccess` and directory.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase is aborted.
This handler is actually an alias to two different handlers. When
specified in the main config file outside any directory tags, it is an
alias to PostReadRequestHandler. When specified inside directory
(where PostReadRequestHandler is not allowed), it aliases to
PythonHeaderParserHandler.
*(This idea was borrowed from mod_perl)
PythonAccessHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This routine is called to check for any module-specific restrictions placed upon the requested resource.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase is aborted.
For example, this can be used to restrict access by IP number. To do
so, you would return HTTP_FORBIDDEN or some such to indicate
that access is not allowed.
PythonAuthenHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This routine is called to check the authentication information sent with the request (such as looking up the user in a database and verifying that the [encrypted] password sent matches the one in the database).
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.DECLINED, then execution of all
subsequent handlers for this phase is aborted.
To obtain the username, use req.user. To obtain the password
entered by the user, use the request.get_basic_auth_pw() function.
A return of apache.OK means the authentication succeeded. A return
of apache.HTTP_UNAUTHORIZED with most browser will bring up the
password dialog box again. A return of apache.HTTP_FORBIDDEN will
usually show the error on the browser and not bring up the password
dialog again. HTTP_FORBIDDEN should be used when authentication
succeeded, but the user is not permitted to access a particular URL.
An example authentication handler might look like this:
def authenhandler(req):
pw = req.get_basic_auth_pw()
user = req.user
if user == "spam" and pw == "eggs":
return apache.OK
else:
return apache.HTTP_UNAUTHORIZED
Note
request.get_basic_auth_pw() must be called prior to using the
request.user value. Apache makes no attempt to decode the
authentication information unless request.get_basic_auth_pw() is called.
PythonAuthzHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This handler runs after AuthenHandler and is intended for checking whether a user is allowed to access a particular resource. But more often than not it is done right in the AuthenHandler.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.DECLINED, then execution of all
subsequent handlers for this phase is aborted.
PythonTypeHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This routine is called to determine and/or set the various document
type information bits, like Content-type (via r->content_type),
language, et cetera.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.DECLINED, then execution of all
subsequent handlers for this phase is aborted.
PythonFixupHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This routine is called to perform any module-specific fixing of header fields, et cetera. It is invoked just before any content-handler.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase is aborted.
PythonHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This is the main request handler. Many applications will only provide this one handler.
Where multiple handlers are specified, if any handler in the sequence
returns a status value other than apache.OK or
apache.DECLINED, then execution of subsequent handlers for the phase
are skipped and the return status becomes that for the whole content
handler phase. If all handlers are run, the return status of the final
handler is what becomes the return status of the whole content handler
phase. Where that final status is apache.DECLINED, Apache will fall
back to using the default-handler and attempt to serve up the target
as a static file.
PythonLogHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This routine is called to perform any module-specific logging activities.
Where multiple handlers are specified, if any handler in the sequence
returns a value other than apache.OK or apache.DECLINED, then
execution of all subsequent handlers for this phase is aborted.
PythonCleanupHandler¶
Syntax: Python*Handler Syntax
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
This is the very last handler, called just before the request object is destroyed by Apache.
Unlike all the other handlers, the return value of this handler is ignored. Any errors will be logged to the error log, but will not be sent to the client, even if PythonDebug is On.
This handler is not a valid argument to the rec.add_handler()
function. For dynamic clean up registration, use
req.register_cleanup().
Once cleanups have started, it is not possible to register more of
them. Therefore, req.register_cleanup() has no effect within this
handler.
Cleanups registered with this directive will execute after cleanups
registered with req.register_cleanup().
Filters¶
PythonInputFilter¶
Syntax: PythonInputFilter handler name
Context: server config
Module: mod_python.c
Registers an input filter handler under name name. Handler is a
module name optionally followed :: and a callable object name. If
callable object name is omitted, it will default to
'inputfilter'. Name is the name under which the filter is
registered, by convention filter names are usually in all caps.
The module referred to by the handler can be a full module name
(package dot notation is accepted) or an actual path to a module code file.
The module is loaded using the mod_python module importer as implemented by
the apache.import_module() function. Reference should be made to the
documentation of that function for further details of how module importing
is managed.
To activate the filter, use the AddInputFilter directive.
PythonOutputFilter¶
Syntax: PythonOutputFilter handler name
Context: server config
Module: mod_python.c
Registers an output filter handler under name name. handler is a
module name optionally followed :: and a callable object name. If
callable object name is omitted, it will default to
'outputfilter'. name is the name under which the filter is
registered, by convention filter names are usually in all caps.
The module referred to by the handler can be a full module name
(package dot notation is accepted) or an actual path to a module code file.
The module is loaded using the mod_python module importer as implemented by
the apache.import_module() function. Reference should be made to the
documentation of that function for further details of how module importing
is managed.
To activate the filter, use the AddOutputFilter directive.
Connection Handler¶
PythonConnectionHandler¶
Syntax: PythonConnectionHandler handler
Context: server config
Module: mod_python.c
Specifies that the connection should be handled with handler connection handler. handler will be passed a single argument - the connection object.
Handler is a module name optionally followed :: and a
callable object name. If callable object name is omitted, it will
default to 'connectionhandler'.
The module can be a full module name (package dot notation is
accepted) or an absolute path to a module code file. The module is loaded
using the mod_python module importer as implemented by the
apache.import_module() function. Reference should be made to the
documentation of that function for further details of how module importing
is managed.
Other Directives¶
PythonEnablePdb¶
Syntax: PythonEnablePdb {On, Off}
Default: PythonEnablePdb Off
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
When On, mod_python will execute the handler functions within the
Python debugger pdb using the pdb.runcall() function.
Because pdb is an interactive tool, start httpd from the command line
with the -DONE_PROCESS option when using this directive. As soon as
your handler code is entered, you will see a Pdb prompt allowing you
to step through the code and examine variables.
PythonDebug¶
Syntax: PythonDebug {On, Off}
Default: PythonDebug Off
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
Normally, the traceback output resulting from uncaught Python errors
is sent to the error log. With PythonDebug On directive specified, the
output will be sent to the client (as well as the log), except when
the error is IOError while writing, in which case it will go
to the error log.
This directive is very useful during the development process. It is recommended that you do not use it production environment as it may reveal to the client unintended, possibly sensitive security information.
PythonImport¶
Syntax: PythonImport module interpreter_name
Context: server config
Module: mod_python.c
Tells the server to import the Python module module at process startup under the specified interpreter name. The import takes place at child process initialization, so the module will actually be imported once for every child process spawned.
The module can be a full module name (package dot notation is
accepted) or an absolute path to a module code file. The module is loaded
using the mod_python module importer as implemented by the
apache.import_module() function. Reference should be made to
the documentation of that function for further details of how module
importing is managed.
The PythonImport directive is useful for initialization tasks that
could be time consuming and should not be done at the time of processing a
request, e.g. initializing a database connection. Where such initialization
code could fail and cause the importing of the module to fail, it should be
placed in its own function and the alternate syntax used:
PythonImport *module::function* *interpreter_name*
The named function will be called only after the module has been imported successfully. The function will be called with no arguments.
Note
At the time when the import takes place, the configuration is not
completely read yet, so all other directives, including
PythonInterpreter have no effect on the behavior of modules
imported by this directive. Because of this limitation, the
interpreter must be specified explicitly, and must match the name
under which subsequent requests relying on this operation will
execute. If you are not sure under what interpreter name a request
is running, examine the request.interpreter member of the request
object.
See also Multiple Interpreters.
PythonInterpPerDirectory¶
Syntax: PythonInterpPerDirectory {On, Off}
Default: PythonInterpPerDirectory Off
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
Instructs mod_python to name subinterpreters using the directory of
the file in the request (req.filename) rather than the the
server name. This means that scripts in different directories will
execute in different subinterpreters as opposed to the default policy
where scripts in the same virtual server execute in the same
subinterpreter, even if they are in different directories.
For example, assume there is a
/directory/subdirectory. /directory has an
.htaccess file with a PythonHandler directive.
/directory/subdirectory doesn’t have an .htaccess. By
default, scripts in /directory and
/directory/subdirectory would execute in the same interpreter
assuming both directories are accessed via the same virtual
server. With PythonInterpPerDirectory, there would be two
different interpreters, one for each directory.
Note
In early phases of the request prior to the URI translation (PostReadRequestHandler and TransHandler) the path is not yet known because the URI has not been translated. During those phases and with PythonInterpPerDirectory on, all python code gets executed in the main interpreter. This may not be exactly what you want, but unfortunately there is no way around this.
See also
- Multiple Interpreters
for more information
PythonInterpPerDirective¶
Syntax: PythonInterpPerDirective {On, Off}
Default: PythonInterpPerDirective Off
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
Instructs mod_python to name subinterpreters using the directory in which the Python*Handler directive currently in effect was encountered.
For example, assume there is a
/directory/subdirectory. /directory has an .htaccess
file with a PythonHandler directive. /directory/subdirectory
has another .htaccess file with another PythonHandler. By
default, scripts in /directory and
/directory/subdirectory would execute in the same interpreter
assuming both directories are in the same virtual server. With
PythonInterpPerDirective, there would be two different interpreters,
one for each directive.
See also
- Multiple Interpreters
for more information
PythonInterpreter¶
Syntax: PythonInterpreter name
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
Forces mod_python to use interpreter named name, overriding the default behaviour or behaviour dictated by a PythonInterpPerDirectory or PythonInterpPerDirective direcive.
This directive can be used to force execution that would normally occur in different subinterpreters to run in the same one. When specified in the DocumentRoot, it forces the whole server to run in one subinterpreter.
See also
- Multiple Interpreters
for more information
PythonHandlerModule¶
Syntax: PythonHandlerModule module
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
PythonHandlerModule can be used an alternative to Python*Handler directives. The module specified in this handler will be searched for existence of functions matching the default handler function names, and if a function is found, it will be executed.
For example, instead of:
PythonAuthenHandler mymodule
PythonHandler mymodule
PythonLogHandler mymodule
one can simply use:
PythonHandlerModule mymodule
PythonAutoReload¶
Syntax: PythonAutoReload {On, Off}
Default: PythonAutoReload On
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
If set to Off, instructs mod_python not to check the modification date of the module file.
By default, mod_python checks the time-stamp of the file and reloads the module if the module’s file modification date is later than the last import or reload. This way changed modules get automatically reimported, eliminating the need to restart the server for every change.
Disabling autoreload is useful in production environment where the modules do not change; it will save some processing time and give a small performance gain.
PythonOptimize¶
Syntax: PythonOptimize {On, Off}
Default: PythonOptimize Off
Context: server config
Module: mod_python.c
Enables Python optimization. Same as the Python -O option.
PythonOption¶
Syntax: PythonOption key [value]
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
Assigns a key value pair to a table that can be later retrieved by the
request.get_options() function. This is useful to pass information
between the apache configuration files (httpd.conf,
.htaccess, etc) and the Python programs. If the value is omitted or empty (""),
then the key is removed from the local configuration.
Reserved PythonOption Keywords¶
Some PythonOption keywords are used for configuring various aspects of
mod_python. Any keyword starting with mod_python.* should be considered
as reserved for internal mod_python use.
Users are encouraged to use their own namespace qualifiers when creating add-on modules, and not pollute the global namespace.
The following PythonOption keys are currently used by mod_python.
PythonPath¶
Syntax: PythonPath path
Context: server config, virtual host, directory, htaccess
Override: not None
Module: mod_python.c
PythonPath directive sets the PythonPath. The path must be specified in Python list notation, e.g.:
PythonPath "['/usr/local/lib/python2.0', '/usr/local/lib/site_python', '/some/other/place']"
The path specified in this directive will replace the path, not add to it. However, because the value of the directive is evaled, to append a directory to the path, one can specify something like:
PythonPath "sys.path+['/mydir']"
Mod_python tries to minimize the number of evals associated with the
PythonPath directive because evals are slow and can negatively impact
performance, especially when the directive is specified in an
.htaccess file which gets parsed at every hit. Mod_python will
remember the arguments to the PythonPath directive in the un-evaled
form, and before evaling the value it will compare it to the
remembered value. If the value is the same, no action is
taken. Because of this, you should not rely on the directive as a way
to restore the pythonpath to some value if your code changes it.
When multiple PythonPath directives are specified, the effect is not cumulative, last directive will override all previous ones.
Note
This directive should not be used as a security measure since the Python path is easily manipulated from within the scripts.