File: version-4.4.10.rst

package info (click to toggle)
mod-wsgi 5.0.2-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,824 kB
  • sloc: ansic: 15,512; python: 3,697; makefile: 219; sh: 107
file content (88 lines) | stat: -rw-r--r-- 4,221 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
==============
Version 4.4.10
==============

Version 4.4.10 of mod_wsgi can be obtained from:

  https://codeload.github.com/GrahamDumpleton/mod_wsgi/tar.gz/4.4.10

For details on the availability of Windows binaries see:

  https://github.com/GrahamDumpleton/mod_wsgi/tree/master/win32

Bugs Fixed
----------

1. Fixed a reference counting bug which would cause a daemon process to
crash if both ``home`` and ``python-path`` options were specified at the
same time with the ``WSGIDaemonProcess`` directive.

2. When using ``--https-only`` option with ``mod_wsgi-express``, the
redirection from the ``http`` address to the ``https`` address was not
setting the correct port for ``https``.

Features Changed
----------------

1. Changed the default Apache log level for ``mod_wsgi-express`` to
``warn`` instead of ``info``. This has been done avoid very noisy logs
when enabling secure HTTP connections. To set back to ``info`` level use
the ``--log-level`` option.

2. When specifying a service script with the ``--service-script`` option of
``mod_wsgi-express``, the home directory for the process will now be set to
the same home directory as used for the hosted WGSI application. Python
modules from the WSGI application will therefore be automatically found
when imported. Any directory paths added using ``--python-path`` option
will also be added as search directories for Python module imports, with
any ``.pth`` files in those directories also being handled. In addition,
the language locale and Python eggs directory used by the hosted WSGI
application will also be used for the service script.

3. When specifying ``--python-path`` option, when paths are now setup for
the WSGI application, they will be added in such a way that they appear at
the head of ``sys.path`` and any ``.pth`` files in those directories are
also handled.

New Features
------------

1. Added the ``--directory-listing`` option to ``mod_wsgi-express`` to
allow automatic directory listings to be enabled when using the static file
application type and no explicit directory index file has been specified.

2. In addition to the convenience function of ``--ssl-certificate`` for
``mod_wsgi-express``, which allowed the SSL certificate and private key
file to be specified using one option by specifying the command file
name up to the extension, separate ``--ssl-certificate-file`` and
``--ssl-certificate-key-file`` options are now also provided. These
would either both need to be specified, or the existing
``--ssl-certificate`` option used, when specifying that secure HTTPS
connections should be used through having specified ``--https-port``.

3. Added the ``--ssl-ca-certificate-file`` option to ``mod_wsgi-express``.
If specified this should give the location of the file with any CA
certificates to be used for client authentication. As soon as this option
is provided, the client authentication will be required for the whole site.
This would generally be used in conjunction with the ``--https-only``
option so that only a secure communication channel is being used.

If you do not wish for the whole site to required client authentication,
you can use the ``--ssl-verify-client`` option to specify sub URLs for
which client authentication should be performed.

4. Added the ``--ssl-environment`` option to ``mod_wsgi-express`` to enable
the passing of standard SSL variables in the WSGI environ dictionary passed
to the WSGI application.

5. Added the ``WSGITrustedProxies`` directive and corresponding option of
``--trust-proxy`` to ``mod_wsgi-express``. This works in conjunction with
the ``WSGITrustedProxyHeaders`` directive and ``--trust-proxy-header``
option of ``mod_wsgi-express``. When trusted proxies are specified, then
proxy headers will only be trusted if the request originated with a trusted
proxy. Further, any IP addresses corresponding to a proxy listed in the
``X-Forwarded-For`` header will only be trusted if specified. When
determining the value for ``REMOTE_ADDR`` the IP preceding the last
recognised proxy the request passed through will be used and not simply the
first IP listed in the header. The header will be rewritten to reflect what
was honoured with client IPs of dubious origin discarded.