python web应用程序的某些部分可以安全,而其他部分则不安全吗?

时间:2013-05-09 15:00:48

标签: python django ssl

我正在寻找切换到python / django进行Web开发。对于某些应用程序,我需要端口我有通过SSL服务的网站的管理部分,而主要接口不是。

有没有办法通过SSL服务说django应用程序的管理部分,而网站的其余部分是通过HTTP?

1 个答案:

答案 0 :(得分:0)

绝对有可能。如果您使用的是nginx,请按以下步骤操作:

/etc/nginx/sites-available/default下,在服务器标记下方添加以下内容并正确配置文件:

    #SSL Support added
    listen   443 ssl;
    ssl_certificate     /etc/ssl/ssl/nginx/server.crt;
    ssl_certificate_key /etc/ssl/ssl/nginx/server.key;
    ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

然后在你的middleware.py中,

class SecureRequiredMiddleware(object):
    def __init__(self):
        self.paths = getattr(settings, 'SECURE_REQUIRED_PATHS')
        self.enabled = self.paths and getattr(settings, 'HTTPS_SUPPORT')

    def process_request(self, request):
        if self.enabled and not request.is_secure():
            for path in self.paths:
                if request.get_full_path().startswith(path):
                    request_url = request.build_absolute_uri(request.get_full_path())
                    secure_url = request_url.replace('http://', 'https://')
                    print self.paths, request_url, secure_url
                    return HttpResponsePermanentRedirect(secure_url)
        return None

然后在settings.py中,

....
MIDDLEWARE_CLASSES = (
    'django.middleware.common.CommonMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    # Uncomment the next line for simple clickjacking protection:
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
    'djo.middleware.SecureRequiredMiddleware',
....
HTTPS_SUPPORT = True
SECURE_REQUIRED_PATHS = (
    r'/admin/',
)

这应该让你开始。

相关问题
最新问题