requests.post from python script to my Django website hosted using Apache giving 403 Forbidden

Question

My Django website is hosted using Apache server. I want to send data using requests.post to my website using a python script on my pc but It is giving 403 forbidden.

import json


url = "http://54.161.205.225/Project/devicecapture"
headers = {'User-Agent':
           'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36',
           'content-type': 'application/json'}


data = {
    "nb_imsi":"test API",
    "tmsi1":"test", 
    "tmsi2":"test",
    "imsi":"test API", 
    "country":"USA", 
    "brand":"Vodafone", 
    "operator":"test",
    "mcc":"aa", 
    "mnc":"jhj",
    "lac":"hfhf", 
    "cellIid":"test cell"
}
response = requests.post(url, data =json.dumps(data),headers=headers) 

print(response.status_code)

I have also given permission to the directory containing the views.py where this request will go. I have gone through many other answers but they didn't help. I have tried the code without json.dumps also but it isn't working with that also. How to resolve this?

Answer 1

After investigating it looks like the URL that you need to post to in order to login is: http://54.161.205.225/Project/accounts/login/?next=/Project/

You can work out what you need to send in a post request by looking in the Chrome DevTools, Network tab. This tells us that you need to send the fields username, password and csrfmiddlewaretoken, which you need to pull from the page.

You can get it by extracting it from the response of the first get request. It is stored on the page like this:

<input type="hidden" name="csrfmiddlewaretoken" value="OspZfYQscPMHXZ3inZ5Yy5HUPt52LTiARwVuAxpD6r4xbgyVu4wYbfpgYMxDgHta">

So you'll need to do some kind of Regex to get it. You'll work it out.

So first you have to create a session. Then load the login page with a get request. Then send a post request with your login credentials to that same URL. And then your session will gain the required cookies that will then allow you to post to your desired URL. This is an example below.

import requests

# Create session
session = requests.session()

# Add user-agent string
session.headers.update({'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) ' +
'AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36'})

# Get login page
response = session.get('http://54.161.205.225/Project/accounts/login/?next=/Project/')

# Get csrf
# Do something to response.text

# Post to login
response = session.post('http://54.161.205.225/Project/accounts/login/?next=/Project/', data={
    'username': 'example123',
    'password': 'examplexamplexample',
    'csrfmiddlewaretoken': 'something123123',
})

# Post desired data
response = session.post('http://url.url/other_page', data={
    'data': 'something',
})

print(response.status_code)

Hopefully this should get you there. Good luck.

For more information check out this question on requests: Python Requests and persistent sessions

Answer 2

I faced that situation many times The problems were :

1. 54.161.205.225 is not added to allowed hosts in settings.py
2. the apache wsgi is not correctly configured

things might help with debug :

Check apache error-logs to investigate what went wrong
try running server locally and post to it to make sure prob is not related to apache