Andrey Khavryuchenko himself

How to handle secure http (https) via wsgi

October 28, 2008 – 02:53

Just a little note… If you happen to run django + wsgi + apache and want to access your site via https, you will definitely need this.

Problem: A site, deployed on client’s server redirects all https requests to http.

Initially we’ve thought that a misconfigured apache is to be blamed.

It appeared that not.

Looks like that django wsgi handler under some configurations can’t decide if incoming connection is secure. You have to pass that info explicitly (e.g. via a header) and modify your wsgi handler.

We’ve based this code snippet on a fairview computing post:

import logging

from django.conf import settings
import django.core.handlers.wsgi

class WSGIRequest(django.core.handlers.wsgi.WSGIRequest):
    """
    WSGIRequest subclass for use behind a proxy that handles SSL. 

It checks for a header indicating whether a request should be
considered secure. By default, it looks for 'X-Forwarded-Proto'
(which will appear in request.META as 'HTTP_X_FORWARDED_PROTO')
and expects a value of 'http' or 'https'. All string checks are
case-insensitive. You can configure its behavior with these 
settings:

FC_WSGI_PROTOCOL_HEADER: the name of the header to check.
FC_WSGI_PROTOCOL_HTTPS_VALUE: the value to expect on HTTPS requests
FC_WSGI_PROTOCOL_HTTP_VALUE: the value to expect on HTTP requests

You should make sure that the front-end proxy scrubs the header; 
it should not be possible for a client to send the header on a 
plaintext connection and have it reach the back-end server.

To use this, simply replace the stock Django WSGIHandler in your 
WSGI script. Here's a complete example:

import os
import sys


sys.path.append("/usr/local/django/apps")

sys.path.append("/usr/local/django/sites")

os.environ['DJANGOSETTINGSMODULE'] = 'yourapp.settings'

os.umask(0007)

_application = django.core.handlers.wsgi.WSGIHandler()

def application(environ, start_response):
    environ['PATH_INFO'] = environ['SCRIPT_NAME'] + environ['PATH_INFO']
    if environ.get('HTTPS','off') in ('on','1'):
        environ['wsgi.url_scheme'] = 'https'
    else:
        environ['wsgi.url_scheme'] = 'http'
    if environ['wsgi.url_scheme'] == 'https':
            environ['HTTPS'] = 'on'

    return _application(environ, start_response)

"""

def is_secure(self):
    logger = logging.getLogger('fairview.wsgi.WSGIRequest.is_secure')
    header = getattr(settings, 
                        'FC_WSGI_PROTOCOL_HEADER',
                        'HTTP_X_FORWARDED_PROTO'
                        )

    https_value = getattr(settings,
                            'FC_WSGI_PROTOCOL_HTTPS_VALUE',
                            'https'
                            ).lower()

    http_value = getattr(settings,
                            'FC_WSGI_PROTOCOL_HTTP_VALUE',
                            'http'
                            ).lower()
    value = self.META.get(header, '').lower()

    if settings.DEBUG:
        logger.debug("""HEADER: '%s' HTTPS value: '%s' HTTP value: '%s' request value: '%s'""" % (header, https_value, http_value, value))
    if value == https_value:
        if settings.DEBUG:
            logger.debug("""Request is secure.""")
        return True

    if settings.DEBUG:
        logger.debug("""Request is insecure.""")
    return False


class WSGIHandler(django.core.handlers.wsgi.WSGIHandler):
    request_class = WSGIRequest

_application = WSGIHandler()

def application(environ, startresponse):
    environ['PATHINFO'] = environ['SCRIPTNAME'] + environ['PATHINFO']
    if environ.get('HTTPS','off') in ('on','1'):
    environ['wsgi.urlscheme'] = 'https'
    else:
    environ['wsgi.urlscheme'] = 'http'
    if environ['wsgi.url_scheme'] == 'https':
        environ['HTTPS'] = 'on'

return _application(environ, start_response)

Posted in Django, Microentry, Python, Software Development | 3 Comments »

Startuplet financial model, updated userbase model

October 24, 2008 – 15:06

Thanks to DenisM pointing out that the userbase model I’ve presented in the last post constantly underestimates your userbase.

Glad that someone read that deep

Basically the models counts only for users that came only during current month and considers churn rate to be a 100%.

This is easily fixable by addiing an extra parameter “churn rate” and accumulating the users:

Updated spreadsheet

The model shows that with the same startuplet as in the previous example and churn rate of 30% we actually can get a positive 12-month NPV with just weekly blog posts each reaching slightly more than 3’300 readers.

Previous posts on this topic:

Posted in Business, Startuplet, Startups | 2 Comments »

Startuplet financial model, users

October 23, 2008 – 19:31

Ok, now goes the final part of the startuplet financial model review.

It bothers with the crucial question: how much we’ll have users and where they come from.

Here you might see a simple yet powerful userbase model.

It defines three distinct kinds of visitors:

ambient, that come to your site “as is”, for example with a random google search; the only way to influence it is do a better SEO
PR&Sales – those are the direct and measurable result of your PR and sales activities; they come via your posts in blogs, forums, digg/reddit submissions, et cetera
and, finally, viral; those are the visitors that come to you via referral of your current users; that source costs you virtually nothing and is the most powerful.

For a sake of simplicity, we won’t separate ambient and viral source of visitors in the model.

Google spreadsheet

To add numbers, we’ve introduces 4 more guesses (or call them decisions if you’d like):

default number of PR actions per month; in the given example we plan to do two blog posts each week
number of eyeballs on the link; we pretend that the link will be presented to 10K visitors
conversion of link viewers to actual visitors of the product; let it be 5%
virality rate – how much visitors will come since an established user gives him a link; for this example we plan that each user will lead avg 7 visitors

The math after that is easy:

PR actions and eyeballs converts to visitors
visitors convert to users
users we’ve got on month N show our site to 7 visitors on month N+1

Being simple, that model still shows one important trait:

given that virality rate, the service visitors count will stabilize at 9th month and all further growth will depend exclusively on your PR and sales activities

The “ignition” virality rate is close to 20 – that’s when each user brings another active user or even several of them.

Play with numbers, that spreadsheet is insightful.

Previous posts on this topic:

Posted in Business, Software Development, Startuplet, Startups | No Comments »

Startuplet financial model, revenues

October 21, 2008 – 22:03

Image via WikipediaNow about a simple revenue model we’re using for our startuplets.

Google spreadsheet

The first line of “Revenue” tab lists all our potential sources of revenue:

Premium users
AdSense
Lead generation – some other, more niche revenue stream that depends on number of ad impressions but pays better than AdSense

To be able to speculate about these sources of income over the future 24 months, we have to create a bit more elaborated userbase model. More about this later.

From the userbase model we deduce two numbers:

total number of ad impressions and
number of premium users

For those we add three hypotheses:

AdSense revenue for 1K impressions
Lead generation revenue for 1K impressions
Average revenue per user per month (ARPU)

This allows us to speculate about the revenue numbers for our planning horizon.

If you’d pick a ‘Users’ tab, you’ll see that we intend to start with 120 visitors at first month, which would pop to 1’200 visitor the next month (e.g. we’ll announce that we’ve launched our startuplet) and will grow 50% each month until saturation at 6th month at steady 9K-something visitors per month. Don’t ask where I’ve got these numbers – they’ve totally made up

To get a number of regular and premium users, we add two more hypotheses:

conversion of visitors to regular users
conversion of regular users to premium users.

The total number of impressions, finally, depends on the number of impressions that makes each group of users:

visitors
regular users
paid users

In this example we guess that visitors will check only couple pages on the site and then desert.

Finally, the expenses and revenues are put together on the first tab of the spreadsheet and we have two nice lines of profit: expected and discounted expected.

BTW, I’ve made the discount rate much more aggressive, since I was told that VS use discount rates up to 90% annual to discuss company valuations.

So now you can play with the hypotheses we’ve put in and the expected visitor flow to guess about Net Present Value of your startuplet. That way you can easily see that the startuplet to achieve positive NPV in first year, given the speculated visitor flow and defined conversion rates, regular user has to see about 145 ad impressions and premium user – slightly more than 190.

In the presented startuplet NPV model the founder (or CxO) can influence or measure directly nearly every guess we’ve made, except the important one:

Where we would get the visitors with the desired conversion rates?

I’ll blog about more extended userbase model in the future post.

Comments?

Previous article on this topic:

Startuplet financial model, expenses

Posted in Business, Software Development, Startups | 3 Comments »

“Start in Garage” – books and sites

October 21, 2008 – 20:08

Books:

High Tech Start Up, Revised and Updated: The Complete Handbook For Creating Successful New High Tech Companies
The Four Steps to the Epiphany – the Epiphany customer development process
Good to Great: Why Some Companies Make the Leap… and Others Don’t

People:

Dmitry Repin – one of instructors of “Start in Garage”; site in russian
Aswath Damodaran – the source for data to be used for company valuation

Communities:

The Funded – social network of The Valley; no VC’s allowed
Vse v teme (all tuned in) – the russian-speaking social network; the link leads to the discussion of customer development process

Posted in Business, Microentry, Startups | No Comments »

Startuplet financial model, expenses

October 11, 2008 – 17:57

Since a positive NPV is an important for a startuplet , at least in our version, I’ll describe it in more details.

Here’s an expenses model in a google spreadsheet.

So far it’s quite simple…

We have page “Hypotheses” page with 4 variables so far:

monthly discount rate (36%yr)
development hour price ($30 per billable hour)
base server cost (the price of small VPS)
additional costs per 1K impressions (it should match the cost of dedicated server when the project will reach 1 impression per second)

On “Expenses” page we’ve outlined the expected costs of running the project:

we have an initial investment of 40 development hours in the first month
we add 10 development hours each month to fix bugs (god forbid! ) and add features
and some hosting expenses

As you might notice, server expenses depend on the project usage that’s abstracted as a number of impressions. Expected monthly impressions are stored on the “Users” page.

So far they are taken out of the head – I’ll cover it later.

Posted in Business, Software Development, Startuplet, Startups | No Comments »

Startuplet – our internal requirements

October 11, 2008 – 03:02

Following up the topic of startuplets…

The site outlines just the basic idea, we’re using a little bit detailed checklist:

40 hours of development:

that is taken exactly; it doesn’t include idea polishing, financial modeling, screen drafting, et cetera
it’s taken seriously: if the product isn’t usable after 40 development hours invested – the project is killed (*)

detailed financial revenue model:

there should be explicitly defined hypotheses, e.g. conversion rates, expected average income per paid user, etc
there should be 3 sets of numbers for hypotheses: pessimistic, mild and optimistic modes; judging from the latest news (DJIA dipped below 8K today!), the pessimistic model should be taken at least as a primary and expected one
revenue model should be quantitative – there should be numbers (too many developers miss that)
NPV is calculated using doubled credit rate in Ukraine for businesses; it’s traditionally high and now is 36% annually
we use 12 month investment horizon and forecast for another 12 months
NPV for all three modes (pessimistic, mild and optimistic) should be positive

and finally, if after 6 month from the start actual NPV is negative project would be killed (*).

And, of course, the most interesting – there should be an implementable buzz plan that should be linked to the same NPV model.

(*) killed = project would be made open-source