mod_wsgi 4.1.0 introduces an option for this (http://modwsgi.readthedocs.org/en/latest/release-notes/version-4.1.0.html); you would add to your Apache config:
WSGIPythonHashSeed random
If you can't run that version, you have to set the variable in the startup environment of the Apache process, which will be OS-specific. For Fedora or RHEL 7, you can create /etc/systemd/system/httpd.service:
.include /lib/systemd/system/httpd.service
[Service]
Environment=PYTHONHASHSEED=random
then systemctl daemon-reload; systemctl restart httpd.service
. For pre-systemd Red Hats, you can edit /etc/sysconfig/httpd. For Debian, it's /etc/apache2/envvars.
Here's a WSGI file to test if it's working (based on the example in the mod_wsgi docs):
import sys
def application(environ, start_response):
status = '200 OK'
try:
hr = sys.flags.hash_randomization
if hr == 0:
output = 'Hash randomization disabled'
elif hr == 1:
output = 'Hash randomization enabled'
else:
output = 'Unknown hash randomization: ' + str(hr)
except AttributeError:
output = 'Hash randomization not supported'
response_headers = [('Content-type', 'text/plain'),
('Content-Length', str(len(output)))]
start_response(status, response_headers)
return [output]