[Zope] SSL + ProxyPass + Zope question...
Eric Walstad
eric@walstads.net
Sat, 04 Aug 2001 21:48:38 -0700
Hi Steve,
Well, in the condition I described, if the user knows the port that Zope is
running on, they could bypass Apache altogether. So, what I need is to make
Zope inaccessible to the outside world. That way, all traffic would have to
be sent thru Apache.
Thanks,
Eric.
-----Original Message-----
From: Steve Spicklemire [mailto:steve@spvi.com]
Sent: Friday, August 03, 2001 4:16 PM
To: Eric Walstad
Cc: Steve Spicklemire; zope@zope.org
Subject: Re: [Zope] SSL + ProxyPass + Zope question...
Hi Eric,
Apache sets an environment variable when SSL is used. You can check
for that varible in an Access rule, or standard_html_header or some
other method.
-steve
On Friday, August 3, 2001, at 06:02 PM, Eric Walstad wrote:
> Hello,
>
> Apache is listening on port 80 and 443, Zope listening on port 8080.
> When a
> request comes in for port 443 (or HTTPS) Apache forwards the request to
> Zope
> on port 8080 and sends the results back out thru SSL, just as it
> should. If
> a user goes to https://mysite.com/PasswordProtectedArea/ an SSL
> connection
> is created and the password is forwarded to Zope after it's been sent
> thru
> SSL. However, if the user goes to
> http://mysite.com:8080/PasswordProtectedArea/ Apache never sees the
> request
> and it goes straight to Zope. The user is then prompted for a password,
> which would be sent back to Zope without SSL.
>
> So my question is, how do I keep Zope from accepting any requests from
> the
> outside world unless they've gone thru Apache first? Can I tell Zope to
> listen on something like 192.168.1.123:8080 so that it will never see
> requests from the outside world?
>
> TIA,
>
> Eric.
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )