[Zope] Zope and SSL

Thierry Florac thierry.florac@onf.fr
Fri, 22 Feb 2002 11:22:01 +0100


   Hi...!!

Very, very, very well !!!

I installed and setup the VirtualSiteRoot product, which is really very 
simple to setup, and now it works really well, and without any complex 
rewriting or access rule !!
 From now, I can access my 'public' site through HTTP or HTTPS, and I HAVE 
to use HTTPS to access management interface.

The only potential problem could be with management pages which don't use 
'manage*' naming convention, but until now I didn't encoutered any one 
with well written products...

For interested users, I can send my Apache rewriting rules on simple mail 
request...


Thank you very much for your help ;-)))

   Thierry




On 22.02.2002  -  09:24 Frank Tegtmeyer wrote:
> "Thierry Florac" <thierry.florac@onf.fr> writes:
> 
> > I'd like to let users access my Zope web site normally through HTTP,
> but
> > make my Zope management screens (in fact, any URL containing '/manage')
> > only available through HTTPS.
> 
> We (still) don't use virtual host monster, but virtual site root
> instead (http://www.zope.org/Members/comlounge/vsr/).
> 
> In Apache you can do something like this:
> 
> RewriteRule ^.*/manage(_.*|())$ - [forbidden]
> 
> Please be aware that there may be products that don't use the 'manage'
> convention. So this rule doesn't restrict all possible management
> screens.
> 
> At the SSL server no special handling of management screens is
> necessary.
> 
> Regards, Frank
> --
> CTO   fte@Lightwerk.com         http://www.Lightwerk.com/
> Fax: +49-2434-80 07 94           Phone: +49-2434-80 07 81
> Lightwerk GmbH * An der Kull 11 * 41844 Wegberg * Germany
> Besuchen Sie uns auf der CeBIT:  Halle 6, Stand F68 / 595