[Zope] Can we please eradicate dangerous how-tos on zope.org? was: Re: [Zope] Zope and Apache+SSL

Oliver Bleutgen myzope@gmx.net
Wed, 03 Jul 2002 19:45:33 +0200

Alexandre Peshansky wrote:
 > I am trying to set up Zope so that it is accessible via secure link
 > through Apache.
 > Configuration:
 > Solaris 2.8
 > Apache-2.0 with mod_ssl and mod_proxy shared
 > Zope 2.5
 > Apache lives in /usr/local/apache2 and has the following in its
 > configuration:
 >     <IfModule mod_proxy.c>
 >       ProxyRequests On
Nooooo! Don't do that (at least if you haven't really configured/secured
your server). You have just opened your server as a proxy for the whole
Put in ProxyRequests Off an everything you configured below will still
work, you just won't function as a public anonymizer.

Btw, did you get that config option from a howto on zope? If so, please
post the URL so that we can slap the creator ;->.

Sorry, no time to help with your problem, just wanted to get that hole
out of the way.

Btw: google shows me the following pages on www.zope.org which contain
this false and dangerous information


The last one should IMO at least contain remarks about the dangers of
that config line.