[Zope] zope w. apache security question

Barry Pederson barryp@medicine.nodak.edu
Fri, 03 May 2002 13:58:07 -0500


davis marques wrote:
> I'm running Zope with Apache/PCGI and am wondering if there's any means 
> by which you can prevent people from getting the /manage login dialog 
> from outside a designated domain or IP range?

Maybe something in the apache config like:

<LocationMatch "/manage(/|$)">
   order deny, allow
   deny from all
   allow from 192.168.1.0/24
</LocationMatch>

to deny access to addresses outside the 192.168.1.x subnet (for example) to 
things that end with '/manage' or have '/manage/' somewhere else (haven't 
tried it in apache, but that RE seems to work ok in Python)

	Barry