[Zope] Re: Open proxy testing

John Poltorak jp at warpix.org
Mon Sep 13 11:50:45 EDT 2004 

I've changed a few things and it appears to work now - but how do I check 
whether I have inadvertantly enabled an open proxy?

Are there any known tests which I can run?

-- 
John


On Mon, Sep 13, 2004 at 11:16:37AM -0400, Andy Dustman wrote:
> On Mon, 13 Sep 2004 16:02:48 +0100, John Poltorak <jp at warpix.org> wrote:
> > 
> > I'm running Red Hat 7.3, Apache 1.3.27 and Zope 2.6.2b3.
> > 
> > I did manage to configure Apache to use Zope but ended up creating an Open
> > Proxy. Without enabling proxy requests, I couldn't use a direct URL to
> > Zope. I'm no expert here, so there may be something basic which I have
> > overlooked, but I've spent a while digging around without success.
> 
> http://httpd.apache.org/docs/mod/mod_proxy.html
> 
> What I have on my Apache-1.3 server, which is the front-end for a Zope
> instance, is this:
> 
> <IfModule mod_proxy.c>
>     ProxyRequests Off
> </IfModule>
> 
> Relevant doc snip:
> 
> """The forward proxy is activated using the ProxyRequests directive.
> Because forward proxys allow clients to access arbitrary sites through
> your server and to hide their true origin, it is essential that you
> secure your server so that only authorized clients can access the
> proxy before activating a forward proxy.
> 
> A reverse proxy, by contrast, appears to the client just like an
> ordinary web server. No special configuration on the client is
> necessary. The client makes ordinary requests for content in the
> name-space of the reverse proxy. The reverse proxy then decides where
> to send those requests, and returns the content as if it was itself
> the origin."""
> 
> So the above enables mod_proxy, but does not enable ProxyRequests,
> which still allows it to work as a reverse proxy, which is what you
> need.
> 
> Of course, for your VirtualHost, you also need something like this:
> 
> RewriteEngine on
> RewriteRule ^/(.*)
> http://localhost:8080/VirtualHostBase/http/example.net:80/example.net/VirtualHostRoot/$1
> [P]
> 
> if you are using VirtualHostMonster in your Zope instance.
> -- 
> Computer interfaces should never be made of meat.
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

More information about the Zope mailing list