besides using rewrite rules there is another method mentioned in docs/WEBSERVER.TXT -- compiling apache with -DSECURITY_HOLE_PASS_AUTHORIZATION apache apparently will then pass authorization info to cgi's on my developing machine i needed to do this because i had some rewrite rules/script aliases somehow conflicting with each other does anybody know of the security implications of this? thx, peter. On Thu, 30 Sep 1999, Martijn Faassen wrote: :Alwyn Schoeman wrote: :> :> Hi, :> :> I've had tremendous trouble getting it to work on Apache. Did the :> rewrite rules. Did the rewritelog. Checked out the tips for beginners. :> All documents say you must go: http://localhost/cgi-bin/Zope.cgi/manage, :> but it doesn't work. Authentication fails. :> :> THEN just to be funny I tried http://localhost/Zope/manage and :> viola!!!!! Why is this not somewhere in a doc or is it so stupid that :> no one is willing to write it down? : :I suppose this hasn't been written down clearly as I've seen two people :previously who had the same misconception. : :What are the reasons for the rewrite_rule? : :* making a nicer URL; /Zope or whatever instead of /cgi-bin/Zope.cgi : :* passing authentication information to Zope.cgi : :The second reason is the essential one! Apache apparently does not pass :on authentication information to any cgi script. Zope needs this :authentication information to work. So we fool apache with a :rewrite_rule, which, when activated, passes the authentication :information on to Zope.cgi using an environment variable (the e= thing :in the rewrite rule). So, if you call Zope.cgi so that the rewrite_rule :is activated, the authentication info is passed, and Zope works. The :rewrite_rule is only activated if you actually trigger it with the :/Zope/ thing, which is what after all it wants to rewrite. It does not :get triggered if you go to the cgi directly. : :Someone ought to write this down somewhere very clearly in the install :documents. It *is* in the docs because this is how I know myself, but :apparently not too clearly. : :Regards, : :Martijn : :_______________________________________________ :Zope maillist - Zope@zope.org :http://www.zope.org/mailman/listinfo/zope : :(Related lists - please, no cross posts or HTML encoding! : :To receive general Zope announcements, see: :http://www.zope.org/mailman/listinfo/zope-announce : :For developer-specific issues, zope-dev@zope.org - :http://www.zope.org/mailman/listinfo/zope-dev ) : -- _________________________________________________ peter sabaini, mailto: sabaini@niil.at -------------------------------------------------