----- Original Message ----- From: Riku Voipio <riku.voipio@tietoenator.com> To: <zope@zope.org> Sent: Tuesday, June 27, 2000 4:05 PM Subject: [Zope] mod_rewrite rule to close managment screens from outsiders
I'm trying to deny external access to zope maintainance from elsewhere (just for sure), with Zope behind apache. However, It just doesn't seem work... Sure It's more apache's problem, but I guess someone around there has a working solution?
#</IfModule> dule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^/Zope(.*) /usr/lib/cgi-bin/Zope/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
RewriteCond %{REMOTE_ADDR} !^193\.143\.156\.(.*) RewriteRule ^/Zope.*manage - [F] #</IfModule>
--
I didn't use , the `rewrite' module for something like this, but I remember that the order of the rules is VERY important. I suppose that when the first Cond is matched the last doesn't matter So maybe is better to invert the rules... PM