Alexandre Peshansky wrote:
I am trying to set up Zope so that it is accessible via secure link through Apache. Configuration: Solaris 2.8 Apache-2.0 with mod_ssl and mod_proxy shared Zope 2.5
Apache lives in /usr/local/apache2 and has the following in its configuration: <IfModule mod_proxy.c> ProxyRequests On ^^^^^^^^^^^^^^ Nooooo! Don't do that (at least if you haven't really configured/secured your server). You have just opened your server as a proxy for the whole world. Put in ProxyRequests Off an everything you configured below will still work, you just won't function as a public anonymizer.
Btw, did you get that config option from a howto on zope? If so, please post the URL so that we can slap the creator ;->. Sorry, no time to help with your problem, just wanted to get that hole out of the way. Btw: google shows me the following pages on www.zope.org which contain this false and dangerous information http://www.zope.org/Members/Jace/apache-vhm http://www.zope.org/About/Apache The last one should IMO at least contain remarks about the dangers of that config line. cheers, oliver