25 Mar
2005
25 Mar
'05
8:01 p.m.
Lennart Regebro wrote at 2005-3-25 13:48 +0100:
... You can set up apache so it only allows access to "manage*" from certain adresses, like your internal net and stuff. I don't have the examples at close hand,sorry.
Note that any knowledgable person can easily work around such a restriction implemented in Apache. You can construct requests causing arbitrary traversal in Zope without Apache seeing anything about this... -- Dieter