RE: Users cannot acces sites
Stefan H. Holek wrote:
You are missing the VirtualHostRoot keyword in your rewrite rule. Also note that HTTP_HOST may include the port (if it is not 80 IIRC).
RewriteRule ^/(.*) \
http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:80/Virtual HostRoot/
$1 [L,P]
This "http/%{HTTP_HOST}:80/VirtualHostRoot/" is dangerous. More exactly, the trailing :80 will bite you if the client sends the port together with the hostname. The standard does not mandate one or the other, and most clients don't do this if port == 80, but wget for instance does. My solution is to check if there is a trailing :80 in HTTP_HOST and then use an other rewrite rule.
cheers, oliver
Adding VirtualHostRoot to the rewrite rule didn't change anything Removing the trailing :80 in HTTP_HOST lets any registrated user access the site but most of them have to login twice. Removing the trailing :80 in HTTP_HOST also blocked the entrance to the ZMI trough apache Does Apache require the registratition of my Zope users somewhere (read an article about conflicting apache & Zope users, but didn't understand how to)? In http://www.zope.org/Members/shaw/HowTo/ApacheFrontEnd it is also stated that the order of installing/configuring things is important but then again I got no clue where everything went wrong. All I need is this When someone enters http://mysite/CMF-site it is resolved by Apache in http://mysite:8080/CMF-site without showing the redirected port to the user. <VirtualHost 111.111.111.111> ServerName www.mysite.com RewriteEngine On RewriteRule ^/Zope/(.*) /home/zope/2-5-1/Zope.cgi/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:80/VirtualHostRoot/$ 1 [L,P] </VirtualHost> Apparantly this doesn't resolve it, although it used to do the right thing
On Wed, Sep 11, 2002 at 12:42:29PM +0200, Roel Van den Bergh wrote:
When someone enters http://mysite/CMF-site it is resolved by Apache in http://mysite:8080/CMF-site without showing the redirected port to the user.
See http://www.zope.org/Members/mwr/VHosts_With_Zope_Default -- that's a copy of my working configuration. I need to read up on newer howtos and see if there's anything worth integrating (that's how that howto started in the first place), and I still have a few updates to make regarding my home setup which has to have the same content accessible from several hostnames. But all in all, it should work fine for you. If you only want to serve the one CMF site, you should probably change the last RewriteRule to flag ^/CMF-site/(.*) instead of ^/(.*) , though. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
My rewriterules look like this <VirtualHost 194.78.49.253> ServerName rmw.planetinterior.be RewriteEngine On RewriteLogLevel 3 RewriteLog "/usr/local/var/apache/logs/rewrite.www.log" RewriteRule ^/Zope/(.*) /home/zope/2-5-1/Zope.cgi/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] RewriteCond &{HTTP_HOST} ^.*:80$ RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/$1 [L,P] RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:80/VirtualHostRoot/$ 1 [L,P] </VirtualHost> I already tried many different solutions (follow my treads upwards :-) The problem right now is the following: When a user tries to enter trough http://rmw.planetinterior.be/RMW he is redirected to the login page (as he should be because everyone has to login first) Login and password are entered correctly (if not U get Login failure) but people are still being directed to the login page as if they where not logged in. Another question that raises my mind: we used to run a 2.5.0 Zope updated to 2.5.1, now we are using a 2.5.1 version build from source with Python 2.1.3 (build from source rpm). Could it be these two do not behave exactly the same?
-----Oorspronkelijk bericht----- Van: Mike Renfro [mailto:mwr@cae.tntech.edu]Namens Mike Renfro Verzonden: woensdag 11 september 2002 15:39 Aan: Roel Van den Bergh CC: zope@zope.org Onderwerp: Re: [Zope] RE: Users cannot acces sites
On Wed, Sep 11, 2002 at 12:42:29PM +0200, Roel Van den Bergh wrote:
When someone enters http://mysite/CMF-site it is resolved by Apache in http://mysite:8080/CMF-site without showing the redirected port to the user.
See http://www.zope.org/Members/mwr/VHosts_With_Zope_Default -- that's a copy of my working configuration. I need to read up on newer howtos and see if there's anything worth integrating (that's how that howto started in the first place), and I still have a few updates to make regarding my home setup which has to have the same content accessible from several hostnames. But all in all, it should work fine for you.
If you only want to serve the one CMF site, you should probably change the last RewriteRule to flag ^/CMF-site/(.*) instead of ^/(.*) , though.
-- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
On Wed, Sep 11, 2002 at 05:35:56PM +0200, Roel Van den Bergh wrote:
RewriteRule ^/Zope/(.*) /home/zope/2-5-1/Zope.cgi/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
I don't know if either of these lines are worth anything to you. I have site areas protected with basic http user/password authentication, and I don't use the cgi authorization bits you have there. Also, if you're running ZServer on port 8080, I don't think the Zope.cgi rule is doing anything at all.
When a user tries to enter trough http://rmw.planetinterior.be/RMW he is redirected to the login page (as he should be because everyone has to login first) Login and password are entered correctly (if not U get Login failure) but people are still being directed to the login page as if they where not logged in.
A few things to verify: - Can anonymous users see anything on the site at all? I assume the login page you mentioned is Zope-generated, but I'm not positive. - Can authenticated users see a page that you restrict only to them? Example: make an index2_html file in a directory, and restrict "View" to the Authenticated role by unchecking "Acquire Permissions" and checking only the box under "Authenticated". Do anonymous users get a login box when they try to view it, and if they enter proper information, do they get to see the file's contents? - What browsers? I recall that early versions of IE5.0x for Windows had authentication problems. You might try lynx, w3m, or some other text-mode browser as a reference. -- Mike Renfro / R&D Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
Hi All I've also good news The problem has been resolved: Seems that apache 1.3.23 has a problem resolving some coockies names like __ac aren't handled correctly by apache __ac_1 goes trough but __ac_12 or __ac_123 got blocked There is a whole tread + bug repport about it in Zope CMF, we just found out about it today. I suppose I posted my questions to the wrong mailing list :-) Many thanks to all anyway, Roel.
Roel Van den Bergh wrote:
My rewriterules look like this
<VirtualHost 194.78.49.253> ServerName rmw.planetinterior.be RewriteEngine On RewriteLogLevel 3 RewriteLog "/usr/local/var/apache/logs/rewrite.www.log" RewriteRule ^/Zope/(.*) /home/zope/2-5-1/Zope.cgi/$1 [e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l] RewriteCond &{HTTP_HOST} ^.*:80$ ^^^^^
Is the '&' right? I'm just asking, because I would expect a '%'.
RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/$1 [L,P] RewriteRule ^/(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}:80/VirtualHostRoot/$ 1 [L,P] </VirtualHost>
I already tried many different solutions (follow my treads upwards :-)
The problem right now is the following:
When a user tries to enter trough http://rmw.planetinterior.be/RMW he is redirected to the login page (as he should be because everyone has to login first) Login and password are entered correctly (if not U get Login failure) but people are still being directed to the login page as if they where not logged in.
I'd use shane's nice tcpwatch (-> google) to record the whole http conversation between a failing client and zope. I also would look at the log files of zope. In the http conversation you will see what cookies get sent by the browser, what redirects happen (and when) and maybe this shows something. For instance, that the browser ceases to send cookies at some point and therefore the redirect to the login page happens. Unfortunately I'm not experienced in this user folder product, but I'm sure people here can help you if you post the output of tcpwatch. If you do that, remember to use a throwaway account, because the credentials will be revealed. cheers, oliver
participants (3)
-
Mike Renfro -
Oliver Bleutgen -
Roel Van den Bergh