(Sat, Nov 05, 2005 at 12:00:10PM -0500) zope-request@zope.org wrote/schrieb/egrapse:

From: Sophia Grimm <sophiagrimm@yahoo.com> Subject: [Zope] VHM and SSL protection problem

... Installation #2: Plone 2.1/Zope 2.7.7 I'm trying to use VHM and an Apache rewrite rule to protect this site with SSL. I'm using instructions from http://plone.org/documentation/how-to/apache-ssl . Step number 7 shows this rewrite rule:

RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/www.yourmachinename.com:443/$1

Looking at what the zope witch <http://betabug.ch/zope/witch> tells me (and myself guessing at what you really want to do): RewriteRule ^$ \ http://127.0.0.1:8080/VirtualHostBase/\ https/%{SERVER_NAME}:443/VirtualHostRoot/ [L,P] RewriteRule ^/(.*) \ http://127.0.0.1:8080/VirtualHostBase/\ https/%{SERVER_NAME}:443/VirtualHostRoot/$1 [L,P] It seems that you are missing the [L,P] at the end, which tells apache what to do once a RewriteRule matches.

So if my original Zope site was http://www.sg.com:8080/ the above rule should simply rewrite the URL to https://www.sg.com:443/ which would force all requests for the http site to go through SSL before being forwarded to Zope. Correct?

No. What this does is it enables your site to be served through SSL and apache. The "force everything to SSL" rewriterule is another, different, second rule. You likely need both, though I have not used fastcgi in a while. The witch doesn't cover that rule style yet. For redirecting access to the ZMI to SSL, many people use rules like these: RewriteRule ^/(.*)/manage(.*) https://%{SERVER_NAME}/$1/manage$2 [R=301,L] RewriteRule ^/manage(.*) https://%{SERVER_NAME}/manage$1 [R=301,L] ProxyPassReverse /manage https://%{SERVER_NAME}/manage You could modify these to redirect everything to SSL. (There should either be additional tests to check that you are not using SSL already, or else this should be placed in the non-SSL virtual host setup). See how these have R=301 in the last part? That's a redirect, not a rewrite. Regards, Sascha