zope-request@zope.org Sent by: zope-admin@zope.org 05/30/01 11:06 AM Please respond to zope To: zope@zope.org cc: Subject: Zope digest, Vol 1 #1431 - 41 msgs Subject: Re: [Zope] Complicated mix of http, https, and ProxyPass

I'm having quite the issue right now and am wondering if there is a workaround for it. (let me know if i'm posting to the wrong place)

Basically my setup is as follows:

I have apache 1.3.19/mod_ssl running with ProxyPass setup for /Zope to "localhost:9080.." I want, however, */manage to always go over SSL. I already have it setup to block non-ssl attempts to */manage with FilesMatch rules in apache. I don't want the rest of the site to go require SSL, but the only way, apparently to have */manage use SSL is to have a siteroot object with the base set to https. This makes every link that uses that dtml variable use https.

Is there any way I could only have admin interface require SSL? Without having the rest of the site do so?

In Apache: I don't know if this works with ProxyPass but it works with FastCGI. All urls with 'manage' in them are forced through https. <IfModule mod_ssl.c> RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/(.*manage.*) https://%{HTTP_HOST}/$1 [R] </IfModule> Best of Luck, Ron