Turning off direct access to ZServer in 2.0
I am using Zope 2.0 with IIS4.0 (for SSL) via pcgi. IIS is set to anonymous (no Basic or NT authorization) and all authorization is being handled by Zope. The default.htm page in IIS immediately forwards users to my primary Zope object which triggers the authentication. How can I restrict users to only accessing Zope through IIS.? Is there someway to turn off ZServer or better yet only have it accessible by a few select accounts for management purposes? Jim Sanford Accelearated Technology, Inc.
At 09:36 AM 9/14/99 -0500, you wrote:
I am using Zope 2.0 with IIS4.0 (for SSL) via pcgi. IIS is set to anonymous (no Basic or NT authorization) and all authorization is being handled by Zope. The default.htm page in IIS immediately forwards users to my primary Zope object which triggers the authentication. How can I restrict users to only accessing Zope through IIS.? Is there someway to turn off ZServer or better yet only have it accessible by a few select accounts for management purposes?
You can turn off the HTTP server with the -w '' option to z2.py I'm not sure how you could selectively expose HTTP on a given port to some users and restrict it to others. Perhaps NT has some knobs to control this kind of thing. To Zope users coming through PCGI and HTTP looks the same. I guess you could hack together something that would consult the environment, say the 'SERVER_NAME' variable to determine whether they are coming from HTTP or PCGI and then take action based on this... -Amos
participants (2)
-
Amos Latteier -
Jim Sanford