Hello! Is there any way to configure the zeo server to only listen to requests coming from the localhost? I couldn't find any documentation concerning the zeo configuration file. Basically, I would like to secure my zeo Server from access via the internet without resorting to iptables. Thanks for any tips,
MM
I assume you can specify "address 127.0.0.1:port" in your zeo.conf. Otherwise use the kind of firewall tools your OS offers (e.g. iptables under Linux). -aj --On Sonntag, 21. November 2004 15:30 Uhr +0100 Michael Martinides <baerenhaeuter@mm.st> wrote:
Hello!
Is there any way to configure the zeo server to only listen to requests coming from the localhost? I couldn't find any documentation concerning the zeo configuration file.
Basically, I would like to secure my zeo Server from access via the internet without resorting to iptables.
Thanks for any tips,
MM
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
On Nov 21, 2004, at 15:30, Michael Martinides wrote:
Hello!
Is there any way to configure the zeo server to only listen to requests coming from the localhost? I couldn't find any documentation concerning the zeo configuration file.
Basically, I would like to secure my zeo Server from access via the internet without resorting to iptables.
The safest way IMHO is to configure it and the ZEO client to communicate via a socket file. Just insert a file path into the "address" line in the ZEO server config and do the same on the ZEO client side. Whereas network sockets on localhost are still open to connections from anyone the unix socket file can be protected by protecting its surrounding filesystem directories (permissions on a socket file work differently or not at all, that's why you secure the directories surrounding it). jens
Thanks, this works fine! Jens Vagelpohl wrote:
On Nov 21, 2004, at 15:30, Michael Martinides wrote:
Hello!
Is there any way to configure the zeo server to only listen to requests coming from the localhost? I couldn't find any documentation concerning the zeo configuration file.
Basically, I would like to secure my zeo Server from access via the internet without resorting to iptables.
The safest way IMHO is to configure it and the ZEO client to communicate via a socket file. Just insert a file path into the "address" line in the ZEO server config and do the same on the ZEO client side.
Whereas network sockets on localhost are still open to connections from anyone the unix socket file can be protected by protecting its surrounding filesystem directories (permissions on a socket file work differently or not at all, that's why you secure the directories surrounding it).
jens
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Andreas Jung -
Jens Vagelpohl -
Michael Martinides