zope w. apache security question
I'm running Zope with Apache/PCGI and am wondering if there's any means by which you can prevent people from getting the /manage login dialog from outside a designated domain or IP range? Davis _________________________________________________________________ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
davis marques wrote:
I'm running Zope with Apache/PCGI and am wondering if there's any means by which you can prevent people from getting the /manage login dialog from outside a designated domain or IP range?
Maybe something in the apache config like: <LocationMatch "/manage(/|$)"> order deny, allow deny from all allow from 192.168.1.0/24 </LocationMatch> to deny access to addresses outside the 192.168.1.x subnet (for example) to things that end with '/manage' or have '/manage/' somewhere else (haven't tried it in apache, but that RE seems to work ok in Python) Barry
davis marques writes:
I'm running Zope with Apache/PCGI and am wondering if there's any means by which you can prevent people from getting the /manage login dialog from outside a designated domain or IP range? Probably yes, though I did not yet try it:
I would use a rewrite rule that redirects URLs containing "manage" (after a '/') to a page saying "forbidden". This will definitely work. Apache supports conditional rewrite rules. I would look whether the condition can be specified based on the incoming IP. I am not sure whether this is possible, but if it is, your problem is solved. Dieter
participants (3)
-
Barry Pederson -
davis marques -
Dieter Maurer