Can ZServer or ZPublisher be coaxed to return port 80 response..??
We have a new firewall and firewall guru... He wants the firewall to handle and route port 80/443 requests to pound instances running on port 8080 and 8443. Whereby pound routes said requests to appropriate back-end Zope servers (running on other high-end ports). Obviously - in this new scenario - Zope will return requests with the 8080 and 8443 ports attached to the response URL. He wants Zope to respond, in-kind, with URLs re-written to port 80 and 443. I have tried messing with Site Access (messing with SERVER_URL in the REQUEST) and can strip out the 8080 and replace with 80, but there are side effects and this just doesn't seem right. Is there a saner way, possibly within the zope.conf config items (like CGI) or some other deep "ZopeZen" magic that can address this or would it require some deep patching ..?? Certainly Apache (re-write) between pound and Zope would probably address this but that seems kinda silly... Yes - we had a very nice, clean, simple setup before with pound running on the low ports, however, there seems to be concerns (now) that pound is a security risk running on low ports in our DMZ. I recommended RootJail but it seems he is insisting on pushing this new scenario. Any suggestion(s) or points to docs greatly appreciated.. Long time Zope user.... TIA Eric
--On 14. Januar 2006 07:46:14 -0600 "Eric.Roby" <Eric.Roby@noaa.gov> wrote:
We have a new firewall and firewall guru... He wants the firewall to handle and route port 80/443 requests to pound instances running on port 8080 and 8443. Whereby pound routes said requests to appropriate back-end Zope servers (running on other high-end ports). Obviously - in this new scenario - Zope will return requests with the 8080 and 8443 ports attached to the response URL. He wants Zope to respond, in-kind, with URLs re-written to port 80 and 443. I have tried messing with Site Access (messing with SERVER_URL in the REQUEST) and can strip out the 8080 and replace with 80, but there are side effects and this just doesn't seem right.
I've no idea about Pound but if you use and setup virtual hosting properly then you should never have the need for such hacks, never. -aj
A fairly common setup is to have: Apache with appropriate VHM rewrite rules --> pound --> 2-n ZEO clients If you don't want Apache in front, it is also possible to configure the VHM directly (inside Zope). Writing your own access rules and mucking with the URLs is neither necessary nor encouraged. Stefan On Jan 14, 2006, at 14:46, Eric.Roby wrote:
We have a new firewall and firewall guru... He wants the firewall to handle and route port 80/443 requests to pound instances running on port 8080 and 8443. Whereby pound routes said requests to appropriate back-end Zope servers (running on other high-end ports). Obviously - in this new scenario - Zope will return requests with the 8080 and 8443 ports attached to the response URL. He wants Zope to respond, in-kind, with URLs re-written to port 80 and 443. I have tried messing with Site Access (messing with SERVER_URL in the REQUEST) and can strip out the 8080 and replace with 80, but there are side effects and this just doesn't seem right.
Is there a saner way, possibly within the zope.conf config items (like CGI) or some other deep "ZopeZen" magic that can address this or would it require some deep patching ..??
Certainly Apache (re-write) between pound and Zope would probably address this but that seems kinda silly...
-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
participants (3)
-
Andreas Jung -
Eric.Roby -
Stefan H. Holek