[Zope] VHost logs.

Rob Miller rob@kalistra.com
Thu, 30 Nov 2000 09:16:39 -0800


seb bacon wrote:

>> Rob Miller wrote:

>>

>> In a manner of speaking, yes.  That is, Apache needs to have correctly 
>> configured VirtualHost directives to handle the requests from the 
>> outside world appropriately, and Zope needs to have the SiteAccess 
>> product installed with correctly configured SiteRoots and access rules. 
>>   It takes a little bit of time to figure out, but it works like a charm 
>> and is really quite simple, once you wrap your head around it.  There's 
>> a great HOW-TO on this at http://www.zope.org/Members/anser/apache_zserver.
> 
> 
> I would also point you to 
> 
>   http://www.apache.org/docs/vhosts/mass.html
> 
> for more info on the apache side, particularly this bit:
> 
>  The main disadvantage is that you cannot have a different log 
>  file for each virtual host; however if you have very many virtual 
>  hosts then doing this is dubious anyway because it eats file
>  descriptors. It is better to log to a pipe or a fifo and arrange 
>  for the process at the other end to distribute the logs to the 
>  customers (it can also accumulate statistics, etc.).

This document refers to handling situations where you have a very large 
number of virtual hosts and don't want a separate VirtualHost directive 
for each one (because they're all very similar).  This is not my case, 
but it could be the original poster's.  You certainly CAN log to 
different log files if you have a VirtualHost directive for each host; 
I'm doing so.

> 
> 
>> Another benefit of this setup is that it can allow for both regular HTTP 
>> and SSL connections to all of your sites, so you can remotely access the 
>> manage screens without sending your passwords in the clear.  A HOW-TO 
>> for this lives at http://www.zope.org/Members/unfo/apache_zserver_ssl. 
>> I still haven't figured out a clean way to make it impossible to access 
>> sensitive areas UNLESS you're using SSL, however.  Anyone out there 
>> doing this?
> 
> 
> mod_rewrite is your friend.  You just make a Rule that redirects
> anyone accessing your site on port 80 to port 443, something like
> this:
> 
> <VirtualHost 123.123.123.123>
>   ServerName www.foobar.com
>   RewriteEngine on
>   RewriteRule ^/(.*)	https://www.foobar.com/
> </VirtualHost>

I don't want to force ALL access to port 443, only certain sections of 
the site which require authentication to access.  I guess the above 
still holds true (your correction in a later message is noted), I just 
need to get more creative with my rewrite rules.  Thanks for the tip.

-rob