[Zope] SSL + ProxyPass + Zope question...
Steve Spicklemire
steve@spvi.com
Fri, 3 Aug 2001 18:15:30 -0500
Hi Eric,
Apache sets an environment variable when SSL is used. You can check
for that varible in an Access rule, or standard_html_header or some
other method.
-steve
On Friday, August 3, 2001, at 06:02 PM, Eric Walstad wrote:
> Hello,
>
> Apache is listening on port 80 and 443, Zope listening on port 8080.
> When a
> request comes in for port 443 (or HTTPS) Apache forwards the request to
> Zope
> on port 8080 and sends the results back out thru SSL, just as it
> should. If
> a user goes to https://mysite.com/PasswordProtectedArea/ an SSL
> connection
> is created and the password is forwarded to Zope after it's been sent
> thru
> SSL. However, if the user goes to
> http://mysite.com:8080/PasswordProtectedArea/ Apache never sees the
> request
> and it goes straight to Zope. The user is then prompted for a password,
> which would be sent back to Zope without SSL.
>
> So my question is, how do I keep Zope from accepting any requests from
> the
> outside world unless they've gone thru Apache first? Can I tell Zope to
> listen on something like 192.168.1.123:8080 so that it will never see
> requests from the outside world?
>
> TIA,
>
> Eric.
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )