[Zope] Apache & Domain User Problem

Jim Penny jpenny@universal-fasteners.com
Wed, 13 Jun 2001 11:16:17 -0400 

On Wed, Jun 13, 2001 at 10:16:00AM -0000, Craig Stoddart wrote:
> We are trying to add a new user into our acl_users folder which includes a
> domain criteria to prevent people from logging into Zope from outwith our
> network.
> 
> As we are using Apache, all traffic to our site comes through Apache and
> therefore all access seems to come through the same IP address. This is making
> it impossible for us to restrict access to a specific domain.
> 
> Has anyone else had this problem, and if so, did they manage to get round it?

OK, this is essentially the problem I asked about a couple of days ago.
This will work:

DocumentRoot /var/www
RewriteEngine On   
RewriteLog "/var/log/apache-ssl/rewrite_log"
RewriteLogLevel 0
ProxyRequests on
<Directory /var/www/dynamic>
    RewriteEngine On
    RewriteRule ^/var/www/dynamic/(.*) http://localhost:8080/$1?REMOTE_ADDR=%{RE
MOTE_ADDR} [QSA,P]
</Directory>

(Possibly with some adjustment).

Caveats/Comments:

1)  Be sure to test with RewriteLogLevel at least 1, you have to see
what the Rule is doing to you addresses and may need to adjust
accordingly.  I found that my setup on my test and production machine
was subtly different;  on one machine I needed ^/var/www/dynamic/(.*)
as my pattern, on the other it was only ^(.*).

2) You may, need to create an empty directory /var/www/dynamic (as above).

3)  This is suitable for a mixed static/dynamic site.  Change the Rule
to suit your site's policy.  This rule uses Zope to serve the dynamic
folder and apache to server anything else;  you might want to have Zope
server anything with a few exceptions.

4)  I am running apache-ssl in front.  Works fine.

5)  QSA does the right thing.  If there is already a query string, the
'?' will be automagically converted to '&'.

6)  You will now have two REMOTE_ADDR objects available, one in environ
and one in QUERY_STRING.  You have to be sure to fetch the one form the
QUERY_STRING.

7)  It might be easier to use 
 RewriteRule ^/var/www/dynamic/(.*) http://localhost:8080/$1?TRUE_REMOTE_ADDR=%{REMOTE_ADDR} [QSA,P]

Jim Penny
> -------------------------------------------------
> Craig Stoddart
> IT Software Development Officer
> 
> Dundee City Council
> IT Division
> Northern College
> Technical Block
> Gardyne Road
> Dundee DD5 1NY
> 
> Phone:  01382 438170
> Fax:    01382 438002
> E-mail: craig.stoddart@dundeecity.gov.uk
> -------------------------------------------------
> 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>