[Zope] Disabling anonymous webdav access

Mike Renfro renfro@tntech.edu
Fri, 18 May 2001 13:23:53 -0500


On Fri, May 18, 2001 at 09:45:33AM -0700, sean.upton@uniontrib.com wrote:
> The problem there is that WebDAV is a basic HTTP request over the standard
> HTTP port; it would be all or nothing; a layer 7 filtering solution would be
> needed.  A squid proxy with a redirector or a "layer 7 traffic shaper" like
> an intel netstructure 7175 would likely be able to filter content if the
> WebDAV request was an HTTP GET with a distinct URL...

If it were me, I'd do the following quick-and-dirty hack:

(a) put Squid, Apache, or something similar on port 80

(b) keep Zope on port 9673 or elsewhere

(c) use ip filtering to restrict input on port 9673 to be only from
    localhost, and keep port 80 opened per your normal web policy

At least on my initial tests, pointing cadaver at my local port 80 did
not work, as Apache did not pass the request onto Zope. Pointing
cadaver at port 9673 worked as expected.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu