[Zope] Disabling anonymous webdav access

sean.upton@uniontrib.com sean.upton@uniontrib.com
Fri, 18 May 2001 11:39:36 -0700


Why is this; isn't WebDAV supposed to be proxy friendly?

Sean

-----Original Message-----
From: Mike Renfro [mailto:renfro@tntech.edu]
Sent: Friday, May 18, 2001 11:24 AM
To: zope@zope.org
Subject: Re: [Zope] Disabling anonymous webdav access


On Fri, May 18, 2001 at 09:45:33AM -0700, sean.upton@uniontrib.com wrote:
> The problem there is that WebDAV is a basic HTTP request over the standard
> HTTP port; it would be all or nothing; a layer 7 filtering solution would
be
> needed.  A squid proxy with a redirector or a "layer 7 traffic shaper"
like
> an intel netstructure 7175 would likely be able to filter content if the
> WebDAV request was an HTTP GET with a distinct URL...

If it were me, I'd do the following quick-and-dirty hack:

(a) put Squid, Apache, or something similar on port 80

(b) keep Zope on port 9673 or elsewhere

(c) use ip filtering to restrict input on port 9673 to be only from
    localhost, and keep port 80 opened per your normal web policy

At least on my initial tests, pointing cadaver at my local port 80 did
not work, as Apache did not pass the request onto Zope. Pointing
cadaver at port 9673 worked as expected.

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )