[Zope] Complicated mix of http, https, and ProxyPass
rroeber1@unl.edu
rroeber1@unl.edu
Wed, 30 May 2001 13:23:10 -0500
This is a multipart message in MIME format.
--=_alternative 0064FF7786256A5C_=
Content-Type: text/plain; charset="us-ascii"
zope-request@zope.org
Sent by: zope-admin@zope.org
05/30/01 11:06 AM
Please respond to zope
To: zope@zope.org
cc:
Subject: Zope digest, Vol 1 #1431 - 41 msgs
Subject: Re: [Zope] Complicated mix of http, https, and ProxyPass
> I'm having quite the issue right now and am wondering if there is a
> workaround
> for it. (let me know if i'm posting to the wrong place)
> Basically my setup is as follows:
> I have apache 1.3.19/mod_ssl running with ProxyPass setup for /Zope to
> "localhost:9080.." I want, however, */manage to always go over SSL. I
> already
> have it setup to block non-ssl attempts to */manage with FilesMatch
rules
> in
> apache. I don't want the rest of the site to go require SSL, but the
only
> way,
> apparently to have */manage use SSL is to have a siteroot object with
the
> base
> set to https. This makes every link that uses that dtml variable use
> https.
> Is there any way I could only have admin interface require SSL? Without
> having
> the rest of the site do so?
In Apache: I don't know if this works with ProxyPass but it works with
FastCGI. All urls with 'manage' in them are forced through https.
<IfModule mod_ssl.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*manage.*) https://%{HTTP_HOST}/$1 [R]
</IfModule>
Best of Luck,
Ron
--=_alternative 0064FF7786256A5C_=
Content-Type: text/html; charset="us-ascii"
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>zope-request@zope.org</b></font>
<br><font size=1 face="sans-serif">Sent by: zope-admin@zope.org</font>
<p><font size=1 face="sans-serif">05/30/01 11:06 AM</font>
<br><font size=1 face="sans-serif">Please respond to zope</font>
<br>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To: zope@zope.org</font>
<br><font size=1 face="sans-serif"> cc: </font>
<br><font size=1 face="sans-serif"> Subject: Zope digest, Vol 1 #1431 - 41 msgs</font></table>
<br><font size=2 face="Courier New">Subject: Re: [Zope] Complicated mix of http, https, and ProxyPass<br>
<br>
<br>
> I'm having quite the issue right now and am wondering if there is a<br>
> workaround<br>
> for it. (let me know if i'm posting to the wrong place)<br>
<br>
> Basically my setup is as follows:<br>
<br>
> I have apache 1.3.19/mod_ssl running with ProxyPass setup for /Zope to<br>
> "localhost:9080.." I want, however, */manage to always go over SSL. I<br>
> already<br>
> have it setup to block non-ssl attempts to */manage with FilesMatch rules<br>
> in<br>
> apache. I don't want the rest of the site to go require SSL, but the only<br>
> way,<br>
> apparently to have */manage use SSL is to have a siteroot object with the<br>
> base<br>
> set to https. This makes every link that uses that dtml variable use<br>
> https.<br>
<br>
> Is there any way I could only have admin interface require SSL? Without<br>
> having<br>
> the rest of the site do so?</font>
<br>
<br><font size=2 face="Courier New">In Apache: I don't know if this works with ProxyPass but it works with FastCGI. All urls with 'manage' in them are forced through https.</font>
<br><font size=2 face="Courier New"><br>
</font><font size=2><tt><IfModule mod_ssl.c></tt></font>
<br><font size=2><tt> RewriteEngine on</tt></font>
<br><font size=2><tt> RewriteCond %{HTTPS} !=on</tt></font>
<br><font size=2><tt> RewriteRule ^/(.*manage.*) https://%{HTTP_HOST}/$1 [R]</tt></font>
<br><font size=2><tt></IfModule></tt></font>
<br>
<br><font size=2 face="Courier New">Best of Luck,</font>
<br><font size=2 face="Courier New">Ron<br>
</font>
<br>
<br>
--=_alternative 0064FF7786256A5C_=--