[Zope] Zope and SSL
Thierry Florac
thierry.florac@onf.fr
Fri, 22 Feb 2002 11:22:01 +0100
Hi...!!
Very, very, very well !!!
I installed and setup the VirtualSiteRoot product, which is really very
simple to setup, and now it works really well, and without any complex
rewriting or access rule !!
From now, I can access my 'public' site through HTTP or HTTPS, and I HAVE
to use HTTPS to access management interface.
The only potential problem could be with management pages which don't use
'manage*' naming convention, but until now I didn't encoutered any one
with well written products...
For interested users, I can send my Apache rewriting rules on simple mail
request...
Thank you very much for your help ;-)))
Thierry
On 22.02.2002 - 09:24 Frank Tegtmeyer wrote:
> "Thierry Florac" <thierry.florac@onf.fr> writes:
>
> > I'd like to let users access my Zope web site normally through HTTP,
> but
> > make my Zope management screens (in fact, any URL containing '/manage')
> > only available through HTTPS.
>
> We (still) don't use virtual host monster, but virtual site root
> instead (http://www.zope.org/Members/comlounge/vsr/).
>
> In Apache you can do something like this:
>
> RewriteRule ^.*/manage(_.*|())$ - [forbidden]
>
> Please be aware that there may be products that don't use the 'manage'
> convention. So this rule doesn't restrict all possible management
> screens.
>
> At the SSL server no special handling of management screens is
> necessary.
>
> Regards, Frank
> --
> CTO fte@Lightwerk.com http://www.Lightwerk.com/
> Fax: +49-2434-80 07 94 Phone: +49-2434-80 07 81
> Lightwerk GmbH * An der Kull 11 * 41844 Wegberg * Germany
> Besuchen Sie uns auf der CeBIT: Halle 6, Stand F68 / 595