[Zope] deny access to manage interface from apache

Ausum Studio ausum_studio@hotmail.com
Tue, 19 Nov 2002 19:13:08 -0500


You may want to take a look at this how-to:
http://www.zope.org/Members/march/howtos/ProctectManageAccessUsingRewiteRule

In adition, if you do need to access your Zope server from outside, or in
general, if you want to fine tune the way your server is accessed, you'd
need to use Access Rules.


Ausum



----- Original Message -----
From: "lee doolan" <leed_25m@lycos.com>
To: <zope@zope.org>
Sent: Tuesday, November 19, 2002 5:24 PM
Subject: [Zope] deny access to manage interface from apache


> I have a zope server handling proxy passes from apache and I am trying
> to restrict access to the /manage functionality from the public facing
> website.
>
> here's my apache config
>
>     <VirtualHost xx.xx.78.23:800>
>         ServerAdmin webmaster@site.com
>         DocumentRoot /htdocs/site/current
>         ServerName www.site.com
>         ServerAlias site.com *.site.com
>         ErrorLog logs/site.com-error_log
>
>        <Location ~ ".*/manage$">
>             Order deny,allow
>             deny from all
>             allow from 192.168
>        </Location>
>
>         ProxyPass / http://internal.office.com:8080/site/com/
>         ProxyPassReverse / http://internal.office.com:8080/site/com/
>
>         CustomLog "|/usr/local/bin/logger-lc -p local1.notice" vcombined
>
>         <Directory "/htdocs/site/current/">
>         Options +Includes
>         AddHandler server-parsed .html
>         </Directory>
>     </VirtualHost>
>
> the trouble is that if I put a URL like this in the location bar
>
>     www.site.com/manage_main
>
> I can get into the manage interface.  On the other hand, if I block
> access to manage_main with a regex in the <Location ..> block, then I
> can no longer manage the site on my internal zope server located at
>
>     http://internal.office.com:8080
>
> How can I best handle this problem?
>
>
>
> __________________________________________________________
> Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
> Advanced Spam protection with LYCOS MAIL PLUS.
> http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>