[Zope] ssl zope http/https
Michael Dunstan
michael at elyt.com
Tue Dec 2 16:08:38 EST 2003
On 2/12/2003, at 6:25 PM, Joshua Newman wrote:
> 2. Is there another way to set the links (or better--the pages and
> folders) to be ssl besides the greatly appreciated but apparently
> somewhat limited SSLAbsoluteURL format or manually changing each of the
> links? All of my links are in the format:
>
> a href="/root/somewhere/index_html">foo</a
>
> and don't find https and I'd rather not change them all if I can help
> it.
>
> 3. If I remove the 's' from 'https' after following one of my
> encrypted links I can still get the page unencrypted (i.e.http://...).
> Is
> there any way to stop this? It seems to defeat the purpose of
> encryption.
One solution is to write an access rule that redirects an incoming http
request to the https equivalent url. Then use this access rule in any
of the folders that you wont to be accessed only via https.
Such an access rule would look something like
if not request.environ.get('HTTPS',None):
url = 'https://' + request.HTTP_HOST + request.PATH_INFO
if request.QUERY_STRING:
url += '?' + request.QUERY_STRING
response.redirect( url, status=301, lock=1 )
Michael
More information about the Zope
mailing list