[Zope] Forcing SSL
Kevin Carlson
khcarlso@bellsouth.net
Mon, 03 Feb 2003 10:10:18 -0500
You could use apache virtual host directives to do this. Set up one
virtual host using 443 and another using 80. They could point to the
same place with one using ssl and the other unsecured. Search the
archives for Apache Virtual Hosts use with Zope.
Kevin
martin f krafft wrote:
>I would like to force users to manage a Zope/Plone site through SSL,
>and only through SSL. I have a site http://www.site.com:80, which is
>also directly accessible as https://www.site.com:443.
>
>The problem about forcing SSL for authenticated members is that with
>Apache, I can only really do so for a subdirectory. So if the site
>would be viewed at directory / (e.g. /products/fly), but all
>authenticated members see the site as /authenticated (e.g.
>/authenticated/products/fly), then Apache's Redirect could be used.
>
>However, Zope doesn't use different paths for authenticated and
>anonymous members.
>
>Since every page rendered uses standard_html_header, could I put
>a DTML Method or Python script in there that does the following:
>
> - Check if the access is by an authenticated member.
> - if yes: check for presence of the string 'https' in request/PATH_INFO
> - if not present: redirect to another URL
>
>How would that look? I don't know how to check for membership or how
>to issue an HTTP Redirect.
>
>Thanks!
>
>
>