[Zope] Forcing SSL

martin f krafft madduck@madduck.net
Mon, 3 Feb 2003 16:34:49 +0100


--s/l3CgOIzMHHjg/5
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

also sprach Kevin Carlson <khcarlso@bellsouth.net> [2003.02.03.1610 +0100]:
> You could use apache virtual host directives to do this.  Set up one=20
> virtual host using 443 and another using 80.  They could point to the=20
> same place with one using ssl and the other unsecured.  Search the=20
> archives for Apache Virtual Hosts use with Zope.

Please read my initial post:

> >I would like to force users to manage a Zope/Plone site through SSL,
> >and only through SSL. I have a site http://www.site.com:80, which is
> >also directly accessible as https://www.site.com:443.

This is already accomplished. My members can very well login and edit
the pages through SSL, but they can also do so through regular HTTP on
port 80. I don't want that. Only anonymous users may use port 80.
Non-anonymous users, and anyone accessing the login form, *must* be
going through port 443 with SSL!

Hope this is clearer.

--=20
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
NOTE: The pgp.net keyservers and their mirrors are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
=20
"it is only the modern that ever becomes old-fashioned."=20
                                                        -- oscar wilde

--s/l3CgOIzMHHjg/5
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+PowZIgvIgzMMSnURApzdAJ4tNF1HOYL3s79XHiHO3DFl0AuNXwCffj4h
OyjcRJCP5nRDepIZuLAfTOM=
=G+QU
-----END PGP SIGNATURE-----

--s/l3CgOIzMHHjg/5--