[Zope] Forcing SSL

Oliver Bleutgen myzope@gmx.net
Mon, 03 Feb 2003 17:04:02 +0100


martin f krafft wrote:
> also sprach Kevin Carlson <khcarlso@bellsouth.net> [2003.02.03.1610 +0100]:
> 
>>You could use apache virtual host directives to do this.  Set up one 
>>virtual host using 443 and another using 80.  They could point to the 
>>same place with one using ssl and the other unsecured.  Search the 
>>archives for Apache Virtual Hosts use with Zope.
> 
> 
> Please read my initial post:
> 
> 
>>>I would like to force users to manage a Zope/Plone site through SSL,
>>>and only through SSL. I have a site http://www.site.com:80, which is
>>>also directly accessible as https://www.site.com:443.
>>
> 
> This is already accomplished. My members can very well login and edit
> the pages through SSL, but they can also do so through regular HTTP on
> port 80. I don't want that. Only anonymous users may use port 80.
> Non-anonymous users, and anyone accessing the login form, *must* be
> going through port 443 with SSL!
> 
> Hope this is clearer.
> 

Maybe this thread
http://mail.zope.org/pipermail/zope-dev/2003-January/018499.html
helps you, esp. Dieter Maurer's last post there. It answers the question 
how to send a redirect to a https uri instead of a "forbidden" .

HTH,
oliver