[Zope] Forcing SSL
Dieter Maurer
dieter@handshake.de
Mon, 3 Feb 2003 20:28:56 +0100
martin f krafft wrote at 2003-2-3 16:34 +0100:
> also sprach Kevin Carlson <khcarlso@bellsouth.net> [2003.02.03.1610 +0100]:
> > You could use apache virtual host directives to do this. Set up one
> > virtual host using 443 and another using 80. They could point to the
> > same place with one using ssl and the other unsecured. Search the
> > archives for Apache Virtual Hosts use with Zope.
>
> Please read my initial post:
>
> > >I would like to force users to manage a Zope/Plone site through SSL,
> > >and only through SSL. I have a site http://www.site.com:80, which is
> > >also directly accessible as https://www.site.com:443.
>
> This is already accomplished. My members can very well login and edit
> the pages through SSL, but they can also do so through regular HTTP on
> port 80. I don't want that. Only anonymous users may use port 80.
> Non-anonymous users, and anyone accessing the login form, *must* be
> going through port 443 with SSL!
Rewrite rules can be made local to virtual hosts.
Add rewrite rules to the HTTP virtual host that
turn each URL containing "/manage" into a "forbidden" response.
Of course, omit these rewrite rules from the HTTPS virtual host.
Dieter