[Zope] Securing Zope and Special URLs
Roy Rapoport
r.rapoport at fi.com
Wed Sep 10 12:34:15 EDT 2003
Greetings everyone,
As part of a re-engineering of our Zope infrastructure, I'm tasked with
finding any documentation out there on how to secure Zope sites in a
best-practices sort of way. Anyone got any pointers?
Also, we're fronting Zope with Apache using mod_proxy to relay requests
through. We'd like to block Zope management-type URLs from coming through
the Apache server and hitting the Zope server (we'll do our management
directly to the Zope instance). For this, I need to figure out what special
patterns signify a Zope management URL.
Some patterns I know about already include:
/.*/[^/]*manage[^/]*$ (Any URL whose last component (excluding args)
includes 'manage')
/acl_users/
^/Control_Panel.*
^manage_addProduct/
^manage/
Any others?
-roy
Content-Type: text/plain;
charset="iso-8859-1"
-------------------------------------------------
PLEASE READ THIS WARNING: All e-mail sent to or from this address will be
received or otherwise recorded by the Fisher Investments corporate e-mail
system and is subject to archival, monitoring or review by, and/or
disclosure to, someone other than the recipient.
More information about the Zope
mailing list