[Zope] Apache Authentication Problem

Rob Boyd boydrobh at yahoo.com
Fri Aug 20 14:43:34 EDT 2004


--- Will Smith <witisi at yahoo.com> wrote:

> We currently have an applition that uses apache to
> serve alot of large 
> files out of the filesystem (650MB each).  I would
> like to convert the 
> web interface over to zope to unify our site.  I
> would prefer to keep 
> the large files in the filesystem, primarily because
> we already have 
> tools to manage them there.  I also am very
> comfortable with apache 
> serving these large files, and really do not wish to
> put this task up to 
> the ZServer.
       <...snip...>
> Since zope is not serving the files, I cannot
> prevent users from 
> accessing them.  I can control access to the links,
> but if you cut and 
> paste the URL apache will server them to anyone,
> without even logging 
> into zope.

Will,

Have you looked at mod_auth_remote? It allows you to
have your Apache web directory require authentication
against Zope. That way, if anyone did directly access
the files' URLs, they would be challenged for
credentials.

Read about it at
http://blog.colorstudy.com/ianb/weblog/2003/11/30.html

Get it from
http://puggy.symonds.net/~srp/stuff/mod_auth_remote/

It was written for Apache 2.x but its author says it
now works with 1.3.x

- Rob


		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 


More information about the Zope mailing list