[Zope] Forcing all Zope access to come through an Apache/SSL proxy
calisp at gmail.com
calisp at gmail.com
Thu Apr 28 05:16:03 EDT 2005
On 28/04/05, Reuven M. Lerner <reuven at lerner.co.il> wrote:
[...]
> The above should make it possible (I believe), an HTTPS connection
> between my browser and my cup. Apache should then take that incoming
> SSL request and issue its own request to the Zope server. Zope will
> respond, sending it back to Apache, which (in turn) sends it back to me.
>
> But of course, that doesn't happen. Zope's provides indicates that
> many of the requests begin with "\x80g\x01\x03".
[...]
The following works for me...
-----
<VirtualHost [ip_address]:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/ssl/[domain].crt
SSLCertificateKeyFile /etc/httpd/ssl/[domain].key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
ServerName [domain]
RewriteEngine On
ProxyVia On
RewriteRule ^/(.*)
http://localhost:8080/VirtualHostBase/https/[domain]:443/folder/VirtualHostRoot/$1
[L,P]
<Location /manage>
Order Deny,Allow
Deny from All
</Location>
</VirtualHost>
-----
HTH,
Calisp
More information about the Zope
mailing list