[Zope] ZMI access using URL other than manage

Dieter Maurer dieter at handshake.de
Fri Mar 25 15:01:38 EST 2005


Lennart Regebro wrote at 2005-3-25 13:48 +0100:
> ...
>You can set up apache so it only allows access to "manage*" from
>certain adresses, like your internal net and stuff. I don't have the
>examples at close hand,sorry.

Note that any knowledgable person can easily work around such
a restriction implemented in Apache.

You can construct requests causing arbitrary traversal in Zope
without Apache seeing anything about this...

-- 
Dieter


More information about the Zope mailing list