[Zope] mod_rewrite rule to close managment screens from outsiders

Marcel Preda marcel@punto.it
Tue, 27 Jun 2000 17:00:00 +0200


----- Original Message -----
From: Riku Voipio <riku.voipio@tietoenator.com>
To: <zope@zope.org>
Sent: Tuesday, June 27, 2000 4:05 PM
Subject: [Zope] mod_rewrite rule to close managment screens from outsiders


> I'm trying to deny external access to zope maintainance from elsewhere
> (just for  sure), with Zope behind apache. However, It
> just doesn't seem work... Sure It's more apache's problem, but I guess
> someone around there has a working solution?
>
> #</IfModule>
> dule mod_rewrite.c>
> RewriteEngine on
> RewriteCond %{HTTP:Authorization}  ^(.*)
> RewriteRule ^/Zope(.*) /usr/lib/cgi-bin/Zope/$1
[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
>
> RewriteCond %{REMOTE_ADDR} !^193\.143\.156\.(.*)
> RewriteRule ^/Zope.*manage - [F]
> #</IfModule>
>
> --


I didn't use ,  the `rewrite' module for something like this,
but I remember that the order of the rules is VERY important.
I suppose that when the first Cond is matched the last doesn't matter

So maybe is better to invert the rules...

PM