[Zope] SSL + ProxyPass + Zope question...

Steve Spicklemire steve@spvi.com
Fri, 3 Aug 2001 18:15:30 -0500


Hi Eric,

	Apache sets an environment variable when SSL is used. You can check 
for that varible in an Access rule, or standard_html_header or some 
other method.

-steve

On Friday, August 3, 2001, at 06:02 PM, Eric Walstad wrote:

> Hello,
>
> Apache is listening on port 80 and 443, Zope listening on port 8080.  
> When a
> request comes in for port 443 (or HTTPS) Apache forwards the request to 
> Zope
> on port 8080 and sends the results back out thru SSL, just as it 
> should.  If
> a user goes to https://mysite.com/PasswordProtectedArea/ an SSL 
> connection
> is created and the password is forwarded to Zope after it's been sent 
> thru
> SSL.  However, if the user goes to
> http://mysite.com:8080/PasswordProtectedArea/ Apache never sees the 
> request
> and it goes straight to Zope.  The user is then prompted for a password,
> which would be sent back to Zope without SSL.
>
> So my question is, how do I keep Zope from accepting any requests from 
> the
> outside world unless they've gone thru Apache first?  Can I tell Zope to
> listen on something like 192.168.1.123:8080 so that it will never see
> requests from the outside world?
>
> TIA,
>
> Eric.
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )