[Zope] ZServer ACL
Todd Hepler
thepler@caspiannetworks.com
Mon, 20 Aug 2001 19:31:42 -0500
I'm relatively new to Zope and python.
I have Apache with ProxyPass (port 80) set up on the same box as Zope
with a VirtualHostMonster (port 8080). I want to make it so that
clients cannot "go around" Apache and talk directly to port 8080, so
I'm looking for a way to make Zope only accept requests that come from
localhost (or a specified IP address). I can't find anything on
zope.org related to ACLs of this nature or blocking access to ZServer
based on IP address. Any ideas? I dug through the medusa and ZServer
code, but the answer isn't jumping out at me.
I'm running Zope 2.4.0 with python 2.1.1 on solaris 2.7.
Why would I want this? (you might ask)
To scale, I want to be able to turn on caching in Apache, or replace
Apache with squid. This won't improve performance if the pages that
come out of Zope refer directly to port 8080. The clients would end up
"going around" the cache.
I know there are ways to make Zope generate appropriate URLs and thus
not go around port 80, but I'm not interested in those solutions here.
Even those solutions won't stop someone from hardcoding a reference to
port 8080 in one of their pages. I want to simply shut off access to
it in the first place so that if someone even tries it, they fail.
Thanks,
-todd