[Zope] Using SSL with Zope/Apache with url rewriting.

Ricardo Anguiano anguiano@codesourcery.com
31 Jul 2002 07:56:57 -0700


"Alec Munro" <alec.munro@eoascientific.com> writes:
> I guess I misphrased it. I need a secure method of communication
> with Zope. I want to be able to log in to the ZMI, or other
> administration tools, from a remote location, without sending
> passwords flying across the internet in cleartext. The server is a
> dedicated box in San Antonio, and I'm in Halifax. I don't actually
> need the communication between Apache and Zope to be secure, at
> least as long as they are behind the same firewall.
> 
> I think I've got it figured out anyway, but I would still appreciate
> suggestions.
> 
> Thanks,
> 
> Alec

This is what we did for apache + zope.  There may be better ways. Make
sure you have mod_ssl installed.  Add this section for your
<host.domain.com> and <ip-address> in httpd.conf and restart apache.
I tested it by watching tcpdump -x | hex2ascii.  There were no
cleartext passwords and the content was also protected.

<VirtualHost ip-address:443>
  ServerName host.domain.com
  DocumentRoot /var/inet/html
  SSLEngine on
  SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
  SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
  SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
  RewriteEngine on
  # Do not allow use of the Zope management interfaces.
  RewriteCond %{REQUEST_URI} manage
  RewriteRule manage - [F]
  RewriteRule ^/(.*) http://localhost:8080/VirtualHostBase/https/host.domain.com:443/intranet/VirtualHostRoot/$1 [P,L]
</VirtualHost>

Ricardo Anguiano             anguiano@codesourcery.com
CodeSourcery, LLC            http://www.codesourcery.com