[Zope] deny access to manage interface from apache

lee doolan leed_25m@lycos.com
Tue, 19 Nov 2002 17:24:28 -0500


I have a zope server handling proxy passes from apache and I am trying
to restrict access to the /manage functionality from the public facing
website.

here's my apache config

    <VirtualHost xx.xx.78.23:800>
        ServerAdmin webmaster@site.com
        DocumentRoot /htdocs/site/current
        ServerName www.site.com
        ServerAlias site.com *.site.com
        ErrorLog logs/site.com-error_log

       <Location ~ ".*/manage$">
            Order deny,allow
            deny from all
            allow from 192.168
       </Location>

        ProxyPass / http://internal.office.com:8080/site/com/
        ProxyPassReverse / http://internal.office.com:8080/site/com/

        CustomLog "|/usr/local/bin/logger-lc -p local1.notice" vcombined

        <Directory "/htdocs/site/current/">
        Options +Includes
        AddHandler server-parsed .html
        </Directory>
    </VirtualHost>

the trouble is that if I put a URL like this in the location bar

    www.site.com/manage_main

I can get into the manage interface.  On the other hand, if I block
access to manage_main with a regex in the <Location ..> block, then I
can no longer manage the site on my internal zope server located at 

    http://internal.office.com:8080

How can I best handle this problem?



__________________________________________________________
Outgrown your current e-mail service? Get 25MB Storage, POP3 Access,
Advanced Spam protection with LYCOS MAIL PLUS.
http://login.mail.lycos.com/brandPage.shtml?pageId=plus&ref=lmtplus