[Zope] Forcing SSL

[martin f krafft]

--KsGdsel6WgEHnImy
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

I would like to force users to manage a Zope/Plone site through SSL,
and only through SSL. I have a site http://www.site.com:80, which is
also directly accessible as https://www.site.com:443.

The problem about forcing SSL for authenticated members is that with
Apache, I can only really do so for a subdirectory. So if the site
would be viewed at directory / (e.g. /products/fly), but all
authenticated members see the site as /authenticated (e.g.
/authenticated/products/fly), then Apache's Redirect could be used.

However, Zope doesn't use different paths for authenticated and
anonymous members.

Since every page rendered uses standard_html_header, could I put
a DTML Method or Python script in there that does the following:

  - Check if the access is by an authenticated member.
    - if yes: check for presence of the string 'https' in request/PATH_INFO
      - if not present: redirect to another URL

How would that look? I don't know how to check for membership or how
to issue an HTTP Redirect.

Thanks!

--=20
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
NOTE: The pgp.net keyservers and their mirrors are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
=20
all information contained in the above is false,
for reasons of military security.

--KsGdsel6WgEHnImy
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+Pj56IgvIgzMMSnURAq8gAKCHlDS5M248NR0Ilfutz3VnLdp+pwCgvFKW
MOtohAAN8rwTUzqmlWyuDTs=
=iI/X
-----END PGP SIGNATURE-----

--KsGdsel6WgEHnImy--