Bashar <[email protected]> (So 19 Feb 2012 14:22:21 CET): > Hello, > We're using Pound as front for Zope and in Z2.log it shows the main IP of > Pound that forwards traffic. > > I wish to use the Domains feature under acl_users in zope to restrict > access for managers (the /manage) So how can i change/tweak it where Zope > can see the real user IP for using it in Domains option for managers?
As Pound acts an a proxy on the application protocol layer, Zope will
see connections originating from the Pound proxy only.
But - Pound sets the X-Forwarded-For HTTP-Header.
GET /test/index.html HTTP/1.0
User-Agent: Wget/1.12 (linux-gnu)
Accept: */*
Host: ssl.schlittermann.de
X-SSL-cipher: DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA
Enc=AES(256) Mac=SHA1
X-Forwarded-For: 88.73.219.244
But - you should read about X-Forwarded-For and possibilities of its
abuse and about its contents in face of proxy chains.
I do not know anything about Zope, but probably you can have it trust
the X-Forwarded-For headers and apply its ACLs on the base of these
headers.
--
Heiko :: dresden : linux : SCHLITTERMANN.de
GPG Key 48D0359B : 3061 CFBF 2D88 F034 E8D2 7E92 EE4E AC98 48D0 359B
signature.asc
Description: Digital signature
