Re: [Zope] VHM and SSL protection problem

2005-11-08 Thread Chris Withers 

Sascha Welter wrote:

second rule. You likely need both, though I have not used fastcgi in a
while. 


...why anyone would want to nowadays is an interesting question ;-)

Chris

--
Simplistix - Content Management, Zope & Python Consulting
   - http://www.simplistix.co.uk
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] VHM and SSL protection problem

2005-11-07 Thread Sascha Welter 
(Sat, Nov 05, 2005 at 12:00:10PM -0500) [EMAIL PROTECTED] wrote/schrieb/egrapse:
> From: Sophia Grimm <[EMAIL PROTECTED]>
> Subject: [Zope] VHM and SSL protection problem
>
> ...
> Installation #2: Plone 2.1/Zope 2.7.7
> I'm trying to use VHM and an Apache rewrite rule to
> protect this site with SSL. I'm using instructions
> from http://plone.org/documentation/how-to/apache-ssl
> . Step number 7 shows this rewrite rule:
> 
> RewriteRule ^/(.*)
> http://localhost:8080/VirtualHostBase/https/www.yourmachinename.com:443/$1

Looking at what the zope witch  tells me
(and myself guessing at what you really want to do):
RewriteRule ^$ \
http://127.0.0.1:8080/VirtualHostBase/\
https/%{SERVER_NAME}:443/VirtualHostRoot/ [L,P]

RewriteRule ^/(.*) \
http://127.0.0.1:8080/VirtualHostBase/\
https/%{SERVER_NAME}:443/VirtualHostRoot/$1 [L,P]

It seems that you are missing the [L,P] at the end, which tells apache
what to do once a RewriteRule matches.

> So if my original Zope site was 
> http://www.sg.com:8080/
> the above rule should simply rewrite the URL to
> https://www.sg.com:443/
> which would force all requests for the http site to go
> through SSL before being forwarded to Zope. Correct? 

No.

What this does is it enables your site to be served through SSL and
apache. The "force everything to SSL" rewriterule is another, different,
second rule. You likely need both, though I have not used fastcgi in a
while. The witch doesn't cover that rule style yet. 

For redirecting access to the ZMI to SSL, many people use rules like
these:
RewriteRule ^/(.*)/manage(.*) https://%{SERVER_NAME}/$1/manage$2 [R=301,L]
RewriteRule ^/manage(.*) https://%{SERVER_NAME}/manage$1 [R=301,L]
ProxyPassReverse /manage https://%{SERVER_NAME}/manage

You could modify these to redirect everything to SSL. (There should
either be additional tests to check that you are not using SSL already,
or else this should be placed in the non-SSL virtual host setup). See
how these have R=301 in the last part? That's a redirect, not a rewrite.

Regards,

Sascha

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )