Hi, I have a serious problem with Zope 2.9.0.
So far I was running Plone 2.0.5 on a Zope 2.8.4 behind apache. For several reasons I only allow access via https. With Zope 2.8.4 everything worked fine with a fastcgi configuration and applying rewrite rules. In Zope 2.9.0 fastcgi is not supported anymore and you are recommended to use mod_proxy. Well ... As you can imagine - I tried and I tried hard ... Everything works fine with HTTP but as soon as I am using HTTPS I can not login anymore. I tried to narrow down the problem but I somehow can not figure out what is wrong. I looked at the network traffic and all POSTs (transmitting the password to zope) seem to work fine. Actually, the rewritten HTTPS POSTs look identical to HTTP POSTs. Only difference in the communication with Zope: Zope/Plone (The CookieCrumbler) does not return a SetCookie instruction, to be more precise, the CookieCrumbler does not even touch the header :-( Please see some snippets from my httpd.conf at the end of this email. I would really appreciate your help. I looked for manuals describing the setup of a scenario like mine but I could not find any configuration that is similar to mine. Please note that I do not have another choice than running zope behind https completely (security policy of our network admin). Every hint is very welcome! Thank you for your help, Dan <start of httpd.conf> ... Listen server:80 Listen server:443 LoadModule headers_module modules/mod_headers.so LoadModule ssl_module modules/mod_ssl.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule rewrite_module modules/mod_rewrite.so ... <VirtualHost server:80> ... # we don't need a DocumentRoot for a zope only sites DocumentRoot /home/zope/instances/www/ CustomLog /usr/local/apache2/logs/zope-access.log combined ErrorLog /usr/local/apache2/logs/zope-error.log LogLevel warn <IfModule mod_rewrite.c> RewriteEngine On RewriteRule ^/$ https://server/softsec/ [NC,R=301,L] RewriteRule ^/(.*) https://server/$1 [NC,R=301,L] </IfModule> <IfModule mod_proxy.c> ProxyVia On # prevent the webserver from beeing used as proxy <LocationMatch "^[^/]"> Deny from all </LocationMatch> </IfModule> </VirtualHost> ... # SSL host serving actual access to zope <VirtualHost server:443> ServerName server ServerSignature On DocumentRoot /home/zope/instances/www/ DirectoryIndex index_html #<IfModule mod_fastcgi.c> # <Directory /home/zope/instances/www/> # SetHandler fastcgi-script # AddHandler fastcgi-script .fcgi # AllowOverride none # Options ExecCGI # Order allow,deny # Allow from all # </Directory> #</IfModule> CustomLog /usr/local/apache2/logs/zope-ssl-access.log combined ErrorLog /usr/local/apache2/logs/zope-ssl-error.log LogLevel info SSLEngine on SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key <Location /> # Force usage of ssl encryption SSLRequireSSL # SSL client certs: none, optional, require # Note: optional doesn't work with all browsers SSLVerifyDepth 1 SSLVerifyClient none AuthUserFile /home/other/.htpasswd AuthType Basic Require valid-user SSLOptions +StdEnvVars +StrictRequire # SetHandler fastcgi-script </Location> <IfModule mod_rewrite.c> RewriteEngine On RewriteLog "/usr/local/apache2/logs/server-ssl-rewrite_log" RewriteLogLevel 2 # new rules do not allow authentication RewriteRule ^/(.*) \ http://127.0.0.1:18080/VirtualHostBase/https/server:443/soft/VirtualHostRoot/$1 [P,L] RewriteRule ^/soft(.*) \ http://127.0.0.1:18080/VirtualHostBase/https/server:443/soft/VirtualHostRoot/_vh_soft$1 [P,L] # old fastcgi rewrite rules # RewriteRule ^/$ \ /zope.fcgi/VirtualHostBase/https/server:443/soft/VirtualHostRoot/_vh_soft/ [L] # RewriteRule ^/soft(.*) \ /zope.fcgi/VirtualHostBase/https/server:443/soft/VirtualHostRoot/_vh_soft/$1 [L] </IfModule> <IfModule mod_proxy.c> ProxyVia On # I also tried to use PROXYPASS but it does not work # ProxyPass /soft http://127.0.0.1:18080/VirtualHostBase/https/server:443/soft/VirtualHostRoot/_vh_soft # ProxyPassReverse /softsec_test http://127.0.0.1:18080/VirtualHostBase/https/server:443/soft/VirtualHostRoot/_vh_soft # ProxyPassReverseCookieDomain 127.0.0.1 server # ProxyPassReverseCookiePath /soft/ /soft/ # prevent the webserver from beeing used as proxy <LocationMatch "^[^/]"> # SetHandler fastcgi-script Deny from all </LocationMatch> </IfModule> </VirtualHost> ... <end of httpd.conf> -- DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl _______________________________________________ Setup mailing list [email protected] http://lists.plone.org/mailman/listinfo/setup
