Glad you got it resolved. And I'm glad this is helping others. I should mention though that the Apache configurations mentioned in my original post disable admin and app admin access completely (even over SSL). This is a good idea unless you absolutely need it, since web2py's admin application doesn't have any protection against brute-force hacking attempts. However, I have submitted a patch that adds this protection to the admin application. If it gets accepted, it may be moderately safe to enable the admin application over SSL, but only if you need it. To enable admin over SSL, you would simply change these lines in the Apache site configuration files:
<Location /admin> Deny from all </Location> <LocationMatch ^/([^/]+)/appadmin> Deny from all </LocationMatch> You can remove these lines, or simply put a hash mark (#) in front of the Deny from all part. Using the hash marks could make it easier to switch admin on and off if you only want it on when needed. Just keep in mind that you would need to run: sudo /etc/init.d/apache2 reload In order for the change to take effect. If for some reason the changes don't get applied, then doing an Apache restart instead of a reload should do the trick.