>  > I'm trying to deny external access to zope maintainance from elsewhere
>>  (just for  sure), with Zope behind apache. However, It
>>  just doesn't seem work... Sure It's more apache's problem, but I guess
>>  someone around there has a working solution?
>>
>>  #</IfModule>
>>  dule mod_rewrite.c>
>>  RewriteEngine on
>>  RewriteCond %{HTTP:Authorization}  ^(.*)
>>  RewriteRule ^/Zope(.*) /usr/lib/cgi-bin/Zope/$1
>[e=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
>>
>>  RewriteCond %{REMOTE_ADDR} !^193\.143\.156\.(.*)
>>  RewriteRule ^/Zope.*manage - [F]
>>  #</IfModule>
>>
>  > --

I'm using

<LocationMatch "/ssl|manage">
Deny from all
</LocationMatch>

to block any request from my virtual server on port 80 that is under 
the /ssl directory or has "manage" in it. You could then allow from 
localhost.

I was thinking about extending this idea to protect myself from 
possible seccurity-holes in zope by denying everything and allowing 
only requests ending in _html or _img. Any opinions on that?

--Ragnar

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to