Title: RE: [Zope] apache open proxy configuration problem

I abandoned mod_proxy for mod_rewrite. Security-wise, mod_rewrite had
less to worry about (this is important when website administration
changes hands).

The sample configuration below shows how to handle Zope resource
quirks and how to proxy requests to and from folders in Zope (both
tested). The last rule is my guess at what "proxy everything to and
from Zope" would look like (untested). Apache is listening on 80 and
routes requests to a Zope instance listening on 8080.

<IfModule mod_rewrite.c>

    RewriteEngine On
    RewriteLog "/path/to/rewrite_log"

    # Zope serves some system-ish content from p_ and misc_.
    RewriteRule ^/p_(.*){HTTP_HOST}/VirtualHostRoot/p_$1 [L,P]
    RewriteRule ^/misc_(.*){HTTP_HOST}/VirtualHostRoot/misc_$1 [L,P]

    # Apache folders served by Zope folders.
    RewriteRule ^/folder1(.*){HTTP_HOST}/VirtualHostRoot/folder1$1 [L,P]
    RewriteRule ^/folder2(.*){HTTP_HOST}/VirtualHostRoot/folder2$1 [L,P]

    # Push everything to Zope?
    RewriteRule ^(.*){HTTP_HOST}/VirtualHostRoot/$1 [L,P]



-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Colmar
Sent: Saturday, October 15, 2005 9:19 AM
To: zope@zope.org
Subject: [Zope] apache open proxy configuration problem

I've been running zope through apache for years and years now, and I
have a new machine set up with apache 2.0.48 and zope (Zope 2.8.0-final,
python 2.3.5, linux2)

Using Identical Vhost configuration settings from an old machine all has
been well, up until about 5 days ago, when I noticed the machine getting
slammed, and wierd logs started showing up like:

xxx.xxx.xxx.xxx - - [14/Oct/2005:14:09:06 -0700] "GET
HTTP/1.1" 403 406

(IP removed to protect the guilty)

In my quick research to try to determine the problem, I found people
advising to turn "ProxyRequests Off", which I did, but did not have any

Luckily this is just a development server, not a live production server,
so its not super critical, but I'm nervous now that my production server
might be in the same state...

Here is a sample vhost.conf entry:

ServerName www.greengraphics.net
ServerPath /var/www/greengraphics/www
DocumentRoot /var/www/greengraphics/www
ServerAdmin webmaster
RewriteEngine On
TransferLog logs/Vhost-greengraphics-access.log
ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
ProxyPass /
ProxyPassReverse /

mod_proxy.conf looks like:

  <IfModule !mod_proxy.c>
    LoadModule proxy_module             modules/mod_proxy.so
    #LoadModule proxy_connect_module    modules/mod_proxy_connect.so
    #LoadModule proxy_ftp_module        modules/mod_proxy_ftp.so
    LoadModule proxy_http_module        modules/mod_proxy_http.so

<IfModule mod_proxy.c>

# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:

ProxyRequests Off

<Proxy *>
    Order deny,allow
    Deny from all
#    Allow from .your-domain.com

# Enable/disable the handling of HTTP/1.1 "Via:" headers.
# ("Full" adds the server version; "Block" removes all outgoing Via:
# Set to one of: Off | On | Full | Block

ProxyVia On

# End of proxy directives.


any suggestions?  places to look to verify security?


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-dev )

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to