We have a new firewall and firewall guru... He wants the firewall to handle and route port 80/443 requests to pound instances running on port 8080 and 8443. Whereby pound routes said requests to appropriate back-end Zope servers (running on other high-end ports). Obviously - in this new scenario - Zope will return requests with the 8080 and 8443 ports attached to the response URL. He wants Zope to respond, in-kind, with URLs re-written to port 80 and 443. I have tried messing with Site Access (messing with SERVER_URL in the REQUEST) and can strip out the 8080 and replace with 80, but there are side effects and this just doesn't seem right.

Is there a saner way, possibly within the zope.conf config items (like CGI) or some other deep "ZopeZen" magic that can address this or would it require some deep patching ..??

Certainly Apache (re-write) between pound and Zope would probably address this but that seems kinda silly...

Yes - we had a very nice, clean, simple setup before with pound running on the low ports, however, there seems to be concerns (now) that pound is a security risk running on low ports in our DMZ. I recommended RootJail but it seems he is insisting on pushing this new scenario.

Any suggestion(s) or points to docs greatly appreciated..

Long time Zope user....


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to