michael nt milne wrote: > Yes, I do realise that it's hard. Regarding the cookie comment that > was the reason I wanted to use Apache <location> based login. I do > realise that leaving a logon cookie is insecure and that comment was > perhaps misguided. I started to think about usability etc. > > I'm going to block 8080 at the router/firewall level as Zope obviously > needs to keep serving through 8080 to Apache.
No need to do that, just configure your zope (etc/zope.conf) to listen only on your loopback interface: <http-server> address 127.0.0.1:8080 </http-server> An btw, Zope doesn't *need* to serve on 8080... HTH, Igor _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )