We just discovered that when using VirtualHostMonster in apache
RewriteRules, it is possible to access every content in the zope
instance. If the URL points to a subfolder, just like
then it's still possible to access content below that subfolder on the
instance. If $1 is some foldername that doesn't exist in the subfolder
bug instead in the root folder of the instance, it's content is returned.
An example to make it explicit:
Let's assume we have three directories in the root folder of the
instance: /project1, /project2 and /project3.
The VirtualHostMonster is used to access project2 directly via
But both project1 and project3 are also accessible through project2.com
over the URLs "http://www.project2.com/project1" and
Is this a known issue? I consider that as a quite serious bug, as both
project1 and project3 might be private and should not be published over
the globally available apache rewriterule.
We do use zope2.10.5 on a debian/etch system.
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -