/ Zope / Apsis / Pound Mailing List / Archive / 2003 / 2003-12 / redirecting with pound

[ << ] [ >> ]

[ only small performance gain? / Sascha Ottolski ... ] [ Workaround for IE6.x not using SSL3.0 available ? ... ]

redirecting with pound
Joachim Schmitz <js(at)aixtraware.de>		 2003-12-11 18:26:52 [ FULL ] 
I want to allow access to the zope-managementinterface only over https
is it possible with pound to redirect

http://www.myzope.de/manage to https://www.myzope.de/manage ?

[...]
Re: redirecting with pound
Robert Segall <roseg(at)apsis.ch>		 2003-12-12 10:10:15 [ FULL ] 
On Thursday 11 December 2003 18:26, Joachim Schmitz wrote:[...]

Pound does not redirect anything. What you can do is make sure that management 
pages are not allowed over HTTP:

1. Start an instance of Pound. Include in the config:

ListenHTTP ...

UrlGroup ".*/manage"
# empty here
EndGroup

UrlGroup ".*"
# Your normal back-end defs here
EndGroup

2. Start a second instance of Pound:

ListenHTTPS ...

UrlGroup ".*"
# Your normal back-end defs here
EndGroup

This will ensure that anyone attempting to access an URL ending in /manage 
over HTTP will be rejected.

Better solution: if this is Zope change the authorization code, which issues 
the redirect required for authentication, to go to HTTPS.

Even better solution: wait for Pound 2.0 which will allow arbitrary redirects 
(but don't hold your breath).[...]
MailBoxer