We have been using Pound to load balance and provide SSL support for our
Zope servers since Pound version 1.0. We provide access to WebDAV
authoring via Casey Duncan's ExternalEditor. This access is required to
be secure since account information is exchanged. This arrangement
worked fabulously thru Pound version 1.4. Beginning with version 1.5
the session information passed in the WebDAV session changed (by one
line), causing ExternalEditor to no longer work. We are (now) required
to upgrade Pound to the latest version due to security vulnerabilities
in version 1.5 and earlier (see http://xforce.iss.net/xforce/xfdb/16033
)
The first question I have is - has anyone else been able to run Pound
under similiar conditions and have ExternalEditor to work.
My second question is - has the addition of this additional line been
done to conform to a standard..??
The additional line is bolded and other lines included for context:
Authorization: Basic ZXJpYzplcmljMTIz
*X-SSL-cipher: RC4-MD5 SSLv3 Kx=RSA Au=RSA
Enc=RC4(128) Mac=MD5*
X-Forwarded-For: 192.168.1.159
NOTE - Pound versions before 1.5 did not include this line in a WebDAV
session. Included below are TCPFlow dumps of a Pound 1.4 and 1.8
session. Nothing else about the configuration (servers, hosts, ...etc)
has changed. WebDAV works under 1.4 and doesn't under 1.5, 1.6, 1.7 or 1.8.
TIA
Eric
**************************************************************************************************************
*The following is the TCPFlow dump of the Pound 1.8/ExternalEditor session:*
Note -
X-SSL-cipher line bolded_
_**************************************************************************************************************_
_192.168.001.022.46217-192.168.001.018.08443: GET
/noaa/ncddc/it/555/ds01/db01/glaciers/externalEdit_/spref HTTP/1.1
Host: mermaid-staging.ncddc.noaa.gov:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3)
Gecko/20040910
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.8,es-es;q=0.5,de-de;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/manage_propertiesForm
Cookie: validS="click"; dtpref_cols="100%"; dtpref_rows="20";
zmi_use_css="1"; templateS="off"; legendS="off"; saveS="off";
commentS="off"; textS="on"; editS="on"; defaultV="TEXT"; defaultS="on";
toolS="on"; exEdit="XML"; typeS="on"; zmi_top_frame="";
tree-s="eJzTiFZ3hANPW/VYHU0ALlYElA"; _ZopeId="23013465A1klUqe.Uog"
Authorization: Basic ZXJpYzplcmljMTIz
*X-SSL-cipher: RC4-MD5 SSLv3 Kx=RSA Au=RSA
Enc=RC4(128) Mac=MD5*
X-Forwarded-For: 192.168.1.159
192.168.001.018.08443-192.168.001.022.46217: HTTP/1.1 200 OK
Server: Zope/(Zope 2.6.2 (binary release, python 2.1, linux2-x86),
python 2.1.3, linux2) ZServer/1.1b1
Date: Fri, 12 Nov 2004 17:47:04 GMT
Pragma: no-cache
Content-Type: application/x-zope-edit
Etag:
Content-Length: 2574
url:https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/spref
meta_type:Spatial Reference Information
content_type:text/xml
auth:Basic ZXJpYzplcmljMTIz
cookie:validS="click"; dtpref_cols="100%"; dtpref_rows="20";
zmi_use_css="1"; templateS="off"; legendS="off"; saveS="off";
commentS="off"; textS="on"; editS="on"; defaultV="TEXT"; defaultS="on";
toolS="on"; exEdit="XML"; typeS="on"; zmi_top_frame="";
tree-s="eJzTiFZ3hANPW/VYHU0ALlYElA"; _ZopeId="23013465A1klUqe.Uog"
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE spref SYSTEM
"https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/spref/dtd">
<spref>
<horizsys>
<local>
<localdes>We generally register Landsat 1, 2, and 3 images to
Landsat 4 and 5 images, because the latter have more
stable internal geometry and higher resolution than the
earlier images.
We digitally co-register the images by using a minimum of
three well-dispersed fixed points (such as nunataks or ice
walls) to calculate a least-squares fit to a first-order
polynomial equation. This insures that only a rotational/
translational correction is made and no new internal error
is introduced during the geo
192.168.001.018.08443-192.168.001.022.46217: metric resampling. In the
interactive technique, we then match and align the
crevasse patterns displaced with time, and record the
starting/ending image coordinates for each point. To
obtain the distribution of average velocities over the
length of the glacier tongues, we also use the distance
from the location of each point on the earlier image to a
base line drawn perpendicular to glacier movement and
ideally lying on the grounding line; where the grounding
line is complex, the base line may only approximate its
position. Next, a digitized file is made, tracing the
glacier ice movements and defining the glacier's baseline (
or grounding line). This file is used to calculate the
velocity and distance statistics by measuring the
displacements along the curve that approximates the ices
movement per given time interval. For each measured
point, a displacement vector is plotted on the image,
commonly the earlier one of the pair, to illustrate the
relative velocities between glaciers and time intervals.</localdes>
<localgeo>Although in principle the images could be registered to
the earth's surface, for this exercise georeference is
not necessary, since the objective is merely to understand
ice movement through time and among paths within a glacier
tongue. Hence the data are not explicitly georeferenced.</localgeo>
</local>
</horizsys>
</spref>
192.168.001.022.46225-192.168.001.018.08443: LOCK
/noaa/ncddc/it/555/ds01/db01/glaciers/spref HTTP/1.1
Host: mermaid-staging.ncddc.noaa.gov:8443
Accept-Encoding: identity
User-Agent: Zope External Editor/0.8
Connection: close
Depth: infinity
Content-Type: text/xml; charset="utf-8"
Timeout: infinite
Content-Length: 257
Authorization: Basic ZXJpYzplcmljMTIz
Cookie: validS="click"; dtpref_cols="100%"; dtpref_rows="20";
zmi_use_css="1"; templateS="off"; legendS="off"; saveS="off";
commentS="off"; textS="on"; editS="on"; defaultV="TEXT"; defaultS="on";
toolS="on"; exEdit="XML"; typeS="on"; zmi_top_frame="";
tree-s="eJzTiFZ3hANPW/VYHU0ALlYElA"; _ZopeId="23013465A1klUqe.Uog"
*X-SSL-cipher: RC4-SHA SSLv3 Kx=RSA Au=RSA
Enc=RC4(128) Mac=SHA1*
X-Forwarded-For: 192.168.1.159
<?xml version="1.0" encoding="utf-8"?>
<d:lockinfo xmlns:d="DAV:">
<d:lockscope><d:exclusive/></d:lockscope>
<d:locktype><d:write/></d:locktype>
<d:depth>infinity</d:depth>
<d:owner>
<d:href>Zope External Editor</d:href>
</d:owner>
</d:lockinfo>
192.168.001.018.08443-192.168.001.022.46225: HTTP/1.1 200 OK
Server: Zope/(Zope 2.6.2 (binary release, python 2.1, linux2-x86),
python 2.1.3, linux2) ZServer/1.1b1
Date: Fri, 12 Nov 2004 17:47:05 GMT
Ms-Author-Via: DAV
Content-Type: text/xml; charset="utf-8"
Content-Length: 503
Etag:
Date: Fri, 12 Nov 2004 17:47:05 GMT
Connection: close
Content-Location:
https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/spref/
Lock-Token:
opaquelocktoken:0.704746559734-0.624422241895-00105A989226:1100281625.161
Connection: close
<?xml version="1.0" encoding="utf-8" ?>
<d:prop xmlns:d="DAV:">
<d:lockdiscovery>
<d:activelock>
<d:locktype><d:write/></d:locktype>
<d:lockscope><d:exclusive/></d:lockscope>
<d:depth>infinity</d:depth>
<d:owner>
<o:href xmlns:o="DAV:">Zope External Editor</o:href>
</d:owner>
<d:timeout>Second-720</d:timeout>
<d:locktoken>
<d:href>opaquelocktoken:0.704746559734-0.624422241895-00105A989226:1100281625.161</d:href>
</d:locktoken>
</d:activelock>
</d:lockdiscovery>
</d:prop>
#####################################################################################################
*The following is the TCPFlow dump of the Pound 1.4/ExternalEditor session:*
#####################################################################################################
192.168.001.022.46036-192.168.001.018.08443: GET
/noaa/ncddc/it/555/ds01/db01/glaciers/externalEdit_/spref HTTP/1.1
Host: mermaid-staging.ncddc.noaa.gov:8443
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.3)
Gecko/20040910
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.8,es-es;q=0.5,de-de;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/manage_propertiesForm
Cookie: validS="click"; dtpref_cols="100%"; dtpref_rows="20";
zmi_use_css="1"; templateS="off"; legendS="off"; saveS="off";
commentS="off"; textS="on"; editS="on"; defaultV="TEXT"; defaultS="on";
toolS="on"; exEdit="XML"; typeS="on"; zmi_top_frame="";
tree-s="eJzTiFZ3hANPW/VYHU0ALlYElA"; _ZopeId="23013465A1klUqe.Uog"
Authorization: Basic ZXJpYzplcmljMTIz
X-Forwarded-For: 192.168.1.159
192.168.001.018.08443-192.168.001.022.46036: HTTP/1.1 200 OK
Server: Zope/(Zope 2.6.2 (binary release, python 2.1, linux2-x86),
python 2.1.3, linux2) ZServer/1.1b1
Date: Fri, 12 Nov 2004 16:14:18 GMT
Pragma: no-cache
Content-Type: application/x-zope-edit
Etag:
Content-Length: 2574
url:https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/spref
meta_type:Spatial Reference Information
content_type:text/xml
auth:Basic ZXJpYzplcmljMTIz
cookie:validS="click"; dtpref_cols="100%"; dtpref_rows="20";
zmi_use_css="1"; templateS="off"; legendS="off"; saveS="off";
commentS="off"; textS="on"; editS="on"; defaultV="TEXT"; defaultS="on";
toolS="on"; exEdit="XML"; typeS="on"; zmi_top_frame="";
tree-s="eJzTiFZ3hANPW/VYHU0ALlYElA"; _ZopeId="23013465A1klUqe.Uog"
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE spref SYSTEM
"https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/spref/dtd">
<spref>
<horizsys>
<local>
<localdes>We generally register Landsat 1, 2, and 3 images to
Landsat 4 and 5 images, because the latter have more
stable internal geometry and higher resolution than the
earlier images.
We digitally co-register the images by using a minimum of
three well-dispersed fixed points (such as nunataks or ice
walls) to calculate a least-squares fit to a first-order
polynomial equation. This insures that only a rotational/
translational correction is made and no new internal error
is introduced during the geo
192.168.001.018.08443-192.168.001.022.46036: metric resampling. In the
interactive technique, we then match and align the
crevasse patterns displaced with time, and record the
starting/ending image coordinates for each point. To
obtain the distribution of average velocities over the
length of the glacier tongues, we also use the distance
from the location of each point on the earlier image to a
base line drawn perpendicular to glacier movement and
ideally lying on the grounding line; where the grounding
line is complex, the base line may only approximate its
position. Next, a digitized file is made, tracing the
glacier ice movements and defining the glacier's baseline (
or grounding line). This file is used to calculate the
velocity and distance statistics by measuring the
displacements along the curve that approximates the ices
movement per given time interval. For each measured
point, a displacement vector is plotted on the image,
commonly the earlier one of the pair, to illustrate the
relative velocities between glaciers and time intervals.</localdes>
<localgeo>Although in principle the images could be registered to
the earth's surface, for this exercise georeference is
not necessary, since the objective is merely to understand
ice movement through time and among paths within a glacier
tongue. Hence the data are not explicitly georeferenced.</localgeo>
</local>
</horizsys>
</spref>
192.168.001.022.46037-192.168.001.018.08443: LOCK
/noaa/ncddc/it/555/ds01/db01/glaciers/spref HTTP/1.1
Host: mermaid-staging.ncddc.noaa.gov:8443
Accept-Encoding: identity
User-Agent: Zope External Editor/0.8
Connection: close
Depth: infinity
Content-Type: text/xml; charset="utf-8"
Timeout: infinite
Content-Length: 257
Authorization: Basic ZXJpYzplcmljMTIz
Cookie: validS="click"; dtpref_cols="100%"; dtpref_rows="20";
zmi_use_css="1"; templateS="off"; legendS="off"; saveS="off";
commentS="off"; textS="on"; editS="on"; defaultV="TEXT"; defaultS="on";
toolS="on"; exEdit="XML"; typeS="on"; zmi_top_frame="";
tree-s="eJzTiFZ3hANPW/VYHU0ALlYElA"; _ZopeId="23013465A1klUqe.Uog"
X-Forwarded-For: 192.168.1.159
<?xml version="1.0" encoding="utf-8"?>
<d:lockinfo xmlns:d="DAV:">
<d:lockscope><d:exclusive/></d:lockscope>
<d:locktype><d:write/></d:locktype>
<d:depth>infinity</d:depth>
<d:owner>
<d:href>Zope External Editor</d:href>
</d:owner>
</d:lockinfo>
192.168.001.018.08443-192.168.001.022.46037: HTTP/1.1 200 OK
Server: Zope/(Zope 2.6.2 (binary release, python 2.1, linux2-x86),
python 2.1.3, linux2) ZServer/1.1b1
Date: Fri, 12 Nov 2004 16:14:19 GMT
Ms-Author-Via: DAV
Content-Type: text/xml; charset="utf-8"
Content-Length: 503
Etag:
Date: Fri, 12 Nov 2004 16:14:19 GMT
Connection: close
Content-Location:
https://mermaid-staging.ncddc.noaa.gov:8443/noaa/ncddc/it/555/ds01/db01/glaciers/spref/
Lock-Token:
opaquelocktoken:0.229422065905-0.370333747186-00105A989226:1100276059.492
Connection: close
<?xml version="1.0" encoding="utf-8" ?>
<d:prop xmlns:d="DAV:">
<d:lockdiscovery>
<d:activelock>
<d:locktype><d:write/></d:locktype>
<d:lockscope><d:exclusive/></d:lockscope>
<d:depth>infinity</d:depth>
<d:owner>
<o:href xmlns:o="DAV:">Zope External Editor</o:href>
</d:owner>
<d:timeout>Second-720</d:timeout>
<d:locktoken>
<d:href>opaquelocktoken:0.229422065905-0.370333747186-00105A989226:1100276059.492</d:href>
</d:locktoken>
</d:activelock>
</d:lockdiscovery>
</d:prop>
|
