summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorNeil Blakey-Milner <nbm@FreeBSD.org>2000-09-19 09:49:04 +0000
committerNeil Blakey-Milner <nbm@FreeBSD.org>2000-09-19 09:49:04 +0000
commit689945f93e055335ca06c28590ae41107f6d40fd (patch)
treed82e757e2829f6aae6f47e0e6512f68cacc826cb /www
parentConvert to use bsd.python.mk. (diff)
Make Zope management work with non-SSL connections, but give an example
of how to turn it on. Conditionalize the SSL usage on <IfDefine SSL>, since that's been a problem. Also make the rewrite use cgi-bin.default/Zope.cgi, but give an example of what to change if you move it to cgi-bin/Zope.cgi.
Notes
Notes: svn path=/head/; revision=32842
Diffstat (limited to 'www')
-rw-r--r--www/zope/files/apache.conf.Zope-Changes50
-rw-r--r--www/zope210/files/apache.conf.Zope-Changes50
-rw-r--r--www/zope211/files/apache.conf.Zope-Changes50
-rw-r--r--www/zope213/files/apache.conf.Zope-Changes50
-rw-r--r--www/zope28/files/apache.conf.Zope-Changes50
-rw-r--r--www/zope29/files/apache.conf.Zope-Changes50
6 files changed, 168 insertions, 132 deletions
diff --git a/www/zope/files/apache.conf.Zope-Changes b/www/zope/files/apache.conf.Zope-Changes
index f1d28a1a82e0..bd9e6799c08a 100644
--- a/www/zope/files/apache.conf.Zope-Changes
+++ b/www/zope/files/apache.conf.Zope-Changes
@@ -16,33 +16,39 @@ RewriteRule ^/Zope$ /Zope/ [R]
# way to do so is to do a little mod_rewrite'ing. See doc/WEBSERVER.txt in
# your Zope base directory for further information.
#
+# Uncomment the first RewriteRule if you move Zope.cgi into
+# /usr/local/www/cgi-bin
+#
# This maps maps /Zope/ to the Zope.cgi CGI script.
RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin.default/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#
+
+# *** *** ***
+#
+# This lets the Zope cgi script run:
#
+
+<Directory /usr/local/www/cgi-bin.default>
+ Options +ExecCGI
+</Directory>
+
+
# *** *** ***
#
-# Also, Zope, in spite of some fussing about "security", totally ignores
-# the man in the middle. So, all contacts to Zope management screens are
-# made to require SSL.
-#
-<LocationMatch "/Zope/(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-# One final notice: If you can't get working your authentication with Zope
-# check if the access file in the Zope base directory (maybe this is
-# /usr/local/www/Zope or the like) contains a CLEARTEXT password. If
-# encryption there is set to SHA, to my knowledge, authentication does not
-# work. Try `python zpasswd.py -u zopemaster -p test -e CLEARTEXT access`
-# (in the Zope base dir). This sets the required username/passwd pair to
-# zopemaster/test respectively and stores them as CLEARTEXT password.
-# Don't forget the proper access restrictions to this file if you have
-# user access to the file system that it is stored on.
+# To require SSL to access the Zope management screens, uncomment the
+# next section:
+#
+#<IfDefine SSL>
+#<LocationMatch "/Zope/(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#
+#<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#</IfDefine>
#
# End of Zope configuration section.
diff --git a/www/zope210/files/apache.conf.Zope-Changes b/www/zope210/files/apache.conf.Zope-Changes
index f1d28a1a82e0..bd9e6799c08a 100644
--- a/www/zope210/files/apache.conf.Zope-Changes
+++ b/www/zope210/files/apache.conf.Zope-Changes
@@ -16,33 +16,39 @@ RewriteRule ^/Zope$ /Zope/ [R]
# way to do so is to do a little mod_rewrite'ing. See doc/WEBSERVER.txt in
# your Zope base directory for further information.
#
+# Uncomment the first RewriteRule if you move Zope.cgi into
+# /usr/local/www/cgi-bin
+#
# This maps maps /Zope/ to the Zope.cgi CGI script.
RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin.default/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#
+
+# *** *** ***
+#
+# This lets the Zope cgi script run:
#
+
+<Directory /usr/local/www/cgi-bin.default>
+ Options +ExecCGI
+</Directory>
+
+
# *** *** ***
#
-# Also, Zope, in spite of some fussing about "security", totally ignores
-# the man in the middle. So, all contacts to Zope management screens are
-# made to require SSL.
-#
-<LocationMatch "/Zope/(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-# One final notice: If you can't get working your authentication with Zope
-# check if the access file in the Zope base directory (maybe this is
-# /usr/local/www/Zope or the like) contains a CLEARTEXT password. If
-# encryption there is set to SHA, to my knowledge, authentication does not
-# work. Try `python zpasswd.py -u zopemaster -p test -e CLEARTEXT access`
-# (in the Zope base dir). This sets the required username/passwd pair to
-# zopemaster/test respectively and stores them as CLEARTEXT password.
-# Don't forget the proper access restrictions to this file if you have
-# user access to the file system that it is stored on.
+# To require SSL to access the Zope management screens, uncomment the
+# next section:
+#
+#<IfDefine SSL>
+#<LocationMatch "/Zope/(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#
+#<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#</IfDefine>
#
# End of Zope configuration section.
diff --git a/www/zope211/files/apache.conf.Zope-Changes b/www/zope211/files/apache.conf.Zope-Changes
index f1d28a1a82e0..bd9e6799c08a 100644
--- a/www/zope211/files/apache.conf.Zope-Changes
+++ b/www/zope211/files/apache.conf.Zope-Changes
@@ -16,33 +16,39 @@ RewriteRule ^/Zope$ /Zope/ [R]
# way to do so is to do a little mod_rewrite'ing. See doc/WEBSERVER.txt in
# your Zope base directory for further information.
#
+# Uncomment the first RewriteRule if you move Zope.cgi into
+# /usr/local/www/cgi-bin
+#
# This maps maps /Zope/ to the Zope.cgi CGI script.
RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin.default/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#
+
+# *** *** ***
+#
+# This lets the Zope cgi script run:
#
+
+<Directory /usr/local/www/cgi-bin.default>
+ Options +ExecCGI
+</Directory>
+
+
# *** *** ***
#
-# Also, Zope, in spite of some fussing about "security", totally ignores
-# the man in the middle. So, all contacts to Zope management screens are
-# made to require SSL.
-#
-<LocationMatch "/Zope/(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-# One final notice: If you can't get working your authentication with Zope
-# check if the access file in the Zope base directory (maybe this is
-# /usr/local/www/Zope or the like) contains a CLEARTEXT password. If
-# encryption there is set to SHA, to my knowledge, authentication does not
-# work. Try `python zpasswd.py -u zopemaster -p test -e CLEARTEXT access`
-# (in the Zope base dir). This sets the required username/passwd pair to
-# zopemaster/test respectively and stores them as CLEARTEXT password.
-# Don't forget the proper access restrictions to this file if you have
-# user access to the file system that it is stored on.
+# To require SSL to access the Zope management screens, uncomment the
+# next section:
+#
+#<IfDefine SSL>
+#<LocationMatch "/Zope/(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#
+#<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#</IfDefine>
#
# End of Zope configuration section.
diff --git a/www/zope213/files/apache.conf.Zope-Changes b/www/zope213/files/apache.conf.Zope-Changes
index f1d28a1a82e0..bd9e6799c08a 100644
--- a/www/zope213/files/apache.conf.Zope-Changes
+++ b/www/zope213/files/apache.conf.Zope-Changes
@@ -16,33 +16,39 @@ RewriteRule ^/Zope$ /Zope/ [R]
# way to do so is to do a little mod_rewrite'ing. See doc/WEBSERVER.txt in
# your Zope base directory for further information.
#
+# Uncomment the first RewriteRule if you move Zope.cgi into
+# /usr/local/www/cgi-bin
+#
# This maps maps /Zope/ to the Zope.cgi CGI script.
RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin.default/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#
+
+# *** *** ***
+#
+# This lets the Zope cgi script run:
#
+
+<Directory /usr/local/www/cgi-bin.default>
+ Options +ExecCGI
+</Directory>
+
+
# *** *** ***
#
-# Also, Zope, in spite of some fussing about "security", totally ignores
-# the man in the middle. So, all contacts to Zope management screens are
-# made to require SSL.
-#
-<LocationMatch "/Zope/(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-# One final notice: If you can't get working your authentication with Zope
-# check if the access file in the Zope base directory (maybe this is
-# /usr/local/www/Zope or the like) contains a CLEARTEXT password. If
-# encryption there is set to SHA, to my knowledge, authentication does not
-# work. Try `python zpasswd.py -u zopemaster -p test -e CLEARTEXT access`
-# (in the Zope base dir). This sets the required username/passwd pair to
-# zopemaster/test respectively and stores them as CLEARTEXT password.
-# Don't forget the proper access restrictions to this file if you have
-# user access to the file system that it is stored on.
+# To require SSL to access the Zope management screens, uncomment the
+# next section:
+#
+#<IfDefine SSL>
+#<LocationMatch "/Zope/(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#
+#<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#</IfDefine>
#
# End of Zope configuration section.
diff --git a/www/zope28/files/apache.conf.Zope-Changes b/www/zope28/files/apache.conf.Zope-Changes
index f1d28a1a82e0..bd9e6799c08a 100644
--- a/www/zope28/files/apache.conf.Zope-Changes
+++ b/www/zope28/files/apache.conf.Zope-Changes
@@ -16,33 +16,39 @@ RewriteRule ^/Zope$ /Zope/ [R]
# way to do so is to do a little mod_rewrite'ing. See doc/WEBSERVER.txt in
# your Zope base directory for further information.
#
+# Uncomment the first RewriteRule if you move Zope.cgi into
+# /usr/local/www/cgi-bin
+#
# This maps maps /Zope/ to the Zope.cgi CGI script.
RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin.default/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#
+
+# *** *** ***
+#
+# This lets the Zope cgi script run:
#
+
+<Directory /usr/local/www/cgi-bin.default>
+ Options +ExecCGI
+</Directory>
+
+
# *** *** ***
#
-# Also, Zope, in spite of some fussing about "security", totally ignores
-# the man in the middle. So, all contacts to Zope management screens are
-# made to require SSL.
-#
-<LocationMatch "/Zope/(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-# One final notice: If you can't get working your authentication with Zope
-# check if the access file in the Zope base directory (maybe this is
-# /usr/local/www/Zope or the like) contains a CLEARTEXT password. If
-# encryption there is set to SHA, to my knowledge, authentication does not
-# work. Try `python zpasswd.py -u zopemaster -p test -e CLEARTEXT access`
-# (in the Zope base dir). This sets the required username/passwd pair to
-# zopemaster/test respectively and stores them as CLEARTEXT password.
-# Don't forget the proper access restrictions to this file if you have
-# user access to the file system that it is stored on.
+# To require SSL to access the Zope management screens, uncomment the
+# next section:
+#
+#<IfDefine SSL>
+#<LocationMatch "/Zope/(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#
+#<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#</IfDefine>
#
# End of Zope configuration section.
diff --git a/www/zope29/files/apache.conf.Zope-Changes b/www/zope29/files/apache.conf.Zope-Changes
index f1d28a1a82e0..bd9e6799c08a 100644
--- a/www/zope29/files/apache.conf.Zope-Changes
+++ b/www/zope29/files/apache.conf.Zope-Changes
@@ -16,33 +16,39 @@ RewriteRule ^/Zope$ /Zope/ [R]
# way to do so is to do a little mod_rewrite'ing. See doc/WEBSERVER.txt in
# your Zope base directory for further information.
#
+# Uncomment the first RewriteRule if you move Zope.cgi into
+# /usr/local/www/cgi-bin
+#
# This maps maps /Zope/ to the Zope.cgi CGI script.
RewriteCond %{HTTP:Authorization} ^(.*)
-RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+RewriteRule ^/Zope/(.*) /usr/local/www/cgi-bin.default/Zope.cgi/$1 [env=HTTP_CGI_AUTHORIZATION:%1,t=application/x-httpd-cgi,l]
+#
+
+# *** *** ***
+#
+# This lets the Zope cgi script run:
#
+
+<Directory /usr/local/www/cgi-bin.default>
+ Options +ExecCGI
+</Directory>
+
+
# *** *** ***
#
-# Also, Zope, in spite of some fussing about "security", totally ignores
-# the man in the middle. So, all contacts to Zope management screens are
-# made to require SSL.
-#
-<LocationMatch "/Zope/(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
- SSLRequireSSL
-</LocationMatch>
-#
-# One final notice: If you can't get working your authentication with Zope
-# check if the access file in the Zope base directory (maybe this is
-# /usr/local/www/Zope or the like) contains a CLEARTEXT password. If
-# encryption there is set to SHA, to my knowledge, authentication does not
-# work. Try `python zpasswd.py -u zopemaster -p test -e CLEARTEXT access`
-# (in the Zope base dir). This sets the required username/passwd pair to
-# zopemaster/test respectively and stores them as CLEARTEXT password.
-# Don't forget the proper access restrictions to this file if you have
-# user access to the file system that it is stored on.
+# To require SSL to access the Zope management screens, uncomment the
+# next section:
+#
+#<IfDefine SSL>
+#<LocationMatch "/Zope/(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#
+#<LocationMatch "/cgi-bin/Zope.cgi(.*)manage(.*)">
+# SSLRequireSSL
+#</LocationMatch>
+#</IfDefine>
#
# End of Zope configuration section.