RE: [Zope] apache open proxy configuration problem
Title: RE: [Zope] apache open proxy configuration problem
I abandoned mod_proxy for mod_rewrite. Security-wise, mod_rewrite had
less to worry about (this is important when website administration
changes hands).
The sample configuration below shows how to handle Zope resource
quirks and how to proxy requests to and from folders in Zope (both
tested). The last rule is my guess at what proxy everything to and
from Zope would look like (untested). Apache is listening on 80 and
routes requests to a Zope instance listening on 8080.
IfModule mod_rewrite.c
RewriteEngine On
RewriteLog /path/to/rewrite_log
# Zope serves some system-ish content from p_ and misc_.
RewriteRule ^/p_(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/p_$1 [L,P]
RewriteRule ^/misc_(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/misc_$1 [L,P]
# Apache folders served by Zope folders.
RewriteRule ^/folder1(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/folder1$1 [L,P]
RewriteRule ^/folder2(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/folder2$1 [L,P]
# Push everything to Zope?
RewriteRule ^(.*) http://127.0.0.1:8080/VirtualHostBase/http/%{HTTP_HOST}/VirtualHostRoot/$1 [L,P]
/IfModule
Aloha,
Priam
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ed Colmar
Sent: Saturday, October 15, 2005 9:19 AM
To: zope@zope.org
Subject: [Zope] apache open proxy configuration problem
I've been running zope through apache for years and years now, and I
have a new machine set up with apache 2.0.48 and zope (Zope 2.8.0-final,
python 2.3.5, linux2)
Using Identical Vhost configuration settings from an old machine all has
been well, up until about 5 days ago, when I noticed the machine getting
slammed, and wierd logs started showing up like:
xxx.xxx.xxx.xxx - - [14/Oct/2005:14:09:06 -0700] GET
http://partners.mygeek.com:80/search.jsp?partnerid=98885=12
HTTP/1.1 403 406
(IP removed to protect the guilty)
In my quick research to try to determine the problem, I found people
advising to turn ProxyRequests Off, which I did, but did not have any
effect.
Luckily this is just a development server, not a live production server,
so its not super critical, but I'm nervous now that my production server
might be in the same state...
Here is a sample vhost.conf entry:
NameVirtualHost 192.168.1.32
VirtualHost 192.168.1.32
ServerName www.greengraphics.net
ServerPath /var/www/greengraphics/www
DocumentRoot /var/www/greengraphics/www
ServerAdmin webmaster
RewriteEngine On
TransferLog logs/Vhost-greengraphics-access.log
ProxyRequests Off
Proxy *
Order deny,allow
Allow from all
/Proxy
ProxyPass /
http://192.168.1.32:8080/VirtualHostBase/http/www.greengraphics.net:80/greengraphics/VirtualHostRoot/
ProxyPassReverse /
http://192.168.1.32:8080/VirtualHostBase/http/www.greengraphics.net:80/greengraphics/VirtualHostRoot/
/VirtualHost
mod_proxy.conf looks like:
IfDefine HAVE_PROXY
IfModule !mod_proxy.c
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
/IfModule
/IfDefine
IfModule mod_proxy.c
#
# Proxy Server directives. Uncomment the following lines to
# enable the proxy server:
#
ProxyRequests Off
Proxy *
Order deny,allow
Deny from all
# Allow from .your-domain.com
/Proxy
#
# Enable/disable the handling of HTTP/1.1 Via: headers.
# (Full adds the server version; Block removes all outgoing Via:
headers)
# Set to one of: Off | On | Full | Block
#
ProxyVia On
# End of proxy directives.
/IfModule
any suggestions? places to look to verify security?
Thanks!
-ed
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Exporting Plone objects to Zope CMF
Title: RE: [Zope] Exporting Plone objects to Zope CMF Thanks jcc. I didn't consider FTP at all. I FTP-ed the CMF site to my laptop, reorganized and pruned things filesystem-wise (where grep and friends helped out), then FTP-ed the sanitized tree up to my local Zope instance. With two browsers, gvim, ExternalEditor, and good old copy/paste, it didn't take long to get into a rhythm. One thing to note is that when the files on the filesystem were FTP-ed up to Zope, some got lost when I uploaded them directly into a CMF folder. I gave them their own folder in the top of the ZMI and everything of substance wound up as a file or a DTML document. Aloha, Priam Kanealii, Priam Mr KRS wrote: Dear Zope-list, Running with Zope 2.7.5 Plone 2.0.5.. What nice method exists, if any, to export CMF-ish things like documents, events, and news items from Plone to ZopeCMF? (Or, what search terms may have escaped me?) Ideally, I'd like to be able to export folders in Plone and import them to Zope CMF such that Plone-ized CMF items were magically de-Ploned (and allow for sufficiently Plone-ized things to remain broken). Unfortunately, importing folders or most other objects raises a Copy Error:: Object *broken* does not support this operation. I'm just wondering if there are options to porting content by hand ..which will be less than a day's work in this case (we're just getting started). In absence of a nice method, I'm curious what methods others may have applied in a similar situation. I don't think that's a very common task. Plone over-rides most (or all) of the basic CMF types, and so you wouldn't be able to import them in a site without the Plone software installed. Though, perhaps, you can use FTP to download from one and upload to the other. May lose workflow state and maybe other metadata that way, though. If that's a problem, see CMFSetup and CMFSetupExtensions, which will allow you to export/import your site in XML, retaining metadata. You might have to go and edit the type fields in the XML, though. Though if doing it by hand will only take a day, I might not bother. --jcc ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Exporting Plone objects to Zope CMF
Title: Exporting Plone objects to Zope CMF Dear Zope-list, Running with Zope 2.7.5 Plone 2.0.5.. What nice method exists, if any, to export CMF-ish things like documents, events, and news items from Plone to ZopeCMF? (Or, what search terms may have escaped me?) Ideally, I'd like to be able to export folders in Plone and import them to Zope CMF such that Plone-ized CMF items were magically de-Ploned (and allow for sufficiently Plone-ized things to remain broken). Unfortunately, importing folders or most other objects raises a Copy Error:: Object *broken* does not support this operation. I'm just wondering if there are options to porting content by hand ..which will be less than a day's work in this case (we're just getting started). In absence of a nice method, I'm curious what methods others may have applied in a similar situation. Mahalo, Priam ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
