We have a new firewall and firewall guru... He wants the firewall to
handle and route port 80/443 requests to pound instances running on port
8080 and 8443. Whereby pound routes said requests to appropriate
back-end Zope servers (running on other high-end ports). Obviously - in
this new scenario - Zope will return requests with the 8080 and 8443
ports attached to the response URL. He wants Zope to respond, in-kind,
with URLs re-written to port 80 and 443. I have tried messing with Site
Access (messing with SERVER_URL in the REQUEST) and can strip out the
8080 and replace with 80, but there are side effects and this just
doesn't seem right.
Is there a saner way, possibly within the zope.conf config items (like
CGI) or some other deep "ZopeZen" magic that can address this or would
it require some deep patching ..??
Certainly Apache (re-write) between pound and Zope would probably
address this but that seems kinda silly...
Yes - we had a very nice, clean, simple setup before with pound running
on the low ports, however, there seems to be concerns (now) that pound
is a security risk running on low ports in our DMZ. I recommended
RootJail but it seems he is insisting on pushing this new scenario.
Any suggestion(s) or points to docs greatly appreciated..
Long time Zope user....
TIA
Eric
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
