我想知道如何禁用对plone4 server的webdav访问.服务器配置为阻止对常规zope客户端端口(8080和8081)的所有直接http访问,并且无法通过ploneservername:8080地址从外部访问plone.这是因为我们希望对所有客户端连接进行加密.我已经对其进行配置,以便所有访问都必须通过运行在侦听/终止端口443上的SSL的同一服务器上的apache2服务进行代理.标准的zope侦听端口(8080、8081、8100)仅配置为侦听127.0.0.1地址,则无法从包装箱外部获得它们. apache服务将所有SSL/443流量代理到127.0.0.1:8080,这是zope客户端正在监听的内容.
I would like to know how I can disable webdav access to my plone4 server. The server is configured to block all direct http access to the normal zope client ports (8080, and 8081), and it is impossible to access plone externally via the ploneservername:8080 address. This is intended as we want all client connections to be encrypted. I have configured it so that all access has to be proxied via an apache2 service running on the same server that listens/terminates SSL on port 443. The standard zope listening ports (8080, 8081, 8100) are only configured to listen on the 127.0.0.1 address, they are not available from outside the box. The apache service proxies all SSL/443 traffic to 127.0.0.1:8080 which is what the zope client is listening on.
包装盒上,外部客户端可以连接的唯一端口是443,该端口由apache服务,并代理到http/8080地址(通过使用virtualhostmonster的proxypass指令).这一切都完美地工作.
The only port that external clients can connect to on the box is 443 which is served by apache, and which proxies to the http/8080 address (via proxypass directive using the virtualhostmonster). This all works perfectly.
问题在于,webdav客户端仍然能够通过SSL/port443连接到盒子并成功进行身份验证和上载/下载文件.即使未在plone配置文件中的任何位置打开/配置webdav端口,并且通过netstat -ap查看服务器时,服务器未在侦听webdav连接,情况仍是如此.我已经能够使用ploneserveraddress URL使用2个不同的webdav客户端(内置的bitkinex和win7)进行连接.我的印象是,只有通过配置文件的zope实例部分明确启用了webdav时,webdav才可用.
The problem is that webdav clients are still able to connect to the box via SSL/port443 and successfully authenticate and upload/download files. This is the case even though the webdav port hasn't been opened / configured anywhere in the plone config files, and the server is not listening for webdav connections when viewed through netstat -ap. I have been able to connect using 2 different webdav clients (bitkinex and win7 built-in), using the ploneserveraddress URL. I was under the impression that webdav should only be available if it's been explicitly enabled via the zope instance sections of the config file.
有没有一种方法可以完全关闭webdav访问?只是从配置文件中忽略它并不能阻止我们通过apache/443/SSL进入时使用此方法进行连接.任何帮助,将不胜感激.谢谢.
Is there a way to completely shut down webdav access? Simply ommiting it from the config files hasn't stopped us being able to connect using this method when going in via apache/443/SSL. Any help would be appreciated. Thanks.
推荐答案WebDAV在同一端口上运行(从4.0开始).除了任何其他Plone内部解决方案之外,您还可以将Apache配置为仅允许一些HTTP动词: httpd.apache/docs/2.1/mod/core.html#limit .在浏览器通常仅生成GET和POST的情况下,这有帮助. (不过,您可能需要仔细检查AJAX-y编辑器功能.)
WebDAV runs on the same port (since 4.0?). In addition to any other Plone-internal solutions, you can configure your Apache to only allow some HTTP verbs: httpd.apache/docs/2.1/mod/core.html#limit . This helps insofar as a browser usually only generates GET and POST. (You might want to double-check with the AJAX-y editor features, though.)
更多推荐
如何阻止人们通过webdav访问plone服务器?
发布评论