[triangle-zpug] Cool python security app
geoff at geoffdavis.net
Tue Jun 28 18:49:19 CEST 2005
On Tue, 2005-06-28 at 12:32 -0400, Chris Calloway wrote:
> Geoff Davis wrote:
> > (Note: For
> > those of you running Plone behind Apache, I learned the hard way that
> > selinux's targeted policy has a feature that breaks Apache's proxying.
> > You have to allow httpd scripts to access the network to restore
> > proxying.)
> Oh, man, thanks so much. I was just getting ready to do this. I just
> installed selinux to run Plone behind Apache. Does this apply to
> mod_rewrite as well, do you think?
If you look closely at the mod_rewrite setups for Apache 2.0 (and
presumably also for 1.3) you will mostly likely see the rewrite
directive followed by [L,P]. The L means do the rewrite and stop
processing (L = last), the P means proxy the result rather than redirect
to it. It's mod_rewrite's proxying that was breaking under the FC4
selinux targeted policy's default settings (I don't think FC3's version
of selinux has the same effect). If you're using Fedora Core 4, you can
change the settings with the security level configuration applet.
More information about the triangle-zpug