Serve model depending on http/https

[Thadeus Burgess]

Lets say I have an application, the public portion of the website gives information and allows people to sign up to say a mailing list.

Now I also want to use the same database models for the admin area, where owners of this site can log in, edit users, send out mailing, respond to questions, etc etc.

The web panel portion of the site needs to run under https, and needs to access the database of users that have signed up, however that is the only thing it needs to access is the db (which is using a mysql backend).

Should I just symlink the db.py and run two apps? or is there a better solution?

-Thadeus

[mdipierro]

Why two apps? Why not two controllers in the same app?
The admin controller could use

session.secure()

and that would make sure you cannot login without https (would not
work with mod_proxy).


Massimo

[Thadeus Burgess]

I am attempting to install mod_wsgi and having difficulty with it.

Two controllers would work with session.secure() (that is a decorator right? so @session.secure)

-Thadeus

[mdipierro]

It is not a decorator. You just say

session.secure() is a controller or a funciton

On Oct 22, 12:43 pm, Thadeus Burgess <thade...@thadeusb.com> wrote:
> I am attempting to install mod_wsgi and having difficulty with it.
>
> Two controllers would work with session.secure() (that is a decorator right?
> so @session.secure)
>
> -Thadeus
>

[Thadeus Burgess]

Ok gotchya :)

Thanks

-Thadeus

[Thadeus Burgess]

When using session.secure() it will still allow connections to the controller by regular http(). However I do not want any access, login form or otherwise to this controller unless its over https.

Would I need to specify this on Apache VirtualHost configuration, like admin is set in the book. Or is there a better way to do this in just web2py?

-Thadeus

[mdipierro]

unless you use web2py with a proxy you can apply http(s) filters using
routes_in. It in the manual.

massimo

On Nov 2, 2:00 pm, Thadeus Burgess <thade...@thadeusb.com> wrote:
> When using session.secure() it will still allow connections to the
> controller by regular http(). However I do not want any access, login form
> or otherwise to this controller unless its over https.
>
> Would I need to specify this on Apache VirtualHost configuration, like admin
> is set in the book. Or is there a better way to do this in just web2py?
>
> -Thadeus
>

> On Thu, Oct 22, 2009 at 12:25 PM, Thadeus Burgess <thade...@thadeusb.com>wrote:
>
> > Ok gotchya :)
>
> > Thanks
>
> > -Thadeus
>

[Thadeus Burgess]

Thanks. I ended up using a declaration in apache config file with redirection.

-Thadeus

[Wes James]

Do you have an example? I've been using some rewrite rules for plone
to go from http to https and they work fine. When I do the same type
of rewrite rule for web2py it's like it is being ignored.

-thx,

-wes

[mdipierro]

routes_in=(('.*:http://hostname.com:(get|post) /appname.*', '...'),)

where '...' is a web2py action that redirects to 'https://hostname.com/
appname'

On Nov 2, 2:18 pm, Wes James <compte...@gmail.com> wrote:
> Do you have an example?  I've been using some rewrite rules for plone
> to go from http to https and they work fine.  When I do the same type
> of rewrite rule for web2py it's like it is being ignored.
>
> -thx,
>
> -wes
>

> On Mon, Nov 2, 2009 at 1:05 PM, Thadeus Burgess <thade...@thadeusb.com> wrote:
> > Thanks. I ended up using a declaration in apache config file with
> > redirection.
>
> > -Thadeus
>

[Thadeus Burgess]

In my virtualhost declartion, from the book chapter 11.

You have two virtualhosts, one for http and another for https. In the http I just add a redirect 301 https....

-Thadeus