Zope on Port 80
Terry Hancock
hancock at anansispaceworks.com
Wed Jan 15 15:47:58 EST 2003
Peter Hansen wrote:
> Andrew Veitch wrote:
>> It's not that good an idea to expose Zope to the outside world anyway,
>> I'd suggest running Apache on port 80 and re-direct to Zope on
>> localhost:8080
>
> Is this comment based on fear of the unknown, or are there specific
> security issues which concern you about exposing Zope to the outside
> world.
I don't think it's necessarily a security issue, but I've seen Zserver lock
up or thrash under fairly small loads, but not have problems when Apache
was in front of it. I've never investigated far enough to know if this was
really due to problems in Zserver, or something more specific to my
installation. It's been awhile since I tried it, but I think it had to do
with making a lot of repeated requests for the same data.
I can think of several reasons why this might be so -- better response to
malformed HTTP requests, caching, or better multi-threaded response to
loads. I'm not qualified to say which if any applies, though.
So I think it's more a question of performance than security (beyond maybe
a DOS attack). It's apparently still better to put a proxy cache like
Squid in front, but I've never tried that.
Cheers,
Terry
--
Anansi Spaceworks
http://www.anansispaceworks.com
More information about the Python-list
mailing list