Zope on Port 80

Terry Hancock hancock at anansispaceworks.com
Wed Jan 15 21:47:58 CET 2003


Peter Hansen wrote:
> Andrew Veitch wrote:
>> It's not that good an idea to expose Zope to the outside world anyway,
>> I'd suggest running Apache on port 80 and re-direct to Zope on
>> localhost:8080
> 
> Is this comment based on fear of the unknown, or are there specific
> security issues which concern you about exposing Zope to the outside
> world.

I don't think it's necessarily a security issue, but I've seen Zserver lock 
up or thrash under fairly small loads, but not have problems when Apache 
was in front of it. I've never investigated far enough to know if this was 
really due to problems in Zserver, or something more specific to my 
installation.  It's been awhile since I tried it, but I think it had to do 
with making a lot of repeated requests for the same data.

I can think of several reasons why this might be so -- better response to 
malformed HTTP requests, caching, or better multi-threaded response to 
loads. I'm not qualified to say which if any applies, though.

So I think it's more a question of performance than security (beyond maybe 
a DOS attack).  It's apparently still better to put a proxy cache like 
Squid in front, but I've never tried that.

Cheers,
Terry

-- 
Anansi Spaceworks
http://www.anansispaceworks.com




More information about the Python-list mailing list