Lutz, Perfect, this is the information I was looking for.
In the Apache example, when you say you are running multiple instances of your application, are you manually implementing the load balancing or somehow have Apache performing the load balancing? This load balancing is something of great interest to me, especially when wanting to run multiple instances, but it is an area I'm not very strong in. Are you using 4D Client as the "instances" all pointing to a single 4D Server? Any insight is appreciated! Best, Steve -----Original Message----- From: 4D_Tech <[email protected]> On Behalf Of Epperlein, Lutz (agendo) via 4D_Tech Sent: Tuesday, November 26, 2019 8:34 AM To: '4D iNug Technical' <[email protected]> Cc: Epperlein, Lutz (agendo) <[email protected]> Subject: AW: 4D Web Server Security It depends ... If the customer wants to run the application on their own (virtual) hardware then port 80 and/or 443 is used. But this run configuration isn't in the focus of the audits. In all other cases, application is accessible over the internet, we use an Apache web server in front. But the reason for that aren't security considerations, it is simply because we run multiple instances of our application behind it and we configure different virtual hosts for the Apache server, each virtual host works as a reverse proxy/gateway for each app instance. Then every application runs on an different port. From the outside it appears as port 80, since the Apache runs on this port. The audits have different areas, so they pay special attention to our rather exotic server software. But as I said, the IT security guys were surprised about the high standard of 4D. Regards Lutz ********************************************************************** 4D Internet Users Group (4D iNUG) Archive: http://lists.4d.com/archives.html Options: https://lists.4d.com/mailman/options/4d_tech Unsub: mailto:[email protected] **********************************************************************
