Hi The primary benefit is, that using mod_jk, the request is not pushed to a proxy. Having a proxy in between gives serveral problems:
- Authentication issues (as David mentioned) - Logging issues - Security issues All the last two come from the point, that each and every request is done by the same client [out of tomcats view], namely the apache server. Using proxy, the apache-server itself acts as HTTP Client and connects to tomcat. Using mod_jk, all request parameters are forwarded to tomcat, not using http at all. Tomcat can therefor see the clients IP and other things, that get hidden, if a proxy is in between. However, remember to diable access to tomcats AJP-port from the internet, since any attacker could also use the AJP protocol to give tomcat facked information. He could do a lot of attacks, giving a faked ip address and tomcat would log the wrong information. Regards, Steffen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
