André, actually I was provoking some comment like yours ;)
To the OP: There are a lot of threads regaring this topic here in the tomcat userlist, and I believe so are some information on the tomcat website. To complete André's posting regarding static content: Tomcat offers the option to use the Apache Portable Runtime (APR) when it comes to serving static content. Basically the APR is the same library Apache HTTPD uses to serve static content, which means, that Tomcat will not be slower than Apache HTTPD serving static content *if* the APR is used. If you have to serve static content using SSL, the difference in speed is remarkable compared Tomcat with and without using the APR. As André pointed out, Apache makes life a bit easier when it comes to things like proxying, URL-rewriting etc. All those things are possible with Tomcat, too, however, you'll have to implement them yourself, i.e. write a filter, a valve or even a servlet /jsp. The big plus in running Tomcat only is security: The more components you are using, the more possibilities there are that one of those components has a security relevant problem. An statement often seen is "using Apache HTTPD and Tomcat doubles security since you have two components implementing security measures". This statement is definatley wrong: Each additional component multiplies the possibility of a security problem. OK, having said that plus André's posting, I figure you've got same useful information on judging if you want to front Tomcat with Apache HTTPD or not. Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
