Joachim Werner <[EMAIL PROTECTED]> said:
>Apache can then also be used to serve
>static parts of your web site, like large documents or images. Also, Apache
>can be used to cache Zope requests. 
I use Squid, not Apache as a reverse web proxy in front of Zope. I did a bit
of testing, and you can very well serve your static content from Zope in this
setup - I am planning to assign caching control properties to parts of the 
document structure and make Zope 'kick' Squid for a refresh when cached 
documents are edited. Initial experiments got me 500 requests per second
on cached documents - Zope wasn't touched at all. 

>Regarding your problem: Set up a simple packet filter firewall (most Linux
>distros have scripts for that, e.g. SuSE has "firewals") and don't allow
>access to port 8080.
Something like
% ipchains -A input -S 0/0 -d 0/0 8080 -p tcp -j REJECT
should totally block port 8080. If you work from, you can do:
% ipchains -I input -S -d 0/0 8080 -p tcp -j ACCEPT
and your machine is the only one that can get to this port. If you want
to have this done automagically, create /etc/ipchains.conf:

% cat >/etc/ipchains.conf <<EOF
-I input -S -d 0/0 8080 -p tcp -j ACCEPT
-A input -S 0/0 -d 0/0 8080 -p tcp -j REJECT

and execute '/sbin/ipchains-restore </etc/ipchains.conf' from
/etc/rc.d/boot.local (or similar).

Disclaimers: I haven't tested these rules; you should have a kernel that does
packet filtering; you're not worth the root password if you let someone else
tell you firewalling rules without understanding /exactly/ what they do ;-)

Cees de Groot          <[EMAIL PROTECTED]>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD  1986 F303 937F E098 9E8B

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to