Joachim Werner <[EMAIL PROTECTED]> said:
>Apache can then also be used to serve
>static parts of your web site, like large documents or images. Also, Apache
>can be used to cache Zope requests.
I use Squid, not Apache as a reverse web proxy in front of Zope. I did a bit
of testing, and you can very well serve your static content from Zope in this
setup - I am planning to assign caching control properties to parts of the
document structure and make Zope 'kick' Squid for a refresh when cached
documents are edited. Initial experiments got me 500 requests per second
on cached documents - Zope wasn't touched at all.
>Regarding your problem: Set up a simple packet filter firewall (most Linux
>distros have scripts for that, e.g. SuSE has "firewals") and don't allow
>access to port 8080.
% ipchains -A input -S 0/0 -d 0/0 8080 -p tcp -j REJECT
should totally block port 8080. If you work from 220.127.116.11, you can do:
% ipchains -I input -S 18.104.22.168/32 -d 0/0 8080 -p tcp -j ACCEPT
and your machine is the only one that can get to this port. If you want
to have this done automagically, create /etc/ipchains.conf:
% cat >/etc/ipchains.conf <<EOF
-I input -S 22.214.171.124/32 -d 0/0 8080 -p tcp -j ACCEPT
-A input -S 0/0 -d 0/0 8080 -p tcp -j REJECT
and execute '/sbin/ipchains-restore </etc/ipchains.conf' from
/etc/rc.d/boot.local (or similar).
Disclaimers: I haven't tested these rules; you should have a kernel that does
packet filtering; you're not worth the root password if you let someone else
tell you firewalling rules without understanding /exactly/ what they do ;-)
Cees de Groot http://www.cdegroot.com <[EMAIL PROTECTED]>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD 1986 F303 937F E098 9E8B
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -