[Zope] Reasons for Apache?? SSL?? (was "Running Mailman CGI under Zope ZServer")

[Joachim Werner]

> how to. This works well and Apache serves Zope pretty well and we can even
> use SSL (there are some issues to be resolved that I suspect are due to
> misconfiguration on our server). However, I can always access Zope
directly
> using port 8080 (or whatever port where ZServer is listening to) without
> SSL.
>
> This is aboviously not the intended behaviour. Is there a way to prevent
> this? I know there is ZServerSSL but isn't the whole point of using Apache
> that it is a better and more robust web-server than Zserver? (apart from
the
> fact that we need to serve a lot of static content as well).
>
> What are the main resons for serving Zope behind Apache?

A lot of Zope sites (including www.zope.org itself) actually use Apache only
as a proxy server, i.e. Apache doesn't SERVE the content, but just relays
requests to ZServer (you'd need the SiteAccess product on the Zope part for
this configuration option). So you can have different Zope servers serve
parts of the same web site, use Apache to set up virtual servers, or easily
set up SSL for parts of your site. Apache can then also be used to serve
static parts of your web site, like large documents or images. Also, Apache
can be used to cache Zope requests. ZServer (with or without Apache as a
proxy) is definitely faster than any other option (FastCGI, ...).

Regarding your problem: Set up a simple packet filter firewall (most Linux
distros have scripts for that, e.g. SuSE has "firewals") and don't allow
access to port 8080.

Cheers

Joachim.