how to. This works well and Apache serves Zope pretty well and we can even use SSL (there are some issues to be resolved that I suspect are due to misconfiguration on our server). However, I can always access Zope directly using port 8080 (or whatever port where ZServer is listening to) without SSL.
This is aboviously not the intended behaviour. Is there a way to prevent this? I know there is ZServerSSL but isn't the whole point of using Apache that it is a better and more robust web-server than Zserver? (apart from the fact that we need to serve a lot of static content as well).
What are the main resons for serving Zope behind Apache?
A lot of Zope sites (including www.zope.org itself) actually use Apache only as a proxy server, i.e. Apache doesn't SERVE the content, but just relays requests to ZServer (you'd need the SiteAccess product on the Zope part for this configuration option). So you can have different Zope servers serve parts of the same web site, use Apache to set up virtual servers, or easily set up SSL for parts of your site. Apache can then also be used to serve static parts of your web site, like large documents or images. Also, Apache can be used to cache Zope requests. ZServer (with or without Apache as a proxy) is definitely faster than any other option (FastCGI, ...). Regarding your problem: Set up a simple packet filter firewall (most Linux distros have scripts for that, e.g. SuSE has "firewals") and don't allow access to port 8080. Cheers Joachim.