Very simple if the frontend webserver sits on the same machine: Have Zope listen on a port on localhost only. Then your frontend server simply redirects/rewrites/whatever to that port on localhost. Thus Zope won't be reachable on any external interface.
Ah...good point. Thanks for reminding me. That is a step in the right direction.
BUT, it still seems to me that it isn't as good a named pipe (although I'd be glad to be proven wrong) because with a named pipe *you can control the permissions of the pipe* whereas anyone can connect to the localhost port if they have an account on the machine.
Am I missing something again? :-)
I have never seen any situation in which I needed to exert control over the connection between the frontend web server and Zope beyond "securing" access so no one from the outside can talk to it. I don't quite get what the problem is. jens