Joachim Werner <joe@iuveno.de> said:
Apache can then also be used to serve static parts of your web site, like large documents or images. Also, Apache can be used to cache Zope requests.
I use Squid, not Apache as a reverse web proxy in front of Zope. I did a bit of testing, and you can very well serve your static content from Zope in this setup - I am planning to assign caching control properties to parts of the document structure and make Zope 'kick' Squid for a refresh when cached documents are edited. Initial experiments got me 500 requests per second on cached documents - Zope wasn't touched at all.
Regarding your problem: Set up a simple packet filter firewall (most Linux distros have scripts for that, e.g. SuSE has "firewals") and don't allow access to port 8080.
Something like % ipchains -A input -S 0/0 -d 0/0 8080 -p tcp -j REJECT should totally block port 8080. If you work from 1.2.3.4, you can do: % ipchains -I input -S 1.2.3.4/32 -d 0/0 8080 -p tcp -j ACCEPT and your machine is the only one that can get to this port. If you want to have this done automagically, create /etc/ipchains.conf: % cat >/etc/ipchains.conf <<EOF -I input -S 1.2.3.4/32 -d 0/0 8080 -p tcp -j ACCEPT -A input -S 0/0 -d 0/0 8080 -p tcp -j REJECT EOF and execute '/sbin/ipchains-restore </etc/ipchains.conf' from /etc/rc.d/boot.local (or similar). Disclaimers: I haven't tested these rules; you should have a kernel that does packet filtering; you're not worth the root password if you let someone else tell you firewalling rules without understanding /exactly/ what they do ;-) -- Cees de Groot http://www.cdegroot.com <cg@cdegroot.com> GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD 1986 F303 937F E098 9E8B