I like the squid-in-front config because it buys us the best of all worlds for our diverse setup. We run Apache to support static content, PHP, and some legacy CGI scripts too, as we have a large site with very diverse offerings and products built on a variety of development platforms; our Zope apps just don't use Apache as a front end, for us, it looks like this: ^ | /|\ v | +------------------------+ | Cache (squid pt. 80)-+ | | | /|\ | | | | | | | | +->{redirector} | | +----------------------|-+ ________________/ \______\_________________ \ \ \ +---------\------\------------+ +-\-----------+ | Node \ \ | | Node | | [Apache Port 80] \ | | Same Config | | (PHP,Perl,Static) \ | +-------------+ | [ Zope Port 9673 ] | +-----------------------------+
This is the main reason I spent that time looking at squid - the security aspect. But, we've built up quite a bit of experience with Apaches ReWriteRules and have a requirement for PHP and (cough) Perl scripts to run alongside our Zope sites as well.