Can Zope 2.4.0 be run "naked" (without Apache/Squid/IIS)?
On the "Zope Changes" page for Zope 2.4.0 (http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes mentioned is "Fixed handling of invalid HTTP requests." One of the main arguments (as I understood them) for running Zope behind Apache/Squid/IIS was that Zope was susceptible to denial of service attacks due to the way it handled HTTP requests. The Apache/Squid/IIS front-end was used to sanitize the HTTP request. Does the change made with the release of 2.4.0 fix this problem? If so, what other roadblocks are there to running Zope "naked"? Thanks, Aaron Gillette abg@comco-inc.com
Zope runs just fine without anything in front of it and despite the issues you mentioned have never had the slightest problem. Cheers. -- Andy McKay. ----- Original Message ----- From: <abg@comco-inc.com> To: <zope@zope.org> Sent: Tuesday, October 09, 2001 9:17 AM Subject: [Zope] Can Zope 2.4.0 be run "naked" (without Apache/Squid/IIS)?
On the "Zope Changes" page for Zope 2.4.0 (http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes mentioned is "Fixed handling of invalid HTTP requests."
One of the main arguments (as I understood them) for running Zope behind Apache/Squid/IIS was that Zope was susceptible to denial of service attacks due to the way it handled HTTP requests. The Apache/Squid/IIS front-end was used to sanitize the HTTP request.
Does the change made with the release of 2.4.0 fix this problem? If so, what other roadblocks are there to running Zope "naked"?
Thanks,
Aaron Gillette abg@comco-inc.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
On Tue, 9 Oct 2001 11:17:26 -0500, abg@comco-inc.com wrote:
On the "Zope Changes" page for Zope 2.4.0 (http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes mentioned is "Fixed handling of invalid HTTP requests."
One of the main arguments (as I understood them) for running Zope behind Apache/Squid/IIS was that Zope was susceptible to denial of service attacks due to the way it handled HTTP requests. The Apache/Squid/IIS front-end was used to sanitize the HTTP request.
yes
Does the change made with the release of 2.4.0 fix this problem?
not all of them
If so, what other roadblocks are there to running Zope "naked"?
I personally wouldnt expose a "naked" ZServer to an untrusted network without a major rewrite; it simply hasnt been designed for that job. Toby Dickenson tdickenson@geminidataloggers.com
I personally wouldnt expose a "naked" ZServer to an untrusted network without a major rewrite; it simply hasnt been designed for that job.
But 10.000 sites do.... :-) (Based on an internet statistics, that will not detect Zope behind Apache!) Regards, Stephan -- Stephan Richter CBU - Physics and Chemistry Student Web2k - Web Design/Development & Technical Project Management
A few related beginner's questions on this topic: When Zope is run together with apache, does that necessarily mean that it is being run as a CGI? When Zope is configured for CGI operation, does that mean that each hit on the site causes a Zope startup, opening of database files, etc., or does Zope still run as a server answer queries from CGI scripts? Finally, Does anybody know if it is possible to run Zope on a Verio VPS? (This is a virtual private server - basically a shell account with the ability to edit one's own httpd.conf to create multiple virtual hosts. No root access.) Frank. ----- The very act of seeking sets something in motion to meet us; something in the universe, or in the unconscious responds as if to an invitation. - Jean Shinoda Bolen
A few related beginner's questions on this topic:
When Zope is run together with apache, does that necessarily mean that it is being run as a CGI?
Zope *can* be used as a CGI but it's uncommon. Usually, PCGI or FastCGI is used, each of which (and I'm no expert but this is how I see it) fires off a very small wrapper process which talks to an already-running Zope process. Lots of times Zope isn't used with CGI, PCGI, or Fast CGI, its own ZServer is instead frontended by a reverse proxy like Apache's ProxyPass.
When Zope is configured for CGI operation, does that mean that each hit on the site causes a Zope startup, opening of database files, etc., or does Zope still run as a server answer queries from CGI scripts?
No, for the first reason above.
Finally, Does anybody know if it is possible to run Zope on a Verio VPS? (This is a virtual private server - basically a shell account with the ability to edit one's own httpd.conf to create multiple virtual hosts. No root access.)
Not sure, sorry...
Frank. ----- The very act of seeking sets something in motion to meet us; something in the universe, or in the unconscious responds as if to an invitation. - Jean Shinoda Bolen
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (7)
-
abg@comco-inc.com -
Andy McKay -
Chris McDonough -
Chris Withers -
Frank I. Reiter -
Stephan Richter -
Toby Dickenson