I would be better...The apache httpd web server is more versatile and its vulnerabilities are better researched. You can also add mod_security and other modules to further protect the Tomcat against common attacks (assuming you do not use a WAF firewall). Furthermore you can add more Tomcats and balance when needed... also on unix if you do not use jsvc or iptable you need to run tomcat as root for port 80 which is not a good idea...etc...
Rgds - Fred Caldarale, Charles R wrote: > >> From: mateo-jl [mailto:mateo...@orange.fr] >> Subject: re: redirection >> >> i think, the best way is to use the mod_jk module. So, in a firewall >> environment, you can have your web server (Apache) in the non-protected >> area and apache will redirect all requests (http:// ....:80 or nothing) >> at your Tomcat server (http:// ....:8080) within the protected one. > > In what way would that improve security? Since all requests would be > forwarded to Tomcat, adding httpd accomplishes nothing except additional > overhead and complexity. It's silly to place *anything* in a completely > unprotected area; you would still have a firewall in place restricting > access to just ports 80 and 443, even if httpd were handling those ports. > Might as well have Tomcat handle those ports directly. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > > -- View this message in context: http://www.nabble.com/redirection-tp22809932p22827189.html Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
