[Zope] Zope behind non-Apache webservers

[Jamie Heilman]

Terry Hancock wrote:
> Seems to me, all you need is support for the re-write rules and
> virtual-hosting to get Zope running behind any HTTP daemon.

Pretty much...  The basic requirement is a server capable of being
configured to act as an HTTP Gateway.  (see glossary...
http://www.w3.org/Protocols/rfc2616/rfc2616-sec1.html#sec1.3) People
seem to frequently confuse this with a proxy server, though they
aren't really the same, but why split hairs.  Apache happens to
support gateway configuration mode via the combination of mod_proxy
and mod_rewrite, but thats not the only way it could be done.

There are some important features the gateway software should support
if its going to be used in combination with Zope.  Primarily the
Gateway server should be capable of being configured to sanitize
requests, and reject requests which could prove harmful should they
reach Zope.  Zope is quite prone to Denial of Service attacks, cross
sight scripting, and resource starvation if its configured wrong or
left too unprotected.  Being able to rewrite the URIs for requested
resources is certainly a good feature to look for.

I know nothing about the other httpd's mentioned, but I will say that
Apache isn't nearly as feature-heavy as people seem to think.  I think
what a lot of folks don't understand is that Apache's primary feature
is its portable and modular nature.  If you don't want Apache-based
web server to be feature rich, just don't load modules you don't need,
it could greatly reduce resident memory usage and improve the
performance of the service overall.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81.  People said, "No, Holly,
 she's not for you." She was cheap, she was stupid and she wouldn't
 load -- well, not for me, anyway."                     -Holly