> I also worry about the security of reverse proxy mode. > For example, if a hacker want to destroy my system, he construct a > wicked HTTP request package to my system. After the Apache HTTP Server > received the HTTP request package, it will forward the package to > Tomcat. So, the Tomcat will be destroyed. > > But I have read passages about reverse proxy, all of them say that > reverse proxy is very secure. If it works like I've just written, it's > not secure any more. You could run something like mod_security on your proxy servers if you were worried about what kinds of requests were forwarded to your backend, and wanted to make something "more secure" by putting a proxy in front of it. As it stands now in your scenario, adding the reverse proxy does not harm the security of the solution. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx