[OWASP-LEADERS] Filters / dyn vs. static
ingo at ingostruck.de
Sat Nov 9 09:08:45 EST 2002
> Q for Ingo: What is the reason to combine HTTPD (apache) and AS
> (tomcat)? And
> have the DB standalone? Why not vice versa?
The answer is really simple:
- the part which will produce / serve the lion's share of the load will be
the web server. Most DoS attacks (overload) will hit the web server
and not the app server (if config is well done)
- the part which is most sensitive is the db.
- the task of data administration is complex enough to need a dedicated
So, if you think of an advanced setup, you should have this one:
FW --- WS/AS1, WS/AS2, WS/AS3 -- DB1, DB2
Another reason for that is, that webserver/appserver are rather close-knit.
If you want to benefit from the full power of load balancing that a good
WS-AS setup may provide (e.g. http with mod_jk), then you just can't run
them on seperate machines. In general the WS-AS breakup is really only
for performance reasons. In a better world the AS (tomcat) would be secure
and powerful enough to be run standalone. :o)
More information about the OWASP-Leaders