Hmm. I think you're trying to diff 2 apps from a different class. Apache is a server, and isn't capable of making decisions on what to let tru except it's got to enter on a TCP port like 80 or 443 to be processed, a firewall like ipchains (somewhat) can. OTOH, from what I've read Apache is able to take care of some form of redirection, (like loadbalancing?) and you get to use all the other modules like mod_rewrite, which ipchains can't cuz itll use static rules. Next to that it seems Proxy rewriting breaks some protocols like DAV, which ipchains couldn't.
I'm kinda wondering what the difference in performance would be...
Just my thoughts, and I know it's not well argumented like in "functionality vs security", but if it where my case Id go for the fw solution.
Someone plz correct me if I'm vewwy wwonk.
|