Forum OpenACS Q&A: Re: How do I serve up a directory without any perms, security, or cookies?

Wouldn't using Squid or Apache as a caching reverse proxy be simpler than redesigning your templates to explicity repoint certain URLs to a new webserver (Mathopd, tux, etc)?

You wouldn't have to invoke any TCL code for resources like css, gif, etc.  so it should be faster.  You also wouldn't have to migrate content into separate /resource folders for the custom code you've already written.

You might have to make sure cache headers work correctly,  but you could probably get around that by enabling caching on the basis of the URL extension (gif|css|jpg|etc).

Has anyone tried this?

That solution would probably be easiest on the developer and the production server itself. A lot of care needs to be taken with the headers to ensure things are working the way you want. Probably most images (but not image requests) go through some kind of security check, and permissions can change at any time.

But the first step in tuning a production server is to remove public images from, at least, the aolserver process. You could still run a pair of production servers where one handled secured images and the other page requests, you might get some benefit from that, but it would need to be tested.