Which is more secure: Tomcat standalone or Tomcat behind Apache?

java apache-2.2 tomcat

Update 2021:
I dont like my old answer. I am not changing it. But I don't like it.

Before update 2010:

What would make Tomcat + Apache less secure?

  1. Larger surface of attack. More code is parsing the request. So there is larger chance that a security bug is encountered/exploited.
  2. More fixes to install, More configuration files to get correct and more security setting to get right. Greater chance to human error.

What would make Tomcat + Apache more secure?

Don't know.

Related

Space in value part of RewriteMap
edge server 2016 not receiving email, blocked ports?
Configuring Multiple NICs on Windows 2008 Server for Network Backup
Stop messages from going to /var/log/debug
How to Loadbalance Outgoing Traffic with Iptables?
Connecting AWS AD to Azure AD
What is a HP Smart Array P822 Transient Data Drive
How to forward client ip to App server via Haproxy TCP/IP loadbalancer?
nftables queue with script
Ubuntu 20.04 new fresh LVM on 5TiB shows just 4.1 TiB space
Mod-rewrite Port in Apache2
Unable to play FIFA 2022 online matches on Nintendo Switch