Securing Apache
Results 1 to 6 of 6

Thread: Securing Apache

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    651

    Securing Apache

    Hey gang. I found this on Security Focus today. It seems like a pretty good guide. Let me know what you think.

    Before we start securing Apache, we must specify what functionality we expect from the server. Variety of Apache's use makes it difficult to write a universal procedure to secure the server in every case. That's why in this article we'll base on the following functionality:

    -the Web server will be accessible from the Internet only static HTML pages will be served

    -the server will support name-based virtual hosting mechanism

    -specified Web pages can be accessible only from selected IP addresses or users (basicauthentication)

    -the server will log all the Web requests (including information about Web browsers)
    Get the full article here.

    Enjoy.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  2. #2
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    It's a good article, though a lot of it is *nix-specific and I would really expect a 'securing Apache' article to apply to Windows platforms as well.
    Paul Waring - Web site design and development.

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Unfortunately it's rather idealised. Not very many people run Apache servers where they serve static content only from a chroot, they should come back into the real world

    Slarty

  4. #4
    AO Antique pwaring's Avatar
    Join Date
    Aug 2001
    Posts
    1,409
    Originally posted here by slarty
    Unfortunately it's rather idealised. Not very many people run Apache servers where they serve static content only from a chroot, they should come back into the real world

    Slarty
    Good point, and they totally ignore running Apache on other platforms (it works fine on my Win2k machine - there might be lots of vulnerabilities but that doesn't matter on a development platform).
    Paul Waring - Web site design and development.

  5. #5
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    OpenBSD's apache comes chrooted by default since obsd3.2.
    While it is slighly more complicated, it is possible to serve dynamic content from a chroot...
    Many people have php & postgresql/mysql serving from a chroot apache. All (*) you need is your php binaries inside your chroot as well as perhaps /etc/hosts to resolve localhost or what ever hostname you need, and connect to your database through sockets instead of named pipes...

    (Ok, I admit I haven't bothered to try it myself, but it is doable)

    Ammo
    Credit travels up, blame travels down -- The Boss

  6. #6
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Thanks for the insight peeps - too bad I didn't write the article to change it. Maybe I can do a tut for Apache newbies like myself.


    Thanks again for the responses.

    t2k2
    Opinions are like holes - everybody\'s got\'em.

    Smile

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •