Neech
n00b
Joined: 21 Sep 2003
Posts: 72
Location: Ottawa, Canada
|
 Posted: Mon Oct 04, 2004 4:46 pm Post subject: securing mod_fastcgi |
 |
|
Since i switched to ruby ( www.rubyonrails.org ) for my web development i'm installing fastcgi. Right now i'm only trying to get php to work to get a feel for the whole thing.
I think I mostly figured out the whole thing, i'm using php-cgi as a hardlink in /var/www/bin as php server.
The problem is that fastcgi seems to require that the php executable is reachable under the htdocs directory (why?).
It also seems to require that its requestable by the web browser. As soon as I deny permission to requests to the php executable directly i get permission denied on all php scripts on the server.
Isn't that a huge security problem ?
Here is my module.d/20_mod_fastcgi.conf:
| Code: |
<IfDefine FASTCGI>
<IfModule !mod_fastcgi.c>
LoadModule fastcgi_module extramodules/mod_fastcgi.so
</IfModule>
<IfModule mod_fastcgi.c>
Alias /bin/ /var/www/bin/
<Directory /var/www/bin/>
# <Limit GET POST OPTIONS PROPFIND>
# Order deny,allow
# Deny from all
# </Limit>
SetHandler fastcgi-script
Options +ExecCGI
</Directory>
AddHandler fastcgi-script .fcgi
# php apps
FastCgiServer /var/www/bin/php -processes 5
AddHandler php-fastcgi .php
Action php-fastcgi /bin/php
DirectoryIndex index.php index.html
AddType application/x-httpd-php .php
</IfModule>
</IfDefine>
|
Thanks for the help |
|
Networking & Security
