nivek98
n00b
Joined: 27 Jul 2004
Posts: 37
|
 Posted: Sat Jul 08, 2006 5:28 am Post subject: Apache Security |
 |
|
I'm in the process of researching what can be done to beef up Apache's security. Since I am running a Gentoo server, I wanted to get the Gentoo community's opinion on Apache security.
Currently i'm running a simple LAMP(Linux/Apache/MySQL/PHP) setup with not much of a care for security since, until now, I've been the only one using it. Versions of software listed below:
Apache 2.2.2 (I may use the threaded mpm-worker if I can do PHP using FastCGI)
PHP 5.1.4
MySQL 5.0.22
Here are some of the areas I'd like to improve:
1) First off i'd like PHP running as different users for different vhosts. I've seen mod_suphp and am wondering what else is available. Also, how does PHP+FastCGI work with Apache? I'd like to be able to run Apache threaded if possible because loads will be increasing soon and I've got a SMP server.
2) The classic Apache must be able to read everyone's htdocs problem. I find it a pain to make sure that the apache user/group is always able to read the files. I'm wondering if there is some way i can make apache process requests as a certian user per vhost. I've already tried mpm-peruser and it takes some patching to get it to compile, and when tested, still was unable to read the files.
3) I'm also looking at something like mod_chroot. It seems like mod_chroot has it's fair share of problems, what other implementations are available?
4) Any user suggested ways of improving security would be greatly appreciated as well.
-Nivek98 |
|
Networking & Security
