Apache Security Configuration

Written by James McDonald

August 27, 2011

Apache Web Server Security Configuration
If you are thinking of moving to a self managed service one of the really important things is that you think heavily about security, especially of anything exposed to the web.

If you have apache running then it’s crucial to have something that is sniffing your incoming requests and knocking anything that doesn’t look right on the head.
Mod Security: http://www.modsecurity.org/
Some patterns for Mod Security to use: https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

Listing Currently Install DSO (Dynamic Shared Objects)

apachectl -t -D DUMP_MODULES

The purpose the above command is to allow you to identify and weed out any modules that are not absolutely required for your particular web applications to run.

Getting some process separation using SUEXEC (SLOW)
http://blog.stuartherbert.com/php/2007/12/18/using-suexec-to-secure-a-shared-server/
You may need this so that you can further enforce the separation between web sites by having them served as different users.

A Better Way Using fcgid
http://blog.stuartherbert.com/php/2008/10/07/can-you-secure-a-shared-server-with-php-fastcgi/

0 Comments

Submit a Comment

Your email address will not be published.

You May Also Like…

PHP Iterators

Just came across a Youtube talk "Iterators in PHP" by Jake Smith published in 2014 that steps through the many...

PHP array_map Multiple Arrays

array_map can take multiple arrays. I like how it starts mapping through them starting at the first element of each...