| 1 |
Hello, |
| 2 |
|
| 3 |
I've got (2.0.58-r2) installed and running. It displays a simple |
| 4 |
html web page just fine. It been quite a few years since I've been |
| 5 |
tagged with managing a web server... |
| 6 |
|
| 7 |
Anyway, I've found lots of URLs, some listed at the end of this |
| 8 |
message. I've also looked in /usr/portage/net-www and noticed |
| 9 |
lots of mod_* packages. |
| 10 |
|
| 11 |
I'm trying to use the security featues of apache2 without |
| 12 |
chrooting (I'm not even sure chrooting apache2 is necessary |
| 13 |
for good-to-strong web security? |
| 14 |
|
| 15 |
Is there a wiki or docs or suggestions as to which modules |
| 16 |
provide good web security in addition to mod_security? |
| 17 |
|
| 18 |
Here's what I need. |
| 19 |
|
| 20 |
Environment |
| 21 |
Mulitple domain names (around 20) on a single IP address (One machine) |
| 22 |
The Single (Static) IP address is allocated to the firewall. which |
| 23 |
currently successfully passes bidirectional port 80 traffic to/from |
| 24 |
the DMZ based apache2 web server. |
| 25 |
|
| 26 |
Java, php5, perl, mysql |
| 27 |
All web developers behind the firewall |
| 28 |
mod_security is installed |
| 29 |
|
| 30 |
When I look in //etc/apache2/apache2-builtin-mods I do not |
| 31 |
see any modules which are related to security, except mod_auth* |
| 32 |
and mod_secruity. Furthermore, I followed the emerge instructions |
| 33 |
and added this to my /etc/conf.d/apache2 file: |
| 34 |
|
| 35 |
|
| 36 |
Again, I'm not having trouble getting this to work, I'm just looking |
| 37 |
for a concise document/wiki/example on security for this |
| 38 |
sort of web server configuration. If not, then maybe a |
| 39 |
doc/wiki/example on setting up a minimalistic apache2 web server |
| 40 |
with good security. Then I could go on adding the languages/features |
| 41 |
to an apache2 web server, and incrementally test the web server |
| 42 |
for security as languages/features are added. Maybe using |
| 43 |
'nikto' or anyother suggested tools for web-server security |
| 44 |
scanning.....? |
| 45 |
|
| 46 |
|
| 47 |
Maybe I should keep thg web server offline until scans from |
| 48 |
nikto are clean? |
| 49 |
|
| 50 |
http://gentoo-wiki.com/Apache_Modules_mod_security |
| 51 |
http://gentoo-wiki.com/Apache2_Install |
| 52 |
http://localhost/manual/ <apache2 manual> |
| 53 |
http://www.gentoo.org/doc/en/apache-troubleshooting.xml |
| 54 |
http://www.modsecurity.org/documentation/quick-examples.html |
| 55 |
|
| 56 |
|
| 57 |
James |
| 58 |
|
| 59 |
|
| 60 |
|
| 61 |
|
| 62 |
-- |
| 63 |
gentoo-user@g.o mailing list |
Archives