1 |
Hello, |
2 |
|
3 |
I've got (2.0.58-r2) installed and running. It displays a simple |
4 |
html web page just fine. It been quite a few years since I've been |
5 |
tagged with managing a web server... |
6 |
|
7 |
Anyway, I've found lots of URLs, some listed at the end of this |
8 |
message. I've also looked in /usr/portage/net-www and noticed |
9 |
lots of mod_* packages. |
10 |
|
11 |
I'm trying to use the security featues of apache2 without |
12 |
chrooting (I'm not even sure chrooting apache2 is necessary |
13 |
for good-to-strong web security? |
14 |
|
15 |
Is there a wiki or docs or suggestions as to which modules |
16 |
provide good web security in addition to mod_security? |
17 |
|
18 |
Here's what I need. |
19 |
|
20 |
Environment |
21 |
Mulitple domain names (around 20) on a single IP address (One machine) |
22 |
The Single (Static) IP address is allocated to the firewall. which |
23 |
currently successfully passes bidirectional port 80 traffic to/from |
24 |
the DMZ based apache2 web server. |
25 |
|
26 |
Java, php5, perl, mysql |
27 |
All web developers behind the firewall |
28 |
mod_security is installed |
29 |
|
30 |
When I look in //etc/apache2/apache2-builtin-mods I do not |
31 |
see any modules which are related to security, except mod_auth* |
32 |
and mod_secruity. Furthermore, I followed the emerge instructions |
33 |
and added this to my /etc/conf.d/apache2 file: |
34 |
|
35 |
|
36 |
Again, I'm not having trouble getting this to work, I'm just looking |
37 |
for a concise document/wiki/example on security for this |
38 |
sort of web server configuration. If not, then maybe a |
39 |
doc/wiki/example on setting up a minimalistic apache2 web server |
40 |
with good security. Then I could go on adding the languages/features |
41 |
to an apache2 web server, and incrementally test the web server |
42 |
for security as languages/features are added. Maybe using |
43 |
'nikto' or anyother suggested tools for web-server security |
44 |
scanning.....? |
45 |
|
46 |
|
47 |
Maybe I should keep thg web server offline until scans from |
48 |
nikto are clean? |
49 |
|
50 |
http://gentoo-wiki.com/Apache_Modules_mod_security |
51 |
http://gentoo-wiki.com/Apache2_Install |
52 |
http://localhost/manual/ <apache2 manual> |
53 |
http://www.gentoo.org/doc/en/apache-troubleshooting.xml |
54 |
http://www.modsecurity.org/documentation/quick-examples.html |
55 |
|
56 |
|
57 |
James |
58 |
|
59 |
|
60 |
|
61 |
|
62 |
-- |
63 |
gentoo-user@g.o mailing list |