If going with Apache I would recommend using the 13 series unless you have some

If going with apache i would recommend using the 13

This preview shows page 64 - 66 out of 152 pages.

If going with Apache I would recommend using the 1.3 series unless you have some strange reason for sticking to 1.2, the active development is now on 1.3, and includes many new features from security, usability, stability and performance viewpoints. Most servers based upon Apache (RedHat Secure Server, Stronghold, etc.) are generally just as bug free but there are occasionally problems. If you want to be paranoid I would suggest running Apache in a chrooted environment, this however is sometimes more trouble then it is worth. Doing this will break a great many things. You must also install numerous libraries, perl, and any other utilities that your apache server will be using, as well as any configuration files you wish to have access to. Any CGI scripts and other things that interact with the system will be somewhat problematic and generally harder to troubleshoot. The simplest way to setup apache chrooted is to simply install it and move/edit the necessary files. A good idea is to create a directory (such as /chroot/apache/ ), preferably on a separate filesystem from /, /usr, etc (symlinks, accidental filling of partitions, etc...), and then create a file structure under it for apache. The following is an example, simply replace /chroot-http/ with your choice. You must of course execute these steps as root for it to work. RPM supports this with the --root dir directive, simply install apache and the needed libs using rpm (thus gaining it's support for dependencies/etc, making your life easier). Apache logs requests and so forth internally, so you don't have to worry about setting up holelogd or any other strangeness in order to get your log files behaving. About the simplest way to secure apache and insure that it doesn't have unnecessary access to your filesystem is to create a /www/ or similar directory and place ALL the websites, webcontent, cgi's and so forth under it. Then you can simply set access.conf up to deny any access to /, and enable access to /www/ and it's various cgi-bin directories. Example for access.conf: <Directory /> Options None AllowOverride None </Directory> <Directory /www > Options Indexes FollowSymLinks Includes AllowOverride None </Directory> Access to directories can also be controlled easily, Apache supports the defining and placement of files (usually referred to as htaccess files) that can control access based on username and password, IP of origin, and so forth. This is defined in srm.conf:
Image of page 64
65 AccessFileName .htaccess The format of this file is covered in the apache documentation, and is identical to directives you would place in access.conf (well almost). User authentication via username and password is also covered in depth at: . You will also want to prevent people from viewing the .htaccess file(s), place this in your srm.conf: <Files .htaccess> order allow,deny deny from all </Files> This will disallow the viewing of any file called '.htaccess'.
Image of page 65
Image of page 66

You've reached the end of your free preview.

Want to read all 152 pages?

  • Spring '12
  • Linux kernel, log files

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes