Lars NoodC)n wrote: > Jeroen Massar wrote: >> Stop exactly there. >> Upgrade to either Apache 2.x or patch your Apache 1.3 with IPv6 patches. > > Is there a conveniently chrooted version (port or package) of > Apache2.x? Or is chrooting the new version entirely up to whoever > installs it? It's not difficult, it's just more convenient to use > something more people have looked at.
On Debian it comes pre-chrooted per default. As such it should not be too difficult to do it for an OpenBSD install either ;) The following should help you out quite a bit already: http://www.securityfocus.com/infocus/1786 "Securing Apache 2: Step-by-Step, Artur Maj, 2004-06-21" And as mentioned, you can always apply the 1.3 patches if you don't like going that route. (I still actually don't understand why those patches are not integrated yet in the default 1.3 tree, probably has something to do with 'no new features' or just forcing folks to go to 1.3) Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
