Hello, I've got (2.0.58-r2) installed and running. It displays a simple html web page just fine. It been quite a few years since I've been tagged with managing a web server...
Anyway, I've found lots of URLs, some listed at the end of this message. I've also looked in /usr/portage/net-www and noticed lots of mod_* packages. I'm trying to use the security featues of apache2 without chrooting (I'm not even sure chrooting apache2 is necessary for good-to-strong web security? Is there a wiki or docs or suggestions as to which modules provide good web security in addition to mod_security? Here's what I need. Environment Mulitple domain names (around 20) on a single IP address (One machine) The Single (Static) IP address is allocated to the firewall. which currently successfully passes bidirectional port 80 traffic to/from the DMZ based apache2 web server. Java, php5, perl, mysql All web developers behind the firewall mod_security is installed When I look in //etc/apache2/apache2-builtin-mods I do not see any modules which are related to security, except mod_auth* and mod_secruity. Furthermore, I followed the emerge instructions and added this to my /etc/conf.d/apache2 file: Again, I'm not having trouble getting this to work, I'm just looking for a concise document/wiki/example on security for this sort of web server configuration. If not, then maybe a doc/wiki/example on setting up a minimalistic apache2 web server with good security. Then I could go on adding the languages/features to an apache2 web server, and incrementally test the web server for security as languages/features are added. Maybe using 'nikto' or anyother suggested tools for web-server security scanning.....? Maybe I should keep thg web server offline until scans from nikto are clean? http://gentoo-wiki.com/Apache_Modules_mod_security http://gentoo-wiki.com/Apache2_Install http://localhost/manual/ <apache2 manual> http://www.gentoo.org/doc/en/apache-troubleshooting.xml http://www.modsecurity.org/documentation/quick-examples.html James -- gentoo-user@gentoo.org mailing list
