Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "ExtendingPrivilegeSeparation" page has been changed by jmcg. The comment on this change is: Introduce TOC and change headers.. http://wiki.apache.org/httpd/ExtendingPrivilegeSeparation?action=diff&rev1=3&rev2=4 -------------------------------------------------- #language en - == Introduction == + = Introduction = This httpd setup is inspired by [[http://wiki.apache.org/httpd/DifferentUserIDsUsingReverseProxy|DifferentUserIDsUsingReverseProxy]]. However it takes the idea a couple of steps further, and describes other, @@ -27, +27 @@ Furthermore we shall demonstrate how to secure PHP applications without [[http://ilia.ws/archives/18_PHPs_safe_mode_or_how_not_to_implement_security.html|safe-mode]]. + Finally we'll peek into automating the entire process with [[http://cri.ensmp.fr/~coelho/mod_macro/|mod_macro]] + <<TableOfContents(3)>> - == Bare minimum == + = Bare minimum = A great deal of the configurations is shared accross all the instances of httpds, so we'll show it here: @@ -83, +85 @@ This is all it needs to perform the task. - == Frontend == + = Frontend = {{{ # include base config @@ -150, +152 @@ on it's real business, not on encryption. - == Backends == + = Backends = Everything can be a backend. Even though in the above example I've only shown {{{http://}}} for {{{ProxyPass}}}, this doesn't keep you from running mongrels, or Tomcats @@ -159, +161 @@ As we're concentrating on Apache HTTPd, we'll show some examples with that, as well as it's peripherals. - === Base Config === + == Base Config == All backends have a certain config style in common, and we'll first show that (from a template) to outline the basic idea: @@ -228, +230 @@ We also see here a {{{session}}} and a {{{tmp}}} directory. More on this soon! - === The VHosts === + == The VHosts == We'll be using the same vhosts as in the front-end example to gradually increase complexity and show different aspects of the configurations. - ==== Simple ==== + === Simple === The most simple of vhosts serves static content and looks like this: @@ -253, +255 @@ because not many applications bother to check ''X-Forwarded-For''... - ==== PHP ==== + === PHP === PHP is not to be trusted. However running it in safe-mode is just a pain. As we've already taken care of privilege separation, we'll now go a step @@ -289, +291 @@ It would enable us to have an unique per-domain (! Not per-vhost!) {{{php.ini}}}. - ==== Complex ==== + === Complex === This example shows our SSL VHosts, it includes a sample for configuring [[http://www.modrails.com/|mod_passenger]] as well as authentication: @@ -340, +342 @@ but needs protection, you can do the authentication in the frontend. - == Automation with mod_macro == + = Automation with mod_macro = --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
