> On Fri, 21 Jan 2011, Keith Lofstrom wrote: > >I'm cleaning up the config, removing stuff I don't really need. Ivan > >Ristic's book "Apache Security" has been helpful, and he makes many > >good suggestions, such as minimizing the modules loaded. Sounds > >good, my apache config loads way too many modules. But it is > >unclear which modules are actually being used by my web apps. Is > >there an easy way to find out? Or do I just try all the features of > >all the apps, while pulling out modules and looking for breakage?
Thanks to all who replied. After cleaning up various stanzas of httpd.conf, taking out some of the unsupported internationalization, and taking some unneeded configurations out of conf.d ( I don't use AJP(?) and PHP ), I started yanking modules, putting them back when the apache syntax checker complained (thanks, Paul). In some cases, I removed unneeded portions of httpd.conf that used those modules. I constructed a links-testing webpage on one of my other servers, with links to the websites and wikis and svn and mailman URLs running on the server - about 50 things to click and look at. The old (soon to be removed) kwiki sites ran very slow, so I turned the caching back on. A passworded URL complained, so I added mod_auth_basic back. There may be some other breakage lurking there, perhaps some odd feature associated with subversion, but everything seems to be OK OK OK OK OK OK ... :-) So, the httpd.conf file is half its former size ( I did save the original ) and I am using only 16 of the 57 modules the original distro version called for. I hope this will make apache a little more secure, faster, and reduce the memory footprint somewhat. I'm not going to post what I still use to the list ( the bad guys are watching ) but I can discuss what I did and why by private email. Next task: setting up an HTTPS virtual site, using all the good suggestions I've gotten here about getting cheap certs. Mostly this will be for a form that people can use to send me secret stuff (passwords, zip keys, etc) without relying on their (lack of) knowledge of encryption or certificate management. Keith -- Keith Lofstrom [email protected] Voice (503)-520-1993 KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
