Le Thu, 9 Jul 2009 13:18:39 +0300,
Reko Turja reko.tu...@liukuma.net a écrit :
I want to secure my Apache/PHP environment...
Full suhosin, both patch and mod for the PHP. IIRC suhosin patch is
optional in PHP port and the mod can be installed via ports.
I want to secure my Apache/PHP environment...
Full suhosin, both patch and mod for the PHP. IIRC suhosin patch is
optional in PHP port and the mod can be installed via ports.
(http://www.hardened-php.net/suhosin/index.html)
Apache environment and binaries set up in a jail.
Which Apache
What I do is running PHP in FastCGI mode (with something like x-cache)
with a dedicated user for each webapp for which I have a dedicated
script, for example :
=
jci...@bccm-it ~ % ls -l /usr/local/www/apache22/cgi-bin
(...)
-rwxr-xr-x 1 www-scarwww-scar202 Oct 27 2008
Le Thu, 09 Jul 2009 12:49:57 +0200,
Julien Cigar jci...@ulb.ac.be a écrit :
What I do is running PHP in FastCGI mode (with something like x-cache)
with a dedicated user for each webapp for which I have a dedicated
script, for example :
=
jci...@bccm-it ~ % ls -l
On Thu, 2009-07-09 at 13:43 +0200, Nicolas Letellier wrote:
Le Thu, 09 Jul 2009 12:49:57 +0200,
Julien Cigar jci...@ulb.ac.be a écrit :
What I do is running PHP in FastCGI mode (with something like x-cache)
with a dedicated user for each webapp for which I have a dedicated
script, for
Le Thu, 09 Jul 2009 14:36:11 +0200,
Julien Cigar jci...@ulb.ac.be a écrit :
When I tested php in cgi, performances were bad. That's why,
php_mod is better (in my case !=
It's not CGI, it's FastCGI.
There is no performance loss if you use an opcode cacher (like
x-cache).
And is
Just build www/apache22 with WITH_MPM=itk and you'll have it. :)
Then add something like this in each vhost:
IfModule mpm_itk_module
AssignUserId my_user my_group
/IfModule
Nicolas Letellier wrote:
Le Thu, 09 Jul 2009 14:36:11 +0200,
Julien Cigar jci...@ulb.ac.be a écrit :
When I
Hi,
I'm currently using mpm-itk (on debian, but should be replaced with
freebsd soon ;-)).
I'm quite happy with the solution as it's easy to setup many user
accounts for web without ugly access right stuff and all that. apache
never made a problem after setup :-)
unfortunately I've never had