-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 anant -
Each one of those services is great in its own right. However, when you combine them together, it is not such a good practice. Any service that holds a LISTENING port, in my opinion should be chrooted or jailed. Apache is a great webserver in my opinion because it can be somewhat light, but can be also be very heavy depending on what you have compiled/added into the server. The problem with apache, and php, is that you have to stay on top, and up to date with the apache/php/perl/foo project. I really like apache, and use it for *almost* everyone of my webservers, but there have been many exploits to the project. I have been through some of the code, and it looks nice, but it is a very popular project, and because of this will always have exploits/hacks towards it. I also depend highly on ipf/ipnat. More than any other fw that i have used in unix/linux, i like ipf best. The rulesets are easy to understand, it is quick (if setup right), and in my opinion quite secure. So in my opinion, i would opt for using 2 boxen for your ipf/apache solution. if i can be of any help, send an email. Eric - -----Original Message----- From: Anant Tamgole [mailto:[EMAIL PROTECTED]] Sent: Sunday, November 17, 2002 8:31 PM To: [EMAIL PROTECTED] Subject: apache server plus ipfilter Dear all, We recently deployed a web server on Solaris 8(Intel), with apache 1.3.27 and ipfilter firewall. Is this a good combination or any issues, comments ? regards anant -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 (Build 349) Beta iQA/AwUBPdpZdKUUXFhoQKvpEQK7/gCfVzCj3DnsJFyuFnOHYz0HmlmZ8sEAoK6E LXnaangmNVVHUARpO5W2YMXS =mtES -----END PGP SIGNATURE-----
