My first public website - how to secure it for use?

Derrill Guilbert derrill at gmail.com
Wed Sep 21 11:18:19 PDT 2005


I am grateful for all the assistance I've received to date from this 
list ... I'm going through a bunch of baptism by fire stuff on FreeBSD - 
I've used it for basic file sharing, intranet stuff, EASY stuff before. 
Now, however, I keep getting asked for more robust things.

We have been having some ... disagreements with our webhost. Basically, 
we want him to enable password protection on a site, and he doesn't want 
to figure out how to do it. I emailed him everything he needs, but he 
can't be arsed, apparently. I even asked him to email me his config file 
and I'd update it and send it back - he could then diff it and then 
update it based on my changes. What would it be, five lines? 10? It 
wouldn't be much, based on apache's site. Still, no response.

Because of our unique relationship with him, my boss feels like the best 
alternative for now would be having me put up a webserver based on 
FreeBSD. It'll need PHP and MySQL, which I think I can figure out.

I've run apache sites before - 1996 - 2000 I was part of the IT staff of 
a small website building/hosting company. However, I've never set a box 
up for internet use myself, and the internet is a vastly different 
(read: more hostile) place than it was then. This box is basically going 
to be on its own on the internet. Is it enough to run a firewall like pf 
and go through the steps outlined at 
http://www.bsdguides.org/guides/freebsd/security/harden.php before 
putting it up to be assaulted?

Derrill



More information about the freebsd-questions mailing list