Secure apache with php
Nicolas Letellier
nicolas at nicoelro.net
Thu Jul 9 10:22:20 UTC 2009
Le Thu, 9 Jul 2009 13:18:39 +0300,
"Reko Turja" <reko.turja at liukuma.net> a écrit :
> > I want to secure my Apache/PHP environment...
>
> Full suhosin, both patch and mod for the PHP. IIRC suhosin patch is
> optional in PHP port and the mod can be installed via ports.
> (http://www.hardened-php.net/suhosin/index.html)
>
> Apache environment and binaries set up in a jail.
>
> > Which Apache version do you advice?
>
> I reckon these days 2.2 would be the best in regards of future
> upgrades and development.
>
> -Reko
>
Thanks. I already use suhosin patch in mod_php.
I have few users on this machine, each use a separate directory
(/var/www/user). I do not want to make a jail for each one.
That's why mpm-itk seems to be good (instead of safe_mode /
open_basedir).
Best regards,
--
Nicolas
More information about the freebsd-questions
mailing list