The may 1999 issue vol 8 num 5, of sys admin had the article securing your
web server page 45, and securing apache page 35 as a resource.
:> >Is there a resource for securing an Apache web server. I'm looking for an
:> >overview of UNIX/Apache security topics to put on my check list to secure a
:> >web server. I have most of the documentation from the Apache site, but I'd
:> >like a resource that is more focused on the security aspects Apache.
:> http://www.w3c.org/ and do a search on security,
:> http://www.w3c.org/Security/Faq/ and of course CERT.
: There are some security notes in the Apache documentation on
: www.apache.org too, but basically most security related features can be
: set in access.conf or httpd.conf using the <directory> directive. This
: is where you set your directory options (ie: permission to execute
: CGI's), HTaccess authentication if required and little features like
: directory listings.
: Apart from that its common sense, stuff like being careful what you put
: in your DocumentRoot, and making sure the process is running as a
: dedicated user, or nobody.
: Craig R. Belcham. Internet Systems Management Consultant.
: "The greatest trick the devil ever pulled was convincing the
: world that he didn't exist" -- Kevin Spacey, Usual Suspects.
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.