httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gry...@apache.org
Subject svn commit: r742125 - in /httpd/httpd/trunk/docs/manual/misc: security_tips.html.en security_tips.xml
Date Sun, 08 Feb 2009 16:30:24 GMT
Author: gryzor
Date: Sun Feb  8 16:30:24 2009
New Revision: 742125

URL: http://svn.apache.org/viewvc?rev=742125&view=rev
Log:
Added a section about dynamic content security, and a couple of pointers to
external projects.

Modified:
    httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
    httpd/httpd/trunk/docs/manual/misc/security_tips.xml

Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/misc/security_tips.html.en?rev=742125&r1=742124&r2=742125&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.html.en (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.html.en Sun Feb  8 16:30:24 2009
@@ -35,6 +35,7 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non
Script Aliased CGI</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script
Aliased CGI</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources
of dynamic content</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Dynamic
content security</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting
System Settings</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect
Server Files by Default</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching
Your Logs</a></li>
@@ -296,6 +297,24 @@
 
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
 <div class="section">
+<h2><a name="dynamicsec" id="dynamicsec">Dynamic content security</a></h2>
+
+  
+
+  <p>When setting up dynamic content, such as <code>mod_php</code>,
+  <code>mod_perl</code> or <code>mod_python</code>, many security
considerations
+  get out of the scope of <code>httpd</code> itself, and you need to consult
+  documentation from those modules. For example, PHP lets you setup <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe
Mode</a>,
+  which is most usually disabled by default. Another example is <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>,
a PHP addon for more
+  security. For more information about those, consult each project
+  documentation.</p>
+
+  <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+  can be seen as a HTTP firewall and, provided you configure it finely enough,
+  can help you enhance your dynamic content security.</p>
+
+  </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
+<div class="section">
 <h2><a name="systemsettings" id="systemsettings">Protecting System Settings</a></h2>
 
     

Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/misc/security_tips.xml?rev=742125&r1=742124&r2=742125&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.xml (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.xml Sun Feb  8 16:30:24 2009
@@ -292,6 +292,25 @@
   it is better to be safe and assume not.</p>
 
   </section>
+   <section id="dynamicsec">
+
+  <title>Dynamic content security</title>
+
+  <p>When setting up dynamic content, such as <code>mod_php</code>,
+  <code>mod_perl</code> or <code>mod_python</code>, many security
considerations
+  get out of the scope of <code>httpd</code> itself, and you need to consult
+  documentation from those modules. For example, PHP lets you setup <a
+  href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
+  which is most usually disabled by default. Another example is <a
+  href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
+  security. For more information about those, consult each project
+  documentation.</p>
+
+  <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+  can be seen as a HTTP firewall and, provided you configure it finely enough,
+  can help you enhance your dynamic content security.</p>
+
+  </section>
 
   <section id="systemsettings">
 



Mime
View raw message