httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm MacC√°rthaigh <colmm...@Redbrick.DCU.IE>
Subject Re: mpm perchild and mod_php4
Date Sun, 08 Dec 2002 22:10:02 GMT
On Sun, Dec 08, 2002 at 10:57:32PM +0100, Jochen Kächelin wrote:
> Will perchild work on the next release or are there any other
> workarounds to secure php-scripts (module) such as suEXEC and cgis?

if you *need* mod_php instances that run as seperate users the
easiest solution is to reverse proxy instances of Apache
running on different ports (and ideally, only listening on 
localhost), each running as the desired user.

To make the most of it use mod_rewrite and mod_proxy, and try
to avoid proxying non-dynamic content for the sake of 
efficiency.

There are some disadvantges, the only access you have to
the originating IP address is HTTP_X_FORWARDED_FOR, it's
a lot more management and can complicate scripts if they
rely on thigns like SERVER_NAME. 

-- 
colmmacc@redbrick.dcu.ie        PubKey: colmmacc+pgp@redbrick.dcu.ie  
Web:                                 http://devnull.redbrick.dcu.ie/ 

Mime
View raw message