httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael.Schro...@telekurs.de
Subject Antwort: Re: Security
Date Mon, 23 Sep 2002 18:50:24 GMT

Hi Rich,


>> Do not give the user or group the server runs as
>> write permissions to the log directory if the server is started as
>> root.
> That's the way that it is now. SSL logs as the web server user, as
> does mod_throttle, and mod_gzip. If you don't give that user access
> to write to the log directory, these modules can't log.

what exactly do you want to say with "mod_gzip logs to the log
directory"? Which mod_gzip version are you talking about?

At least mod_gzip for Apache 1.3 isn't doing any logging on its
own - it will only set Apache notes that can be used in CustomLog
format definitions.
     http://www.schroepl.net/projekte/mgzta/collect.html
may show you how I am collecting mod_gzip's logfile entries from
some customized access_log format, for my mgzta tool.

On the other hand, mod_gzip is using its own temporary working
directory for compression purposes (large files etc.).
If writing into this directory would be a security aspect as
well, then the list of modules in question might also include
mod_proxy, which is doing about the same AFAIK.

Regards, Michael



---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message