httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Anderson>
Subject Re: PHP UserDir MySQL Security Puzzle
Date Fri, 21 Jun 2002 23:22:54 GMT
Do you, or does anyone have an documentation on this approach?
Sounds like a good idea for secure php in a shared environment.
Do you run squid on port 80 on the same machine?
Ken Anderson

> However, a nice solution, and the one that I prefer is to use a reverse
> proxy such as Squid out in front of your web server. Then in behind it I
> run multiple instances of Apache as different users on different ports. As
> long as you use the same httpd binary there will be a lot of shared pages,
> and running multiple instances really isn't much more resource-heavy than
> running a single instance with lots of processes.
> So the real trick here is that you use something like SquidGuard to
> configure your Squid reverse proxy to send requests for specific virtual
> hosts to the corresponding local port number.  That is, your first Apache
> instance might be configured to listen to, your second
> instance on and so on.  The SquidGuard rules look at the
> Host: header in the requests and direct the requests appropriately.  You
> of course get the added benefit of reverse proxy cacheing which is
> generally a good idea for any busy site anyway.  The biggest change that
> people have to get used to with this sort of architecture is the fact that
> they now have separate configuration files for each Apache instance.  With
> a systematic approach to this, that shouldn't be all that bad.
> -Rasmus
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message