httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Anderson ...@pacific.net>
Subject Re: PHP UserDir MySQL Security Puzzle
Date Fri, 21 Jun 2002 23:22:54 GMT
Do you, or does anyone have an documentation on this approach?
Sounds like a good idea for secure php in a shared environment.
Do you run squid on port 80 on the same machine?
Ken Anderson


> However, a nice solution, and the one that I prefer is to use a reverse
> proxy such as Squid out in front of your web server. Then in behind it I
> run multiple instances of Apache as different users on different ports. As
> long as you use the same httpd binary there will be a lot of shared pages,
> and running multiple instances really isn't much more resource-heavy than
> running a single instance with lots of processes.
> 
> So the real trick here is that you use something like SquidGuard to
> configure your Squid reverse proxy to send requests for specific virtual
> hosts to the corresponding local port number.  That is, your first Apache
> instance might be configured to listen to 127.0.0.1:80, your second
> instance on 127.0.0.1:81 and so on.  The SquidGuard rules look at the
> Host: header in the requests and direct the requests appropriately.  You
> of course get the added benefit of reverse proxy cacheing which is
> generally a good idea for any busy site anyway.  The biggest change that
> people have to get used to with this sort of architecture is the fact that
> they now have separate configuration files for each Apache instance.  With
> a systematic approach to this, that shouldn't be all that bad.
> 
> -Rasmus
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message