httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rasmus Lerdorf <ras...@apache.org>
Subject Re: PHP UserDir MySQL Security Puzzle
Date Fri, 21 Jun 2002 23:44:14 GMT
I run Squid on my external ip port 80 and have all my Apaches listening on
various ports on 127.0.0.1.

Not sure if this is documented somewhere.  It's a pretty basic
reverse-proxy SquidGuard setup though.  You really shouldn't need anything
except the Squid, SquidGuard and Apache docs.

-Rasmus

On Fri, 21 Jun 2002, Ken Anderson wrote:

> Do you, or does anyone have an documentation on this approach?
> Sounds like a good idea for secure php in a shared environment.
> Do you run squid on port 80 on the same machine?
> Ken Anderson
>
>
> > However, a nice solution, and the one that I prefer is to use a reverse
> > proxy such as Squid out in front of your web server. Then in behind it I
> > run multiple instances of Apache as different users on different ports. As
> > long as you use the same httpd binary there will be a lot of shared pages,
> > and running multiple instances really isn't much more resource-heavy than
> > running a single instance with lots of processes.
> >
> > So the real trick here is that you use something like SquidGuard to
> > configure your Squid reverse proxy to send requests for specific virtual
> > hosts to the corresponding local port number.  That is, your first Apache
> > instance might be configured to listen to 127.0.0.1:80, your second
> > instance on 127.0.0.1:81 and so on.  The SquidGuard rules look at the
> > Host: header in the requests and direct the requests appropriately.  You
> > of course get the added benefit of reverse proxy cacheing which is
> > generally a good idea for any busy site anyway.  The biggest change that
> > people have to get used to with this sort of architecture is the fact that
> > they now have separate configuration files for each Apache instance.  With
> > a systematic approach to this, that shouldn't be all that bad.
> >
> > -Rasmus
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> > For additional commands, e-mail: users-help@httpd.apache.org
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message