httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] httpd.conf file help...
Date Tue, 07 Dec 2004 08:18:30 GMT


> -----Original Message-----
> From: O-One [mailto:ola_one@yahoo.com]
> Sent: Montag, 6. Dezember 2004 17:52
> To: users@httpd.apache.org
> Subject: RE: [users@httpd] httpd.conf file help...
> 
> 
> Sorry about the text please.
> 
> I am running 
> 
> Windows Server Enterprise 2003
> Apache 2.0.52
> PHP 4.3.9

So a reasonably modern setup...

You don't give many details in your "failure report" - one site ran for 9 months then you
"lost" it. You talk about a crash - did the computer work afterwards? What makes you think
the problem was due to an intrusion and not some hardware fault on the computer? 

If you're worried about security, you should read the security howto as Ralf suggested (http://httpd.apache.org/docs-2.0/misc/security_tips.html).
 Note that a website is a mulit-layered thing: at the base is the webserver (most secure),
then comes the various modules that provide functionalities like forums etc (less secure),
then comes things you provide like CGIs etc (least secure). 

If you want security, start at the user programs and work back to the webserver.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> ) 
> Thanks
> --- Boyle Owen <Owen.Boyle@swx.com> wrote:
> 
> > Plain text please...
> > 
> > It is impossible to make any sort of comment on this
> > question without
> > knowing the apache version and the OS, at the very
> > least. For all we
> > know, you could've been running apache 1.2 on
> > windows 3.1...
> > 
> > Rgds,
> > Owen Boyle
> > Disclaimer: Any disclaimer attached to this message
> > may be ignored. 
> > 
> > 
> > -----Original Message-----
> > From: O-One [mailto:ola_one@yahoo.com]
> > Sent: Montag, 6. Dezember 2004 14:15
> > To: users@httpd.apache.org
> > Subject: [users@httpd] httpd.conf file help...
> > 
> > 
> > Hello all,
> > 
> > I have created 2 websites that ran on Apache and 3
> > to 6 months later, I
> > have lost both. I am now wondering if the compromise
> > is not coming from
> > my configuration.
> > 
> > I need to know if Apache default installation is
> > safe enough, and if
> > not, what I need to tweak to make it safe.
> > 
> > All I want is for people to browse my site. I have
> > also used weblogs and
> > I create Forum within my weblog and also allow
> > download. What I do
> > within the weblog, have there own security tools,
> > but I need to know
> > what directive I can use in httpd.conf file that
> > will not allow anyone
> > to just take over my site or files. Am I thinking
> > right or just
> > paranoid.
> > 
> > Like I said, one of my sites ran for almost 9 months
> > before crashing
> > while the other was only on for 2 moths. I am
> > begining to wonder that it
> > is the security aspect of Apache that I am not
> > getting right.
> > 
> > Any help will be appreciated.
> > 
> > Thanks
> > 
> > 
> > Do you Yahoo!?
> > Yahoo! Mail - Helps protect you from nasty viruses.
> > 
> > Diese E-mail ist eine private und persönliche
> > Kommunikation. Sie hat
> > keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der
> > SWX Gruppe. This
> > e-mail is of a private and personal nature. It is
> > not related to the
> > exchange or business activities of the SWX Group. Le
> > présent e-mail est
> > un message privé et personnel, sans rapport avec
> > l'activité boursière du
> > Groupe SWX.
> > 
> > This message is for the named person's use only. It
> > may contain
> > confidential, proprietary or legally privileged
> > information. No
> > confidentiality or privilege is waived or lost by
> > any mistransmission.
> > If you receive this message in error, please notify
> > the sender urgently
> > and then immediately delete the message and any
> > copies of it from your
> > system. Please also immediately destroy any
> > hardcopies of the message.
> > You must not, directly or indirectly, use, disclose,
> > distribute, print,
> > or copy any part of this message if you are not the
> > intended recipient.
> > The sender's company reserves the right to monitor
> > all e-mail
> > communications through their networks. Any views
> > expressed in this
> > message are those of the individual sender, except
> > where the message
> > states otherwise and the sender is authorised to
> > state them to be the
> > views of the sender's company. 
> > 
> > 
> > 
> >
> ---------------------------------------------------------------------
> > The official User-To-User support forum of the
> > Apache HTTP Server Project.
> > See <URL:http://httpd.apache.org/userslist.html> for
> > more info.
> > To unsubscribe, e-mail:
> > users-unsubscribe@httpd.apache.org
> >    "   from the digest:
> > users-digest-unsubscribe@httpd.apache.org
> > For additional commands, e-mail:
> > users-help@httpd.apache.org
> > 
> > 
> 
> 
> 
> 		
> __________________________________ 
> Do you Yahoo!? 
> All your favorites on one personal page - Try My Yahoo!
> http://my.yahoo.com 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message