httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From AFrieze <>
Subject [users@httpd] Apache security(static compile,jail,obscurity...etc)
Date Tue, 11 Sep 2007 15:04:51 GMT
Hi Everyone

  I was wondering how far you guys go in terms of security.  I'm mainly 
interested in response from people running apps that deal with sensitive 
data, like credit cards.  Do you disable all unneeded modules, compile 
from source and statically compile every needed module, disabling 
mod-so?  Or is a sudo apt-get apache2 generally good enough for you?  Do 
you jail your apache, if so is internal jailing good enough or do you 
use external jailing.  There are easy steps for security of course, 
obscuring security information, making sure apache doesn't run as root, 
etc.  Any advice/opinions on this topic would be appreciated.  I tend to 
be extremely paranoid when it comes to a web server and security and its 
tough to not let the issue consume all your time.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message