Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 70EC0D5D5 for ; Fri, 9 Nov 2012 17:26:00 +0000 (UTC) Received: (qmail 2636 invoked by uid 500); 9 Nov 2012 17:25:57 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 2610 invoked by uid 500); 9 Nov 2012 17:25:57 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 2600 invoked by uid 99); 9 Nov 2012 17:25:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Nov 2012 17:25:57 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of ph1@openstrike.co.uk designates 89.16.177.71 as permitted sender) Received: from [89.16.177.71] (HELO primary1.mail.openstrike.co.uk) (89.16.177.71) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 09 Nov 2012 17:25:49 +0000 Received: from palma.openstrike.co.uk (labs [81.187.19.186]) (Authenticated sender: qdxpete) by primary1.mail.openstrike.co.uk (Postfix) with ESMTP id E8D672CC401 for ; Fri, 9 Nov 2012 17:25:28 +0000 (GMT) Received: from palma.openstrike.co.uk (localhost.localdomain [127.0.0.1]) by palma.openstrike.co.uk (8.14.5/8.14.5) with ESMTP id qA9HPRTt009089 for ; Fri, 9 Nov 2012 17:25:27 GMT Received: (from pete@localhost) by palma.openstrike.co.uk (8.14.5/8.14.5/Submit) id qA9HPRMD009088 for users@httpd.apache.org; Fri, 9 Nov 2012 17:25:27 GMT X-Authentication-Warning: palma.openstrike.co.uk: pete set sender to ph1@openstrike.co.uk using -f Date: Fri, 9 Nov 2012 17:25:27 +0000 From: Pete Houston To: users@httpd.apache.org Message-ID: <20121109172527.GV1732@palma.openstrike.co.uk> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="thwsKKN5whlRGe6j" Content-Disposition: inline In-Reply-To: Organization: Openstrike User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] Is there any way to encrypt/obfuscate apache conf files --thwsKKN5whlRGe6j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hello Sudip, On Fri, Nov 09, 2012 at 01:51:53PM +0530, Bhattacharya, Sudip wrote: > Is there any way to obfuscate/encrypt conf files in Apache? I'm not aware of a direct method. Perhaps mod_macro could be used for obfuscation. > I have put my configuration entries in a separate config file, and am inc= luding it in the main httpd.conf file. >=20 > My requirement is to encrypt/obfuscate only my custom conf file. I'm sure you have your reasons for this, but it sounds like asking for trouble. If you just want to stop users reading the file because it contains sensitive info (like database passwords, maybe?) then perhaps just a simple chown root custom.conf chmod 0600 custom.conf would suffice? You would need to be starting apache as root in order to bind to the low port numbers anyway and this means that only your custom file is unreadable by others - httpd.conf could still be read by anyone. HTH, Pete --=20 Openstrike - improving business through open source http://www.openstrike.co.uk/ or call 01722 770036 / 07092 020107 --thwsKKN5whlRGe6j Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAlCdPIcACgkQdzfnYmsKt530EwCZASVM8RcJgc75hgL3azeOUJNI nTgAoLCAFrcYZaA7BjjorCJVS5LAxH5q =7Hzr -----END PGP SIGNATURE----- --thwsKKN5whlRGe6j--