httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D'Arcy J.M. Cain" <da...@Vex.Net>
Subject Re: [users@httpd] security guidelines for a shared hosting server
Date Sat, 19 Jul 2014 14:59:30 GMT
On Sat, 19 Jul 2014 16:58:47 +0300
s7r <s7r@sky-ip.org> wrote:
> I need some help in securing a server for shared hosting accounts

It sounds to me like you are confusing "need some help" with "need
someone to do my job".

> Among others, I would like to restrict .cgi, py, pl scripts from being

Do you want your site secured or do you want it to not allow CGI
scripts to be run?  These are not exactly the same goals.  What exactly
are you trying to protect?  Do you want to protect yourself from your
users or the users from each other?  There's nothing inherently
insecure about CGI scripts.

> run or served by the server, so I think I should put a .htaccess file
> in /var/www for restricting, but can't a customer simply put another
> .htaccess file in his home folder (a subfolder of /var/www) and
> rewrite my rules?

Don't use .htaccess in the root.  That file is meant to overwrite
configurations from your httpd.conf file which is also where you get to
specify what .htaccess can override.

> What other things do I need to disable in apache and php (besides
> sendmail and curl fopen) in order to make a secure shared hosting
> server?

Hold on, you want a secure server so you want to disallow CGI, Python
and Perl scripts but you are going to allow PHP, the biggest security
hole in the universe?  If I had a choice (I don't clients being what
they are) I would do the exact opposite.

> Thank you in advance, any help is highly appreciated - pls provide
> with the exact syntax to input and where to input.

There are two ways to do this.  One is to bring up your gooey, click
and drool, system admin for dummies interface and press the button that
says "Do what I think I want."  If you can't find that button then you
need to go with option two and read the literature and documentation,
try various things that you learned, research when you run into
problems and then come back here with specific questions when you run
into a roadblock.  Before you do that last step you should read this.

http://www.catb.org/~esr/faqs/smart-questions.html

-- 
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy@Vex.Net
VoIP: sip:darcy@Vex.Net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message