httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s7r <...@sky-ip.org>
Subject [users@httpd] security guidelines for a shared hosting server
Date Sat, 19 Jul 2014 13:58:47 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I need some help in securing a server for shared hosting accounts
(apache virtual hosts).

Among others, I would like to restrict .cgi, py, pl scripts from being
run or served by the server, so I think I should put a .htaccess file in
/var/www for restricting, but can't a customer simply put another
.htaccess file in his home folder (a subfolder of /var/www) and rewrite
my rules?

What other things do I need to disable in apache and php (besides
sendmail and curl fopen) in order to make a secure shared hosting server?

Thank you in advance, any help is highly appreciated - pls provide with
the exact syntax to input and where to input.


- -- 
Roberto
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJTynmXAAoJEIN/pSyBJlsRRckH/3Cw1cGWKHNEL3cM2Mv08C5G
daEdWfp5hcp9aZQ/d66sb4uFe9IWwxLJgQfQnSgcG8OxcisDJkKtZ45uiIYg0xgH
yCrX3iajym/HjTX2VW8s2qBrSBJsi4e0HUVpfVL2ETD6xFqkDZjgPWZPSCmDZxGI
B6yviAiqbOTK9ko6zQ7MK3kzoGEuOZLCnOw4vNl+h2o/yKEjoUfnw4Vj3YjqzRqA
QJvDbTXyOxlDmhe47SwANB7srF1KRCRTn36XYyYoHieHQ969DQwIz9Ev7U6h7VpV
aXUHOaxMcCGyKvBp13dhfyVe90xMMWrcM/0J+C07hdJy6d/HHTCaJlHyon0lEdw=
=C9/o
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message