Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Jul 2009 12:22:12 +0200
From:      Nicolas Letellier <nicolas@nicoelro.net>
To:        "Reko Turja" <reko.turja@liukuma.net>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Secure apache with php
Message-ID:  <20090709122212.658bcc24@belegost.nicoelro.net>
In-Reply-To: <EA9FE81A7F144C89AFCD0E9390FD69FC@rivendell>
References:  <20090709113534.43373278@belegost.nicoelro.net> <EA9FE81A7F144C89AFCD0E9390FD69FC@rivendell>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Le Thu, 9 Jul 2009 13:18:39 +0300,
"Reko Turja" <reko.turja@liukuma.net> a =E9crit :

> > I want to secure my Apache/PHP environment...
>=20
> Full suhosin, both patch and mod for the PHP. IIRC suhosin patch is=20
> optional in PHP port and the mod can be installed via ports.
> (http://www.hardened-php.net/suhosin/index.html)
>=20
> Apache environment and binaries set up in a jail.
>=20
> > Which Apache version do you advice?
>=20
> I reckon these days 2.2 would be the best in regards of future=20
> upgrades and development.
>=20
> -Reko=20
>=20
Thanks. I already use suhosin patch in mod_php.

I have few users on this machine, each use a separate directory
(/var/www/user). I do not want to make a jail for each one.

That's why mpm-itk seems to be good (instead of safe_mode /
open_basedir).

Best regards,



--=20
Nicolas



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20090709122212.658bcc24>