From owner-freebsd-questions@FreeBSD.ORG Thu Jul 9 15:27:09 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 51C7710656AA for ; Thu, 9 Jul 2009 15:27:09 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: from mail-fx0-f224.google.com (mail-fx0-f224.google.com [209.85.220.224]) by mx1.freebsd.org (Postfix) with ESMTP id CE59E8FC1A for ; Thu, 9 Jul 2009 15:27:08 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: by fxm24 with SMTP id 24so211065fxm.43 for ; Thu, 09 Jul 2009 08:27:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=PRBiHTby/OSa6lX+CCGXDV6peqx4tUiLgTYCoYgp5L0=; b=h8lJ5t83ntXfflP9VASa/u0gx1QRx4zkG+O5c8QMMS9+m9Ys6wJ0wge3FUV40wSQ2R SUtCyPB8diyP/KTuGx4yjiYrRs0vkCPUJtTR40FiR0H5nOtb5NqjoqDUiFfGK/bp57X2 wArIj18D2e77YKVTQe3uYJdOaXl4bnghm+gW0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:cc:in-reply-to:references:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; b=uy1mvZ+jjJYNFtGoGcYesSSp5O3z4wq+MERSKk2MRcFL7EMm45Q6vay/EdtdQxtW4a 0jbsSuzGF1zw+L6B331qZJ0WW6dmX8p1puLhIg3JHAiZlJau2oPm+SRsGQt7CQYFryg/ PgEzcN1iFI/mWk8qwo5cw4GnS5dx1n5U15GCE= Received: by 10.102.228.10 with SMTP id a10mr512769muh.16.1247153227730; Thu, 09 Jul 2009 08:27:07 -0700 (PDT) Received: from ?80.187.224.44? ([80.187.224.44]) by mx.google.com with ESMTPS id u9sm37325707muf.7.2009.07.09.08.27.05 (version=SSLv3 cipher=RC4-MD5); Thu, 09 Jul 2009 08:27:06 -0700 (PDT) From: Mister Olli To: Nicolas Letellier In-Reply-To: <20090709160550.40c9f6c4@belegost.nicoelro.net> References: <20090709113534.43373278@belegost.nicoelro.net> <20090709122212.658bcc24@belegost.nicoelro.net> <1247136597.2653.15.camel@frodon.be-bif.ulb.ac.be> <20090709134329.0f86c78b@belegost.nicoelro.net> <1247142971.2653.19.camel@frodon.be-bif.ulb.ac.be> <20090709160550.40c9f6c4@belegost.nicoelro.net> Content-Type: text/plain; charset="ISO-8859-15" Date: Thu, 09 Jul 2009 17:26:41 +0200 Message-Id: <1247153201.4645.2.camel@phoenix.blechhirn.net> Mime-Version: 1.0 X-Mailer: Evolution 2.24.5 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Secure apache with php X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mister.olli@googlemail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2009 15:27:09 -0000 Hi, I'm currently using mpm-itk (on debian, but should be replaced with freebsd soon ;-)). I'm quite happy with the solution as it's easy to setup many user accounts for web without ugly access right stuff and all that. apache never made a problem after setup :-) unfortunately I've never had the time to do futher hardening for mpm-itk in special (only 'standard' apache/php hardening is applied). but as I'm planning to keep this setup and extend userbase after move to freebsd I'm curious what your results will be. Regards, --- Mr. Olli On Thu, 2009-07-09 at 16:05 +0200, Nicolas Letellier wrote: > Le Thu, 09 Jul 2009 14:36:11 +0200, > Julien Cigar a écrit : > > > > When I tested php in cgi, performances were bad. That's why, > > > php_mod is better (in my case != > > > > > > > It's not CGI, it's FastCGI. > > There is no performance loss if you use an opcode cacher (like > > x-cache). > > > And is anyboy use mpm-itk ? > I'm interested more with this solution than another php fix (like > safe_mode, open_basedir or cgi/fastcie). >