Date: Thu, 9 Jul 2009 12:22:12 +0200 From: Nicolas Letellier <nicolas@nicoelro.net> To: "Reko Turja" <reko.turja@liukuma.net> Cc: freebsd-questions@freebsd.org Subject: Re: Secure apache with php Message-ID: <20090709122212.658bcc24@belegost.nicoelro.net> In-Reply-To: <EA9FE81A7F144C89AFCD0E9390FD69FC@rivendell> References: <20090709113534.43373278@belegost.nicoelro.net> <EA9FE81A7F144C89AFCD0E9390FD69FC@rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
Le Thu, 9 Jul 2009 13:18:39 +0300, "Reko Turja" <reko.turja@liukuma.net> a =E9crit : > > I want to secure my Apache/PHP environment... >=20 > Full suhosin, both patch and mod for the PHP. IIRC suhosin patch is=20 > optional in PHP port and the mod can be installed via ports. > (http://www.hardened-php.net/suhosin/index.html) >=20 > Apache environment and binaries set up in a jail. >=20 > > Which Apache version do you advice? >=20 > I reckon these days 2.2 would be the best in regards of future=20 > upgrades and development. >=20 > -Reko=20 >=20 Thanks. I already use suhosin patch in mod_php. I have few users on this machine, each use a separate directory (/var/www/user). I do not want to make a jail for each one. That's why mpm-itk seems to be good (instead of safe_mode / open_basedir). Best regards, --=20 Nicolas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090709122212.658bcc24>