Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 02 > 110356.html (Request Expert securityfocus.com Support)

RE: apache server plus ipfilter

From: Eric Polin <eric(at)NetWolves.com>
Date: Tue Nov 19 2002 - 10:29:31 EST

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

anant -

Each one of those services is great in its own right. However, when you combine them together, it is not such a good practice. Any service that holds a LISTENING port, in my opinion should be chrooted or jailed. Apache is a great webserver in my opinion because it can be somewhat light, but can be also be very heavy depending on what you have compiled/added into the server. The problem with apache, and php, is that you have to stay on top, and up to date with the apache/php/perl/foo project. I really like apache, and use it for *almost* everyone of my webservers, but there have been many exploits to the project. I have been through some of the code, and it looks nice, but it is a very popular project, and because of this will always have exploits/hacks towards it.

I also depend highly on ipf/ipnat. More than any other fw that i have used in unix/linux, i like ipf best. The rulesets are easy to understand, it is quick (if setup right), and in my opinion quite secure.

So in my opinion, i would opt for using 2 boxen for your ipf/apache solution.

if i can be of any help, send an email.

Eric

  • -----Original Message----- From: Anant Tamgole [mailto:anant.pn1@pn123.vsnl.net.in] Sent: Sunday, November 17, 2002 8:31 PM To: security-basics@securityfocus.com Subject: apache server plus ipfilter
Do you need help?X

Dear all,

We recently deployed a web server on Solaris 8(Intel), with apache 1.3.27 and ipfilter firewall.
Is this a good combination or any issues, comments ?

regards
anant

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta

iQA/AwUBPdpZdKUUXFhoQKvpEQK7/gCfVzCj3DnsJFyuFnOHYz0HmlmZ8sEAoK6E LXnaangmNVVHUARpO5W2YMXS
=mtES
-----END PGP SIGNATURE-----
Received on Tue Nov 19 13:06:42 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:23 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library