Apache security , Was: Running Apache sites as separate users
On Thu, Sep 29, 2011 at 9:35 PM, Lucian <firstname.lastname@example.org> wrote:
> On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf <email@example.com>
> > I had a recent request to improve security on my web servers by having
> > website use a different user to run the hosting service. So
> > example1.comhas it's own Apache instance running as apache1 and then
> > example2.com has its own instance of Apache as apache2. Is this even
> > possible or realistic? I understand the idea of how that would be
> > much like creating a virtual machine to segregate services. The only way
> > can think how this is done is to chroot each website. What makes this
> > request even stranger is that each website will be managed by the same
> > and code base. So with that being the case, I don't see how this is
> > possible. Any ideas or insight are very welcome.
> Is there a specific requirement to run different http servers? Because
> if there is not then you can just use Suexec+fastcgi.
> Otherwise, just use Apache to proxy stuff to backend servers (can be
> anything from apache to nginx).
> CentOS mailing list
I do not know the exact reasoning for wanting each website to be run by
a separate Apache process that has it's own user. Likely it's a
misunderstanding of actual threats to websites, or using a IIS mindset to
set requirements for Apache.
I'll give Suexec+fastcgi a look and mod_ruid. Thanks for those suggestions
While on subject of Apache security... Another request / idea was to have
this CMS under development write user controls to .htaccess files to
restrict download access to directories. Typically if I even allow any
overrides, I set it so apache can only read .htaccess. My understanding of
the more obvious implications is that if the web server can write to
.htaccess so can any attacker, and then can easily inject malware or
redirect the site to malicious content. Is there ever a case where it's
safe to allow write access by apache to .htaccess? Does the below config
for .htaccess in httpd.conf protect from this at all if write permissions
were given on the file system?
<Files ~ "^.htaccess">
Deny from all
Personally I think that the CMS should handle authorization, and at then
possibly rely on Apache for authentication. In the case of this CMS it will
be authenticating against a campus SSO through CAS, but access has to be
restricted based on user lists.
CentOS mailing list