mailing list archives
RE: apache server plus ipfilter
From: Eric Polin <eric () NetWolves com>
Date: Tue, 19 Nov 2002 10:29:31 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Each one of those services is great in its own right. However, when you
combine them together, it is not such a good practice. Any service that
holds a LISTENING port, in my opinion should be chrooted or jailed. Apache
is a great webserver in my opinion because it can be somewhat light, but can
be also be very heavy depending on what you have compiled/added into the
server. The problem with apache, and php, is that you have to stay on top,
and up to date with the apache/php/perl/foo project. I really like apache,
and use it for *almost* everyone of my webservers, but there have been many
exploits to the project. I have been through some of the code, and it looks
nice, but it is a very popular project, and because of this will always have
exploits/hacks towards it.
I also depend highly on ipf/ipnat. More than any other fw that i have used
in unix/linux, i like ipf best. The rulesets are easy to understand, it is
quick (if setup right), and in my opinion quite secure.
So in my opinion, i would opt for using 2 boxen for your ipf/apache
if i can be of any help, send an email.
- -----Original Message-----
From: Anant Tamgole [mailto:anant.pn1 () pn123 vsnl net in]
Sent: Sunday, November 17, 2002 8:31 PM
To: security-basics () securityfocus com
Subject: apache server plus ipfilter
We recently deployed a web server on Solaris 8(Intel), with
apache 1.3.27 and ipfilter firewall.
Is this a good combination or any issues, comments ?
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0 (Build 349) Beta
-----END PGP SIGNATURE-----
- RE: apache server plus ipfilter Eric Polin (Nov 19)