Forum Moderators: phranque
I just posted this message in the apache page, but realised its not just relating to that so have put it here, i hope thats ok.
I'm new to all this, hopefully you guys will have some tips.
I have a static IP on my business broadband, and a router that directs incoming http requests to a machine running apache on XP.
I would like to know of what i need to do to ensure the security of content outside of the htdocs folder, or is it already quite secure?
Cheers
Bob
I would like to know of what i need to do to ensure the security of content outside of the htdocs folder
Your server shouldn't be able to access files outside of the htdocs folder, unless you tell it to, or unless you have some vulnerable, hackable software on your site. So, in theory, there's nothing you need to do. But things aren't always as they seem, so there are a few things you can do:
1. Use Linux
2. Run the web server under a separate user account, and give that account file permissions only on a "need to know" basis
3. Run with seLinux enabled. seLinux allows finer-grained control of permissions. It can restrict, for example, which files a program is allowed to access - not just a user. In a good Linux distribution, if you use the webserver that's packaged with the distribution, seLinux will be pre-configured to keep the web servers fingers out of stuff it shouldn't be touching.
4. Use a good firewall - hardware or software.
5. Screen-out suspicious sources. Though controversial, consider whether there are some countries where the risk outweighs the reward. A handful of countries are the top sources of intrusions.
I'll look into linux.
Bob
