You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by gr...@apache.org on 2009/02/08 17:30:24 UTC
svn commit: r742125 - in /httpd/httpd/trunk/docs/manual/misc:
security_tips.html.en security_tips.xml
Author: gryzor
Date: Sun Feb 8 16:30:24 2009
New Revision: 742125
URL: http://svn.apache.org/viewvc?rev=742125&view=rev
Log:
Added a section about dynamic content security, and a couple of pointers to
external projects.
Modified:
httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
httpd/httpd/trunk/docs/manual/misc/security_tips.xml
Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/misc/security_tips.html.en?rev=742125&r1=742124&r2=742125&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.html.en (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.html.en Sun Feb 8 16:30:24 2009
@@ -35,6 +35,7 @@
<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non Script Aliased CGI</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script Aliased CGI</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources of dynamic content</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Dynamic content security</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting System Settings</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect Server Files by Default</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching Your Logs</a></li>
@@ -296,6 +297,24 @@
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
+<h2><a name="dynamicsec" id="dynamicsec">Dynamic content security</a></h2>
+
+
+
+ <p>When setting up dynamic content, such as <code>mod_php</code>,
+ <code>mod_perl</code> or <code>mod_python</code>, many security considerations
+ get out of the scope of <code>httpd</code> itself, and you need to consult
+ documentation from those modules. For example, PHP lets you setup <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
+ which is most usually disabled by default. Another example is <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
+ security. For more information about those, consult each project
+ documentation.</p>
+
+ <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+ can be seen as a HTTP firewall and, provided you configure it finely enough,
+ can help you enhance your dynamic content security.</p>
+
+ </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
<h2><a name="systemsettings" id="systemsettings">Protecting System Settings</a></h2>
Modified: httpd/httpd/trunk/docs/manual/misc/security_tips.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/misc/security_tips.xml?rev=742125&r1=742124&r2=742125&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/misc/security_tips.xml (original)
+++ httpd/httpd/trunk/docs/manual/misc/security_tips.xml Sun Feb 8 16:30:24 2009
@@ -292,6 +292,25 @@
it is better to be safe and assume not.</p>
</section>
+ <section id="dynamicsec">
+
+ <title>Dynamic content security</title>
+
+ <p>When setting up dynamic content, such as <code>mod_php</code>,
+ <code>mod_perl</code> or <code>mod_python</code>, many security considerations
+ get out of the scope of <code>httpd</code> itself, and you need to consult
+ documentation from those modules. For example, PHP lets you setup <a
+ href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>,
+ which is most usually disabled by default. Another example is <a
+ href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more
+ security. For more information about those, consult each project
+ documentation.</p>
+
+ <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a>
+ can be seen as a HTTP firewall and, provided you configure it finely enough,
+ can help you enhance your dynamic content security.</p>
+
+ </section>
<section id="systemsettings">