DonationCoder.com Forum

Other Software => Developer's Corner => Topic started by: justice on July 15, 2008, 03:08 AM

Title: Apache security quides?
Post by: justice on July 15, 2008, 03:08 AM

Hi I've got a work related favor to ask of you. We've used IIS for years now and are quite confident with it, but now have had to setup a LAMP (debian) based system. The web application is running alright but as it is open to the outside world we'll need to strengthen the security. I'm told it is quite hard to find good guides on this as they all assume more Apache experience than what we have, and knowledge is fragmented.    :mad: Do you know of some clear Apache guides to make it more secure? More general linux guides are also welcome.

Title: Re: Apache security quides?
Post by: f0dder on July 15, 2008, 05:56 AM

Is the server behind NAT, or with a globally visible IP? In both cases (but especially the last!), you'll want to set up some firewalling (http://en.wikipedia.org/wiki/Iptables) on the box. Dunno about security for Apache per se, unless you're talking .htaccess (http://en.wikipedia.org/wiki/.htaccess).

The worst security holes are going to be in the web-app, anyway... there's so much vulnerable PHP code out there >_<