Posts tagged php
Apache Security – Necessary Settings
Feb 20th
PHP is powerful, and allows static html pages to become dynamic. It also allows information to translate into commands and functions. Because of this you should implement a variety of security features. The biggest security feature, which increases security of the host machine, is setting the basedir parameter. This locks PHP functions to a particular directory, not allowing them to run processes or effect files further down the tree. Use nano and the cntrl-w function to search for “open_basedir” in /etc/php5/apache/php.ini. It will most likely be commented with a # sign. Remove the # sign and add the document root of your website. If you virtualhost, you can add the root of all documents served.
Also turn off several other parementers.
allow_url_fopen
allow_url_include
display_errors
register_globals
safe_mode
Also turn off the Magic Quotes options in php.ini. In /etc/apache2/apache2.conf turn off the signature option. Search for “ServerSignature”. There is an apache modules that should be iplemented; mod security; I’ll save it for the next post.
Lighttpd – A lighter Web Server
Dec 26th
The first thing to do it get lighttpd installed with php and mysql working smoothly. Rather than reiterating the same content here is a convenient post:
http://www.howtoforge.com/lighttpd_mysql_php_debian_etch
Interesting options and various configuration for lighttpd can be found here:
http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
One insteresting, built in, option is throttling. Use connection.kbytes-per-second and you can effectivly limit users to particular data transmission rates. There is also a compression module, and a caching module. Much like apache these modules can be installed with apt-get. Issue:
sudo apt-cache search lighttpd
This will list various packages that can be installed. I know the apache modules are packaged as libapache2-mod-*.
With built in round robin and proxy modules this is an interesting package to investigate using.
