[WEB SECURITY] Securing apache installation with PHP

Cedric Foll cedric.foll at ac-rouen.fr
Thu May 19 07:15:27 EDT 2005


I have to set up a new web server where many users would be able to put
PHP web pages.

I would like to harden my setup.

I've read these great articles http://www.securityfocus.com/infocus/1706
and http://www.securityfocus.com/infocus/1694.

I use all advices here and i'm going use mod_security.

What else can i do to protect my webserver ?

For exemple, there is disable_functions and disable_classes in php.ini.
What should I put there ?


Cedric Foll
Ingénieur Sécurité & Réseaux
Division Informatique, Rectorat de Rouen

"He who joyfully marches to music in rank and file has already earned my
contempt. He has been given a large brain by mistake, since for him the
spinal cord would fully suffice."
Albert Einstein

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list