[WEB SECURITY] Securing apache installation with PHP

Cedric Foll cedric.foll at ac-rouen.fr
Thu May 19 07:15:27 EDT 2005


Hi,

I have to set up a new web server where many users would be able to put
PHP web pages.

I would like to harden my setup.

I've read these great articles http://www.securityfocus.com/infocus/1706
and http://www.securityfocus.com/infocus/1694.

I use all advices here and i'm going use mod_security.

What else can i do to protect my webserver ?

For exemple, there is disable_functions and disable_classes in php.ini.
What should I put there ?

Regards.

-- 
Cedric Foll
Ingénieur Sécurité & Réseaux
Division Informatique, Rectorat de Rouen

"He who joyfully marches to music in rank and file has already earned my
contempt. He has been given a large brain by mistake, since for him the
spinal cord would fully suffice."
Albert Einstein

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list