[WEB SECURITY] Securing apache installation with PHP

Ahmad Sallehin Haji Mohammad Ali sallehin.ali at itpss.com
Thu May 19 09:33:51 EDT 2005

Just keep on eye with the current update especially vulnerabilities & exploits that has been made.


From: Cedric Foll [mailto:cedric.foll at ac-rouen.fr]
Sent: Thu 5/19/2005 7:15 PM
To: websecurity at webappsec.org
Subject: [WEB SECURITY] Securing apache installation with PHP


I have to set up a new web server where many users would be able to put
PHP web pages.

I would like to harden my setup.

I've read these great articles http://www.securityfocus.com/infocus/1706
and http://www.securityfocus.com/infocus/1694.

I use all advices here and i'm going use mod_security.

What else can i do to protect my webserver ?

For exemple, there is disable_functions and disable_classes in php.ini.
What should I put there ?


Cedric Foll
Ingénieur Sécurité & Réseaux
Division Informatique, Rectorat de Rouen

"He who joyfully marches to music in rank and file has already earned my
contempt. He has been given a large brain by mistake, since for him the
spinal cord would fully suffice."
Albert Einstein

The Web Security Mailing List

The Web Security Mailing List Archives

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20050519/e28b94bb/attachment.html>

More information about the websecurity mailing list