[WEB SECURITY] Securing apache installation with PHP

Jeremiah Grossman jeremiah at whitehatsec.com
Thu May 19 10:46:18 EDT 2005


The PHP Security Consortium offers the PHP Security Guide 
(http://phpsec.org/projects/guide/)

also...

The CIS Apache Benchmark is a great guide for hardening "apache".
http://www.cisecurity.com/bench_apache.html


Regards,

jeremiah-



On Thursday, May 19, 2005, at 04:15  AM, Cedric Foll wrote:

> Hi,
>
> I have to set up a new web server where many users would be able to put
> PHP web pages.
>
> I would like to harden my setup.
>
> I've read these great articles 
> http://www.securityfocus.com/infocus/1706
> and http://www.securityfocus.com/infocus/1694.
>
> I use all advices here and i'm going use mod_security.
>
> What else can i do to protect my webserver ?
>
> For exemple, there is disable_functions and disable_classes in php.ini.
> What should I put there ?
>
> Regards.
>
> -- 
> Cedric Foll
> Ingénieur Sécurité & Réseaux
> Division Informatique, Rectorat de Rouen
>
> "He who joyfully marches to music in rank and file has already earned 
> my
> contempt. He has been given a large brain by mistake, since for him the
> spinal cord would fully suffice."
> Albert Einstein
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/
>


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list