Harden Secure Apache Web Server Security

摘要

In the last issue we had discussed about CGI and FastCGI, which allow the Apache daemon to run scripts such as Python or Perl on the web server. This can prove to be dangerous as somebody can access (even unintentionally) the file system of the OS on which Apache resides and make changes to it. He can delete files knowingly or unknowingly, or even corrupt them, which can increase the downtime of your web server. If we restrict Apache from accessing the whole file system, then the problem is solved. Chroot is one such option that allows you to restrict the file system and limit Apache's access. It helps in changing the directory structure of your file system; in other words in shifting the base directory from one location to another. In other words, it can fork the existing file system, similar to the Solaris container.