Differences between version 11 and revision by previous author of ApacheNotes.
Other diffs: Previous Major Revision, Previous Revision, or view the Annotated Edit History
| Newer page: | version 11 | Last edited on Monday, June 7, 2004 11:19:21 am | by PerryLorier | Revert |
| Older page: | version 10 | Last edited on Monday, June 7, 2004 5:26:13 am | by AndyHoener | Revert |
@@ -23,11 +23,6 @@
If you're going to compile and install apache from source, use [http://www.apachetoolbox.com/]
!!!Firewalling apache.
You probably should firewall the apache user from connecting out to the InterNet unless you know that they actually have to. Doing this prevents a lot of exploits that people will attempt against your website. The same idea can be applied to other services.
- iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump LOG
iptables --insert OUTPUT --match owner --uid-owner www-data --protocol tcp --syn --jump REJECT
-
-
-UserSubmittedNotes
-if you want to log before rejecting, doesn't the order matter? with
--insert in the above example, this would seem to reject before it logs and therefore not log at all?.
-
+ iptables
--insert OUTPUT
--match owner
--uid-owner www-data --protocol tcp
--syn
--jump LOG
