Apache security

  PurplePenny 11:42 14 May 2004

I've downloaded and installed PHP and MySQL at work and I'm going to do so at home as well. For the coursework (homework! I haven't done homework in years) they don't want us to use IIS so I've downloaded Apache as well. Our IT people are very concerned about security, they've had a lot of problems with people on the network using IIS. What can I do to ensure that my installation of Apache is as secure as I can make it? I only need it as a local server so can it be completely shut off from the big bad world outside?



PS Taran - I went to the site that you sent me - the one that has AMP as a nice package ... but sadly they've gone over bandwidth for this month so no more downloads from there till 1st June :-(

  PurplePenny 11:56 14 May 2004

No I didn't! I looked at it at work and I didn't have your e-mail so I did a search and found the site that I thought was the one that you referred me to. It would appear that I ended up somewhere else completely. I really, really wish that I had a fully functioning memory.

  Taran 13:19 14 May 2004

If you still need the preconfigured Apache download I mentioned just let me know.

I'll put it onto one of my sites for you.

If you're on narrowband I'll split it into a self extracted RAR file so you can grab it in small bite sized chunks {no pun intended :o)}.

Security is a big question and not one easil;y answered.

In brief, the preconfigured package I suggested listens by default on port 80, as you'd expect for a web server.

If you're running IIS or PWS as well, you'll need to configure one to run on port 80 and the other to run on an alternative, I use port 8080. If you do this you can safely run IIS and Apache on the same test machine and you access you pages with:

http: // localhost:8080/ pagename.php

http: // localhost/ pagename.asp (spawn of the devil...)

Unless you open the relevant port and have DNS pointing to a domain on your local testing server you should be safe enough. There are ways to access your system via Apache and IIS that you wouldn't want, but this is where you have an outward facing web server with incoming traffic permissions. Local testing servers are pretty easy to lock down.

Any firewall should go a long way to stop incoming and outgoing traffic. My router stops anything trying to get in unless I want it to and I run IIS and Apache on Windows and Apache on Linux and Apple machines every day.

  Taran 13:21 14 May 2004

If you need help on altering the default ports on either or both web servers just post again to that effect.

  PurplePenny 14:15 14 May 2004

Thanks Taran, I've downloaded them all separately now so I'll see how I get on with them. Thank goodness for Kevin Yank's walk-through, my notes from the course are difficult to decipher.

I have PWS at home but I think that I'll get rid of it. I was hoping to have IIS at work but some of the necessary files are not on my local drive and there is only one library XP cd (currently heavily in use by IT) so I don't know when I will get IIS up and running. So for now I will only be using Apache.

I have the free version of ZoneAlarm at home. Will that do the job or should I upgrade to Pro? I would *hope* that the library has a really good firewall .........



  Taran 15:02 14 May 2004

Any software firewall will do what needs to be done, but don't automatically ban Apache out of hand. Wait for an outside access request or alert and respond to it.

I'd have thought that your library would be behind some sort of hardware protection.

Finally, installing the programs as seperate entities is all well and good but the preconfigured package I suggested has several things in its favour:

1. Obviously it is pre-built so installation takes a few moments.

2. It includes features that a standard installation of the individual components takes ages to arrive at.

3. It is very, very heavily customised for speed and optimal performance.

Manually configuring your Apache environment can result in headaches and/or chaos, which is one of the main reasons I suggest the likes of this preconfigured package.

You'll be fine with a little patience and common sense behind you though.

If you're going to run a manual install you may want to consider sticking with Apache 1.3.31 and , likewise, it would be an idea to stay with the current stable releases of MySQL and PHP.

This allows you to emulate the type of environment most current mainstream web hosts are offering. It is also flying full in the face of the preconfigured package I suggested originally since that is based around Apache 2x.

ho hum

Good luck with it no matter which way you decide to go.

  Taran 15:31 14 May 2004

that people might be wondering what Penny and I are talking about in here.

I suggested a preconfigured testing server to her a short while ago for a PHP course she is about to score top marks in.

This software bundle consists of the following:

Apache 2.0.49

mod_deflate (zlib 1.1.4)

httpd.conf (optimized and minimized, setup for php, cgi, mod_deflate, mod_perl)

Perl 5.8.3

mod_perl 1.99_13

MySQL 4.0.18





PHP 4.3.6

phpMyAdmin 2.5.6

analog 5.32 (web stats)

Additional Perl Modules (over base)


















In plain English this makes it a fully functioning Apache server with all the bells and whistles that your web host will probably have, and few that your web host might not even offer.

Setting the system up requires you to edit 2 lines of the MySQL my.ini file, 3 lines of the PHP php.ini file, you copy a required DLL to a folder then copy both of the previously mentioned .ini files to another folder. All you do then is add some environemt variables (Windows 2000/XP) start the various services and reboot your PC. It's all explained in the documentation if this sounds scary.

The download is around 40mb and comes in .ZIP, .RAR or .EXE format and expands to about 114mb on your hard drive.

The link, for anyone who might want to take a look, is here: click here

Make sure to select the DeveloperSide.NET Web-Server Suite, v1.10 standard since they won't allow you to download the SSL version outside of the US.

It's the best combined Apache download I've seen so far and if you don't want to get all the individual packages yourself and manually install and then tweak them it's a breeze to work with. I pointed most of my students to this download and they all gave it top marks without reservation.

It takes a geek like me to actually want to configure my own Apache server environments...

  Forum Editor 18:16 14 May 2004

we wouldn't have half the technology we can all enjoy today. Enjoy your geekness - revel in it - and pursue your interests as you see fit.

You're not the only one who likes doing such things - I blush when I think of some of the nerdy projects going on in my office. We enjoy ourselves however, and it does nobody any harm, so here's to geeks the world over, long may their propellors continue to turn.

  PurplePenny 19:49 14 May 2004

.. be a geek in training?

Taran - I shall download that package at work and take advantage of the super speedy Joint Academic Network. What sort of processing power will it need? (HDD space isn't a problem at work or at home but at home processing power might be.) Hmmm ... I wonder if they will let me install it on my work PC...


  Taran 20:59 14 May 2004

One of my students has it running on an ancient AMD K6 3 450MHz desktop machine and an even older K6 2 400MHz laptop, both with 64mb of memory.

That's one of the benefits of Apache - it can run on very low powered machines.

In fact, on that topic, the internet traffic for one of the mainstream Linux distributions was, until very recently, running on a single CPU AMD K6 3 450MHz with either 128 or 256mb of memory server (I can't remember which off the top of my head). It was a point for them to brag about as far as they were concerned, that all download request traffic and such like were happily tootling along on an ancient, low spec server.

You don't need vast amounts of processing power to run MySQL, PHP and Apache.

  PurplePenny 22:36 14 May 2004

....AMD K6 3 450MHz desktop machine

Which, by a spooky coincidence, is exactly what I'm sitting at now (though I do better in the memory stakes than your student's machine having a humungous 256mb!).

Kev on the other hand is happily playing games on an AMD Athlon 2800 with 1gig of RAM.

I shall put it on the laptop which is somewhere between the two.


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

See mcbess's iconic style animated for Mercedes-Benz

iPhone X news: Release date, price, new features & specs

Black Friday 2017 : date, sites participants & bonnes affaires