[Linux] Apache and security questions

Aaron Wolfe linux@flux.org
Wed, 9 Jan 2008 00:47:58 -0500 

It would help to know exactly what error message you get.
Also, what do the access and error logs tell you?

As for securing the server, the usual way of doing this is to have 3 nics o=
n your firewall.  One for the internet, one for your local network, and one=
 for a "DMZ" where you put your  servers.  Depending on what you use for a =
firewall, this might be easy or might be impossible.

One very nice and cheap device that supports this (and much more elaborate)=
 setups is the linksys wrt54gl.  It run linux and can actually support up t=
o 5 different wired networks and a wireless net (plus a practically unlimte=
d number of vlans).  I can't say enough good things about this little box, =
it is amazing.  There are a number of variants from linksys and other vendo=
rs that are similar in function.  They can be found for less then $50 on sa=
le.

-Aaron

________________________________

From: linux-admin@flux.org [mailto:linux-admin@flux.org] On Behalf Of Steve=
n Benmosh
Sent: Tuesday, January 08, 2008 11:16 PM
To: linux@flux.org
Subject: [Linux] Apache and security questions


Ok, by now you know I am trying to set up a new web site. I have two questi=
ons.

1. Here is my sites-available default file:
...
default file that comes with the server
...

<VirtualHost *>
        ServerAdmin admin@words2u.net
        ServerName www.words2u.net
        ServerAlias words2u.net
        DocumentRoot /home/words2u
</VirtualHost>

<VirtualHost *>
        ServerAdmin admin@words2u.net
        ServerName gpx.words2u.net
        ServerAlias words2u.net
        DocumentRoot /home/words2u/gpxwiki
</VirtualHost>

When I use www.words2u.net or words2u.net , I get the correct page. When I =
use the IP address, I get /var/www default page, as expected. But when I ru=
n gpx.words2u.net, I get an error message.

Where am I going wrong? Do I have to run my own dns server to enable urls o=
ther than www.words2u.net and words2u.net?

2.Security

What is the best way to isolate my net server from the other computers in m=
y network, so if/when someone breaks in, the rest of the network is safe? U=
se firewall on each computer to block access to the web server? Any other i=
dea?

Thanks.

Z.

--
Check out my web site - www.words2u.net