LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-14-2013, 02:43 AM   #1
davex7
LQ Newbie
 
Registered: Jun 2013
Posts: 6

Rep: Reputation: Disabled
Web Server with only html content


Hello,
can a CentOS web server with apache and only html pages have potential security holes?

Thanks,
dave
 
Old 06-14-2013, 02:47 AM   #2
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Debian, SL
Posts: 5,231

Rep: Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127
Hi,

yes, every service has _potential_ security holes.

Evo2.
 
Old 06-14-2013, 02:52 AM   #3
davex7
LQ Newbie
 
Registered: Jun 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by evo2 View Post
Hi,

yes, every service has _potential_ security holes.

Evo2.
ok, just asking about potential html,http attacks...can you propose a simple example?
Thanks
 
Old 06-14-2013, 02:59 AM   #4
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Debian, SL
Posts: 5,231

Rep: Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127Reputation: 1127
Hi,

sorry I don't have any examples.

Evo2.
 
Old 06-14-2013, 04:53 AM   #5
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,261

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Have a read of this https://www.owasp.org/index.php/Top_...le_of_Contents
 
1 members found this post helpful.
Old 06-17-2013, 05:42 AM   #6
r0b0
Member
 
Registered: Aug 2004
Location: Europe
Posts: 602

Rep: Reputation: 49
With all due respect to the previous posters, I dare to differ.

If by "a CentOS web server with apache and only html pages" you mean a fully updated recent CentOS version with no other network services apart from apache and no apache modules installed other than basic modules needed to serve static content, I think the attack surface of such system is very small.

In other words, if you make sure you set up the system correctly and keep it that way, you're gonna be fine.

I wouldn't discourage you from running your own network services. Learning by doing. The security gurus might have other experience but alas.

Kind regards,
Robert
 
Old 06-17-2013, 08:53 AM   #7
davex7
LQ Newbie
 
Registered: Jun 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by r0b0 View Post
With all due respect to the previous posters, I dare to differ.

If by "a CentOS web server with apache and only html pages" you mean a fully updated recent CentOS version with no other network services apart from apache and no apache modules installed other than basic modules needed to serve static content, I think the attack surface of such system is very small.

In other words, if you make sure you set up the system correctly and keep it that way, you're gonna be fine.

I wouldn't discourage you from running your own network services. Learning by doing. The security gurus might have other experience but alas.

Kind regards,
Robert
Yes, that's what i mean!
Thank you!

Dave
 
Old 06-17-2013, 10:33 AM   #8
Turbocapitalist
Member
 
Registered: Apr 2005
Distribution: Ubuntu, Debian, OS X (bsd)
Posts: 144

Rep: Reputation: 27
I would say that it could be quite locked down, especially in comparison to other options. A server can get into relatively little trouble serving static HTML.

Too often people use PHP or even throw in a full CMS when all they want is standardized headers and footers. That can be done safely in Apache and nginx using Server-Side Includes without executables. See IncludesNoExec for Apache.
 
Old 06-17-2013, 11:18 AM   #9
frieza
Senior Member
 
Registered: Feb 2002
Location: harvard, il
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,095

Rep: Reputation: 369Reputation: 369Reputation: 369Reputation: 369
if you ask my 2cents, nothing is 100% attack proof, but usually when it comes to web servers, the attack surface isn't usually the web server itself, but rather the scripts run on the web server, such as those with a mysql backend if not written properly are vulnerable to sql injections etc.., the webserver itself, although theoretically vulnerable is a much smaller attack surface.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Using Linux As A Proxy Server To Access Web Content from Outside U.S. bpolhemus Linux - Server 8 08-29-2012 08:16 AM
How to print out web content in a proxy server written in C? taione Programming 0 10-25-2011 02:40 AM
how turn a linux server machine to a filter of web content? jasonx22 Linux - Newbie 9 03-12-2009 12:03 AM
Help, Adding New HD to Web Server HTML folder jtyler Linux - General 1 10-27-2005 09:59 AM
Strange html (web server) issue lenlutz Linux - Software 1 01-06-2004 10:44 AM


All times are GMT -5. The time now is 11:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration