LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Apache Settings and DSO Modules (https://www.linuxquestions.org/questions/linux-software-2/apache-settings-and-dso-modules-4175437173/)

d072330 11-14-2012 04:21 PM
Apache Settings and DSO Modules
 
I am installing a new web server and was curious if there were any issues with commenting out all of the DSO modules in the httpd.conf file?

I have read through what each module does and I am basically just going to be hosting html pages for basic information so I think all of these modules are not needed.

If someone has an opinion on this please let me know. Is this a security risk or a security enhancement?

unSpawn 11-15-2012 09:27 AM
Quote:
Originally Posted by d072330 (Post 4829555)
I am installing a new web server and was curious if there were any issues with commenting out all of the DSO modules in the httpd.conf file?
I have read through what each module does and I am basically just going to be hosting html pages for basic information so I think all of these modules are not needed.
If someone has an opinion on this please let me know. Is this a security risk or a security enhancement?
Disabling modules you don't need definitely is good for maintenance and performance reasons and limits (ab)use. If you're only hosting static HTML pages there's web servers with way smaller package and resources footprints like Thy, Lighttpd, etc, etc BTW.

d072330 11-15-2012 10:26 AM
Good to know. I have done this way for now and will stick to it LOL. I have listed the modules I have commented out of the httpd.conf file. I went line by line to see what would break httpd starting. It depends on what you have removed from the conf.d directory (perl.conf etc) on which modules you can and cannot comment out from what I have found.

Quote:
#LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule env_module modules/mod_env.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
#LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule info_module modules/mod_info.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
#LoadModule cgi_module modules/mod_cgi.so
#LoadModule version_module modules/mod_version.so

d072330 01-29-2013 03:37 PM
turns out some of those are needed so I went one by one and eliminated the ones I did not need.

Also put this in my httpd.conf file:

Quote:
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off

# Disable allow_url_include in php.ini for security reasons
php_admin_flag allow_url_include Off

# Disable display_errors for security reasons
php_flag display_errors Off
php_flag log_errors On

# Disable display_errors for security reasons
php_flag display_errors Off
php_flag log_errors On

# Lower memory_limit for security reasons
php_value memory_limit 8M

# Set open_basedir to a safe location
php_admin_value open_basedir /var/www/html/:/etc/nagios/:/usr/lib/nagios/

# Lower post_max_size for security reasons
php_value post_max_size 256K

# Disable register globals for security reasons
php_flag register_globals Off

# Enable save_mode for security reasons
php_flag safe_mode On

# Lower upload_max_filesize for security reasons
php_value upload_max_filesize 128KB

# Set upload_tmp_dir to a safe location
php_value upload_tmp_dir /tmpsess

# Disable use_trans_sid for security reasons
php_flag session.use_trans_sid Off


All times are GMT -5. The time now is 09:32 PM.