LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-14-2012, 04:21 PM   #1
d072330
Member
 
Registered: Nov 2007
Location: USA
Distribution: CentOS 5/6
Posts: 186

Rep: Reputation: 6
Apache Settings and DSO Modules


I am installing a new web server and was curious if there were any issues with commenting out all of the DSO modules in the httpd.conf file?

I have read through what each module does and I am basically just going to be hosting html pages for basic information so I think all of these modules are not needed.

If someone has an opinion on this please let me know. Is this a security risk or a security enhancement?
 
Old 11-15-2012, 09:27 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591Reputation: 3591
Quote:
Originally Posted by d072330 View Post
I am installing a new web server and was curious if there were any issues with commenting out all of the DSO modules in the httpd.conf file?
I have read through what each module does and I am basically just going to be hosting html pages for basic information so I think all of these modules are not needed.
If someone has an opinion on this please let me know. Is this a security risk or a security enhancement?
Disabling modules you don't need definitely is good for maintenance and performance reasons and limits (ab)use. If you're only hosting static HTML pages there's web servers with way smaller package and resources footprints like Thy, Lighttpd, etc, etc BTW.
 
Old 11-15-2012, 10:26 AM   #3
d072330
Member
 
Registered: Nov 2007
Location: USA
Distribution: CentOS 5/6
Posts: 186

Original Poster
Rep: Reputation: 6
Good to know. I have done this way for now and will stick to it LOL. I have listed the modules I have commented out of the httpd.conf file. I went line by line to see what would break httpd starting. It depends on what you have removed from the conf.d directory (perl.conf etc) on which modules you can and cannot comment out from what I have found.

Quote:
#LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
#LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule env_module modules/mod_env.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule expires_module modules/mod_expires.so
#LoadModule deflate_module modules/mod_deflate.so
#LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
#LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule info_module modules/mod_info.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
#LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
#LoadModule cgi_module modules/mod_cgi.so
#LoadModule version_module modules/mod_version.so
 
Old 01-29-2013, 03:37 PM   #4
d072330
Member
 
Registered: Nov 2007
Location: USA
Distribution: CentOS 5/6
Posts: 186

Original Poster
Rep: Reputation: 6
turns out some of those are needed so I went one by one and eliminated the ones I did not need.

Also put this in my httpd.conf file:

Quote:
# Disable allow_url_fopen for security reasons
php_admin_flag allow_url_fopen Off

# Disable allow_url_include in php.ini for security reasons
php_admin_flag allow_url_include Off

# Disable display_errors for security reasons
php_flag display_errors Off
php_flag log_errors On

# Disable display_errors for security reasons
php_flag display_errors Off
php_flag log_errors On

# Lower memory_limit for security reasons
php_value memory_limit 8M

# Set open_basedir to a safe location
php_admin_value open_basedir /var/www/html/:/etc/nagios/:/usr/lib/nagios/

# Lower post_max_size for security reasons
php_value post_max_size 256K

# Disable register globals for security reasons
php_flag register_globals Off

# Enable save_mode for security reasons
php_flag safe_mode On

# Lower upload_max_filesize for security reasons
php_value upload_max_filesize 128KB

# Set upload_tmp_dir to a safe location
php_value upload_tmp_dir /tmpsess

# Disable use_trans_sid for security reasons
php_flag session.use_trans_sid Off
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to build Apache 2.2 without DSO support ddaas Linux - Server 4 02-17-2011 08:42 AM
apache and mod_ssl (DSO) h725 Linux - Server 1 09-05-2009 07:15 AM
Apache 2: mod_ssl installation w/DSO fails clau_bolson Linux - Server 1 10-11-2007 12:43 PM
Resin Apache DSO mod_caucho.so CTEK Linux - Newbie 0 12-19-2006 06:24 AM
Apache DSO question. gothrog Linux - Networking 4 03-15-2005 10:25 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration