Well, I've just set up a webserver for the first time (apache 1.3.34) on my home lan, more of a hobby than anything serious at the moment. Here's the background:
My only firewall at the moment is a wireless router which is however well-configured for basic security. The port I'm binding apache to is being forwarded by the router. This is the only forwarding port which is open on the router.
Apache is installed with a minimal slackware installation, the only other "listening" service running is ssh. I'm using ssh for administration and I'm logging in from another computer (also slackware) on my lan, so port 22 is not open to the outside world on the router.
Well, the server is running and seems to be ok, but I'm concerned about the best security options for apache, both for myself and for everyone else. I obviously don't my webserver to become a breeding ground for worms/malware.
I'm going to follow the apache related security tips here:
http://httpd.apache.org/docs/1.3/mis...rity_tips.html
Anyone have any extra security ideas, slackware-oriented or otherwise, firewall or apache related? eg should I be using iptables in combination with the router, or is this overkill?
Cheers