Apache2 cross site security
However, it seems things have changed and the latest apache config files don't seem particularly designed to do this, mainly because instead of the /etc/init.d/apache start script starting apache directly, it goes through /usr/sbin/apache2ctl which seems to be not designed to handle more than one instance of apache.
A net search on the subject seems to turn up minimal info.
This makes me think that perhaps the security I'm looking for can now be bestowed in some other way. I confident I could hack a solution but I'd prefer not to. I've seen mention of suPHP and mod_security to aid in this type of task, though I'm not clear on how I would use these.
Can anyone give some helpful pointers? Thank you.
2 Replies
There is some overhead associated with this (an extra fork per request, compared to prefork MPM), but I don't host any high-volume sites so it doesn't bother me any. YMMV.
There is also the theoretical possibility that if there were a security vulnerability early enough in Apache's processing, it could cause a root security compromise. However I have not heard of anything of the sort since I've been using this MPM, so personally I trust it.
I'm sure there are many other solutions to this problem that others can chime in on, but this is the one I've grown most comfortable with.
