Re: [users@httpd] Dynamic Mass Virtual Hosting with Secure Dynamic Content is impossible?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/28/06, Matthew Fisch <matthew.fisch@xxxxxxxxx> wrote:


  I'm currently consulting for a customer running 20,000 customers/domains
on a few dozen zeus webservers sharing an nfs nas. The support contract with
zeus has lapsed and I am comparing my options for moving over to apache in
leu of renewing.
  A basic requirement of any webserver for this cluster is secure dynamic
mass virtual hosting.

  mod_vhost_alias OR mod_rewrite seems to give me the ability to serve up
pages from the nfs nas ie
/var/www/virtual/d/r/dreamway.com/docs . This is basic mass
virtual hosting.
  This works great for static content, but breaks down when customers want
to run CGI/PHP, now we need suexec (or something) to make this secure.
Unfortunately suexec is defined at the <VirtualHost> level and I see no way
to incorporate it into a mass virtual hosting setup. I assume this is
because suexec has no method of mapping domains to uids.
  Way back in apache 1.3 there was a third party addon mod_cgiwrap that did
something like this (its now defunct).... and in apache 2.0 there was a
partly written MPM 'perchild' that might have helped too .. which brings me
to (less important) point # 2.
  Zeus has a 'perchild' type feature where the thread that serves up the
client pages (the whole server) AND the CGI's SU to the user's uid. In
addition to making CGI's secure, this also lets people 'own' their own
content away from prying eyes of other users with access to the apache
group.

  Does this functionality exist in apache and I just cant see it? Is there a
better place to ask? Let me know, I'll be elevating this to the dev list
shortly.

It would be relatively straightforward to hack suexec to launch cgi
scripts with a different set of rules.  Of course, you'd need to be
very careful to make it secure (see all the warnings in the docs and
source code).  But if you have 20000 domains, you should be able to
afford to hire a decent programmer.  This is not something that would
make it into the main apache httpd, because it would be impossible to
do it in a flexible and secure way.  Luckily, for one site, you don't
need flexibility.

With regard to serving 20000 hosts entirely under their own userids, I
have never seen anything that could do that without severe sacrifices.
Perchild and similar mpms keep a pool of processes/threads for each
userid, which wouldn't work at that scale.  The other secure
alternative is to launch a new process for each request, but that is
obviously horrible performance-wise.  I don't know anything about
zeus, but I suspect that they have made a major compromise either in
performance or security to accomplish this.

With regard to "elevating" this to the dev list, feel free.  But make
sure you've searched the archives of this list and the dev list for
the dozens of other times this has been discussed.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux