Subject: Re: [users@httpd] Dynamic Mass Virtual Hosting with Secure Dynamic Content is impossible?
On 7/28/06, Matthew Fisch <matthew.fisch@xxxxxxxxx> wrote:
>
>
> I'm currently consulting for a customer running 20,000 customers/domains
> on a few dozen zeus webservers sharing an nfs nas. The support contract with
> zeus has lapsed and I am comparing my options for moving over to apache in
> leu of renewing.
> A basic requirement of any webserver for this cluster is secure dynamic
> mass virtual hosting.
>
> mod_vhost_alias OR mod_rewrite seems to give me the ability to serve up
> pages from the nfs nas ie
> /var/www/virtual/d/r/dreamway.com/docs . This is basic mass
> virtual hosting.
> This works great for static content, but breaks down when customers want
> to run CGI/PHP, now we need suexec (or something) to make this secure.
> Unfortunately suexec is defined at the <VirtualHost> level and I see no
way
> to incorporate it into a mass virtual hosting setup. I assume this is
> because suexec has no method of mapping domains to uids.
> Way back in apache 1.3 there was a third party addon mod_cgiwrap that did
> something like this (its now defunct).... and in apache 2.0 there was a
> partly written MPM 'perchild' that might have helped too .. which brings me
> to (less important) point # 2.
> Zeus has a 'perchild' type feature where the thread that serves up the
> client pages (the whole server) AND the CGI's SU to the user's uid. In
> addition to making CGI's secure, this also lets people 'own' their own
> content away from prying eyes of other users with access to the apache
> group.
>
> Does this functionality exist in apache and I just cant see it? Is there a
> better place to ask? Let me know, I'll be elevating this to the dev list
>
shortly.
It would be relatively straightforward to hack suexec to launch cgi
scripts with a different set of rules. Of course, you'd need to be
very careful to make it secure (see all the warnings in the docs and
source code). But if you have 20000 domains, you should be able to
afford to hire a decent programmer. This is not something that would
make it into the main apache httpd, because it would be impossible to
do it in a flexible and secure way. Luckily, for one site, you don't
need flexibility.
With regard to serving 20000 hosts entirely under their own userids, I
have never seen anything that could do that without severe sacrifices.
Perchild and similar mpms keep a pool of processes/threads for each
userid, which wouldn't work at that scale. The other secure
alternative is to launch a new process for each request, but that is
obviously horrible
performance-wise. I don't know anything about
zeus, but I suspect that they have made a major compromise either in
performance or security to accomplish this.
With regard to "elevating" this to the dev list, feel free. But make
sure you've searched the archives of this list and the dev list for
the dozens of other times this has been discussed.
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:
http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
