On Tue, 6 Nov 2007 10:32:11 -0500 "Ryan Barnett" <Ryan.Barnett@xxxxxxxxxx> wrote: > Greetings everyone, > > I am leading the CIS Apache Benchmark Project > (http://www.cisecurity.org/bench_apache.html) and we are in the final > stages of an updated revision. We are seeking feedback from Apache > users to get a consensus on the new recommended settings. If you > would be willing to participate by reviewing the document and > providing feedback, please let me know and I will send you a DRAFT > copy. Why not a URL where we can view it? Speaking from memory, and my recollection of your book, I don't think the benchmark is particularly helpful. One of apache's chief virtues is the ability to serve a wide range of different needs through different modules and configuration, so a one-size- fits-all recipe is never going to be applicable to more than a tiny subset of all situations. For example, I seem to recollect you recommending disabling mod_negotiation. I consider that profoundly unhelpful, not least because of the number of times people re-invent its functionality (badly) using mod_rewrite. Techie: We need to set it up like this. PHB: But the benchmark (or diagnostic tool evaluating the benchmark) says that's insecure! tends to lead to homebrew hacks, and serious insecurities. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|