Friday, December 19, 2014

security - Apache and fastcgi - How to secure an Apache server with fastcgi enabled?

I am running a headless server on Ubuntu 10.x. I am running Apache 2.2.



I am writing a fastcgi application for deployment on the server. I remember reading a while back (I could be wrong) that running CGI (and by implication fastcgi) on a server, can provide 'backdoors' for potential attackers - or at the very least, could compromise the server if certain security measurements are not taken.



My questions are:





  • what are the security 'gotcha's that I have to be aware of if I am enabling mod_fastcgi on my Apache server?

  • I want to run the fastcgi as a specific user (with restricted access) how do I do this?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...