Apache tweak

Paulo Santos paulo.banon at googlemail.com
Sun May 27 16:48:23 UTC 2007


Its always nice to have extra security surounding the architecture and apps,
but for that we will need extra resources that we currently dont have right
now, i personally would like to have extra RAM on the proxies. mod_security,
is not that light, but its really nice and handy :)

Tweaks that we should do right now, is verify the values in MaxClients and
everything regarding the threads (childs), and see if unecessary modules are
being loaded or not

At least is my opinion...
Paulo

On 5/27/07, Damian Myerscough <damian.myerscough at gmail.com> wrote:
>
> Yea, it would. However mod_easvie is able to detect if users a
> continuously hitting refresh
> to consume bandwidth.
>
> mod_evasive is also recommended by Ryan Barnett who is the author of
> Preventing Web Attacks with Apache.
>
> Has anyone also thought about deploying mod_security? or is it me just
> being paranoid.
>
> I think this would make an excellent topic to talk about in the next
> meeting?
>
> On 27/05/07, Mike McGrath <mmcgrath at redhat.com> wrote:
> > Damian Myerscough wrote:
> > > Ok, I guess we can talk more about it after the release of Fedora 7.
> > >
> > I also have a question about mod_evasive.  Wouldn't it be better/most
> > efficient to limit that traffic before it even hits the apache instance?
> >
> >     -Mike
> >
> > _______________________________________________
> > Fedora-infrastructure-list mailing list
> > Fedora-infrastructure-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
> >
>
>
> --
> Regards,
>   Damian
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-infrastructure-list/attachments/20070527/19b3c54e/attachment.htm>


More information about the Fedora-infrastructure-list mailing list