httpd.conf How to prevent user to view it?

AlexAT

Well-Known Member
PartnerNOC
May 23, 2003
202
0
166
Ukraine
cPanel Access Level
Root Administrator
Your example isn't good.
It is for view logs only but cPanel present all logs with 640 which does not allow to read them everyone except the owner.
 

casey

Well-Known Member
Jan 17, 2003
2,288
0
191
Anybody figure out how to prevent people from viewing httpd.conf yet? Either with mod_security or by some other means?
 

lloyd_tennison

Well-Known Member
Mar 12, 2004
697
1
168
Just a thought but is there a way to change the name of httpd.conf on build - or would that mess up the rest oif Cpanel?
 

anup123

Well-Known Member
Mar 29, 2004
889
1
168
This Planet
In src/Configuration.tmpl of the Apache source , you could set this to:

TARGET=httpd-myname for example
While going for handcompiled apache version

I needed two httpd (one lightweight and the other mod_perl so i hand compile mod_perl one setting target=httpd-perl)

Not too sure if that can be a possibility in easyapache.

ANup
 
Last edited:

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
anup123 said:
In src/Configuration.tmpl of the Apache source , you could set this to:

TARGET=httpd-myname for example
While going for handcompiled apache version

I needed two httpd (one lightweight and the other mod_perl so i hand compile mod_perl one setting target=httpd-perl)

Not too sure if that can be a possibility in easyapache.

ANup
may i ask what you do with 2 httpd ? ;)
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
That would definitely screw up cPanel updating the configuration file, though (rebuilding apache with a different configuration file name).
 

anup123

Well-Known Member
Mar 29, 2004
889
1
168
This Planet
anand said:
may i ask what you do with 2 httpd ? ;)
cpanel default httpd for all content serving except mod_perl
handcompiled httpd-perl serving mod_perl content (ie all Alias /perl stuff in httpd.conf)

ProxyPass
ProxyPassReverse

Used in cpanel httpd (with mod_proxy compiled in as DSO module) for communicating with httpd-perl

Why Is This Done:

httpd-perl is about 40MB process
httpd (without mod_perl is about 10MB) process

With a single mod_perl enabled httpd (which can be done) is a waste of resource and in heavy traffic could be killing. KeepAlive Off in httpd-perl

Note: in case you have to use mod_gzip and mod_proxy in the default httpd you can't unless you patch mod_gzip.c. It won't work out of the box with mod_proxy there.

httpd-perl listens on different port which is closed to outside world and can only be accessed by the cpanel httpd. Fewer httpd-perl and more httpd processes possible with same resource and httpd-perl is immediately freed up rather than being dependant upon the client side network speed...

Anup
 
Last edited:

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
anup123 said:
cpanel default httpd for all content serving except mod_perl
handcompiled httpd-perl serving mod_perl content (ie all Alias /perl stuff in httpd.conf)

ProxyPass
ProxyPassReverse

Used in cpanel httpd (with mod_proxy compiled in as DSO module) for communicating with httpd-perl

Why Is This Done:

httpd-perl is about 40MB process
httpd (without mod_perl is about 10MB) process

With a single mod_perl enabled httpd (which can be done) is a waste of resource and in heavy traffic could be killing. KeepAlive Off in httpd-perl

Note: in case you have to use mod_gzip and mod_proxy in the default httpd you can't unless you patch mod_gzip.c. It won't work out of the box with mod_proxy there.

httpd-perl listens on different port which is closed to outside world and can only be accessed by the cpanel httpd. Fewer httpd-perl and more httpd processes possible with same resource and httpd-perl is immediately freed up rather than being dependant upon the client side network speed...

Anup
looks like you do heavy perl work :D I would luv to see your setup :)

Have u ever tried lingerd ? Its suppose to help a lot for heavy sites since it handles all the connections, however i am not sure if it can be worked with easyapache.
 

anup123

Well-Known Member
Mar 29, 2004
889
1
168
This Planet
anand said:
looks like you do heavy perl work :D I would luv to see your setup :)

Have u ever tried lingerd ? Its suppose to help a lot for heavy sites since it handles all the connections, however i am not sure if it can be worked with easyapache.

Oh i just love experimenting things taught by veterans on forums. I am a metallurgical engineer by profession and dumped that long time back after being fed up with roaring arc furnaces :)

While on lingerd: Yes had a dig at that too .
But never really went ahead after reading this line in the documentation that comes with lingerd:

Disadvantages:

- a proxy front-end can double as a cache, as a load balancer and as
a light-weight image server, which lingerd obviously can't.

Was just playing with Apache::Dynagzip but couldn't tame it so far :)
While on mod_perl .... i just buy stuff from companies ... why reinvent the wheel...

Anup
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
anup123 said:
Disadvantages:

- a proxy front-end can double as a cache, as a load balancer and as
a light-weight image server, which lingerd obviously can't.

Was just playing with Apache::Dynagzip but couldn't tame it so far :)
While on mod_perl .... i just buy stuff from companies ... why reinvent the wheel...

Anup
Can u explain the last thing ? Wat advantages you get from the mod_perl apache actually ? Just trying to understand.

Can i take a look at your setup ? And can it be replicated to free up processes of apache for heavy sites ? Just wondering...
 

SarcNBit

Well-Known Member
Oct 14, 2003
1,001
3
168
chirpy said:
Well, I've been able to resolve the httpd.conf access issue. Anyone wanna know how? :p
Does it involve; a paperclip, bubblegum (grape flavor preferred but any will do) and tin foil?
 

anup123

Well-Known Member
Mar 29, 2004
889
1
168
This Planet
Going thru this link, changing to 640 as recommended did prevent httpd.conf from being read.
Tried everything after changing to 640 and nothing seemed to break. However, read it in this thread that it would break cpanel?

http://www.biosfarm.ro/~dragos/papers/securizare_apache.html

What would break in cpanel? Does it mean that cpanel installation needs 644 on httpd.conf?

[EDIT]
I know all these must have been researched, but here's another link:

http://www.faqs.org/docs/securing/chap29sec251.html
[/EDIT]

Anup
 
Last edited: