Apart from those settings, jailing php just like nginx as we do with
‘Install_nginx_php_services.zip’ and following its advice about further
jailing, there is only one thing you could do and that’s create more php
jailed users, one for each instance and jailing them to their
environment
(www.sitea.nl using a different jailed upstream then www.sitab.nl).
Following these ‘basic’ recommendations, which are no different then you
would do on linux, I have yet to see after millions of attacks anyone
breaking through. Here on our clusters we see more then 1 million
attacks
each month.
Stupid configurations, programming without thinking, ignorance, are of
course excluded.
Thanks itpp2012 i also am curious if there are any specific or
recommended
naxsi firewall configs or things to use too other than the default
config
you supply with your builds ?
A WAF, even the simple one we supply in /conf, is only a tool for an
application-fool Both take some white-listing experience before it
all
works but also requires more then basic knowledge to prevent legitimate
posts from getting blocked.
Well yeah you only need a WAF if your web application or server is
insecure
in some way but you also have to look at the extra benefit it holds what
is
if you are using Public web based app’s such as Drupal, Wordpress,
Joomla,
ClipBucket any kind of content management system because they are open
source when security exploits are found or arise it does help block and
slow
down hackers until fixes or updates are made.
Should i have cgi.force_redirect enabled or disabled with Nginx because
everywhere i look sort of contradicts eachother.
Some say have it enabled some say have it disabled and this site has two
seperate security posts that say you should have it disabled in one then
enabled in another ?