[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Apache Configuration
Re,
>But I think that the most important model is: using a special port,
>different than 80. Not only that it is supported by these tools, but
>as I understood it is even the default. The security is achieved by
>using a port which is blocked by your router and/or your firewall
>and/or your UNIX. Although it is not a replacement for the basic
>methods (since it doesn't block the other internal users), it is a
>critical method for blocking external intruders.
>
Just you shouldn't put too many hope on this blocking. There are methods
to circumvent this (various bounce/redirect attacks), and internal users
in big companies (ones that need good GUI more than small ones - because
one has to configure many servers, etc.) are the biggest security threat
;).
>The commercial tool requires a frames+tables supported browser.
The >HTTP/Java tool requires a Java supported browser.
>
The thing that I find somewhat silly. Why not to make it lynx-friendly
(with graphics, etc - but no Java)? If I have server-only system, I would
have to install JDK or Communicator just to configure my Apache -
overkill, don't you think so? Not talking about server systems that have
no X at all... Neglect to this type of systems seems to be common - most
GUI systems (example - linux distributions, Solaris tools) don't have
console analogues of it's GUI tools, though it is certainly possible and
when I have choice, I use only them - it's much more easy-to-use, fast
and convenient - you have 101 key on keyboard and only 3 on mouse -
guess what is faster and more flexible? ;).
>BTW: At least the commercial tool, requires you to run it as root.
Well, somehow it has to write config files? And they should be writable
under the UID of config tool. I think that if you make the file writable
by non-root and run the tool with this UID, it will work (unless it binds
low port or something alike - totally unnecessary IMO).
>BTW^2: Meanwhile, I cancel my plans to develop yet another tool. I
>was not aware of the other tools (as well as 99% of the Apache
>users. These 3 projects are so unknown and unfamous...). I believe
And Apache has no link to it, and in the FAQ written: "Q: Can I configure
apache from my browser? A: No." Period. Publicity, huh?
>that the leading tool among the 3 will be the tool developed by
>Justin ( http://butler.disa.mil/ApacheConfig/ ), because of the
>3. Programmable interface (SNMP!).
Which many of tool users didn't ever heard about ;), not to say know how
to use it.
>6. To be included in Apache 2.0 (scheduled to May, but let me be
> skeptical :-(
Well, we all know that "scheduled to May" means "maybe it will be ready
in September" ;).
About GUIs - if they are hardcoded (and at least WarPaint seems to
be, since it has "unsupported directives"), they understand only
commands that their developers have put inside. This means every step
outside the limits of plain-straightforward configuration will throw you
back to "vi httpd.conf" or whatever you use as text editor ;).
I thought that it is possible, given modular structure of Apache, to
make self-configuring module, that have to prior knowledge of any
configuration commands, and takes all from current apache setup. With
this, you could configure new modules or new directives which didn't even
exist at the time you wrote the module.
--
frodo@sharat.co.il \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-2-5369213 /\ JRRT LoTR.
http://www.sharat.co.il/frodo/ whois:SM719-RIPE@whois.ripe.net