Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Apache Document Root Architecture

Posted on 2012-03-10
4
Medium Priority
?
242 Views
Last Modified: 2012-06-21
If I am setting my machine up to run Apache 2.2 for both development and light production as an external facing web server, what is the best folder structure to establish? A Documentroot that has a folder with each project underneath it? Are there other considerations or configuration settings that I must consider for this setup?

Thanks,
Mike
0
Comment
Question by:mpduffey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 2000 total points
ID: 37706330
> .. up to run Apache 2.2 for both development and light production
don't do that
use at least to instances of apache, and best also different IPs

if your development breaks apache, your production is oofline, if your development can be cracked, your production can be compromised
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 37706444
I agree with ahoffmann in theory, though I usually don't follow that advice in practice.  My current development environment uses the same Apache service, though I have several IPs to spread the love, so to speak.

You do need to make sure you have separate document roots, at the very least.  If your development application can be infiltrated, which is often the case before you have thoroughly vetted your code, it falls to Apache to keep isolation intact.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37706455
> .. it falls to Apache to keep isolation intact.
and the OS, and the DB, and other applications, and ... and ... and ...

theoretically you can secure apache and your application, and do you do that in practice, always, all day?

in theory, theory and praxis are identical, in praxis they're not
0
 
LVL 51

Expert Comment

by:Steve Bink
ID: 37708017
>>> and the OS, and the DB, and other applications, and ... and ... and ...

Too true.  If an application allows file access into the document root, then separating those document roots implements a needed level of isolation.

Of course, if the application allows unrestricted file system access (e.g., user-provided targets for file(), file_get_contents(), etc., without whitelisting), having separate document roots does not really do anything.  In that case, every document root would be accessible, limited only by file/directory permissions in the context of Apache's user.  But, that is something to be addressed in the application logic.

And I guess there lies the advantage of multiple Apache installations - you can set your production environment to use a much more restricted user than your dev environment.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question