suexec

suexec - Switch user before executing external programs suexec is used by the Apache HTTP Server to switch to another user before executing CGI programs. In order to achieve this, it must run as root. Since the HTTP daemon normally doesn't run as root, the suexec executable needs the setuid bit set and must be owned by root. It should never be writable for any other person than root. For further information about the concepts and the security model of suexec please refer to the suexec document

suEXEC

suEXEC Support The suEXEC feature provides users of the Apache HTTP Server the ability to run CGI and SSI programs under user IDs different from the user ID of the calling web server. Normally, when a CGI or SSI program executes, it runs as the same user who is running the web server. Used properly, this feature can reduce considerably the security risks involved with allowing users to develop and run private CGI or SSI programs. However, if suEXEC is improperly configured, it can cause any nu

Stopping and Restarting Apache HTTP Server

Stopping and Restarting Apache HTTP Server This document covers stopping and restarting Apache HTTP Server on Unix-like systems. Windows NT, 2000 and XP users should see Running httpd as a Service and Windows 9x and ME users should see Running httpd as a Console Application for information on how to control httpd on those platforms. Introduction In order to stop or restart the Apache HTTP Server, you must send a signal to the running httpd processes. There are two ways to send the signals.

Starting Apache

Starting Apache On Windows, Apache is normally run as a service. For details, see Running Apache as a Service. On Unix, the httpd program is run as a daemon that executes continuously in the background to handle requests. This document describes how to invoke httpd. How Apache Starts If the Listen specified in the configuration file is default of 80 (or any other port below 1024), then it is necessary to have root privileges in order to start apache, so that it can bind to this privileged

SSL/TLS Strong Encryption: How-To

SSL/TLS Strong Encryption: How-To This document is intended to get you started, and get a few things working. You are strongly encouraged to read the rest of the SSL documentation, and arrive at a deeper understanding of the material, before progressing to the advanced techniques. Basic Configuration Example Your SSL configuration will need to contain, at minimum, the following directives. LoadModule ssl_module modules/mod_ssl.so Listen 443 <VirtualHost *:443> ServerName www.exa

SSL/TLS Strong Encryption: FAQ

SSL/TLS Strong Encryption: FAQ The wise man doesn't give the right answers, he poses the right questions. -- Claude Levi-Strauss Installation Why do I get permission errors related to SSLMutex when I start Apache? Why does mod_ssl stop with the error "Failed to generate temporary 512 bit RSA private key" when I start Apache? Why do I get permission errors related to SSLMutex when I start Apache? Errors such as ``mod_ssl: Child could not open SSLMutex lockfile /opt/apache/logs/ssl_mutex

SSL/TLS Strong Encryption: Compatibility

SSL/TLS Strong Encryption: Compatibility This page covers backwards compatibility between mod_ssl and other SSL solutions. mod_ssl is not the only SSL solution for Apache; four additional products are (or were) also available: Ben Laurie's freely available Apache-SSL (from where mod_ssl were originally derived in 1998), Red Hat's commercial Secure Web Server (which was based on mod_ssl), Covalent's commercial Raven SSL Module (also based on mod_ssl) and finally C2Net's (now Red Hat's) commerc

SSL/TLS Strong Encryption: An Introduction

SSL/TLS Strong Encryption: An Introduction As an introduction this chapter is aimed at readers who are familiar with the Web, HTTP, and Apache, but are not security experts. It is not intended to be a definitive guide to the SSL protocol, nor does it discuss specific techniques for managing certificates in an organization, or the important legal issues of patents and import and export restrictions. Rather, it is intended to provide a common background to mod_ssl users by pulling together vario

SSL/TLS Encryption

Apache SSL/TLS Encryption The Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library, which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security protocols. Documentation mod_ssl Configuration How-To Introduction To SSL Compatibility Frequently Asked Questions Glossary mod_ssl Extensive documentation on the directives and environment variables provided by this module is provided in the mod_ssl reference documentation.

Shared Object Cache in Apache HTTP Server

Shared Object Cache in Apache HTTP Server The Shared Object Cache provides a means to share simple data across all a server's workers, regardless of thread and process models. It is used where the advantages of sharing data across processes outweigh the performance overhead of inter-process communication. Shared Object Cache Providers The shared object cache as such is an abstraction. Four different modules implement it. To use the cache, one or more of these modules must be present, and co