Jump to content

Apache Security


zurek
 Share

Recommended Posts

My friend told me that recently Apache Server have a securiy bug. He told me that after upgrade, some of the config files has been reset to default state, which reduced level of security. Unfortunately I couldn't find any information about this.

It is true, or my friend lied to me?

If this is true then where can I read more about it.

Link to comment
Share on other sites

It would depend. Did existing configuration get over-written? Some distros will prompt during an upgrade to keep existing or replace with new. It would depend on how the upgrade was performed. Always have good backups and run a diff on the configuration files after upgrade to see what changed. Just a part of change/configuration management (or bad luck in some cases :) ).

Link to comment
Share on other sites

My friend told me that recently Apache Server have a securiy bug. He told me that after upgrade, some of the config files has been reset to default state, which reduced level of security.

Most distributions have use a separate directory (conf.d, sites-available, etc) to house local config files, this helps avoid the problem of an update replacing apaches main config file an erasing all local configurations. Of course there are some people who still make all their configuration changes in apache's main config file rather than using local config files, so if it did get replaced then they would loose any changes they have made.

Another big advantage of using local config files for most of your settings is that you can easily replicate security settings from one server to another by simply copying the one file, rather than cutting and pasting lines and hoping that you have got all the relevant ones.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...