Apache and fastcgi - How to secure an Apache server with fastcgi enabled?

Posted by skyeagle on Super User See other posts from Super User or by skyeagle
Published on 2011-01-01T23:22:46Z Indexed on 2011/01/01 23:55 UTC
Read the original article Hit count: 200

Filed under:
|

I am running a headless server on Ubuntu 10.x. I am running Apache 2.2.

I am writing a fastcgi application for deployment on the server. I remember reading a while back (I could be wrong) that running CGI (and by implication fastcgi) on a server, can provide 'backdoors' for potential attackers - or at the very least, could compromise the server if certain security measurements are not taken.

My questions are:

  • what are the security 'gotcha's that I have to be aware of if I am enabling mod_fastcgi on my Apache server?
  • I want to run the fastcgi as a specific user (with restricted access) how do I do this?

© Super User or respective owner

Related posts about apache

Related posts about apache2