非表示:
キーワード:
-
要旨:
At Living Reviews we are serving content from various web applications and other internal sources on our public webservers. Our own web applications are run under specific user accounts configured to have minimal permissions. They are bound to the public webserver by proxy rewrite rules. For content typically served by the apache instance itself (subversion using webdav, trac instances using mod_python) we use additional apache instances running under separate accounts to limit file access for the internal data to those processes really needing them. The different apache instances are configured with minimal apache modules each (no mod_python for the subversion handling apache etc.). All apache instances use the binaries and modules provided by the distribution; only the config files differ.