CGI Web Hosting Securing Public Web Servers CGI Hosting

Guidelines on Securing Public Web Servers

In addition, use the Web server s operating system to limit files accessed by the Web service

processes.  These processes should have read only access to those files necessary to perform

the service and should have no access to other files, such as server log files.  Use Web server

host operating system access controls to enforce the following [CERT01]:

Web service process(es) is (are) configured to run as a user with a strictly limited set

of privileges (i.e., not running as root, Administrator, or equivalent).

Web content files can be read but not written by Web service process(es).

Web service process(es) cannot write the directories where public Web content is

stored.

Only process(es) authorized for Web server administration can write Web content

files.

The Web server application can write Web server log files, but log files cannot be

read by the Web server application.  Only root/system/administrative level processes

can read Web server log files.

Temporary files created by the Web server application, such as those that might be

generated in the creation of dynamic Web pages, are restricted to a specified and

appropriately protected subdirectory.

Access to any temporary files created by Web server application is limited to the Web

service process(es) that created these files.

It is also necessary to ensure that the Web server application cannot save files outside the

specified file structure dedicated to public Web content.  This may be a configuration choice in

the server software or it may be a choice in how the server process is controlled by the

operating system.  Ensure that such directories and files (outside the specified directory tree)

cannot be served, even if users know the names or the Uniform Resource Locator (URLs) of

those files.

To mitigate the effects of certain types of DoS attacks, configure the Web server to limit the

amount of operating system resources it can consume.  Some examples would include the

following:

Install Web content on a different hard drive or logical partition from the operating

system and Web application.

If uploads are allowed to the Web server, place a limit on the amount of hard drive

space that is dedicated for this purpose.

If uploads are allowed to the Web server, these files should not be readable by the

Web server.  They should only be readable by the Web server after some automated

or manual review process.  This prevents the Web server from being used to traffic

pirated software, attack tools, pornography, etc.

Ensure that log files are stored in a location that is sized appropriately.





Unlimited Web Hosting





  
    
      
        Home :: RegularHostingPlan :: 
          DatabaseHostingPlan :: 
          JavaHostingPlan :: 
          CompareOurPlans :: AboutUs - 
          Our Network :: 
          Testimonials 
          WhyChooseTotalRoute.net :: 
          MoneyBackQuarantee :: 
          SupportOnline :: FAQ :: 
          ControlPanel :: 
          24/7TechSupport :: 
          ContactUs :: 
          Order 
          TransferYourSite :: 
          Sitemap :: 
            TermsOfService
      CGI Web Hosting 
    
  
  
    Our partners:Jsp Web   Hosting 
      Unlimited Web Hosting 
      Cheapest Web   Hosting  Java Web Hosting 
      Web   Templates 
      Best Web Templates 
      Web Design   Templates 
      Interland Web Hosting 
      Cheap Web Hosting  
      Java Web Hosting   
      Tomcat Web Hosting 
      Quality Web   Hosting 
    Best Web Hosting  Mac Web   Hosting
  
  
    TotalRoute.net Business web hosting division of Vision Web Hosting Inc. All rights reserved.