[5010] in WWW Security List Archive
Re: Security issues in Apache?
daemon@ATHENA.MIT.EDU (Adam Shostack)
Thu Apr 10 02:19:50 1997
From: Adam Shostack <adam@homeport.org>
In-Reply-To: <Pine.SOL.3.94.970408160934.283B-100000@wog> from Paul Phillips at "Apr 8, 97 04:16:09 pm"
To: paulp@go2net.com (Paul Phillips)
Date: Wed, 9 Apr 1997 23:10:46 -0500 (EST)
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I have heard the suggestion to run web servers on some high numbered
port, and use your IP filtering/NAT software to translate incoming
requests to webserver:80 to webserver:8000
No impact on the web server. I haven't done this, and would
test heavily before deploying it.
Adam
Paul Phillips wrote:
| all its requests to port 8080? Even if there were some win to this,
| you couldn't do it unless performance was an irrelevant consideration.
| But, again, this buys you nothing (and introduces an unnecessary layer
| of complexity.)
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
