[5027] in WWW Security List Archive
Re: Security issues in Apache?
daemon@ATHENA.MIT.EDU (Phillip M. Hallam-Baker)
Fri Apr 11 10:31:52 1997
From: "Phillip M. Hallam-Baker" <hallam@ai.mit.edu>
To: "Paul Phillips" <paulp@go2net.com>, "Adam Shostack" <adam@homeport.org>
Cc: <www-security@ns2.rutgers.edu>
Date: Thu, 10 Apr 1997 14:23:17 -0400
Errors-To: owner-www-security@ns2.rutgers.edu
>I have heard the suggestion to run web servers on some high numbered
>port, and use your IP filtering/NAT software to translate incoming
>requests to webserver:80 to webserver:8000
>No impact on the web server. I haven't done this, and would
>test heavily before deploying it.
I've tried it and found that the performance hit can be considerable.
The hit can be even worse on some CISCO routers where there is
a routing engine. Turning on filtering means that the processor board
does the routing and not the engine. This kills the machine.
Thats why I suggested an O/S patch.
Phill
