Book Image

Lighttpd

By : Andre Bogus
Book Image

Lighttpd

By: Andre Bogus

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Lighttpd
Andre Bogus
Oct, 2008 | 240 pages
No titles found
Table of Contents (20 chapters)
Lighttpd
Lighttpd
Credits
Credits
About the Author
About the Author
About the Reviewer
About the Reviewer
Preface
Preface
Free Chapter
1
Introduction to Lighttpd
Introduction to Lighttpd
Installing Lighttpd
Building Lighttpd using Autotools
Building Lighttpd using CMake
Summary
2
Configuring and Running Lighttpd
Configuring and Running Lighttpd
Starting Lighttpd by Hand
Other Core Options
Mime Types
Selectors
Rewriting and Redirecting Requests
Including Variables, Files, and Shell-code
Summary
3
More Virtual Hosting and CGI
More Virtual Hosting and CGI
Extended Virtual Hosting
MySQL based Virtual Hosting
Going Dynamic
CGI with mod_cgi
FastCGI
SCGI
mod_proxy_core and backends
Summary
4
Downloads and Streams
Downloads and Streams
Core Settings
Traffic Shaping
Showing Directory Contents
Securing Downloads
Streaming Content
Putting it All Together
Summary
5
Big Brother Lighttpd
Big Brother Lighttpd
Privacy
O Browser, Where Art Thou?
Access Logging
Tracking Users
Other Data Points
Summary
6
Encryption: SSL
Encryption: SSL
Self-Signed Keys
Being our own Certificate Authority
Obtaining a Key Pair from a Third-Party Supplier
Configuring Lighttpd to use SSL
Summary
7
Securing Lighttpd
Securing Lighttpd
Barriers to Entry
Evading Denial of Service Attacks
Know Your Foe
Summary
8
Containing Lighttpd
Containing Lighttpd
Giving up Privileges
Changing Root
Separating the Backend
Summary
9
Optimizing Lighttpd
Optimizing Lighttpd
Installing http_load
Specific Optimizations
Profiling with gprof
Summary
10
Migration from Apache
Migration from Apache
Adding Lighttpd to the Mix
Excursion: mod_proxy
Reducing Apache Load
mod_perl, mod_php, and mod_python
.htaccess
Rewriting Rules
WebDAV
Summary
11
CGI Revisited
CGI Revisited
Ruby on Rails
WordPress
phpMyAdmin
MediaWiki
Trac
AWStats
AjaxTerm
Summary
12
Using Lua with Lighttpd
Using Lua with Lighttpd
Lua: A small Primer
Useful Lua Libraries
Lua/FastCGI
Running mod_magnet
Example: A Shoutbox
Summary
13
Writing Lighttpd Modules
Writing Lighttpd Modules
Handling Configuration
Rewriting the Request
Manipulating the Response
Summary
HTTP Status Codes
HTTP Status Codes
Module/Configuration Index
Module/Configuration Index
Internal
mod_access
mod_accesslog
mod_alias
mod_auth
mod_cgi
mod_cml
mod_chunked
mod_compress
mod_deflate
mod_dirlisting
mod_evasive
mod_evhost
mod_expire
mod_fastcgi
mod_flv_streaming
mod_indexfile
mod_magnet
mod_proxy
mod_proxy_core
mod_redirect
mod_rewrite
mod_rrdtool
mod_scgi
mod_secure_download
mod_setenv
mod_simple_vhost
mod_sql_vhost_core, mod_mysql_vhost
mod_ssi
mod_staticfile
mod_status
mod_trigger_b4_dl
mod_uploadprogress
mod_userdir
mod_usertrack
mod_webdav

Summary

Lighttpd can be run quite securely, if we invest a little in its security. We can use the built-in methods to achieve the least privilege, and hence the highest security.

The least we should do is configure Lighttpd so that it will give up root privileges after binding to the needed ports.

If our site is a high-profile site and/or handles monetary transactions or sensitive user information, we should go all the way and put Lighttpd into a chroot environment. In doing so, we need to be very careful not to create any new entry points for attack.

Putting the backend in a separate environment and keeping only a FIFO open to connect both the environments can introduce another considerable barrier for hackers. This way, at least the backend is cleanly cut off from the outside as well as from the static files. So, attacks that require interferences between both are diverted.

Finally, a small table of pros and cons for both methods:

 

Changing User / Group

Running in Chroot Environment

Pro...

Previous Section
End of Chapter 8
Next Chapter