System Security Considerations: WWW Server (cont.)

Other Sensible Precautions:

Run server as special user ("nobody") with limited access rights,
-- do not run it as root

Turn off server-side includes

Don't allow "PUT" method (allow "GET", "POST", "HEAD", etc.)

If possible, use a separate machine for web server (minimally configured)

For NCSA httpd, use version 1.3R or later (1.4.1)

: 1.3 can allow malicious client to overflow temp buffer on server
On certain machines, this means client can execute command on server

for more information....

NCSA httpd Making your Setup More Secure

NCSA httpd 1.3 Security Patch