Nginx securiy problem

Steve steeeeeveee at gmx.net
Fri Dec 4 03:36:57 MSK 2009


-------- Original-Nachricht --------
> Datum: Thu, 3 Dec 2009 16:22:27 -0800
> Von: Michael Shadle <mike503 at gmail.com>
> An: nginx at nginx.org
> CC: nginx at sysoev.ru
> Betreff: Re: Nginx securiy problem

> On Thu, Dec 3, 2009 at 3:03 PM, Steve <steeeeeveee at gmx.net> wrote:
> 
> > What? Because of mailman you run Apache? Well... I do run mailman 2.1.12
> here on top of nginx 0.8.29 without any issues. No Apache involved in any
> way. I don't see any reason to use Apache for mailman.
> 
> yeah - CGI-based stuff i run apache behind nginx for those couple
> things. i always have nginx on the frontend.
> 
I only have one instance of Apache that I use and it's used for web pages that I know are not easy to handle for me (from the security viewpoint). So I run mod_security on that Apache instance and other stuff that helps me to narrow down the possible security problems. It does not prevent them but I can sleep better knowing that mod_security and other tools are doing a good job in preventing the most obvious issues.

Every where else I use nginx. Some time as stand alone and in some instances as a load balancer and and and...


> how do you run mailman directly?
> 
I did not say I run it directly. I run it as a FCGI instance with the help of FcgiWrap (http://nginx.localdomain.pl/wiki/FcgiWrap). And I do the same for other CGI applications (for example the DSPAM WebUI, AWStats, for cgi-bin directory, etc).

> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx

-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3.5 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser




More information about the nginx mailing list