How to secure an apache webserver without the mpm_itk module?

M46

5/25/24, 1:03 PM

I want to setup a new webserver for public shared hosting under Rocky Linux 9 with apache.

Our old webservers (CentOS 7) have the mpm-itk module installed which assigns a userId and groupId to every request coming in. So if I chown the webfolders of the customers no cross access is possible.

So far so good, but the mpm-itk module is fairly old and therefore not part of the standard repos of RHEL/CentOS/Rocky/etc. anymore, it has performance disadvantages (it uses the old prefork module) and it is not possible to use http/2 or higher with it. And besides all that it poses a security risk.

So my question is, are there alternative modules to use or are there completly different approaches? I've read this article from the apache wiki and I was wondering if there is another solution instead of a reverse proxy?

The ASF has an experimental version of the itk-module by their own (mod_privileges) But it has the status "experimental" so do not think that this is an official module to use in production. Some other alternatives I found are even older.

0 + 0

security

apache-2.4

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How to secure an apache webserver without the mpm_itk module?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.