0

I have read about multiple approaches on isolating websites on Apache server such that if one website is compromised, wont affect the rest nor the server itself. But I was confused and not sure which approach is the best in terms of security and usability?

Some of the approaches are:

  • Having every website in it's own Apache server in a docker container and using a proxy to map different requests to correspondent container port.
  • Have root as the owner of /var/www/(website dirs and files) and have apache group allowed to only read the files in /var/www/.
  • Enabling mod_users or mod_chroot in apache.
  • Using chroot jail.

Which is the best alternative? Is there a better alternative than the ones mentioned above?

Majx
  • 1
  • 3
    There really isn't a *best*. Each of them have pros and cons. What makes sense depends on your scenario. – vidarlo Nov 12 '22 at 20:38

0 Answers0