用Apache Proxy的指令改进LAMP安全性

后端 Apache 实例的配置

清单 2 和 清单 3 中的代码片段说明了与标准 Apache 配置的基本差异。应该根据需要将它们添加到适当的配置中，比如这里忽略的 PHP 功能配置。

清单 2. 在线创业企业的 Apache 配置:

# Stuff every Apache configuration needs

ServerType standalone

LockFile /var/lock/apache/accept.startup.lock

PidFile /var/run/apache.startup.pid

ServerName necessaryevil.startup.tld

DocumentRoot "/home/startup/web"

# Essential modules

LoadModule access_module /usr/lib/apache/1.3/mod_access.so

# Which user to run this Apache configuration as

User startup

Group startup

# This must be off else the host isn't passed correctly

UseCanonicalName Off

# The IP/port combination to listen on

Listen 127.0.0.2:10000

# Using name-based virtual hosting allows

 you to host multiple sites per IP/port combo

NameVirtualHost 127.0.0.2:10000

<VirtualHost 127.0.0.2:10000>

        ServerName www.startup.tld

        # You can add aliases so long as the facade server is aware of them!

        ServerAlias startup.tld

        DocumentRoot "/home/startup/web/www.startup.tld"

        <Directory /home/startup/web/www.startup.tld/>

            Options Indexes FollowSymLinks MultiViews ExecCGI Includes

            AllowOverride All

            Order allow,deny

            Allow from all

        </Directory>

</VirtualHost>

清单 3. 个人客户的 Apache 配置

# Stuff every Apache configuration needs

ServerType standalone

LockFile /var/lock/apache/accept.nimrod.lock

PidFile /var/run/apache.nimrod.pid

ServerName necessaryevil.nimrod.tld

DocumentRoot "/home/nimrod/web"

# Essential modules

LoadModule access_module /usr/lib/apache/1.3/mod_access.so

# Which user to run this Apache configuration as

User nimrod

Group nimrod

# This must be off else the host isn't passed correctly

UseCanonicalName Off

# The IP/port combination to listen on

Listen 127.0.0.2:10001

# Using name-based virtual hosting allows you

to host multiple sites per IP/port combo

NameVirtualHost 127.0.0.2:10001

<VirtualHost 127.0.0.2:10001>

        ServerName www.reckless.tld

        # You can add aliases so long as the facade server is aware of them!

        ServerAlias reckless.tld

        DocumentRoot "/home/nimrod/web/www.reckless.tld"

        <Directory /home/nimrod/web/www.reckless.tld/>

            Options Indexes FollowSymLinks MultiViews ExecCGI Includes

            AllowOverride All

            Order allow,deny

            Allow from all

        </Directory>

</VirtualHost>