Portal Home > Knowledgebase > Articles Database > Lighttpd + Mod_Security and full .htaccess support
Lighttpd + Mod_Security and full .htaccess support
| Posted by sh4ka, 11-07-2007, 08:29 PM |
| Hello,
Im considering alternatives to Apache web server for high traffic servers.
I already installed lighttpd + fastCGI (which is great!), integrated php5 and mysql5 without any problems.. After searching over the net i can see that there are lot of problems to have .htaccess files working in the same way as in Apache 1.3/2.x .
The solutions I've seen for this require almost a complere re-write of the .htaccess rules and even the app code in some cases, i mean, this is not good. Have anyone configured lighttpd to work with generic .htaccess files ? any guides please?
Also another important thing on a webservers is the security, apache is able to handle mod_security (a must in web server security I think), but i do not see any documentation on how to migrate mod_sec to lighttpd, any ideas about this?
Im testing this on Debian + PHP5 and MySQL 5 with latest lighttpd package.
Any suggestions are appreciated.
Thanks.
|
| Posted by sh4ka, 11-08-2007, 02:05 PM |
| Any ideas, please?
|
| Posted by CretaForce, 11-08-2007, 03:08 PM |
| You can find more information about lighttpd rewrites here:
http://trac.lighttpd.net/trac/wiki/Docs%3AModRewrite
3 months ago I translate more than 50 apache rewrites to work with lighttpd. It takes some time if you don't have previous experience but after you finish you will be happy with the result.
|
| Posted by sh4ka, 11-08-2007, 03:31 PM |
| Okay, that means lighttpd does not support shared web hosting, i can not translate 300+ sites from 1 of our virtual servers, this web server will never be good for shared hosting if the continue working in this way.
What about mod_security?
|
| Posted by CretaForce, 11-08-2007, 03:48 PM |
| We use lighttpd for shared hosting for more than 400 websites (many busy websites too), no problems at all. We manually add some rewrites for people that ask it. If you want you can make lighttpd handle the static files and apache to handle php. That way apache rewrites will work.
mod_security is an apache module so it doesn't work with lighttpd. Instead you can use mod_magnet which is a module to control the request handling in lighttpd.
Also lighttpd isn't supported by cpanel/plesk/DA. How do you plan to use it? The only commercial control panel that I know that supports lighttpd is lxadmin.
|
| Posted by sh4ka, 11-08-2007, 06:37 PM |
| I never said i will use cPanel or plesk for shared hosting. T
Thanks for your suggestions, i will try to take a look at mod_magnet.
Thanks.
|
| Posted by RBBOT, 11-08-2007, 07:34 PM |
| Cretaforce: How do you secure PHP to prevent one user's scripts accessing another user's files under lighttpd? Do you have a seperate pool of fastcgi processes for each user?
|
| Posted by CretaForce, 11-09-2007, 03:14 AM |
| Yes php processes run under each username.
|
| Posted by RBBOT, 11-09-2007, 06:54 AM |
| That's where I see the limitation for using lighttpd for shared hosting. As each user requires at least one PHP process it uses a lot of memory to support them all, and limits each user to using only the small number of PHP threads. I think apache compiled to use the MPM thread model is better in that scenario, whereas lighttpd is much better for a few large sites under the control of one organisation where inter-site security isn't an such an issue.
|
| Posted by CretaForce, 11-09-2007, 07:03 AM |
| That is how I setup it. You can always run php with the same owner for all users, that is the default configuration.
|
Add to Favourites 
Print this Article
Also Read
Shared Hosting
Shared Hosting
