Chapter 3. Confining Web Applications
In this chapter, we will cover the default confinement of the web server domain and practice how to enhance this policy to suit our needs. We will also look into mod_selinux
and how it can be used to confine web applications even further. All this will be handled through the following recipes:
- Listing conditional policy support
- Enabling user directory support
- Assigning web content types
- Using different web server ports
- Using custom content types
- Creating a custom CGI domain
- Setting up mod_selinux
- Starting Apache with limited clearance
- Mapping HTTP users to contexts
- Using source address mapping to decide on contexts
- Separating virtual hosts with mod_selinux