Chapter 3. Confining Web Applications
In this chapter, we will cover the default confinement of the web server domain and practice how to enhance this policy to suit our needs. We will also look into mod_selinux
and how it can be used to confine web applications even further. All this will be handled through the following recipes:
Listing conditional policy support
Enabling user directory support
Assigning web content types
Using different web server ports
Using custom content types
Creating a custom CGI domain
Setting up mod_selinux
Starting Apache with limited clearance
Mapping HTTP users to contexts
Using source address mapping to decide on contexts
Separating virtual hosts with mod_selinux