We've added several things to the LAMP service in order to improve security:
SSL is available for all uiowa.edu sites. We can also accommodate SSL for 'Vanity' Domains assuming the registered 'owner' has a valid uiowa.edu email address. Contact its-lamp-help@uiowa.edu if you have questions.
We're running ModSecurity as an Apache Module. ModSecurity operates as a web intrusion detection tool. We have a number of rules that it uses to detect improper web traffic. It's possible that you'll trigger one of these rules, particularly when setting up a new site. If you do, you'll get an error screen that looks something like this (only your e-mail address will be listed). E-Mail the identifier number to its-lamp-help@uiowa.edu and we'll figure out what ModSecurity saw that it didn't like and how to resolve it.
We're also running the mpm-itk Apache Module. This module supports each Apache instance running as a different user. When Apache is serving your web site to a user, that process runs as your user account, not as 'apache' or 'nobody'. This helps prevent another web site on the server accessing anything related to your web site. It also has the advantage that since the web server is running as the same user that owns the web content, you don't have the problem with the web server writing files that you can't access later.
Part of this also includes each web site having it's own session folder. It's located in your Home Directory and named '.session' (a hidden directory).
We're running Suhosin as a PHP Module. It 'hardens' PHP, according to the Hardened-PHP Project. There is a slight chance it might prevent your site from doing something, although we've seen very little interference from it. Contact its-lamp-help@uiowa.edu if you suspect it might be causing you problems.
