Partition the Web Server
Setting up a web server incorrectly can be difficult to change later. Isolating the operating system from web site files and other data using separate partitions or physical devices needs to be done during server commissioning.
It would be usual to have at least three partitions on a typical web server:
- The operating system
- The web site files (scripts and static files such as images and style sheets)
- Server logs
This allows you to restrict permissions - so that if the web site is compromised, it is harder to access the operating system files, and to ensure that logs don't grow excessively and use up all the available space.
Your own data - the database and perhaps other files - should be stored seperately. If possible this should be on other servers, but if not, on a separate partition.
If you allow any user uploaded content, you should also consider storing this on another separate partition, and in any case, never in sub-directories of the web site root. This is to prevent direct access to possibly malicious file content by directly requesting the address in a browser and to ensure the files are stored in an area with limited permissions.
Posted on: 24 October 2008 at 06:42 hrs
Comments are filtered automatically and should appear shortly after they been checked.