Avoiding Security Problems - Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual

IMPORTANT: Name-Based Virtual Hosts and SSL
It is not possible to run multiple SSL-enabled virtual hosts on a server with
only one IP address. Users connecting to such a setup receive a warning message
stating that the certificate does not match the server name every time they
visit the URL. A separate IP address or port is necessary for every SSL-enabled
domain to achieve communication based on a valid SSL certificate.

27.7 Avoiding Security Problems

A Web server exposed to the public Internet requires an ongoing administrative effort.
It is inevitable that security issues appear, both related to the software and to accidental
misconfiguration. Here are some tips for how to deal with them.
27.7.1 Up-to-Date Software
If there are vulnerabilities found in the Apache software, a security advisory will be
issued by SUSE. It contains instructions for fixing the vulnerabilities, which in turn
should be applied as soon as possible. The SUSE security announcements are available
from the following locations:
• Web Page http://www.novell.com/linux/security/
securitysupport.html
• Mailing List
#Mailinglists
• RSS Feed http://www.novell.com/linux/security/suse
_security.xml
27.7.2 DocumentRoot Permissions
By default in SUSE Linux Enterprise Server, the DocumentRoot directory /srv/
www/htdocs and the CGI directory /srv/www/cgi-bin belong to the user and
group root. You should not change these permissions. If the directories were writable
http://en.opensuse.org/Communicate
The Apache HTTP Server 407