News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Matthew Weier O'Phinney's Blog:
Making Zend Server Available Via SSL Only
January 07, 2011 @ 09:46:58

Matthew Weier O'Phinney has a new post to his blog today about making your Zend Server instance a bit more secure by taking the admin GUI and forcing it to be HTTPS-only (instead of the default HTTP & HTTPS).

In light of the recent remote PHP exploit, I decided to update a couple servers I manage to ensure they weren't vulnerable. In each case, I had been using hand-compiled PHP builds, but decided that I'm simply too busy lately to be trying to maintain updates -- so I decided to install Zend Server. [...] One thing I've never been happy about, however, is that by default Zend Server exposes its administration GUI via both HTTP and HTTPS. Considering that the password gives you access to a lot of sensitive configuration, I want it to be encrypted.

He points out that, since the Zend Server interface runs on a lighttpd instance, it's easy to modify a few config files to change the setting. Adding a few lines to limit the socket it can connect on, the IP address to filter to and a URL filter on anything starting with "/ZendServer/" takes away the HTTP access.

0 comments voice your opinion now!
zendserver http https restrict tutorial


blog comments powered by Disqus

Similar Posts

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 2)

PHP-Coding-Practices.com: How I Turned A Slow Array Sort Into A Quick One Using Quicksort Algorithm

NetTuts.com: Laravel 4: A Start at a RESTful API

PHPMaster.com: Explore Aspect Oriented Programming with CodeIgniter, Part 3

DevShed: The LIKE Clause and the Active Record Pattern


Community Events





Don't see your event here?
Let us know!


framework series symfony deployment release api laravel threedevsandamaybe list development interview community zendserver language developer tips code conference podcast introduction

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework