Apache 2.4.1 (released 2012-02-21) -- Good to Go?

3 posts / 0 new
Last post
#1 Fri, 02/24/2012 - 20:55
katir

Apache 2.4.1 (released 2012-02-21) -- Good to Go?

We have successfully set up our new CentOS 6.2 64-bit server. Migration of virtual domains is going smoothly with only minor glitches. I must say what a dream machine is VirtualMin and WebMin when you have to really "go at it" setting up and new box/domains. It's marvelous.

We used the back up restore function and it works well, though a cache table in one MySQL data base was corrupt but easily repaired with PHPMyAdmin. Also the back up doesn't seem to recognize or transfer the disk quotas and they were defaulting to 1MB or something ridiculous and some operations were failing because we could not write to disk (over quota)...and in one case no passwords were transferred, instead, virtual min use the old IP as the password for the primary owner/FTP user (wierd) So now after migration we carefully go thru all the settings (duh of course you should do that anyway).

But my question today is: we want to harden security on the box. It has Apache is 2.2.15 now but I see they just released a few days ago 2.4.1 and there have been major advances in Apache in 2.4 on many levels. I am "drooling" especially over all the security holes that have been plugged in 2.4. and the architecture changed and possibly we will get some speed increases over 2.2.15

I know living on the "bleeding edge" is not always a good idea, but since we are setting up this new machine I would rather go thru all the pain at once and then forget about it for a while, especially because it appears that 2.4.1 really meets all the PCI compliance requirements which is another key concern.

Will VirtualMin/WebMin run on Apache 2.4.1? Is upgrading so soon after release a bad idea? ( it is noted as stable) Has anyone installed 2.4.1? Any Insights? Opinions welcome...

Fri, 02/24/2012 - 22:17
andreychek

But my question today is: we want to harden security on the box. It has Apache is 2.2.15 now but I see they just released a few days ago 2.4.1

Well, remember that RedHat/CentOS backports all the bugfixes and security updates into that Apache version. So you're not running an old, buggy version of Apache -- you're running a well tested, secure web server.

That current version is also PCI compliant -- though you may need to tell the PCI vendors that you're using CentOS, and remind them that all security fixes are backported into your Apache version.

Will VirtualMin/WebMin run on Apache 2.4.1? Is upgrading so soon after release a bad idea? ( it is noted as stable) Has anyone installed 2.4.1? Any Insights?

We haven't yet done any testing with Apache 2.4.x. If you're interested in stability, I'd certainly suggest sticking with the default that comes with CentOS.

However, like yourself, I'm a bit curious... you could always fire up a test server (perhaps installing CentOS in a Virtualbox instance) -- and try Apache 2.4.x on it to see how things work.

We did recently talk about Apache 2.4.x, so it'll likely get some testing here soon.

-Eric

Fri, 06/29/2012 - 17:11
malinens

any update on apache2.4?

and I get warning on this page:

warning: htmlspecialchars() [function.htmlspecialchars]: Invalid multibyte sequence in argument in /home/virtualmin/public_html/includes/bootstrap.inc on line 860.
user warning: in /home/virtualmin/public_html/includes/cache.inc on line 108.
Topic locked