[Almir Karic] > is it possible to protect one site in case some other sites gets cracked? Depends on the attack vector. If the attacker subverts apache itself, then no, there isn't much you can do about that - except to run multiple copies of apache on multiple IP addresses. If you're going to go that far it's not that much work to just run them in separate virtual machines using xen. For attacks on user scripts (PHP, python, etc.), you might investigate the 'apache2-mpm-itk' package, intended for exactly what you want, but note that it's considered a bit experimental. I haven't tried it. If you don't want to use apache2-mpm-itk, you can run all user scripts via CGI rather than native apache modules - then 'suexec' can work with that. See the 'php4-cgi' and 'php5-cgi' packages, for example. Peter
Attachment:
signature.asc
Description: Digital signature