[Owasp-Malaysia] The Best, Secure and lightier HTTPD

Ang Chin Han ang.chin.han at gmail.com
Mon Sep 27 02:02:52 EDT 2010

On Mon, Sep 27, 2010 at 12:07 PM, Muzamir Mokhtar <muzamir at pahang.gov.my> wrote:
> Salam,
> I would like to know which one is the best, secured (not 100%) and
> light httpd?
> I got some of them. If any of you got others version please do advice me.
> Apache -  the origin
> Lighthttpd - http://www.lighttpd.net/
> nginx - http://nginx.org/

For what it's worth, we run a number of nginx webservers as a
frontend, apache for backend. Good performance for nginx.

But  more importantly for security, you need to look at what type of
websites you are running. I'll hazard that most mature webserver
software is secure for static sites, so it doesn't matter. When you
have running other things, e.g. PHP, fastcgi, mod_python, etc is when
things get insecure. E.g. please don't run phpmyadmin or phppgadmin on
a publicly accessible website/server. Patch your Joomla, Wordpress,
Drupal where possible.

tl/dr: It's not the webserver software that's usually not secure, but
what you run on it.

More information about the Owasp-Malaysia mailing list