The FIT Server is designed and built with security in mind. For example, the libraries supplied by Sevenval are compiled with only the functionality actually required and the default settings have been chosen carefully. However, we’d like to give you some hints about how to further improve the security of your FIT Server.
On a production system, you should only operate the services that are essential. These include services for remote administration such as
sshd, if appropriate, services for backup, monitoring, and automatic updates. Deactivate and stop all unnecessary services.
Reduce the number of installed packages on a production system to a minimum. Uninstall all applications that are not required for server operation, especially graphical applications such as X11 and desktop environments, including the accompanying tools and libraries. Development tools like debuggers are useful only in exceptional cases and do not need to be installed permanently.
Keep your system up to date. Install all security updates as they become available from your Linux distributor. Also install all updated packages and security related extensions that Sevenval releases for the FIT Server (see Updating).
The maximum memory used by the processes of the FIT Server needs to be limited to the available memory, to prevent overloading the system by a large number of incoming requests or by timeouts due to failures of a source. This requires that the maximum number of processes and threads of the Apache Web server and the maximum number of PHP-FPM processes are suitably adjusted. Ensure that enough space is set aside for the operating system, other server processes and the file system buffers.
Both memory usage and CPU consumption also depend on the size and type of content that the FIT Server processes. The following relevant limits can be configured in
FIT_MAX_PARSE_SIZElimits HTML/XML parser payload
FIT_MAX_IMAGE_AREAlimits image processing payload
If no limits are set, or the values do not match the available memory, the system may become unstable and at a higher load may cause an outage.
For the security of the system, it is crucial to limit access to backend or sources servers. This may be configured for each individual site and in
We recommend setting a system-wide blacklist that forbids any unnecessary access to servers inside the data center that may be accessible through the firewall. This may include
localhost, sibling servers of the FIT cluster, log servers, monitoring systems, load balancer status pages or other application servers within the DMZ that FIT does not needed to load content from.
Proxy servers, however, must still be allowed.
See ACLs for more information.
The request system will deny requests matching any of the following criteria, without regard to any manually configured entries in the access control lists:
When the FIT Engine receives an incoming HTTP request from a client, the engine usually passes it on to the source via HTTP. To secure this connection between the FIT Engine and the source, HTTPS can be supplemented, if necessary, by HTTP authentication or a SSL client certificate.
The communication between the client and the FIT Server can be secured by HTTPS as well. Since some mobile devices reject self-signed certificates, a trusted SSL certificate should be purchased and used.
Theoretically, client certificates could be used between the client and the FIT Server, if only a closed user group is to access the site. In practice, however, the installation of certificates on devices, if possible at all, is often rather cumbersome.
Unlike most HTTP proxies, SSL connections are terminated by the FIT Engine or the load balancer so that the requests can be processed.
If you have to debug one of your sites in production operation, limit debugging access to specific IP addresses (
FIT_DEBUG_LOGGING_WHITELIST). If this is not possible, for example, due to dynamic address allocation, use HTTP authentication with username and password (
FIT_DEBUG_AUTH_PASSWORD). Do not permit unrestricted debugging. Disable the debugging functions when you no longer need them.
The heartbeat script
/test.fit, as well as the status reports provided by the Apache module
/ServerStatus and by PHP-FPM at
/FPMAlive may display potentially sensitive information. We recommend restricting access to this information using the example configuration files
The FIT Server assigns all its files to two different system users:
fit is the owner of all files under
/opt/sevenval/fit14/. That includes all the shipped files and the configuration files produced by
fitadmin config generate. The Web server runs with the privileges of the second user,
fit-data. Therefore, all files written during operation located in the directories
/var/cache/fit14/ belong to
If you haven not configured any virtual hosts with a port below 1024, such as port 80 or 443, you should start the Web server without
root privileges. For example, you can specify any non-privileged user of the