# Easiest way to segment an existing apache server by vhost?

## Philippe23

Looking for a path of least resistance.  I have a long existing server that serves up several websites (different domains) including some HTTPS sites all from one IP.

Currently apache runs as a single user for all vhosts and there are no jails or anything else.

Most sites use PHP (WordPress, Wikis, even some custom code), some use external programs like imagemagick, gd, etc.

I trust everyone who has accounts on the site, but recently an external party figured out how to trick a script into writing new files into directories writable by the apache process.  I'd like to make it so that in the future if a vulnerability is found in one vhost, that damage is contained to that single vhost.

The hardware is lightweight, a quad-core Phenom II, 4GB of RAM and a single hard-drive.

What's the easiest method to segment these vhosts from each other?  Preferably one that doesn't need more resources than I have and one that isn't horribly oppressive (requiring fidgeting to get access to things like imagemagick or "sendmail").

Thanks a ton!

----------

## py-ro

Try mpm_itk, should do what you want, with least needed editing of your config.

There even is a USE-Flag for it.

Bye

Py

----------

## Philippe23

By the way, I switched over to ITK this weekend.  Thanks for the suggestion py-ro!

----------

