Apache Security

Apache Security

Ivan Ristic

Language: English

Pages: 432

ISBN: 0596007248

Format: PDF / Kindle (mobi) / ePub

Note: This book is now out of print. FREE digital version (PDF, EPUB, Kindle, Online) is available from the author on feistyduck.com.

With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.

To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it-whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.

Our new guide, Apache Security, gives administrators and webmasters just what they crave-a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.

But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:

  • install and configure Apache
  • prevent denial of service (DoS) and other attacks
  • securely share servers
  • control logging and monitoring
  • secure custom-written web applications
  • conduct a web security assessment
  • use mod_security and other security-related modules

And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.

The Hacking Bible

Python & XML

Microsoft SQL Server 2012 Performance Tuning Cookbook

Java for Everyone: Late Objects (2nd Edition)













happens after the last module initializes. This causes problems if you attempt to create a jail in which the logs directory stays outside jail. The solution is to create another logs directory inside jail, which will be used to store the files Apache 2 needs (e.g., the pid file). Many of the modules that create temporary files have configuration directives that change the paths to those files, so you can use those directives to have temporary files created somewhere else (but still within the

attacks are practically impossible to trace. Reflection DoS Attacks Address spoofing is easy to use and most DoS attacks use it. Because target systems believe the source address received in a TCP packet, address spoofing allows attackers to attack a target through other, genuine Internet systems: The attacker sends a packet to a well-connected system and forges the source address to look like the packet is coming from the target of his attack. The packet may request a connection to be

engine to test the cacheability of an application and then talk to programmers about enhancing the application by adding support for HTTP caching. Detailed information about caching and cacheability is available at: "Caching Tutorial for Web Authors and Webmasters" by Mark Nottingham (http://www.mnot.net/cache_docs/) "Cacheability Engine" (http://www.mnot.net/cacheability/) Real-Life Client Problems Assume you have chosen to serve a maximum of one hundred requests at any given

from 192.168.254. In Apache 2, the equivalent directive is used. (Apache 2 also provides the directive, which allows the supplied URL to be an arbitrary regular expression.) # Allow forward proxy requests ProxyRequests On # Allow access to the proxy only from # the internal network Order Deny,Allow Deny from all Allow from 192.168.254. Proxying SSL requests requires use of a special CONNECT method, which is designed to allow arbitrary TCP/IP

you want to implement a really secure system. Do not let the word "simple" in the name fool you; SEC is a very powerful tool. Consequently, it can be a bit difficult to configure. It works on the same principles as Swatch, but it keeps track of events and uses that information when evaluating future events. I will give a few examples of SEC to demonstrate its capabilities. SEC is based around several types of rules, which are applied to events. The rule types and their meanings are: Single

Download sample