Apache Security

Paladion
By Paladion

August 16, 2005

Apache Security

According to Netcraft's August 2005 Web Server Survey, 70% of the websites use the Apache web server. They will benefit from this book.

Apache SecurityAccording to Netcraft's August 2005 Web Server Survey, 70% of the websites use the Apache web server. They will benefit from this book.

Ivan Ristic is the author of mod_security, the application firewall plugin for Apache. In this book, he shows how to deploy Apache securely. Secure installation, SSL, log monitoring and shared hosting are the focus areas of the book. Along the way, he also introduces the reader to application layer attacks and assessment strategies. One interesting section shows how to mask the web server's identity and confuse the attacker.

If you are responsible for rolling out Apache, you will benefit from the detailed coverage of the hardening process. Going well beyond the official documentation, Ivan explains the reasoning and benfits of each step. Similarly, the SSL how-to is followed by an analysis of the practical issues in SSL (eg. users lack awareness of browser warnings for SSL).

The chapter on logging shows how to extend Apache's logging features with the mod_security module. It also introduces the powerful Simple Event Correlator for monitoring and analyzing logs. Ivan also discusses how to implement Apache 2 as a reverse proxy and the benefits of doing that.

The book is peppered with interesting sidebars, from the informative one on Apache backdoors to the amusing one on the Alan Ralsky Denial of Service.

This book is a must-read for Apache administrators; web developers will also enjoy Ivan's direct writing, though they will be better served by a book with more code samples that show bugs in the code.


Tags: Review

About

Paladion

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset