Apache Security

An All-purpose Guide For Locking Down Apache Arms Readers With All The Information They Need To Securely Deploy Applications. It Offers A Concise Introduction To The Theory Of Securing Apache, Practical Advice And Real-life Examples. Topics Include Installation, Server Sharing, Logging And Monitoring, Web Applications, Php And Ssl/tls, And More. The Apache web server dominates the market, and its popularity continues to grow. While there is a lot of documentation for installing, configuring, and maintaining Apache, there is far less on the complex subject of securing it. Apache Security is the comprehensive book you've been looking for.Apache Security is an invaluable source of information, whether you're a system administrator responsible for the security of the sites you administer, a programmer who wants to create secure applications, a system architect who needs to understand how system design decisions affect security, or a web security professional.Apache Security covers the full range of web security topics, with descriptions of those specific to Apache, as well as guidance and references for related topics. You'll find detailed recommendations for all aspects of securing both the 1.3 and 2.0 versions of Apache. Topics include: Installation and the crucial task of secure configuration of the web server, Prevention, recognition, and handling of denial of service and other types of attacks, Infrastructural and architectural issues and their impact on overall security, Shared web-hosting security issues, Web application security, How to assess the security of a web system, Secure configuration and use of the PHP web-scripting language, Logging facilities and strategies for catching and addressing security breaches, Web intrusion detection and prevention, The use of mod_security and other security-related modules, Cryptography concepts, various authentication methods, and use of SSL/TLSThroughout this comprehensive book, you'll find numerous links to web sites and books with additional information, discussions, and product descriptions. You'll also find usage examples for a large number of time-saving tools that will make your life easier, including tools written by the author to automate daily administrative tasks, such as log monitoring, log analysis, and defending against denial of service attacks. With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site. Our new guide, Apache Security , gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general. But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to: install and configure Apache prevent denial of service (DoS) and other attacks securely share servers control logging and monitoring secure custom-written web applications conduct a web security assessment use mod_security and other security-related modules And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server. Apache Security; Scope; Contents of This Book; Online Companion; Conventions Used in This Book; Typesetting Conventions; Using Code Examples; We & d Like to Hear from You; Safari Enabled; Acknowledgments; 1. Apache Security Principles; 1.1.2. Common Security Vocabulary; 1.1.3. Security Process Steps; 1.1.4. Threat Modeling; 1.1.5. System-Hardening Matrix; 1.1.6. Calculating Risk; 1.2. Web Application Architecture Blueprints; 1.2.2. Network View; 1.2.3. Apache View; 2. Installation and Configuration; 2.1.1.2. Downloading patches; 2.1.2. Static Binary or Dynamic Modules; 2.1.3. Folder Locations.;This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more. Apache Security Scope Contents of This Book Online Companion Conventions Used in This Book Typesetting Conventions Using Code Examples We & d Like to Hear from You Safari Enabled Acknowledgments 1. Apache Security Principles 1.1.2. Common Security Vocabulary 1.1.3. Security Process Steps 1.1.4. Threat Modeling 1.1.5. System-Hardening Matrix 1.1.6. Calculating Risk 1.2. Web Application Architecture Blueprints 1.2.2. Network View 1.2.3. Apache View 2. Installation and Configuration 2.1.1.2. Downloading patches 2.1.2. Static Binary or Dynamic Modules 2.1.3. Folder Locations. 2.1.4. Installation Instructions2.1.4.2. Selecting modules to install 2.2. Configuration and Hardening 2.2.2. Setting Apache Binary File Permissions 2.2.3. Configuring Secure Defaults 2.2.3.2. AllowOverride directive 2.2.4. Enabling CGI Scripts 2.2.5. Logging 2.2.6. Setting Server Configuration Limits 2.2.7. Preventing Information Leaks 2.3. Changing Web Server Identity 2.3.1.2. Changing the name using mod_security 2.3. "Apache Security is an invaluable source of information, whether you're a systems administrator responsible for the security of the sites you administer, a programmer who wants to create secure applications, a systems architect who needs to understand how system design decisions affect security, or a web security professional." "Apache Security covers the full range of web security topics, with descriptions of those specific to Apache, as well as guidance and references for related topics. You'll find detailed recommendations for all aspects of securing both the 1.3 and 2.0 versions of Apache."--Jacket This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more. COMPUTERS / Internet / Security