Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Apache Web Server

News Reviews Webliography Recommended Books Security PHP MySQL
Linux Performance Tuning Books HTML Best Red Hat Books for Preparation to Certification Classic Unix books Random Findings Humor Etc

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jan 15, 2006] Preventing Web Attacks with Apache

by Ryan C. Barnett

[Mar 15, 2005] Apache Security by Ivan Ristic

Not just about Apache security, June 20, 2005
Reviewer: Jack D. Herrington "engineer and author" (Silicon Valley, CA) - See all my reviews
(TOP 500 REVIEWER) (REAL NAME)
I'm sure it was tempting for the author to just concentrate on the Apache portions of the web application security world. But in reality the security of web applications is a whole, and a vulnerability in the application layer is just as bad as one in the web server layer. Ivan Ristic does a good job of talking about security at every layer and uniting it into a single reference. This is an excellent, focused, resource that is well written and makes difficult security topics easy to understand.

Recommended books

Pro Apache, Third Edition by Peter Wainwright

One of the better books for getting a good handle on Apache, May 2, 2005
Reviewer: Harold McFarland (Florida) - See all my reviews
(TOP 50 REVIEWER)
In this voluminous title author Peter Wainwright covers the Apache web server in detail. Chapters include Installing Apache and basic configuration, building Apache the way you want it, configuring Apache the way you want it, deciding what the client needs, delivering dynamic content, hosting more than one web site, improving Apache's performance, monitoring Apache, Securing Apache, Improving Web Server Security, and Extending Apache. It has some excellent sections on advanced configuration, handling robots, dealing with errors and handling them correctly, name-based and IP-based virtual servers, and improving the performance of your server. The section on securing Apache covers authentication (including digest and LDAP) and using SSL (including some advanced configuration techniques).

There are better books that deal with some of the specific areas of this text (for example, Hardening Apache is much more thorough on the subject of securing your server) but you won't find a more comprehensive text in a single volume than this one. Pro Apache, Third Edition is highly recommended and my first choice for anyone looking for a single book to learn how to setup and configure an Apache server or serve as their primary reference.

Apache Cookbook by Ken Coar, Rich Bowen

Recipes for success from two experts, April 5, 2004
Reviewer: A Williams "honestpuck" (Neutral Bay, NSW Australia) - See all my reviews
(REAL NAME)
While Apache is possibly the most popular and ubiquitous open source project it is certainly not the most simple. One module alone, mod_rewrite, causes me almost more problems and regex wrestling matches than all other products combined. The `httpd.conf' file is a long and critical one. In these circumstances the Apache Cookbook from O'Reilly might be a godsend. It is certainly a well-written, well-researched volume. Ken Coar has spent many years working on Apache and Rich Bowen has long laboured on the Apache documentation. They both know their stuff -- and if this is an example, both know how to write.

The book has twelve chapters, covering everything from installation and adding modules through to proxies and performance. The chapter on security is the largest, it covers the topics well. By contrast I thought the chapter `Aliases, Redirection and Rewriting' too short and could have benefited from some more `recipes', but that may be due to my own bias - mod_rewrite is not an easy topic, and as I've said it causes me a great deal of grief.

It is laid out in a similar way to the Perl Cookbook: each recipe has a `Problem' section followed by a `Solution' and then `Discussion.' In almost all the `recipes' the `Discussion' is longer than the `Solution,' and I often found it far more useful and informative than the problem and its solution.

The Apache Cookbook covers almost all aspects and all parts of the learning curve for Apache. That will either be a strength or a weakness of this volume for you; with such a large and complex piece of software as Apache a single book cannot hope to cover it in a great deal of depth. For me this book was not really a cookbook, more a good source of well documented examples from which to create my own recipes,

My biggest problem reviewing a book like this is that after several years building and configuring Apache (even on an infrequent basis) quite a lot of this volume seems simple. You may also find it the same if you are the sort of person who is not afraid to pore over the documentation, get your hands dirty and make a few mistakes. If you like some hand holding and are just starting with Apache you may benefit from all of it.

That's not to say that I didn't personally find large chunks of this volume useful. Certainly I've gone over several of the recipes and their excellent explanatory text to shed some light on previously dark corners of Apache, particularly as the authors cover both Apache 1.3 and 2.0.

O'Reilly have the usual web page with a Table of Contents and example chapter. The example chapter, on error handling is well chosen as it is typical of the others and useful but not the most useful chapter.

I have recently been thinking that tech books fall into various sorts and there is one sort I'd call `library books' - books you may not need to own, but will want to read every so often and would be good to have in your local or company library. Apache Cookbook is one of these, a book I'd recommend everyone coming to grips with Apache has close to hand, but it is not going to be constantly on your desk in the same way that Perl Cookbook might be for Perl programmers: to start off with, it's half the size and doesn't cover nearly as many topics. This one falls short of essential due to it's concentration on breadth. rather than depth. So my recommendation for this book is not that all Apache administrators should buy it, but you should have a copy close at hand.

Security

Amazon.com Hardening Apache Books Tony Mobily

by Tony Mobily

Excellent resource for web masters, February 20, 2006
Reviewer: Abe Usher "information security nut" (Virginia) - See all my reviews
I read this book about a year ago and recently re-read it. Coar and Bowen provide an excellent pragmatic approach to taking care of common Apache administration tasks. The Apache "recipes" are well organized, and presented with sufficient depth to be understandable for intermedia users.

The tips in the "miscellaneous topics" section and the troubleshooting guidelines are excellent, and will save Apache administrators significant amounts of time and frustration.

The good:
* Broad coverage of all tasks that Apache administrators will commonly encounter.
* Excellent writing style - concise yet sufficiently descriptive.
* Good organization of topics and very useful book index.
* Very good coverage of virtual hosts (required in most web hosting environments).
* Very appropriate "see also" references associated with each recipe.

The bad:
* Almost 25% of the book is taken up by installation, loading modules, and logging. These are good topics, but they take up too much of the book in my perspective.
* No information on the use of mod_python. mod_snake (a dead sourceforge) project is referenced. Blech.
* No information on co-hosting two versions of PHP (PHP4 and PHP5 on the same server).

Overall, this is a great book. If it had slightly better coverage on mod_python and mod_PHP I would give it five stars for certain.

Relevant even for application developers, August 28, 2004
Reviewer: Foti Massimo (Savosa Switzerland) - See all my reviews
(REAL NAME)
I am not a server admin, but a web applications developer, so my opinion on this book has a very specific bias. I really enjoyed it, especially because similar material available on-line is usually scattered across a multitude of different sources. Most content is interesting even for application developers and I especially liked the chapters covering different security related modules.
The chapter on automation, being totally based around Bash scripts was almost useless to me (but then, again, I am biased). The book is 100% Unix centric, it's somewhat of a shame, especially since Apache 2 on Windows is a viable option, but it's a choice I can understand
Your return will exceed the price in a very short time, January 31, 2005
Reviewer: Charles Ashbacher "([email protected])" (Hiawatha, Iowa United States([email protected])) - See all my reviews
(TOP 50 REVIEWER) (REAL NAME)
Computer security is hard, very hard. Any reasonable attempt to make a system secure has to involve more than a choice between {none, some security features, unusable}. There are so many different things that we want to do with our software and there are probably just as many ways in which it can be attacked. In order to be able to fend off attacks, it is necessary to know what kind of attacks can occur. Finally, many security procedures must be automated, which requires generic defense strategies that are capable of recognizing an attack when it differs slightly from one that has already been planned for.
This book about the Apache server does all of that, starting with which version to use and how to install it with security enabled at the appropriate level. After these topics are covered in chapter one, Mobily moves on to descriptions of the most common attacks in chapter two and logging the interesting events in chapter three. If you are versed in security, most of the material in chapter two will be familiar, but it is hard to overstate the importance of chapter three. Being able to read an account of what has happened on a system is the only way to prove that your security measures are working and the only way to learn when you are successfully attacked. Mobily also shows you the critical steps in testing to determine if your log system is actually working properly.
Chapter four is devoted to explanations of cross-site scripting attacks (XSS). This is an attack where a web page is designed to accept input, but that input may be used to drive erroneous results. A simple, yet excellent demonstration of how this can be done is presented. While it is not sophisticated, it demonstrates how careful you must be when accepting even the most basic of inputs from a web page.
Chapters five and six deal specifically with security in the Apache server. Five explains the security modules available in Apache and six describes how you can lock down Apache by "putting it in jail." These specifics, of which there are many, should be required reading for anyone who has any hand in managing an Apache server. The last chapter shows you how to automate the security functions, clearly necessary if you are ever to get any sleep.
There is a great deal of source code used to describe how the features are implemented. Demo code is in Perl, but XML, HTML and database access commands are used when appropriate.
All around this country, companies and organizations are quietly paying out large sums of money to settle issues when their computer security was lax. Sometimes that payment is through the legal system, but the vast majority does not appear on the books. Reduced efficiency of the server, dropped and misplaced orders and greater effort by the staff are just some of the consequences of security problems. This book should be mandatory reading for all people who manage an Apache server, at $29.99 a copy it will probably pay for itself in less than 24 hours.

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

Top articles

Sites

...



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019