Maximum Apache Security

Free Download

Authors:

ISBN: 067232380X, 9780672323805

Size: 3 MB (3438709 bytes)

Pages: 688/688

File format:

Language:

Publishing Year:

Category:

Anonymous067232380X, 9780672323805

Many of the high-profile attacks on prominent Web sites of the last couple years are a direct result of poor Web site or Web application security.
With more than 65 percent of Web sites using the Apache Web server and the Apache-based open source Web development environment and with the risk of sabotage greater than ever Apache administrators and developers need to know how to build and maintain secure Web servers and Web applications.
Yet most of the currently available Apache books lack detailed information on important Web administration topics like security.Maximum Apache Security details the complex security weaknesses and risks of Apache, and provides hands-on solutions for keeping a Web site secure and buttressed against intruders. It includes up-to-date coverage of both Apache 2.0 as well as Apache 1.3.

Table of contents :
MAXIMUM APACHE SECURITY……Page 2
Copyright © 2002 by Sams Publishing……Page 3
Contents at a Glance……Page 4
Table of Contents……Page 6
About the Author……Page 20
Tell Us What You Think!……Page 24
Why Did I Write This Book?……Page 26
What This Book Will Tell You……Page 29
System Requirements……Page 30
This Book’s Organization……Page 33
About Examples in This Book……Page 38
Summary……Page 41
PART I Getting Started……Page 42
Generic HTTP Security Considerations……Page 44
Apache Security Facilities……Page 48
Apache Extensibility……Page 51
Things Apache Can’t Defend Against……Page 54
Summary……Page 55
PART II Creating a Secure Apache Host Server……Page 56
Inherent Risks of Running a Web Server……Page 58
Sobering Statistics to Consider……Page 59
How Security Disasters Develop……Page 66
Summary……Page 81
Physical Security Concepts……Page 82
Server Location and Physical Access……Page 83
Network Topology……Page 84
BIOS and Console Passwords……Page 85
Media and Boot Security……Page 87
Anti-Theft Devices……Page 91
Summary……Page 93
Apache and Your Underlying Operating System……Page 94
Environmental Risks Common to Unix……Page 100
Environmental Risks Common to Windows……Page 104
Summary……Page 110
Apache Database Support……Page 112
Apache and Proprietary Databases……Page 113
Apache and MySQL……Page 114
PostgreSQL……Page 120
Apache and Commercial SQL Packages……Page 121
General Database Security Measures……Page 129
Summary……Page 131
PART III Hacking Apache’s Configuration……Page 132
Brief History of Apache Versions……Page 134
Security Issues Common to Apache Releases……Page 136
Patch Maintenance and Other Measures……Page 141
Summary……Page 143
What Is IPv6?……Page 144
IPv6 and Security……Page 145
Apache and IPv6 Addressing……Page 150
IPv6 Address Issues in Development……Page 153
IPv6 Implementations……Page 157
Summary……Page 159
Permissions and Apache Server……Page 160
URL Mapping and Security……Page 168
Resource Usage……Page 182
Apache Server Tools……Page 186
Summary……Page 193
What Is Logging, Exactly?……Page 194
How Apache Handles Logging……Page 195
httpd Logs……Page 200
Some Security Caveats About Logs……Page 210
Piped Logs……Page 212
The SetEnvIf Directive and Conditional Logging……Page 216
Other Interesting Apache-Related Logging Tools……Page 218
Other Interesting Logging Tools Not Specific to Apache……Page 222
Summary……Page 225
PART IV Runtime Apache Security……Page 226
What Is Network Access Control?……Page 228
How Apache Handles Network Access Control: Introducing mod_access……Page 229
Using Network Access Control in Apache (httpd.conf)……Page 236
Virtual Hosts and Network Access Control……Page 247
Summary……Page 248
What Is Authentication?……Page 250
How Apache Handles Basic Authentication: Introducing mod_auth……Page 251
htpasswd……Page 258
Weaknesses in Basic HTTP Authentication……Page 263
DBM File-Based Authentication: Introducing mod_auth_dbm……Page 264
HTTP and Cryptographic Authentication……Page 273
Other Tools for Extending Apache’s Authentication……Page 275
Holes in Apache Authentication: Historical Perspective……Page 277
Summary……Page 278
Apache Language Support……Page 280
What Is Server-Side Programming?……Page 281
Spawning Shells……Page 282
Buffer Overruns……Page 292
Paths, Directories, and Files……Page 296
PHP……Page 298
Interesting Security Programming and Testing Tools……Page 311
Other Online Resources……Page 313
Summary……Page 314
What Is Client-Side Programming?……Page 316
General Client-Side Security Issues……Page 320
JavaScript……Page 323
VBScript……Page 325
Summary……Page 326
PART V Advanced Apache……Page 328
Security Contexts in Apache’s Source Tree……Page 330
Files That Deal with Passwords……Page 335
Files That Deal with General Security……Page 336
Key Apache C Source Files and What They Do……Page 337
Include File Cross-Reference……Page 339
Summary……Page 360
What Is SSL?……Page 362
How Secure Is SSL?……Page 363
mod_ssl……Page 368
What is Apache-SSL?……Page 374
Installing Apache-SSL……Page 375
Certificate Authorities……Page 392
Commercial SSL Packages……Page 393
Summary……Page 395
What Is a Firewall?……Page 396
Apache as a Proxy Server……Page 399
tcpd: TCP Wrappers……Page 408
IP Filtering in Windows……Page 422
Proxy Tools That Work with Apache……Page 427
Commercial Firewalls……Page 434
Summary……Page 443
What Is a Cipher?……Page 444
SSL……Page 452
Other Ciphers……Page 453
Summary……Page 454
Your Process Model……Page 456
mod_fortress: An Example……Page 461
mod_auth_ip: Another Example……Page 480
mod_random……Page 487
mod_python……Page 489
Module Development Considerations……Page 491
Summary……Page 492
PART VI Appendixes……Page 494
APPENDIX A Apache Security-Related Modules and Directives……Page 496
Apache Security Issues……Page 530
The Critical Listings……Page 546
APPENDIX C Apache Security Resources……Page 580
Anatomy of an Apache Transaction……Page 600
Configuration……Page 606
Handlers……Page 609
Resource Allocation……Page 611
Apache API Constants……Page 613
Summary……Page 620
APPENDIX E Glossary……Page 622
Index……Page 662

Reviews

There are no reviews yet.

Be the first to review “Maximum Apache Security”
Shopping Cart
Scroll to Top