![]()
The complete guide to securing your Apache web server
This all-purpose guide for locking down Apache arms readers with all the information they need to securely deploy applications. Administrators and programmers alike will benefit from a concise introduction to the theory of securing Apache, plus a wealth of practical advice and real-life examples. Topics covered include installation, server sharing, logging and monitoring, web applications, PHP and SSL/TLS, and more.
![]() Preface to Digital Reprint Preface 1. Apache Security Principles Security Definitions Architecture Blueprints 2. Installation and Configuration Installation Configuration and Hardening Changing Web Server Identity Putting Apache in Jail 3. PHP Installation Configuration Advanced PHP Hardening 4. SSL and TLS Cryptography SSL OpenSSL Apache and SSL Setting Up a Certificate Authority Performance Considerations 5. Denial of Service Attacks Network Attacks Self-Inflicted Attacks Traffic Spikes Attacks on Apache Local Attacks Traffic-Shaping Modules DoS Defense Strategy 6. Sharing Servers Sharing Problems Distributing Configuration Data Securing Dynamic Requests Mass Hosting 7. Access Control Overview Authentication Methods Access Control in Apache Single Sign-on 8. Logging and Monitoring Apache Logging Facilities Log Manipulation Remote Logging Logging Strategies Log Analysis Monitoring 9. Infrastructure Application Isolation Strategies Host Security Network Security Using a Reverse Proxy Network Design 10. Web Application Security Session Management Attacks Attacks on Clients Application Logic Flaws Information Disclosure File Disclosure Injection Flaws Buffer Overflows Evasion Techniques Web Application Security Resources 11. Web Security Assessment Black-Box Testing White-Box Testing Gray-Box Testing 12. Web Intrusion Detection Evolution of Web Intrusion Detection Using mod_security Appendix A: Tools Learning Environments Information-Gathering Tools Network-Level Tools Web Security Scanners Web Application Security Tools HTTP Programming Libraries Index
Note: This book was originally released in 2005. Although the book remains relevant
at a high level, much of the lower level advice is probably obsolete by now.
About Ivan RistićIvan Ristić is a security researcher, engineer, and author, known especially for his contributions to the web application firewall field and development of ModSecurity, an open source web application firewall, and for his SSL/TLS and PKI research, tools and guides published on the SSL Labs web site. He is the author of three books—Apache Security, ModSecurity Handbook, and Bulletproof SSL and TLS—which he publishes via Feisty Duck, his own platform for continuous writing and publishing. You'll often find him speaking at computer security conferences such as Black Hat, RSA, OWASP AppSec, and others. His latest project, Hardenize, is a security posture analysis service that makes security fun again. |