Hardening Apache [Paperback]

Tony Mobily (Author)

Book Description

Publication Date: May 17, 2004

Hardening Apache explains how to configure Apache safely, and secure an existing installation. It covers the most important issues--like downloading, logging, and administration, as well as the most important security-oriented web sites. This book even discusses advanced system administration techniques, such as jailing Apache and securing third-party modules, and web-related RFC details.

If you are already familiar with computer security, this book will help you gain specific knowledge about Apache. Already acquainted with the problems and issues discussed, you will sharpen your understanding about how normal configuration problems apply to Apache and HTTP.

Even if your knowledge about computer security is insubstantial, you will still gain broad insight on secure system administration. You will be able to apply this knowledge base towards other daemons--and will see how important it is to configure daemons securely.

Editorial Reviews

About the Author

Tony Mobily is a technical writer and technical editor working and living in Australia.

He manages the Italian computer magazine "Login", and works daily with many Internet technologies. He loves the GLP, Linux, Apache, Perl, C, assembler, dancing, acting, and singing. He is a senior system administrator and a security expert, and has lots of fun playing with buffer overflows, DOS attacks, firewalls and dance routines. He also writes short and long stories. His home page is on http://www.mobily.com.

Product Details

• Paperback: 270 pages
• Publisher: Apress (May 17, 2004)
• Language: English
• ISBN-10: 1590593782
• ISBN-13: 978-1590593783
• Product Dimensions: 9.2 x 7 x 0.8 inches
• Shipping Weight: 1.2 pounds (View shipping rates and policies)
• Average Customer Review: 4.6 out of 5 stars  See all reviews (8 customer reviews)
• Amazon Best Sellers Rank: #1,053,674 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

13 of 13 people found the following review helpful:

5.0 out of 5 stars An excellent book filling a huge gap, September 6, 2004

By 

Gianluca Insolvibile - See all my reviews

This review is from: Hardening Apache (Paperback)

Understanding how to configure Apache from a security standpoint properly is not easy since the related information is sparse and fragmented. This could be the reason why many web administrators are pretty clueless when it comes to Apache security and why so many web servers are vulnerable.

In this sense I think this book fills a huge gap, providing web administrators with a concise and yet complete guide aimed at taking them from the very beginning of the installation process through to the final steps of server configuration.

Information throughout the book is very well focused and is presented with a clean and friendly writing style. The book provides a clear and detailed walkthrough of the process of securing an Apache installation, covering both versions 1.3.x and 2.x and thus providing long lasting information. The book has lots of references and pointers to resources on the web, and - more importantly - instructions on how to read them.

Sure enough, the book requires some familiarity with Unix and Apache - this is not the kind of book you would buy to learn the very basics of *nix and web site administration.

I totally agree with what I've read before: every serious system administrator should have this book.

9 of 9 people found the following review helpful:

5.0 out of 5 stars Accumulation of Apache security knowledge in one book, June 28, 2004

By 

Harold McFarland (Florida) - See all my reviews
(HALL OF FAME REVIEWER)    (VINE VOICE)    (REAL NAME)   

This review is from: Hardening Apache (Paperback)

Apache is still by far the most common web server on the Internet. However, when the purpose of your computer is to allow access to your webpages by anyone on the Internet security needs to be a primary concern. If you are serious about hardening your Apache server you will want to have this book.

Author Tony Mobily examines Apache security in detail all the way from making sure the initial installation package has not been hacked at the primary web server site through configuration and installation of security modules. The book has seven chapters that cover configuration, common attacks, logging, scripting attacks, security modules, using a jail, and automating security with scripts.

While the book does cover Apache on the various operating systems the focus is on a Linux install, which is appropriate since that is the most common place to install Apache. This is not a book that I would suggest for someone who is totally new to Apache or Linux, but if you have a passing familiarity with them then you will find this to be the missing information from other Apache books. No matter which Apache book you get to learn Apache, your library will be incomplete if it doesn't include "Hardening Apache".

13 of 15 people found the following review helpful:

5.0 out of 5 stars Relevant even for application developers, August 28, 2004

By 

Foti Massimo (Vezia (Switzerland)) - See all my reviews
(REAL NAME)   

This review is from: Hardening Apache (Paperback)

I am not a server admin, but a web applications developer, so my opinion on this book has a very specific bias. I really enjoyed it, especially because similar material available on-line is usually scattered across a multitude of different sources. Most content is interesting even for application developers and I especially liked the chapters covering different security related modules.
The chapter on automation, being totally based around Bash scripts was almost useless to me (but then, again, I am biased). The book is 100% Unix centric, it's somewhat of a shame, especially since Apache 2 on Windows is a viable option, but it's a choice I can understand