Professional Apache Security (Programmer to Programmer) [ILLUSTRATED] (Paperback)

by Sandip Bhattacharya (Author)

Editorial Reviews

Product Description
Apache is the epitome of free software that is both the standard in a critical area (the Web), and widely accepted by proprietary software companies. With increased usage, server security becomes an issue of paramount importance.

Security is one of the most important factors that Apache administrators need to consider. Determining who is allowed access to what, verifying that people and systems are who they say they are, and eliminating security holes that could allow crackers to gain unauthorized access to a system are all issues that the conscientious web server administrator needs to worry about on a daily basis.

Apache provides many features that can be used to either compromise server security or gather information about a server that the administrator would prefer kept secret. Of course, these features aren't there to create security holes, but the more complex the configuration the more chances we have of creating an unanticipated use of the server. Understanding what is and what is not expected behavior is essential, both when creating the server configuration and detecting possible misuse.

There is no such thing as a totally one hundred percent secure server, but in this book we'll delve into crucial aspects of Apache security and practical ways to setting up a safer, more secure implementation of an Apache server.

From the Publisher
Apache has seized an unchallenged superiority over other web servers. Its strength lies in its modular, scalable, robust architecture. Today the Apache server manages 66% of the all web-based Internet traffic, which means that any breach in Apache security directly affects the majority of the web servers deployed worldwide! Powerful web servers like Apache have many complex features that make security a challenging task. Furthermore, the growth in e-commerce has also brought the realization that reputation damage from a security breach is one of the fastest ways to erode customer and industry trust. This book provides an in-depth discussion on how to secure Apache. It provides comprehensive information on planning and implementing security at protocol, application and system levels. In addition, this book provides an overview of strategic defense against would-be crackers. This book is a tutorial, a resource, and a reference for Apache administrators, security analysts, web developers and system architects, who want to secure Apache on UNIX and its variant platforms. Here is the book in a nutshell:

- Overview of a secure Apache installation and configuration process

- Dissection of the effects of HTTP and URL on server security

- Coverage of authentication and authorization

- Security at protocol, application, and system level

- Usage of chrooting, CGI scripts, logging, and session tracking

- Coverage of DoS attacks, cookies, and cryptography

- Implementation and use of SSL to enable security at the transport layer

- Setting up a secure Apache server for an E?Commerce web site


See all Editorial Reviews

Product Details

• Paperback: 500 pages
• Publisher: Wrox Press; 1st edition (January 2003)
• Language: English
• ISBN-10: 1861007760
• ISBN-13: 978-1861007766
• Product Dimensions: 9 x 7.1 x 0.9 inches
• Shipping Weight: 1.4 pounds
• Average Customer Review: 5.0 out of 5 stars See all reviews (1 customer review)
• Amazon.com Sales Rank: #1,807,943 in Books (See Bestsellers in Books)

Customer Reviews

Most Helpful Customer Reviews

10 of 10 people found the following review helpful:

5.0 out of 5 stars Lots of value for the money, February 2, 2003

By	Steve Hill (Western Australia) - See all my reviews

When I bought this book, I wasn't quite sure it would be all that useful to me. Once I got into it, I discovered how good it was.

I didn't find the first two chapters particularly useful, but from the third onwards it was simply enlightening. Reading chapter 3 I finally understood what Cross Site Scripting attacks were, and made clear how important it is to know stuff (HTTP in particular) in if you are serious about security (and about system administration in general).

The chapter about configuring Apache in Jail was great, and so it was the chapter about mod_rewrite . In general, the whole book was fantastic, and explained so much about security and Apache. In general, I didn't think there was so much to know about security and Apache, until reading this book that showed them to me so clearly.

I would have liked more depth in some of the chapters (like "Logging", that is very interesting but probably not detailed enough), but overall this book was a great buy.

A colleague of mine is a very experienced system administrator and said that you would find out about all that stuff slowly, working and looking up stuff quite a lot. I found that this book put my on a different level, closer to a senior system administrator.

Good buy!