- Paperback: 432 pages
- Publisher: O'Reilly Media; 1 edition (March 15, 2005)
- Language: English
- ISBN-10: 0596007248
- ISBN-13: 978-0596007249
- Product Dimensions: 7 x 0.9 x 9.2 inches
- Shipping Weight: 1.2 pounds
- Average Customer Review: 16 customer reviews
- Amazon Best Sellers Rank: #1,205,273 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Apache Security 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
"Children of Blood and Bone"
Tomi Adeyemi conjures a stunning world of dark magic and danger in her West African-inspired fantasy debut. Pre-order today
Customers who bought this item also bought
Customers who viewed this item also viewed
What other items do customers buy after viewing this item?
About the Author
He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
Along with the Apache project's official directive / module references, this book helped provide a great foundation for understanding how to configure and harden Apache. The most useful things I took away from Apache Security were:
* creating a cruft-free, secure by default httpd.conf;
* hardening PHP;
* getting more from httpd logging; and
* really, finally understanding SSL/TLS (and keys and certs).
There is a lot of information in the book, so I'll likely be reading it cover-to-cover at least once more to glean the next round of tips and concepts.
Unlike many O'Reilly books that punish you for reading from cover to cover, this one is very well edited, avoids telling you in a chapter what it told you in three previous chapters and the Ivan's writing style makes this a very fast read.
The section on mod_security is a lot longer than would normally make sense, but since Ivan wrote it this is not unexpected.
A very good read, and I hope at some point an updated version is released to cover the evolving area of web security.
The book covers so much more than just Apache security. It covers installation and configuration, and explains a little of how Apache works along the way. There are also chapters or sections on:
- Understanding and securing PHP
- An explanation of SSL
- DOS attacks
- Traffic shaping in Apache
- Logging is covered extensively
- There's a chapter on web security in general, where all the common attacks are explained
- Using Apache as a proxy or a reverse proxy
I especially enjoyed the Web Security Assessment chapter where the author explained how to systematically analyze and probe web applications/servers, with many real world examples.
There is a large section discussing mod_security, which is an amazing Apache module. Mod_security is an intrusion detection and prevention engine for web applications (a web application firewall). The book is written by the author of mod_security (Ivan Ristic), so he really knows what he's talking about in this area. Also covered is mod_dosevasive, which, obviously helps prevent against denial of service attacks.
I would not hesitate to recommend this book to any Apache administrator, user, or web programmer. Its one of my favorite books on my bookshelf.
If you agree with the above, then stop reading.
Otherwise, reflect on a symptom of our times. As intrusion attacks become more sophisticated and your Apache perhaps has to guard valuable data, then its security has been promoted to an entire book. Basically, all of its material has been discussed elsewhere, but often scattered across the literature.
Here, Ristic gives an extended discussion of many aspects. Some of this involves educating you about related topics. Especially a PKI and how to integrate Apache with it. The book skims over any serious crypto complications, but explains how to use such a system.
Ristic also devotes a chapter to Denial of Service attacks. These can be low tech brute force affairs. Or perhaps a cracker might mobilise a massive botnet to launch a DDoS, which is the more dangerous form. There are ways to militate against these. But since the book is about Apache, it does not devote enough space to the use of an Intrusion Detection System or Intrusion Prevention System, in conjunction with upstream routers. Apache by itself is not enough to defend against the worst DoS attacks.
The book also mentions phishing. It claims the problem is hard and that there are no quick remedies. It's a reasonable assessment of the commonly understood state of the publicly known antiphishing methods. Though this does not preclude the deployment of better methods that are not yet publicly known. [I am the co-inventor of 15 US Patents Pending on antiphishing, which our company plans on implementing.]
Most recent customer reviews
Like most O'Reilly books, it's well thought out and fairly complete.Read more