- Paperback: 432 pages
- Publisher: O'Reilly Media; 1 edition (March 15, 2005)
- Language: English
- ISBN-10: 0596007248
- ISBN-13: 978-0596007249
- Product Dimensions: 7 x 0.9 x 9.2 inches
- Shipping Weight: 1.2 pounds
- Average Customer Review: 16 customer reviews
- Amazon Best Sellers Rank: #1,511,697 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Apache Security 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
Customers who bought this item also bought
Customers who viewed this item also viewed
What other items do customers buy after viewing this item?
About the Author
He is the author of two books, Apache Security and ModSecurity Handbook, which he publishes via Feisty Duck, his own platform for continuous writing and publishing. Ivan is an active participant in the security community and you'll often find him speaking at security conferences such as Black Hat, RSA, OWASP AppSec, and others. He's currently Director of Application Security Research at Qualys.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
Along with the Apache project's official directive / module references, this book helped provide a great foundation for understanding how to configure and harden Apache. The most useful things I took away from Apache Security were:
* creating a cruft-free, secure by default httpd.conf;
* hardening PHP;
* getting more from httpd logging; and
* really, finally understanding SSL/TLS (and keys and certs).
There is a lot of information in the book, so I'll likely be reading it cover-to-cover at least once more to glean the next round of tips and concepts.
Unlike many O'Reilly books that punish you for reading from cover to cover, this one is very well edited, avoids telling you in a chapter what it told you in three previous chapters and the Ivan's writing style makes this a very fast read.
The section on mod_security is a lot longer than would normally make sense, but since Ivan wrote it this is not unexpected.
A very good read, and I hope at some point an updated version is released to cover the evolving area of web security.
Like most O'Reilly books, it's well thought out and fairly complete. Unsurprisingly, it focuses on the standard LAMP stack, giving advice on building and deploying Apache and hooking in PHP and SSL. Ruby seem to be missing, and Perl is just discussed within a chroot environment. It discusses performance tuning a bit, in the guise of protection against DOS, and then moves onto issues in a shared hosting environment.
Much of what is in this book is more general than just Apache, so it's best to consider this as a general security book for people running both Linux and Apache, and ideally using PHP and MySQL. It would be less useful to people running Apache on Windows and for people using less common languages. However, it is very good for the basics:
* Installing Apache
* Hardening Apache
* Setting up chroot
* Hardening PHP
* Configuring logging and access
* Understanding web attacks
Where it seems to lack a bit is:
* It presumes that the reader will install Apache from source, whereas most these days will install from a package. More advice on hardening Apache in the SuSE, Red Hat and Ubuntu/Debian environments would be useful.
* There is no mention of AppArmor or SELinux (which, to be fair, were pretty new when this book came out). A second edition will have to have these, as they are a key way to protect Apache against itself.
* A few pages on how to use Suhosin to protect PHP applications would be good.
* A section on protecting Ruby and one on Perl would be good. While it is certainly true that no book can cover everything, these three languages are the most common in the LAMP world and should probably be addressed, at least in passing.
* While we're at it, a section on hardening MySQL wouldn't be out place, as the book is more of a LAMP book than an Apache book anyway.
I recommend this book for the beginner to moderate admin, be they a web admin or in the security space. However, experienced people may not find much new in here. I would, however, love to see a second edition released.