Home > Store

larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Maximum Apache Security, Adobe Reader

eBook (Adobe DRM)

  • Your Price: $39.99
  • About Adobe DRM eBooks
  • This eBook requires the free Adobe® Digital Editions software.

    Before downloading this DRM-encrypted PDF, be sure to:


    • Install the free Adobe Digital Editions software on your machine. Adobe Digital Editions only works on Macintosh and Windows, and requires the Adobe Flash Player. Please see the official system requirements.
    • Authorize your copy of Adobe Digital Editions using your Adobe ID (select AdobeID as the eBook vendor). If you don't already have an Adobe ID, you can create one here.
Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2002
  • Pages: 696
  • Edition: 1st
  • eBook (Adobe DRM)
  • ISBN-10: 0-7686-6244-3
  • ISBN-13: 978-0-7686-6244-3

Many of the high-profile attacks on prominent Web sites of the last couple years are a direct result of poor Web site or Web application security.

With more than 65 percent of Web sites using the Apache Web server and the Apache-based open source Web development environment and with the risk of sabotage greater than ever Apache administrators and developers need to know how to build and maintain secure Web servers and Web applications.

Yet most of the currently available Apache books lack detailed information on important Web administration topics like security. Maximum Apache Security details the complex security weaknesses and risks of Apache, and provides hands-on solutions for keeping a Web site secure and buttressed against intruders. It includes up-to-date coverage of both Apache 2.0 as well as Apache 1.3.

Table of Contents

(NOTE: Each chapter concludes with a Summary.)

Introduction.

Why Did I Write This Book? What This Book Will Tell You. System Requirements. This Book's Organization. About Examples in This Book.

I. GETTING STARTED.

1. How Apache Handles Security.

Generic HTTP Security Considerations. Apache Security Facilities. Apache Extensibility. Things Apache Can't Defend Against.

II. CREATING A SECURE APACHE HOST SERVER.

2. The Risks: Cracking Apache.

Inherent Risks of Running a Web Server. Sobering Statistics to Consider. How Security Disasters Develop.

3. Establishing Minimum Server Security.

Physical Security Concepts. Server Location and Physical Access. Network Topology. BIOS and Console Passwords. Media and Boot Security. Anti-Theft Devices.

4. Environmental Hazards: Apache and Your Operating System.

Apache and Your Underlying Operating System. Environmental Risks Common to Unix. Environmental Risks Common to Windows. Other Environmental Risks.

5. Apache, Databases, and Security.

Apache Database Support. Apache and Proprietary Databases. Apache and MySQL. PostgreSQL. Apache and Commercial SQL Packages. General Database Security Measures.

III. HACKING APACHE'S CONFIGURATION.

6. Apache Versions and Security.

Brief History of Apache Versions. Security Issues Common to Apache Releases. Patch Maintenance and Other Measures.

7. Version 2.0 IPv6 Support.

What Is IPv6? IPv6 and Security. Why Does Apache Support IPv6? Apache and IPv6 Addressing. IPv6 Address Issues in Development. Listen, NameVirtualHost, and VirtualHost. IPv6 Implementations.

8. Overlording Apache Server: General Administration.

Permissions and Apache Server. URL Mapping and Security. Resource Usage. Apache Server Tools.

9. Spotting Crackers: Apache Logging Facilities.

What Is Logging, Exactly? How Apache Handles Logging. httpd Logs. Some Security Caveats About Logs. Piped Logs. The SetEnvIf Directive and Conditional Logging. Other Interesting Apache-Related Logging Tools. Other Interesting Logging Tools Not Specific to Apache.

IV. RUNTIME APACHE SECURITY.

10. Apache Network Access Control.

What Is Network Access Control? How Apache Handles Network Access Control: Introducing mod_access. Using Network Access Control in Apache (httpd.conf). Virtual Hosts and Network Access Control.

11. Apache and Authentication: Who Goes There?

What Is Authentication? How Apache Handles Basic Authentication: Introducing mod_auth. Htpasswd. Weaknesses in Basic HTTP Authentication. DBM File-Based Authentication: Introducing mod_auth_dbm. HTTP and Cryptographic Authentication. SSL-Based Authentication. Other Tools for Extending Apache's Authentication. Holes in Apache Authentication: Historical Perspective.

12. Hacking Secure Code: Apache at Server Side.

Apache Language Support. What Is Server-Side Programming? General CGI Security Issues. Spawning Shells. Buffer Overruns. Paths, Directories, and Files. PHP. Interesting Security Programming and Testing Tools. Other Online Resources.

13. Hacking Secure Code: Apache at Client Side.

What Is Client-Side Programming? General Client-Side Security Issues. JavaScript. VBScript.

V. ADVANCED APACHE.

14. Apache Under the Hood: Open Source and Security.

Security Contexts in Apache's Source Tree. Files That Deal with Passwords. Files That Deal with General Security. Key Apache C Source Files and What They Do. Include File Cross-Reference.

15. Apache/SSL.

What Is SSL? How Secure Is SSL? mod_ssl. What is Apache-SSL? Installing Apache-SSL. Certificate Authorities. Commercial SSL Packages.

16. Apache and Firewalls.

What Is a Firewall? Apache as a Proxy Server. Other Network Access Control Tools. tcpd: TCP Wrappers. IP Filtering in Windows. Proxy Tools That Work with Apache. Commercial Firewalls.

17. Apache and Ciphers.

What Is a Cipher? MD5. SSL. Other Ciphers.

18. Hacking Homegrown Apache Modules.

Your Process Model. mod_fortress: An Example. mod_auth_ip: Another Example. mod_random. mod_python. Module Development Considerations.

VI. APPENDIXES.

Appendix A. Apache Security-Related Modules and Directives.

<Limit>. <LimitExcept>. <VirtualHost>. AccessFileName. AllowOverride. Anonymous. Anonymous_Authoritative. Anonymous_LogEmail. Anonymous_MustGiveEmail. Anonymous_NoUserID. Anonymous_VerifyEmail. AuthAuthoritative. AuthDBMAuthoritative. AuthDBMUserFile. AuthDBUserFile. AuthGroupFile. AuthLDAPAuthoritative. AuthName. AuthType. AuthUserFile. CookieExpires. CookieLog. CookieTracking. CustomLog. IdentityCheck. LimitRequestBody. LimitRequestFields. LimitRequestFieldsize. LimitRequestLine. LimitXMLRequestBody. LockFile. LogFormat. mod_access. mod_auth. mod_auth_anon. mod_auth_db. mod_auth_dbm. mod_auth_digest. mod_auth_ldap. mod_cgi. mod_cgid. mod_env. mod_include. mod_log_config. mod_suexec. mod_unique_id. mod_user_track. PassEnv. PidFile. ProxyBlock. ProxyDomain. ProxyReceiveBufferSize. ProxyRemote. ProxyRequests. ProxyVia. ServerAdmin. ServerAlias. ServerName. ServerPath. ServerRoot. ServerSignature. User. UserDir.

Appendix B. Apache Security Advisories and Bugs.

Apache Security Issues. Bug Report Structure. The Critical Listings.

Appendix C. Apache Security Resources.

Appendix D. Apache API Quick Reference.

Anatomy of an Apache Transaction. Configuration. Handlers. Resource Allocation. Apache API Constants.

Appendix E. Glossary.

Index.

FREE

ONE MONTH ACCESS!

WITH PURCHASE


Get unlimited 30-day access to thousands of Books & Training Videos about technology, professional development and digital media If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months.