Apache Security

Apache Security
by Ivan Ristic

Our Price: $237.54
Availability: Usually ships in 1-2 business days
Buy Used: from $48.95 (click here)
Category: Book
See more book details and other editions

Book Summary Information

Author: Ivan Ristic
Edition: Paperback
Audio: English (Unknown); English (Original Language); English (Published)
Published: 2005-03-15
ISBN: 0596007248
Number of pages: 432
Publisher: O'Reilly Media

Book Reviews of Apache Security

Book Review: Great book, useful for all Apache users
Summary: 5 Stars

I thoroughly enjoyed Ivan's "Apache Security", even when I was a reviewer for an unfinished book. I remember how I was eagerly waiting to receive more new chapters from the publisher.

The book contains a nice combination of generic web stuff and Apache stuff. It starts with the discussion of security principles, such as defense-in-depth and minimum access privilege. Although not new, they are useful for those just entering the field, such as for beginner apache admins.

The chapter on Apache's installation and configuration sounds boring and many might be tempted to skip it. But it does contain a gem: a guide on setting Apache in a chroot jail!

PHP, a main web application platform for Apache at the time of this writing, is covered as well. I found some tips on PHP hardening that I didn't know previously. While the last PHP application I deployed was configured to be 'hackable' (it was a honeypot deployment, after all!), I found the tips to be practical.

One entertaining chapter is on denial-of-service attacks. There are many ways to overwhelm a network server, and Apache is now exception. It's a must-read for those running highly-available sites, where downtime costs a lot.

An important chapter covers Apache access control, from basic auth to single sign-on. Of course, of particular interest to me was a chapter on logging and monitoring, as it is one of my favorite subjects. Ivan did a great job covering not only logging facilities available within the server, but also log centralization, log analysis for security, integrity monitoring and other stuff. Distributed logging with Spread kit is indeed 'cool', just as Ivan mentions.

A brief chapter covers the security of the underlying 'infrastructure', such as the OS that Apache runs on. I liked the overview since it is not 'generic', but covers material relevant to running Apache web server.

Chapter 10-12 are at the center of the book, providing the core of the new material. Those cover web application attacks, web security assessment and web intrusion detection,. The latter is based on Ivan's famous mod_security Apache module. While web attacks are covered in many places, I think the overview in the book is clear, focused and useful even for those who do web security for a living. As far as the mod_security chapter is concerned, I would read it with most care since it covers a lot of advanced usage tips, not available elsewhere.

The book is well written, easy to follow and displays clear writing style. I would strongly recommend it to everybody who is involved in running Apache web servers, web applications or has web security as part of his job responsibility. Obviously, everybody who thinks that this subject is fun should also read it :-) Also, check out www.apachesecurity.net for some free chapters, ToC, tools covered in the book, as well as a couple presentations given by Ivan. The book focuses on the defensive side, but mentions various attacks against web infrastructure as well.

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA is a Security Strategist with a major security company. He is an author of the book "Security Warrior" and a contributor to "Know Your Enemy II" and the upcoming "Hacker's Challenge III". In his spare time, he maintains his security portal info-secure.org and his blog at O'Reilly. His next book will be about security log analysis.

Write your own review

More Apache Security reviews:
1 2 3

Summary of Apache Security

Note: This book is now out of print. A Kindle version published by the author is available from Amazon. For other digital formats (PDF, EPUB, etc), please visit feistyduck.com.

With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one.
To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site.
Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general.
But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:

install and configure Apache
prevent denial of service (DoS) and other attacks
securely share servers
control logging and monitoring
secure custom-written web applications
conduct a web security assessment
use mod_security and other security-related modules

And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.

Internet Books

Book Subjects

Most talked about in Internet Books

PHP and MySQL by Example
by Ellie Quigley, Marko Gargenta
Prentice Hall; Published: 2006-12-02; Paperback; Book
Best price: $25.99
Price in other shops: ~~$54.99~~

Navigate the Net: A Comprehensive Learning Experience for Travel Professionals
by Shelly M. Houser
Prentice Hall; Published: 2002-05-24; Paperback; Book
Best price: $12.50
Price in other shops: ~~$61.60~~

Elijah Lovejoy's ASP Training Course (Complete Video Course)
by Elijah Lovejoy
Prentice Hall PTR; Published: 2001-12-18; Hardcover; Book
Best price: $66.49
Price in other shops: ~~$69.99~~

Weaving a Website: Programming in HTML, Java Script, Perl and Java
by Susan Anderson-Freed
Prentice Hall; Published: 2001-08-16; Paperback; Book
Best price: $19.93
Price in other shops: ~~$110.00~~

Online Resource Guide for Law Enforcement
by Timothy M. Dees
Prentice Hall; Published: 2001-06-30; Paperback; Book
Best price: $1.99
Price in other shops: ~~$44.80~~

Core Servlets and Javaserver Pages: Core Technologies, Vol. 1 (2nd Edition)
by Marty Hall, Larry Brown
Prentice Hall; Published: 2003-09-05; Paperback; Book
Best price: $27.75
Price in other shops: ~~$64.99~~

Publish it on the Web! Windows, Second Edition
by Bryan Pfaffenberger
Academic Press; Published: 1997-08-13; Paperback; Book
Best price: $9.00
Price in other shops: ~~$37.95~~

Big Book of FYI RFCs (Big Books)
Morgan Kaufmann; Published: 2000-08-15; Paperback; Book
Best price: $8.50
Price in other shops: ~~$34.95~~

HITTESDORF CORBA/IIOP CLEARLY EXPLAINED (Clearly Explained) Image

HITTESDORF CORBA/ IIOP CLEARLY EXPLAINED (Clearly Explained)
by Michael Hittesdorf
AP Professional; Published: 2000-03-01; Paperback; Book

The Internet Outdoor Family Fun Yellow Pages: The Online Guide to the Best Outdoor Family Sites
by Jack Sanders
International Marine Publishing; Published: 1999-05-25; Paperback; Book
Best price: $15.56
Price in other shops: ~~$19.95~~

Similar Books and other products

Professional Apache Tomcat 6 (WROX Professional Guides)
by Vivek Chopra, Sing Li, Jeff Genender
Wrox; Published: 2007-08-13; Paperback; Book
Best price: $19.98
Price in other shops: ~~$39.99~~

The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
by Dafydd Stuttard, Marcus Pinto
Wiley; Published: 2007-10-22; Paperback; Book
Best price: $20.89
Price in other shops: ~~$50.00~~

Apache: The Definitive Guide (3rd Edition)
by Ben Laurie, Peter Laurie
O'Reilly Media; Published: 2002-12; Paperback; Book
Best price: $15.55
Price in other shops: ~~$44.99~~

Preventing Web Attacks with Apache
by Ryan C. Barnett
Addison-Wesley Professional; Published: 2006-02-06; Paperback; Book
Best price: $8.08
Price in other shops: ~~$54.99~~

Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast
by Paco Hope, Ben Walther
O'Reilly Media; Published: 2008-10-24; Paperback; Book
Best price: $20.55
Price in other shops: ~~$39.99~~

ModSecurity Handbook
by Ivan Ristic
Feisty Duck; Published: 2010-03-15; Paperback; Book
Best price: $39.95
Price in other shops: ~~$49.95~~

Essential PHP Security
by Chris Shiflett
O'Reilly Media; Published: 2005-10-20; Paperback; Book
Best price: $17.14
Price in other shops: ~~$29.95~~

High Performance MySQL: Optimization, Backups, Replication, and More
by Baron Schwartz, Peter Zaitsev, Vadim Tkachenko, Jeremy Zawodny D., Arjen Lentz, Derek J. Balling
O'Reilly Media; Published: 2008-06-25; Paperback; Book
Best price: $25.50
Price in other shops: ~~$49.99~~

Apache 2 Pocket Reference: For Apache Programmers & Administrators (Pocket Reference (O'Reilly))
by Andrew Ford
O'Reilly Media; Published: 2008-10-14; Paperback; Book
Best price: $8.48
Price in other shops: ~~$14.99~~

Apache Cookbook: Solutions and Examples for Apache Administrators
by Rich Bowen, Ken Coar
O'Reilly Media; Published: 2008-01-11; Paperback; Book
Best price: $19.90
Price in other shops: ~~$34.99~~