Hardening Apache

Tony Mobily

Publisher Apress
ISBN 978-1-59059-378-3
RRP US$29.99
Reviewed by Brian Peaker
Score 7 out of 10

HardApache Apache is software often used for web servers. 'Hardening' refers to making the software more secure against attacks by malicious people.

Hardening Apache is a practical, how-to book using a command by command style which implements the advice, seen everywhere, to configure servers properly.

It starts by acquiring the software carefully (how do you ensure your software has not been tampered with even before you download it?), installs and tests it for vulnerabilities using checking software called Nikto.

Configuration settings are then changed to close the vulnerabilities that were detected and to generally minimize unwanted access to the website supported. The importance of logging security events is emphasized with a description of how to do it.

He explains the technique of running Apache ‘in jail’ - running it in a directory where privileged access to vital system files or shell is not easily available.

Mobily describes a few ways of attacking servers with reference to some of the vulnerabilities in Apache; cross-site scripting (inserting malicious code in material posted on a hosted website) is covered in detail.

A large section is devoted to add-on security modules. Each is described. Installation and use instructions are given.

To assist with the burden of monitoring security, a number of scripts are developed to capture and present data on security incidents.

The book's style is practical using a mixture of descriptive text and input/output logs – the logs/scripts account for half of its volume; it is not a book to read casually.

An appreciation of servers, attacks and scripting is necessary to fully understand the book. Its best value is for an administrator with a server installation ahead but even then, the value is reduced by constant references back to manufacturers' websites or publications for particular information.

It is based on Apache versions 1.3.x and 2.x. At US$30, it offers value for money, but Amazon.com offers it for $10 less - a bargain.

Further information: Apress