OpenBSD Journal

Secure Apache Ideas

Contributed by jose on from the secure-http-servers dept.

O'Reilly has a new version of their Apache: The Definitive Guide coming out (the 3rd edition). With it comes an article about Creating an Apache Site with Public and Secure Access , giving some advice about the Apache configuration file for version 2 (but easily modifiable for Apache 1.3). There is also a sample chapter from the new edition of the book. A couple of years during the same Apache book release cycle an article on Securing a Web Server , which is worth reading, as well as another sample chapter .

Good places to start learning how to secure your Apache server.

(Comments are closed)


Comments
  1. By schubert () on

    Is that you have to sacrafice the chroot if you want to use MySQL, php, mod perl any a dozen of any other things. You don't if you understand some components on the system that things take for granted when normally not chroot'ed. Like the presence of /dev/null, /dev/zero and /dev/log. The fact that 127.0.0.1 won't resolve to "localhost" unless its listed in /etc/hosts. The ability to set the correct timezone.

    For most cases you don't have to break chroot. You're just not thinking hard enough and looking at these (non?)-obvious things.

  2. By RC () on

    I think I would call that "Apache 1-2-3"... It is about basic setup of apache, practically nothing about security.

    Comments
    1. By jolan () on

      The 60 page sample chapter is all about security, read that instead.

    2. By Anonymous Coward () on

      That PDF article was pretty much pathetic. I can't believe people make so much money or get high places like oreilly to be able to print a book out.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]