Product Description
With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it’s a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it–whether it’s run… More >>
#1 by E. Schnyder on April 6, 2010 - 6:16 pm
Thanks a lot, we are very happy to have this book in our library!
Rating: 5 / 5
#2 by Karl Vogel on April 6, 2010 - 8:44 pm
Excellent book. The chapters on PHP and logging are especially useful.
Rating: 5 / 5
#3 by Gerardo Arroyo Arce on April 6, 2010 - 11:32 pm
This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.
A must have for everybody using Apacge.
Rating: 5 / 5
#4 by Eric..... NorCal on April 6, 2010 - 11:45 pm
All I can say if you buy one Apache book make sure this is the one. After all securing your Apache installation is the most important thing. Also check out the Apache Security site.
Ivan is awesome!
Rating: 5 / 5
#5 by Josh More on April 7, 2010 - 12:31 am
I’ve had the book Apache Security for a while now, so I thought I’d give it a quick review.
Like most O’Reilly books, it’s well thought out and fairly complete. Unsurprisingly, it focuses on the standard LAMP stack, giving advice on building and deploying Apache and hooking in PHP and SSL. Ruby seem to be missing, and Perl is just discussed within a chroot environment. It discusses performance tuning a bit, in the guise of protection against DOS, and then moves onto issues in a shared hosting environment.
Much of what is in this book is more general than just Apache, so it’s best to consider this as a general security book for people running both Linux and Apache, and ideally using PHP and MySQL. It would be less useful to people running Apache on Windows and for people using less common languages. However, it is very good for the basics:
* Installing Apache
* Hardening Apache
* Setting up chroot
* Hardening PHP
* Configuring logging and access
* Understanding web attacks
Where it seems to lack a bit is:
* It presumes that the reader will install Apache from source, whereas most these days will install from a package. More advice on hardening Apache in the SuSE, Red Hat and Ubuntu/Debian environments would be useful.
* There is no mention of AppArmor or SELinux (which, to be fair, were pretty new when this book came out). A second edition will have to have these, as they are a key way to protect Apache against itself.
* A few pages on how to use Suhosin to protect PHP applications would be good.
* A section on protecting Ruby and one on Perl would be good. While it is certainly true that no book can cover everything, these three languages are the most common in the LAMP world and should probably be addressed, at least in passing.
* While we’re at it, a section on hardening MySQL wouldn’t be out place, as the book is more of a LAMP book than an Apache book anyway.
I recommend this book for the beginner to moderate admin, be they a web admin or in the security space. However, experienced people may not find much new in here. I would, however, love to see a second edition released.
Rating: 4 / 5