Maximum Apache Security
暫譯: 最大化 Apache 安全性

Many of the high-profile attacks on prominent Web sites of the last couple years are a direct result of poor Web site or Web application security.

With more than 65 percent of Web sites using the Apache Web server and the Apache-based open source Web development environment and with the risk of sabotage greater than ever Apache administrators and developers need to know how to build and maintain secure Web servers and Web applications.

Yet most of the currently available Apache books lack detailed information on important Web administration topics like security.Maximum Apache Security details the complex security weaknesses and risks of Apache, and provides hands-on solutions for keeping a Web site secure and buttressed against intruders. It includes up-to-date coverage of both Apache 2.0 as well as Apache 1.3.

Table of Contents

Introduction.
I. GETTING STARTED.

1. How Apache Handles Security.

II. CREATING A SECURE APACHE HOST SERVER.

2. The Risks: Cracking Apache.
3. Establishing Minimum Server Security.
4. Environmental Hazards: Apache and Your Operating System.
5. Apache, Databases, and Security.

III. HACKING APACHE'S CONFIGURATION.

6. Apache Versions and Security.
7. Version 2.0 IPv6 Support.
8. Overlording Apache Server: General Administration.
9. Spotting Crackers: Apache Logging Facilities.

IV. RUNTIME APACHE SECURITY.

10. Apache Network Access Control.
11. Apache and Authentication: Who Goes There?
12. Hacking Secure Code: Apache at Server Side.
13. Hacking Secure Code: Apache at Client Side.

V. ADVANCED APACHE.

14. Apache Under the Hood: Open Source and Security.
15. Apache/SSL.
16. Apache and Firewalls.
17. Apache and Ciphers.
18. Hacking Homegrown Apache Modules.

VI. APPENDIXES.

Appendix A. Apache Security-Related Modules and Directives.
Appendix B. Apache Security Advisories and Bugs.
Appendix C. Apache Security Resources.
Appendix D. Apache API Quick Reference.
Appendix E. Glossary.
Index.