on June 28, 2004
Apache is still by far the most common web server on the Internet. However, when the purpose of your computer is to allow access to your webpages by anyone on the Internet security needs to be a primary concern. If you are serious about hardening your Apache server you will want to have this book.
Author Tony Mobily examines Apache security in detail all the way from making sure the initial installation package has not been hacked at the primary web server site through configuration and installation of security modules. The book has seven chapters that cover configuration, common attacks, logging, scripting attacks, security modules, using a jail, and automating security with scripts.
While the book does cover Apache on the various operating systems the focus is on a Linux install, which is appropriate since that is the most common place to install Apache. This is not a book that I would suggest for someone who is totally new to Apache or Linux, but if you have a passing familiarity with them then you will find this to be the missing information from other Apache books. No matter which Apache book you get to learn Apache, your library will be incomplete if it doesn't include "Hardening Apache".
on May 16, 2004
It's quite rare that I get to review a book by a fellow Sandgroper (ie. person from Western Australia). The last time was for "Man Kzin Wars X" by Larry Niven and Hal Colepatch, with Colepatch being from WA.
So what is there to say about this book? Well, Mobily has brought under one cover various methods to strengthen Apache against incursions. There are several excellent books on computer security, but as a rule, they tend to survey the entire field. So if they mention Apache, space considerations if nothing else preclude extensive coverage. Here Mobily has made that a non issue.
Why Apache? It is probably the most common web server in use, edging out all proprietary rivals. Linux boxes run it by default. But it has also been ported to every other major operating system. So certainly Mobily has chosen a vital application to support.
How useful is this book? If you are a systems administrator and have been managing Apache for several years, you probably already know, or should know, the bulk of this book. But a lot of your Apache security experience may have been garnered in bits and pieces over this period, using information from disparate sources. Suppose instead you are installing it for the first time. The actual installation should be trivial. It is the multiple security issues that you have to get right.
Which is this book's virtue. It centralises the issues into an easily accessible form. PLus it is not dependent on the latest version of Apache. Barring a fundamental rewrite, which is unlikely because it is stable and well tested, Mobily's suggestions should stay fresh for several years.