How to secure apache web server?

How to secure apache web server?

Post by Michael Wisniewsk » Tue, 27 Apr 1999 04:00:00



Hello,

Is there a resource for securing an Apache web server.  I'm looking for an
overview of UNIX/Apache security topics to put on my check list to secure a
web server.  I have most of the documentation from the Apache site, but I'd
like a resource that is more focused on the security aspects Apache.

Thank you,
Michael Wisniewski

 
 
 

How to secure apache web server?

Post by Juergen Hein » Tue, 27 Apr 1999 04:00:00



>Hello,

>Is there a resource for securing an Apache web server.  I'm looking for an
>overview of UNIX/Apache security topics to put on my check list to secure a
>web server.  I have most of the documentation from the Apache site, but I'd
>like a resource that is more focused on the security aspects Apache.

http://www.w3c.org/ and do a search on security,
http://www.w3c.org/Security/Faq/ and of course CERT.

Cheers,
Juergen

--
\ Real name     : Jrgen Heinzl                 \       no flames      /


 
 
 

How to secure apache web server?

Post by Craig R. Belcha » Wed, 28 Apr 1999 04:00:00




> >Hello,

> >Is there a resource for securing an Apache web server.  I'm looking for an
> >overview of UNIX/Apache security topics to put on my check list to secure a
> >web server.  I have most of the documentation from the Apache site, but I'd
> >like a resource that is more focused on the security aspects Apache.

> http://www.w3c.org/ and do a search on security,
> http://www.w3c.org/Security/Faq/ and of course CERT.

There are some security notes in the Apache documentation on
www.apache.org too, but basically most security related features can be
set in access.conf or httpd.conf using the <directory> directive.  This
is where you set your directory options (ie: permission to execute
CGI's), HTaccess authentication if required and little features like
directory listings.

Apart from that its common sense, stuff like being careful what you put
in your DocumentRoot, and making sure the process is running as a
dedicated user, or nobody.  

Craig

--
Craig R. Belcham.  Internet Systems Management Consultant.

"The greatest trick the devil ever pulled was convincing the
 world that he didn't exist" -- Kevin Spacey, Usual Suspects.

 
 
 

How to secure apache web server?

Post by Ron DuFresn » Wed, 28 Apr 1999 04:00:00


The may 1999 issue vol 8 num 5, of sys admin had the article securing your
web server page 45, and securing apache page 35 as a resource.

Laterer,

Ron DuFresne


:>

:> >Hello,
:> >
:> >Is there a resource for securing an Apache web server.  I'm looking for an
:> >overview of UNIX/Apache security topics to put on my check list to secure a
:> >web server.  I have most of the documentation from the Apache site, but I'd
:> >like a resource that is more focused on the security aspects Apache.
:>
:> http://www.w3c.org/ and do a search on security,
:> http://www.w3c.org/Security/Faq/ and of course CERT.
:>

: There are some security notes in the Apache documentation on
: www.apache.org too, but basically most security related features can be
: set in access.conf or httpd.conf using the <directory> directive.  This
: is where you set your directory options (ie: permission to execute
: CGI's), HTaccess authentication if required and little features like
: directory listings.

: Apart from that its common sense, stuff like being careful what you put
: in your DocumentRoot, and making sure the process is running as a
: dedicated user, or nobody.  

: Craig

: --
: Craig R. Belcham.  Internet Systems Management Consultant.

: "The greatest trick the devil ever pulled was convincing the
:  world that he didn't exist" -- Kevin Spacey, Usual Suspects.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

 
 
 

How to secure apache web server?

Post by Tony Mora » Wed, 28 Apr 1999 04:00:00



> The may 1999 issue vol 8 num 5, of sys admin had the article securing your
> web server page 45, and securing apache page 35 as a resource.

> Laterer,

Are you a time traveller ?
 
 
 

How to secure apache web server?

Post by Miguel Cr » Wed, 28 Apr 1999 04:00:00



Quote:>> The may 1999 issue vol 8 num 5, of sys admin had the article securing your
>> web server page 45, and securing apache page 35 as a resource.

> Are you a time traveller ?

Mayne it's different in the UK, but here in the US it seems like publication
date creep has gotten to the point where magazines are coming out about a
year early.

On the plus side, that means they've worked out their Y2K issues a long time
ago.

miguel

 
 
 

How to secure apache web server?

Post by Tom » Wed, 28 Apr 1999 04:00:00


BAHAHAHA


> > The may 1999 issue vol 8 num 5, of sys admin had the article securing your
> > web server page 45, and securing apache page 35 as a resource.

> > Laterer,

> Are you a time traveller ?

 
 
 

How to secure apache web server?

Post by Ron DuFresn » Wed, 28 Apr 1999 04:00:00


<grin>  cute, but the fact remains, this issue has said articles.

Course, if I'm the only one htat gets my issues mailed in advance of those
of you waiting at news stands, well, I'm tickled pink! <grin>

Laterer,

Ron DuFresne


: BAHAHAHA

:>
:> > The may 1999 issue vol 8 num 5, of sys admin had the article securing your
:> > web server page 45, and securing apache page 35 as a resource.
:> >
:> > Laterer,
:> >
:>
:> Are you a time traveller ?

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

 
 
 

How to secure apache web server?

Post by Michael Wisniewsk » Wed, 28 Apr 1999 04:00:00


Does anyone know of a resource to secure apache web servers,  if the
security threats occur in the future?  I'm looking specifically for anything
having to do with quantum paradoxes ...

Michael Wisniewski


><grin>  cute, but the fact remains, this issue has said articles.

>Course, if I'm the only one htat gets my issues mailed in advance of those
>of you waiting at news stands, well, I'm tickled pink! <grin>

>Laterer,

>Ron DuFresne


>: BAHAHAHA



>:>
>:> > The may 1999 issue vol 8 num 5, of sys admin had the article securing
your
>:> > web server page 45, and securing apache page 35 as a resource.
>:> >
>:> > Laterer,
>:> >
>:>
>:> Are you a time traveller ?

>--
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>"Cutting the space budget really restores my faith in humanity.  It
>eliminates dreams, goals, and ideals and lets us get straight to the
>business of hate, debauchery, and self-annihilation." -- Johnny Hart
> ***testing, only testing, and damn good at it too!***

>OK, so you're a Ph.D.  Just don't touch anything.

 
 
 

How to secure apache web server?

Post by voi » Mon, 03 May 1999 04:00:00




>>> The may 1999 issue vol 8 num 5, of sys admin had the article securing your
>>> web server page 45, and securing apache page 35 as a resource.

>> Are you a time traveller ?

>Mayne it's different in the UK, but here in the US it seems like publication
>date creep has gotten to the point where magazines are coming out about a
>year early.

I believe the standard is for magazines to bear the date at which they
are to be *removed* from newsstands.

HTH, HAND.

--

 Ben

"You have your mind on computers, it seems."