Get APLawrence.com by RSSApache Security
- Apache Security
- O'Reilly
- 0596007248
Order (or just read more about) Apache Security from Amazon.com
I rather hoped this was better than it is. Don't get me wrong, it's not bad, and it's probably worth having, but it could have been a lot better.
First complaint: the index is lousy. Several times I wanted to go back and review something that I had read about in an earlier chapter, but was unable to find what I wanted with the index and had to resort to flipping through pages. Second, some of the material just is not explained well: if you are not already quite expert at Apache, you will find parts of this very confusing. Of course, that's a bit unfair: you really can't expect a book dedicated to Apache security to spend a lot of time explaining basics. But even given that, there were several places were I felt awash and couldn't understand what was being discussed. I also felt that the author gave short shrift to those folks who may not be able to compile from source (people on shared web servers may be able to modify their httpd.conf but not much else)
On the other hand, this is pretty fair coverage of all Apache security aspects and gives quite a bit of attention to sharing from the viewpoint of the admin who provides web hosting for others. But as I said, it's only fair coverage, and you will likely find yourself Googling for more information on much of what is presented. That's not necessarily a condemnation: if the author even attempted complete, detailed coverage, this would make the big Sendmail book look thin by comparison. Probably we should look at this as an overview; something to raise our awareness of possibilities and concerns, something more detailed than http://httpd.apache.org/docs-2.0/misc/security_tips.html.
By the way, Ivan is the author of the Apache mod_security module, and he devotes twenty six pages to explaining how to use that module. The problem here is not lack of knowledge, just lack of space. As I read this over, I feel like I'm leaving the impression that this isn't worthwhile, and that is not what I want to leave you with. It could have been better, and most especially it could have been longer and better indexed, but it is worthwhile. And parts of it are really excellent: Chapter 4, which deals with SSL and TLS is one of the best treatments I've ever read on this subject.
Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)
| Views for this page | ||||
|---|---|---|---|---|
| Today | This Week | This Month | This Year | Overall |
| 1 | 16 | 67 | 728 | 3,805 |
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Your ad here - $24.00 yearly!
http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282
SCO, OpenServer, UnixWare, software, servers, security, networks, installation, administration, troubleshooting, maintenance, Watchguard, firewalls, VPNs, e-mail. Visit us at http://opensystemscomputing.com and www.go2unix.com.
http://www.m3ipinc.com Security, firewalls, ids, audits, vulnerability assesments, BS7799, HIPAA, GLB, incident handling
Related Posts
Add your comments
Lone-Tar Backup and Disaster Recovery
for Linux and Unix