Apache Security
- Apache Security
- Table of Contents
- Dedication
- Copyright
- Preface
- Audience
- Scope
- Contents of This Book
- Online Companion
- Conventions Used in This Book
- Using Code Examples
- We d Like to Hear from You
- Safari Enabled
- Acknowledgments
- Chapter 1. Apache Security Principles
- Section 1.1. Security Definitions
- Section 1.2. Web Application Architecture Blueprints
- Chapter 2. Installation and Configuration
- Section 2.1. Installation
- Section 2.2. Configuration and Hardening
- Section 2.3. Changing Web Server Identity
- Section 2.4. Putting Apache in Jail
- Chapter 3. PHP
- Section 3.1. Installation
- Section 3.2. Configuration
- Section 3.3. Advanced PHP Hardening
- Chapter 4. SSL and TLS
- Section 4.1. Cryptography
- Section 4.2. SSL
- Section 4.3. OpenSSL
- Section 4.4. Apache and SSL
- Section 4.5. Setting Up a Certificate Authority
- Section 4.6. Performance Considerations
- Chapter 5. Denial of Service Attacks
- Section 5.1. Network Attacks
- Section 5.2. Self-Inflicted Attacks
- Section 5.3. Traffic Spikes
- Section 5.4. Attacks on Apache
- Section 5.5. Local Attacks
- Section 5.6. Traffic-Shaping Modules
- Section 5.7. DoS Defense Strategy
- Chapter 6. Sharing Servers
- Section 6.1. Sharing Problems
- Section 6.2. Distributing Configuration Data
- Section 6.3. Securing Dynamic Requests
- Section 6.4. Working with Large Numbers of Users
- Chapter 7. Access Control
- Section 7.1. Overview
- Section 7.2. Authentication Methods
- Section 7.3. Access Control in Apache
- Section 7.4. Single Sign-on
- Chapter 8. Logging and Monitoring
- Section 8.1. Apache Logging Facilities
- Section 8.2. Log Manipulation
- Section 8.3. Remote Logging
- Section 8.4. Logging Strategies
- Section 8.5. Log Analysis
- Section 8.6. Monitoring
- Chapter 9. Infrastructure
- Section 9.1. Application Isolation Strategies
- Section 9.2. Host Security
- Section 9.3. Network Security
- Section 9.4. Using a Reverse Proxy
- Section 9.5. Network Design
- Chapter 10. Web Application Security
- Section 10.1. Session Management Attacks
- Section 10.2. Attacks on Clients
- Section 10.3. Application Logic Flaws
- Section 10.4. Information Disclosure
- Section 10.5. File Disclosure
- Section 10.6. Injection Flaws
- Section 10.7. Buffer Overflows
- Section 10.8. Evasion Techniques
- Section 10.9. Web Application Security Resources
- Chapter 11. Web Security Assessment
- Section 11.1. Black-Box Testing
- Section 11.2. White-Box Testing
- Section 11.3. Gray-Box Testing
- Chapter 12. Web Intrusion Detection
- Section 12.1. Evolution of Web Intrusion Detection
- Section 12.2. Using mod_security
- Appendix A. Tools
- Section A.1. Learning Environments
- Section A.2. Information-Gathering Tools
- Section A.3. Network-Level Tools
- Section A.4. Web Security Scanners
- Section A.5. Web Application Security Tools
- Section A.6. HTTP Programming Libraries
- Colophon
- Index
- SYMBOL
- A
- B
- C
- D
- E
- F
- H
- I
- J
- K
- L
- M
- N
- O
- P
- R
- S
- T
- U
- V
- W
- X