REVIEW - Maximum Apache Security 4ed


Maximum Apache Security 4ed






Sams ()


945pp + CD


Ian Bruntlett


June 2004



The book lists numerous exploits that the average web master should be aware of. And it lists many online white papers that explain things in greater detail. It also discusses the server tools that ship as part of Apache. Apache's logging facilities are described.

The internals of Apache 2.0 are discussed in detail. References to important sections of the Apache documentation are given.

Good practice to follow when writing server side applications is discussed. It recommends that you choose one language, learn it well and stay current on security issues. This may be a problem with some web masters who, like me, probably already know C/C++ and have dabbled with Perl. The book goes on to describe numerous problems - and interesting security and testing tools.

The book looks "under the hood" of Apache, identifying key C source files. It describes security as implemented by Netscape's SSL. It explains the use of firewalls with Apache. It also explains how, in certain circumstances, Apache can be used as a proxy server (for FTP, HTTP, HTTPS, SOCKS). The final chapter discusses the way to write expansion modules for Apache. This is very thorough but I feel the book should have also had an explanation of CGI and perhaps a better explanation of sockets programming and a discussion about ports.

Recommended despite some gaps (sockets, ports) and its age (2 years old).Other

Book cover image courtesy of Open Library.