LinuxPlanet - Tutorials - Security and Apache: An Essential Primer

Events
- JupiterEvents
- internet.com/webcasts
Jobs
Partners
Solutions
- eBooks
- Video
Shop

Search
	Power Search \| Tips

Front Door
Discussion
LinuxEngine
Opinions
Reports
Reviews
Tutorials
News
Technology Jobs

Browse by subject.

Free Newsletter

Linux Planet
Linux Today
More Free Newsletters

Be a Commerce Partner

Disney World Tickets
Laptop Batteries
Compare Prices
Shop
Home Improvement
Rackmount LCD Monitor
KVM Switch over IP
Promotional Gifts
Imprinted Gifts
Prepaid Phone Card
Hurricane Shutters
GPS Devices
Domain registration
Promos and Premiums

internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Meet the HP ProLiant DL385 G5

LinuxPlanet / Tutorials

<SCRIPT language='JavaScript1.1' SRC="http://ad.doubleclick.net/adj/N815.internet/B2781224.2;abr=!ie;sz=336x280;ord=1848464354?"> </SCRIPT> <NOSCRIPT> <A HREF="http://ad.doubleclick.net/jump/N815.internet/B2781224.2;abr=!ie4;abr=!ie5;sz=336x280;ord=1848464354?"> <IMG SRC="http://ad.doubleclick.net/ad/N815.internet/B2781224.2;abr=!ie4;abr=!ie5;sz=336x280;ord=1848464354?" BORDER=0 WIDTH=336 HEIGHT=280 ALT="Click Here"></A> </NOSCRIPT>

Untitled table test

Register here for your free Internet.com membership to download your Justifying and Funding Infrastructure Investments report.

This independent report will help you make the case for your IT investments. Topics covered include:

Measuring Infrastructure Value
Justifying New Investments
Establishing an Infrastructure Value Chain and More.

Register now for your free Internet.com membership to download your complimentary Forrester report.
Limited Time Offer!

Security and Apache: An Essential Primer
Maxwell's Demon and Hat Colour

Ken Coar
Monday, February 21, 2000 10:50:08 PM

"Long ago and far away
Maxwell felt the need one day
For a Demon, scarce as high
As the atoms going by.
Over heat he gave it sway,
Making warmth go either way
From the vector Nature gave.
Maxwell's Demon, come and save!"
-- Christopher Stasheff, Her Majesty's Wizard

Chances are that your Web site has at least a few pages that you really don't want published to the Internet at large. How do you keep the Black Hats from seeing them, whilst not impeding the access of the White Hats who need the pages?

What Apache Security Won't Help
At the time I'm writing this (February 2000), there's a lot of current-events news about major Web sites being taken down temporarily by denial-of-service (DoS) attacks. The specific attack type in question cannot be stopped by Apache, even though it may be aimed at the Web site. Apache is just a software application running on the system; these attacks are aimed at the systems themselves. As someone has pointed out, "If you have 1GB/s heading for your server then the pipe is going to saturate before Apache even gets a chance to see the packets."

But for less extreme cases, Apache's implementation of the Web security mechanisms, when properly implemented, should be more than adequate to protect your sensitive pages from exposure.

Assumptions in This Article
For the rest of this article, I'm going to make the following assumptions:

your Apache source tree starts at ./apache-1.3/

your Apache ServerRoot is /usr/local/web/apache

your Apache DocumentRoot is /usr/local/web/htdocs

the username under which Apache runs (the value of the User directive in your httpd.conf file) is nobody

All of the cd and other shell commands in this article that refer to directories use these locations.

Next: Mandatory Versus Discretionary Access Control »

Skip Ahead

1 Maxwell's Demon and Hat Colour
2 Mandatory Versus Discretionary Access Control
3 Realms: Areas of Controlled Access
4 Apache Security Processing Phases
5 Restricting by IP Address
6 Labelling and Inheritance
7 The Standard Apache Security Modules
8 Which Database is Authoritative?
9 Conclusions/For More Information