O'Reilly logo

Preventing Web Attacks with Apache by Ryan C. Barnett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4. Configuring the httpd.conf File

Unfortunately, most web server’s default configurations are not adequate for deployment on today’s Internet, and Apache is no exception. Usually these default settings are configured with a too “open” mindset as vendors would rather have their application work easily for end users. The rationale is to turn everything on by default; thus, the benefit for the vendor is twofold: Users are happy because the functionality that they wanted is available without any extra configuration, and there is a reduction in “help-desk” type of service calls due to functionality not working out-of-the-box. This mindset has proven to be a major source of problems for computer security in general. In actuality, the exact opposite ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required