Essential PHP Security

Book Description

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

Preventing cross-site scripting (XSS) vulnerabilities
Protecting against SQL injection attacks
Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Customer Reviews:

Overpriced.......2007-01-03

Of the 103 pages in the book there are probably only 13 of unique information and 90 pages of saying the same exact thing over and over again. Worse yet, I found the author had already released the 13 pages of useful information online for free.

Definitely wish I had browsed this one in a store before I blew $30.

Alright - not very meaty though.......2006-12-26

Alright - not very meaty. Overall I'm glad I read it though, as I picked up some useful nuggets.

==========
Update 2006-12-30 - I'd like to bump this up to four stars. The book came in handy today - I used some code in it regarding session variables.

PHP Security is a HUGE topic.......2006-09-27

This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.

The code snippets are short, simple, but convey the point exactly as intended... and I also like Chris's method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.

I still have this book for reference and have lent it to a few people which resulted in them picking their own copies... all around a great resource.

VERY VERY HIGHLY RECOMMENDED!!.......2006-06-12

Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security.

Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment.

This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.

Essential for the Beginner or Advanced PHP developer.......2006-04-11

As a very security conscious developer, I found this book to be a GREAT resource to my library. Though the book is short in length, it is very rich in content. Chris does a GREAT job of presenting the problem (citing specific examples of the exploits), showing the pitfalls, and then presenting the solutions.

He is very thorough in his descriptions, and his easy to understand writing and use of analogies made this a very simple concept to grasp. If you are a seasoned PHP developer, or just beginning programming PHP - his writing style helps you to understand the underlying attack, visuals to see it in action, and how to prevent being attacked - it is very simple, yet deep.

Reading this book has helped me to see where my applications may fall short, and what I can do to protect them. Especially in the realm of PHP developers, there are MANY Open Source options out there, and many of them lack the security that is mentioned in the chapters of this book. Don't let yourself get caught!

I recommend this book, and performing an audit of your own work. Excellent book!

Average customer rating:

Assumes *nix?!
super
To the point!
Your return will exceed the price in a very short time
An excellent book filling a huge gap

Hardening Apache
Tony Mobily
Manufacturer: Apress
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

Database Design | Databases | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

Systems Analysis & Design | Computer Science | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

General | Law | Subjects | Books

General | Law | Professional & Technical | Subjects | Books
Similar Items:

Accessories:

ASIN: 1590593782

Book Description

Hardening Apache explains how to configure Apache safely, and secure an existing installation. It covers the most important issues--like downloading, logging, and administration, as well as the most important security-oriented web sites. This book even discusses advanced system administration techniques, such as jailing Apache and securing third-party modules, and web-related RFC details.

If you are already familiar with computer security, this book will help you gain specific knowledge about Apache. Already acquainted with the problems and issues discussed, you will sharpen your understanding about how normal configuration problems apply to Apache and HTTP.

Even if your knowledge about computer security is insubstantial, you will still gain broad insight on secure system administration. You will be able to apply this knowledge base towards other daemons--and will see how important it is to configure daemons securely.

Customer Reviews:

Assumes *nix?!.......2007-05-07

To be honest I have only made it perhaps 1/3 of the way into this book. I found it to be interesting, but what had not been clear or even mentioned in the book description was that the book seems to assume you are running Apache on Linux. For the rest of us, that is a huge bummer. I'm sure I will plow on, but the enthusiasm is somewhat gone, I wish authors or publishers would mention that sort of thing in the writeups.

super.......2007-03-08

Thanks a lot, we are very happy to have this book in our library!

To the point!.......2006-07-03

Hardening Apache by Tony Mobily is a book for server administrators who want to learn how to secure the Apache web server. On 260 pages, in a loosely howto-like fashion, the author covers all aspects of keeping intruders out of your web server.

In constrast to other books which appear to but usually fail in covering all aspects of Unix/Linux security, this volume explicitly takes on one program only: the Apache web server. After discussing installation and configuration as well as covering common attacks on the server, Mobily introduces logging and its security issues, and he presents some very interesting ideas for solutions. XSS is given its own chapter as are the Apache security modules: half a dozen server modules are described.

Apache goes to jail in chapter 6. Here the author describes setting up a chroot environment for the server and details how to get both Perl & PHP to work. The last chapter presents a number of useful shell scripts that can help a systems administrator to keep a watchful eye on her servers.

Together with the Apache documentation this book is an essential eye-opener for anybody who puts up an Apache web server to face a public network. I will be applying some of what I learnt from the book to our servers very quickly indeed! Even though it was published in 2004, Hardening Apache goes on my list of recommended books.

Your return will exceed the price in a very short time.......2005-02-01

Computer security is hard, very hard. Any reasonable attempt to make a system secure has to involve more than a choice between {none, some security features, unusable}. There are so many different things that we want to do with our software and there are probably just as many ways in which it can be attacked. In order to be able to fend off attacks, it is necessary to know what kind of attacks can occur. Finally, many security procedures must be automated, which requires generic defense strategies that are capable of recognizing an attack when it differs slightly from one that has already been planned for.
This book about the Apache server does all of that, starting with which version to use and how to install it with security enabled at the appropriate level. After these topics are covered in chapter one, Mobily moves on to descriptions of the most common attacks in chapter two and logging the interesting events in chapter three. If you are versed in security, most of the material in chapter two will be familiar, but it is hard to overstate the importance of chapter three. Being able to read an account of what has happened on a system is the only way to prove that your security measures are working and the only way to learn when you are successfully attacked. Mobily also shows you the critical steps in testing to determine if your log system is actually working properly.
Chapter four is devoted to explanations of cross-site scripting attacks (XSS). This is an attack where a web page is designed to accept input, but that input may be used to drive erroneous results. A simple, yet excellent demonstration of how this can be done is presented. While it is not sophisticated, it demonstrates how careful you must be when accepting even the most basic of inputs from a web page.
Chapters five and six deal specifically with security in the Apache server. Five explains the security modules available in Apache and six describes how you can lock down Apache by "putting it in jail." These specifics, of which there are many, should be required reading for anyone who has any hand in managing an Apache server. The last chapter shows you how to automate the security functions, clearly necessary if you are ever to get any sleep.
There is a great deal of source code used to describe how the features are implemented. Demo code is in Perl, but XML, HTML and database access commands are used when appropriate.
All around this country, companies and organizations are quietly paying out large sums of money to settle issues when their computer security was lax. Sometimes that payment is through the legal system, but the vast majority does not appear on the books. Reduced efficiency of the server, dropped and misplaced orders and greater effort by the staff are just some of the consequences of security problems. This book should be mandatory reading for all people who manage an Apache server, at $29.99 a copy it will probably pay for itself in less than 24 hours.

An excellent book filling a huge gap.......2004-09-06

Understanding how to configure Apache from a security standpoint properly is not easy since the related information is sparse and fragmented. This could be the reason why many web administrators are pretty clueless when it comes to Apache security and why so many web servers are vulnerable.

In this sense I think this book fills a huge gap, providing web administrators with a concise and yet complete guide aimed at taking them from the very beginning of the installation process through to the final steps of server configuration.

Information throughout the book is very well focused and is presented with a clean and friendly writing style. The book provides a clear and detailed walkthrough of the process of securing an Apache installation, covering both versions 1.3.x and 2.x and thus providing long lasting information. The book has lots of references and pointers to resources on the web, and - more importantly - instructions on how to read them.

Sure enough, the book requires some familiarity with Unix and Apache - this is not the kind of book you would buy to learn the very basics of *nix and web site administration.

I totally agree with what I've read before: every serious system administrator should have this book.

Average customer rating:

Disappointed about the installation instructions.
Not Focused
For sys admins
Great Reference for New Server Admins
Very helpful

Linux Server Security
Michael D. Bauer
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

File Sharing | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

Network Administration | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0596006705

Book Description

Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including:

Database security, with a focus on MySQL
Using OpenLDAP for authentication
An introduction to email encryption
The Cyrus IMAP service, a popular mail delivery agent
The vsftpd FTP server

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system.

Customer Reviews:

Disappointed about the installation instructions........2005-08-06

The big reason why I purchased this book was because it claimed it was great about security and it said it would show how to setup these services the correct way.
Well first of all this author loves to use the binary packages (RPMs, etc.). And anyone that is a major security buff knows that the RPMs are the last things to get updated when a flaw is found out.
Secondly that's all the user shows for the installation of most of the software is how to do it with a binary distribution. So unless you are using Suse, Redhat, Fedora it is quite useless. This book should indicate that it made for those distributions and it is not general "Linux".

Also his views on running some of the software is really off the wall. But that is just a personal preference I guess.

Overall if he would have used the regular "./configure ---comands", "make", "make install" this book would have been much better and it would have been able to be used for those that don't want to be stuck in "rpm hell".

Not Focused.......2005-06-13

I read every column of paranoid penguin and they are quite good. This book is ok, but not great. They (I mean they because several chapters are not by Mike) try to cover a huge amount of information and make the mistake of being both too broad in some areas and too specific in others. Overall, there wasn't a cohesive glue to bring the chapters together into a single vision.

For instance, for a book that introduces FTP servers, web servers, mail (imap/smtp), dns - they are like separate entities. They do not complete the picture by showing a complete network diagram with IDS / VPN, -- showing an example of all of their advice coming together in a working solution. And Kerberos isn't even mentioned.

They were extremely specific in some areas like talking about rpm example/debian/ make options and specific .conf options ad nauseum - which detracted from the whole picture. Is someone securing bind 4 really reading this book? Also, maybe a mention of apt-get - - but don't tell me how to install each package on every architecture - it just inflates the word count.

I don't think this book was focused enough in the 'big picture' of trying to piece together all of the tiny pieces into a coherant whole, while at the same time it gets cought up in the minute details of certain packages making for a tough read.

Perhaps they could have included an actual example company or two showing possible layouts of ldap in action with:
login/mail/split-dns/firewalls/database$web.

Anyone for OpenBSD?

For sys admins.......2005-06-03

Linux Server Security, Second Edition
By Michael D. Bauer
Second Edition January 2005
ISBN: 0-596-00670-5
544 pages, $44.95 US
(...)
This book goes along with the moving trend of the normal computer user, securing your data. Servers generally are targeted more often than the average home PC because most are made to be accessible from the outside world. This is where securing that server comes into play. This book covers the tools and techniques to securing your Bastion host.

First I'd like to start out and explain what Bastion host means as according this book so you can understand what this book covers more specifically. Bastion Host is defined as "A system that runs publicly accessible services but is usually not itself a firewall. Bastion hosts are what we put on DMZ (although they can be put anywhere). The term implies that a certain amount of system hardening has been done, but sadly, this is not always the case."

After you understand what a Bastion host is defined as, you should understand that this book mainly covers these server daemons and the systems that run them. But some of the information applies to a Linux desktop system such as a per host iptables firewall, using secure shell, keeping up with your logs, and intrusion detection. Most of these things the average user doesn't care much about but sometimes being paranoid comes in handy.

Someone who would most likely use this book more than the average desktop user would probaly be a system administrator. Securing web, database, ftp, dns, and email servers is what majority of this book contains. Along with covering these server systems, there are guides to securing the Linux system that runs these daemons along with designing the networks around these types of hosts.

One of the sections I'm most fond of is Chapter 2: Designing Perimeter Networks. With this section you can really take a look at the design and layout of the different types of networks and figure out the portions that suit your needs for your own network. The diagrams shown in this chapter help explain what is going on with the traffic and allows you to see exactly what is going on and at what points the systems are protected.

At the end of the book there are 2 well commented iptables firewall scripted that allow you to get a feel for the netfilter iptables system if you're not familiar with it already. With some modification of these scripts you can easily bring them into a working environment depending on your situation, which sometimes these helps with some of the frustration with the iptables syntax. I personally prefer the PF system within OpenBSD for it's clean syntax and have grown away from iptables, but both are powerful firewall systems and should fit the needs of your network.

I'd definitely recommend this book to system admins or anyone who is paranoid about their security. Security is always something that people should be educated about.

Lloyd Randall
Pensacola Linux User's Group

Great Reference for New Server Admins.......2005-03-22

I highly recommend this book to anyone who is involved with securing Internet servers. The book strikes a nice balance between theoretical background and implementation examples.

Though certainly not all encompassing, the book touches on several key elements of server security, including DNS, Email, File Servers, Web Services, IDS methods and more. People new or just curious about Linux server security will gain the most. More experienced system administrators will find a few implementation tips and useful background information for presentation or training purposes.

Unlike many server security books, this one includes some notes on alternatives to the most popular software packages. For example, the chapter on securing Internet email includes excellent tips on securing both Sendmail and Postfix while the IDS chapter covers the popular Tripwire package and some lesser-known integrity checkers. References and the end of each chapter are provided to point you to even more solutions.

This book certainly will not replace a dedicated reference volume, but I find it to be a good summary of major security practices for bastion hosts. Note that the book focuses primarily on host hardening. Though there are some sections on network security, most of the chapters focus on locking down your server. So if you are mainly interested in network clusters, network surveillance, or honeypots, you will probably want to find another reference. Also, if you have several years of experience, you may not find too much new information, but the book is a handy reference volume that can point you in the right direction. If, however, you are new to Linux server security or just simply want a concise summary of common security practices, then this will be a welcomed addition to your technical library.

Very helpful.......2005-03-07

I am quite happy that there are books like Linux Server Security.

A lot of people think Linux is bullet proof, but its not. If not configured correctly, it can be just as insecure as Windows.

Linux Server Security is an important and timely book in that it shows how to harden Linux to be very secure.

Pro Apache, Third Edition (Expert's Voice)

Average customer rating:

Not a XXI century book
Professional's Apache Reference
EXCELLENT VERY WELL WRITTEN BOOK
One of the better books for getting a good handle on Apache
New - Apache 2

Pro Apache, Third Edition (Expert's Voice)
Peter Wainwright
Manufacturer: Apress
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

Accessories:

ASIN: 1590593006

Book Description

The Apache HTTP server (simply "Apache") powers most of the sites on the World Wide Web. Programmable, extensible, and highly-configurable, the Apache web server provides for uploads, downloads, CGI and other server-side scripting, and web site security.

Pro Apache, Third Edition is a new revision of Peter Wainwright’s bestselling book on Apache configuration and administration. In addition to installation, maintenance, and deployment, the book demonstrates how to configure Apache to use Perl, PHP, and Python as server-side scripting languages. And unlike other books on Apache, Pro Apache provides comprehensive information on both major revisions - 1.3 and 2.0 - of the software.

Download Description

Pro Apache, Third Edition is a new revision of Peter Wainwright's bestselling book on Apache configuration and administration. In addition to installation, maintenance, and deployment, the book demonstrates how to configure Apache to use Perl, PHP, and Python as server-side scripting languages. And unlike other books on Apache, Pro Apache provides comprehensive information on both major revisions — 1.3 and 2.0 — of the software.

The Apache HTTP server (simply “Apache”) powers most of the sites on the World Wide Web. Programmable, extensible, and highly-configurable, the Apache web server provides for uploads, downloads, CGI and other server-side scripting, and web site security.

Customer Reviews:

Not a XXI century book.......2007-05-17

This book contains some meaningful information but is largely obsolete.

Some fairly informative chapters contain introduction to common configuration, authentication, configuring SSL, using WebDAV and subversion.

But lot of space in the book is wasted on topics that were cool in the last century like compiling apache and compiling single modules, but not relevant anymore. Today you are likely not going to recompile you server every week, but you SHOULD install security patches every week, if you take your job seriously. IMHO there is only one possibility - to rely on the services of your linux distribution.

By the way, Debian and derived distributions also do a great job combating the mess in the httpd.conf by meaningfully dividing it in multiple configuration files, so you have a good place to put your specific settings making an automated upgrade to the newer apache version easy. So do not listen to the author, never edit your httpd.conf. ;-)

The author describes in detail topics, that are not relevant anymore in the web application development (assumed that you are creating an application, that goes besides "hello world"). Delivering dynamic content (chapter 6) used to be server-side includes and cgi but it is NOT anymore because of poor programming model and poor performance.

Typical scenario nowadays is to use apache as a front end web server, letting apache serve the static content like pictures and providing a wrapper or proxy to a high performance application server (for example mongrel if you using rails) or using mod_python for python or using zope etc. In this context I would wish elaborative description on mod_rewrite, that is pretty complicated.

My conclusion: if you are beginner, search for a better introductory book. If you are advanced developer/admin/hacker, then use primary resources like [....]

Professional's Apache Reference.......2006-12-15

This is by far the best standalone book on Apache I've seen. It really is a very good reference for professional web server admins, as well as developers and others, who need help in managing Apache web servers. It's well-written too, something that is becoming increasingly rare in the technical book area.

EXCELLENT VERY WELL WRITTEN BOOK.......2005-08-31

The book is very well written it has helped to go through with the apache server i will recomended it to manyone who is interested in these kind of books. Very explicitly described the content of the book.An excellent purchase

One of the better books for getting a good handle on Apache.......2005-05-03

In this voluminous title author Peter Wainwright covers the Apache web server in detail. Chapters include Installing Apache and basic configuration, building Apache the way you want it, configuring Apache the way you want it, deciding what the client needs, delivering dynamic content, hosting more than one web site, improving Apache's performance, monitoring Apache, Securing Apache, Improving Web Server Security, and Extending Apache. It has some excellent sections on advanced configuration, handling robots, dealing with errors and handling them correctly, name-based and IP-based virtual servers, and improving the performance of your server. The section on securing Apache covers authentication (including digest and LDAP) and using SSL (including some advanced configuration techniques).

There are better books that deal with some of the specific areas of this text (for example, Hardening Apache is much more thorough on the subject of securing your server) but you won't find a more comprehensive text in a single volume than this one. Pro Apache, Third Edition is highly recommended and my first choice for anyone looking for a single book to learn how to setup and configure an Apache server or serve as their primary reference.

New - Apache 2.......2004-06-27

Why a third edition? Wainright's first edition was well received and Apache was improved after the edition was published. So he produced a second edition. Guess what? The open source Apache has continued to accrue infalling upgrades. As Wainright explains, there are now two main versions, 1.3 and 2. Apache 1.3 is essentially the direct descendent of earlier versions. Very stable on unix/linux, on which it was originally developed.

But the key thing about this new book is its descriptions of Apache 2. Apache 1.3 had inferior performance on Microsoft computers, when it was ported. Some people got fed up with this state of affairs and recast crucial portions, to produce Apache 2, which now directly uses native MS threads. It has much better performance than 1.3, on MS computers.

The book goes into this in fuller detail. Plus it has the usual voluminous descriptions of what you can tweak for most web server needs. Luckily, if you want to deploy or use a vanilla configuration, the early chapters should suffice. Then consult the later text for more specialised needs.

Book Description

Apache is far and away the most widely used web server platform in the world. Both free and rock-solid, it runs more than half of the world's web sites, ranging from huge e-commerce operations to corporate intranets and smaller hobby sites, and it continues to maintain its popularity, drawing new users all the time. If you work with Apache on a regular basis, you have plenty of documentation on installing and configuring your server, but where do you go for help with the day-to-day stuff, like adding common modules or fine-tuning your activity logging? The Apache Cookbook is a collection of problems, solutions, and practical examples for webmasters, web administrators, programmers, and everyone else who works with Apache. For every problem addressed in the book, there's a worked-out solution or "recipe"--short, focused pieces of code that you can use immediately. But this book offers more than cut-and-paste code. You also get explanations of how and why the code works, so you can adapt the problem-solving techniques to similar situations. The recipes in the Apache Cookbook range from simple tasks, such installing the server on Red Hat Linux or Windows, to more complex tasks, such as setting up name-based virtual hosts or securing and managing your proxy server. The two hundred plus recipes in the book cover additional topics such as:

Security
Aliases, Redirecting, and Rewriting
CGI Scripts, the suexec Wrapper, and other dynamic content techniques
Error Handling
SSL
Performance

The impressive collection of useful code in this book is a guaranteed timesaver for all Apache users, from novices to advanced practitioners. Instead of poking around mailing lists, online documentation, and other sources, you can rely on the Apache Cookbook for quick solutions to common problems, and then you can spend your time and energy where it matters most.

Customer Reviews:

cookbook = marginal.......2007-06-01

A "cookbook" can be great thing. Unfortunately, there is nothing like structured learning. You know, you start at the beginning with simple examples and then move to more complicated and realistic examples. Trust me, you can't just install Apache from the rpm's and expect to get ftp and users and security right just like that. You need a structured book. It's just like learning to read English. You just can't just get a "cookbook" on English and then get the "Apache Cookbook" and expect to get everything working. If you don't believe me, just get the httpd.conf file and see how far you get by using the "Apache Cookbook" or by guessing. Finally, for your own good, please do not confuse this with the "Snort Cookbook". Conceptually they are quite similar but they seem to concentrate on different ideas - if you can figure out what is going on.

Excellent resource for web masters.......2006-02-21

I read this book about a year ago and recently re-read it. Coar and Bowen provide an excellent pragmatic approach to taking care of common Apache administration tasks. The Apache "recipes" are well organized, and presented with sufficient depth to be understandable for intermedia users.

The tips in the "miscellaneous topics" section and the troubleshooting guidelines are excellent, and will save Apache administrators significant amounts of time and frustration.

The good:
* Broad coverage of all tasks that Apache administrators will commonly encounter.
* Excellent writing style - concise yet sufficiently descriptive.
* Good organization of topics and very useful book index.
* Very good coverage of virtual hosts (required in most web hosting environments).
* Very appropriate "see also" references associated with each recipe.

The bad:
* Almost 25% of the book is taken up by installation, loading modules, and logging. These are good topics, but they take up too much of the book in my perspective.
* No information on the use of mod_python. mod_snake (a dead sourceforge) project is referenced. Blech.
* No information on co-hosting two versions of PHP (PHP4 and PHP5 on the same server).

Overall, this is a great book. If it had slightly better coverage on mod_python and mod_PHP I would give it five stars for certain.

Not beginner friendly.......2005-09-07

The kind of solutions this book gives are not aimed at someone like me, new and uncertain when it comes to linux. This is a dissapointment for me, as I have normally always been very pleased with O'Reilly books.

Good accompaniment to other Apache books.......2004-04-29

As Cookbooks go, this on is fairly decent, although thinner than I expected. There are enough examples in this book to cover pretty much everything you might need to do with Apache or get you started (along with the Apache documentation) if it isn't covered.

Personally I think the first two chapters on installing Apache and adding modules are wasted space. Presumably by the time you're ready for this book, you've already got Apache installed on your servers and are just looking for ways to tweak it.

I would have liked to see a section on SSI (Server side includes...does anybody use those anymore?) and maybe some more mod_rewrite stuff.

This book will probably be most useful to novice and intermediate Apache administrators who are comfortable with messing around in httpd.conf, but need to refer back to the online docs now and then. Advanced Apache administrators probably won't find much new or useful in this book.

Recipes for success from two experts.......2004-04-06

While Apache is possibly the most popular and ubiquitous open source project it is certainly not the most simple. One module alone, mod_rewrite, causes me almost more problems and regex wrestling matches than all other products combined. The `httpd.conf' file is a long and critical one. In these circumstances the Apache Cookbook from O'Reilly might be a godsend. It is certainly a well-written, well-researched volume. Ken Coar has spent many years working on Apache and Rich Bowen has long laboured on the Apache documentation. They both know their stuff -- and if this is an example, both know how to write.

The book has twelve chapters, covering everything from installation and adding modules through to proxies and performance. The chapter on security is the largest, it covers the topics well. By contrast I thought the chapter `Aliases, Redirection and Rewriting' too short and could have benefited from some more `recipes', but that may be due to my own bias - mod_rewrite is not an easy topic, and as I've said it causes me a great deal of grief.

It is laid out in a similar way to the Perl Cookbook: each recipe has a `Problem' section followed by a `Solution' and then `Discussion.' In almost all the `recipes' the `Discussion' is longer than the `Solution,' and I often found it far more useful and informative than the problem and its solution.

The Apache Cookbook covers almost all aspects and all parts of the learning curve for Apache. That will either be a strength or a weakness of this volume for you; with such a large and complex piece of software as Apache a single book cannot hope to cover it in a great deal of depth. For me this book was not really a cookbook, more a good source of well documented examples from which to create my own recipes,

My biggest problem reviewing a book like this is that after several years building and configuring Apache (even on an infrequent basis) quite a lot of this volume seems simple. You may also find it the same if you are the sort of person who is not afraid to pore over the documentation, get your hands dirty and make a few mistakes. If you like some hand holding and are just starting with Apache you may benefit from all of it.

That's not to say that I didn't personally find large chunks of this volume useful. Certainly I've gone over several of the recipes and their excellent explanatory text to shed some light on previously dark corners of Apache, particularly as the authors cover both Apache 1.3 and 2.0.

O'Reilly have the usual web page with a Table of Contents and example chapter. The example chapter, on error handling is well chosen as it is typical of the others and useful but not the most useful chapter.

Book Description

With more than 67% of web servers running Apache, it is by far the most widely used web server platform in the world. Apache has evolved into a powerful system that easily rivals other HTTP servers in terms of functionality, efficiency, and speed. Despite these impressive capabilities, though, Apache is only a beneficial tool if it's a secure one. To be sure, administrators installing and configuring Apache still need a sure-fire way to secure it--whether it's running a huge e-commerce operation, corporate intranet, or just a small hobby site. Our new guide, Apache Security, gives administrators and webmasters just what they crave--a comprehensive security source for Apache. Successfully combining Apache administration and web security topics, Apache Security speaks to nearly everyone in the field. What's more, it offers a concise introduction to the theory of securing Apache, as well as a broad perspective on server security in general. But this book isn't just about theory. The real strength of Apache Security lies in its wealth of interesting and practical advice, with many real-life examples and solutions. Administrators and programmers will learn how to:

install and configure Apache
prevent denial of service (DoS) and other attacks
securely share servers
control logging and monitoring
secure custom-written web applications
conduct a web security assessment
use mod_security and other security-related modules

And that's just the tip of the iceberg, as mainstream Apache users will also gain valuable information on PHP and SSL/ TLS. Clearly, Apache Security is packed and to the point, with plenty of details for locking down this extremely popular and versatile web server.

Customer Reviews:

super.......2007-03-08

Thanks a lot, we are very happy to have this book in our library!

The single best Apache security book in print.......2006-09-28

I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.

Before I go further, I must mention that Ivan Ristic cites me and my books twice, on pages 2 and 229. While humbling, I tried not to let this fact influence my review.

AS is an extremely well-thought-out book. My favorite aspect of AS is the decision to start with a blank httpd.conf file, rather than accepting the file packaged with Apache and making edits as needed. By building up httpd.conf from scratch, the author shows exactly what components are needed in a very clear manner. This was not the approach used by PWAWA. I would like to see other technical books adopt this teaching method.

AS includes better coverage of several topics which I believe are core to securing Apache. I liked AS' discussion of chroot environments and jails, although the author should distinguish between chroot on Linux or BSD and jail on BSD alone. AS features a whole chapter on proper PHP deployment (Ch 3), and a whole chapter on SSL/TLS (Ch 4). AS devotes another chapter to explaining how to host multiple Web sites on one host (Ch 6), which is critical to many Apache environments. AS' chapter on Web infrastructure (CH 9) also covers topics not found in PWAWA.

AS is also less explicitly Linux-centric than PWAWA. As a primary FreeBSD user, I found AS' approach more applicable to my environment. PWAWA seemed to assume everyone was running Red Hat Linux. It's fine to use a single OS for all examples, but I had to personally identify tools and techniques that would probably only work on Red Hat.

I had very little trouble with any of the text in AS. My main concerns involve Ch 1, where the author spends time on certain security concepts. I would consider the following with regards to threat modeling on p. 5: (asset) what might be compromised; (motivation) why compromise; (vulnerabilities) where compromised; (attack) how compromised; (threat) who compromised you; (risk) threat X vulnerability X asset value. On pp 9-10 the author should also have used the risk equation just mentioned.

Overall, I really liked AS. The book really is about Apache security, so if you are more interested in attacking Apache you might prefer PWAWA. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly.

Excellent book..........2006-08-01

This book is worth every single dollar. The examples are very clear and also provide invaluable information about security.

A must have for everybody using Apacge.

Review of "Apache Security" by Ivan Ristic.......2006-03-02

Excellent book. The chapters on PHP and logging are especially useful.

Used every morning with coffee.......2006-02-05

I recently heard about a new book out that is just about Apache Security written by Ivan Ristic. I haven't ever really found many books on this topic and wondered why since its such a widely popular web server. Ivan Ristic is well known for being the single man behind an invaluable tool for web servers called mod_security.

So many security related books are very expensive and thousands of pages long, which is great if you have lots of time but no system admin does. Apache Security is both thorough and quick to get through while walking you through the most imporant issues you'll encounter or never thought about until now.

First off go buy the book, don't bother to read this review at http://www.webhostgear.com/313.html It's really that good. I use it on a daily basis and keep a copy at the office and at home. I advise anyone that owns a server or works with Apache to get this book, you won't be disappointed. It's not
for somoene that's completely a newbie to web servers, I recommend it more for someone with a bit of experience or advanced user of Linux. Since this isn't a book on dummy installations but about security so you need a basic understanding of file permissions and so on.

Linux Server Hacks: 100 Industrial-Strength Tips and Tools

Average customer rating:

Good first step into being a Linux Sysadmin
Great book for intermediate users
Great Hacks, Skimpy on Facts
Linux "Must Have" book for servers or desktop client
Very useful and clever

Linux Server Hacks: 100 Industrial-Strength Tips and Tools
Rob Flickenger
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

General | Operating Systems | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0596004613

Book Description

A competent system administrator knows that a Linux server is a high performance system for routing large amounts of information through a network connection. Setting up and maintaining a Linux server requires understanding not only the hardware, but the ins and outs of the Linux operating system along with its supporting cast of utilities as well as layers of applications software. There's basic documentation online but there's a lot beyond the basics you have to know, and this only comes from people with hands-on, real-world experience. This kind of "know how" is what we sought to capture in Linux Server Hacks. Linux Server Hacks is a collection of 100 industrial-strength hacks, providing tips and tools that solve practical problems for Linux system administrators. Every hack can be read in just a few minutes but will save hours of searching for the right answer. Some of the hacks are subtle, many of them are non-obvious, and all of them demonstrate the power and flexibility of a Linux system. You'll find hacks devoted to tuning the Linux kernel to make your system run more efficiently, as well as using CVS or RCS to track the revision to system files. You'll learn alternative ways to do backups, how to use system monitoring tools to track system performance and a variety of secure networking solutions. Linux Server Hacks also helps you manage large-scale Web installations running Apache, MySQL, and other open source tools that are typically part of a Linux system. O'Reilly's new Hacks Series proudly reclaims the term "hacking" for the good guys. Hackers use their ingenuity to solve interesting problems. Rob Flickenger is an experienced system administrator, having managed the systems for O'Reilly Network for several years. (He's also into community wireless networking and he's written a book on that subject for O'Reilly.) Rob has also collected the best ideas and tools from a number of other highly skilled contributors. Written for users who already understand the basics, Linux Server Hacks is built upon the expertise of people who really know what they're doing.

Customer Reviews:

Good first step into being a Linux Sysadmin.......2007-09-25

When you're ready to take your Linux expertise from the "desktop" level to the "server" level, this is the right place to start. It avoids trying to teach you everything and instead sprinkles your brain with possibilities. There are some interesting ways to do things and as your skill grows you'll find more uses for what's in the book.

The only downers were the Version Control chapter--everyone has a preference and most methods have decent tutorials, and the use of perl in scripts. If you're good in perl then you can expand the scripts, otherwise it'd be cleaner and better to use Bash for the script examples.

Great book for intermediate users.......2007-09-14

If you are an aspiring Linux hacker/guru, you need this book. Sure, a lot of this information can be found online, but this book is so cheap there's no reason not to have a copy.

I read this book after I'd tinkered a bit with Linux and taken a few online "system administration" courses in it. I knew the basics of operating Linux, but had no clue where to go next. If you've been through the "textbook" courses and want to take your next step, this is a good book to help you get your hands dirty setting up some useful stuff.

Great Hacks, Skimpy on Facts.......2006-12-02

This O'Reilly title really impressed me with useful tricks, such as running a shell command on multiple hosts or using a Makefile to maintain sendmail map files; however, while it gives you the short cut to do something, it doesn't always explain the syntax of the commands used.

I wanted to use the Makefile to maintain files in my Postfix configuration, but the author didn't explain the entries in the sendmail Makefile enough to customize it to my own needs. It wouldn't taken little time and made the tip more useful to budding sysadmins.

Still, the book is well worth the purchase price, and one can always glean custom techniques off the net.

Linux "Must Have" book for servers or desktop client.......2006-03-17

First, I write software professionally. I write software, I am not a Sys Admin (which is hard work I might add; System Administration is for hardcore people.) This book saved me money by giving me answers to problems that would have taken me days to find the answers to by searching the internet.

Hack #17 includes "pgrep"
Before I was doing "ps -elf | grep something" to find a process I wanted to kill. Hack #17 explains a better way to do that with pgrep and things like "skill"

Simple enough but time is money in this business and this book save both time and money.

Also the book is a "good" read. The author writes well and keeps you reading. Not a dry manual.

If you are doing Linux for fun or work you need will need to buy this book. It allows you more time to sleep at night.

Very useful and clever.......2004-10-23

Just a couple days after I had started thumbing through this book my boyfriend picked it up and stole it for 2 weeks. The result? "This book rocks."

The book is organized into sections so that it's logical to just read it cover to cover if you felt so inclined. The hacks go from simple to more difficult, and it's certainly not just for Server adminstrators! Most of these hacks are a benefit to any Linux user. I found myself often thinking "Wow, that's so clever!" and "I should have thought of that!" while reading this book. I discovered so many new little ways around doing things, and got a fresh look at how to tackle certain problems, and actually learned quite a bit about programs I use everyday (such as ssh).

It's wonderful that such a collection has been brought together, this is now one of my favorite reference books.

Average customer rating:

super
A strong mix of Apache security and Web application assessment
pretty good
A comprehensive treatment of the thorny area of web server security
Very well written book from an author who knows his stuff

Preventing Web Attacks with Apache
Ryan C. Barnett
Manufacturer: Addison-Wesley Professional
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0321321286

Customer Reviews:

super.......2007-03-08

Thanks a lot, we are very happy to have this book in our library!

A strong mix of Apache security and Web application assessment.......2006-09-28

I recently received copies of Apache Security (AS) by Ivan Ristic and Preventing Web Attacks with Apache (PWAWA) by Ryan Barnett. I read AS first, then PWAWA. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are more concerned with a methodical, comprehensive approach to securing Apache, choose AS. If you want more information on offensive aspects of Web security, choose PWAWA.

Author Ryan Barnett takes a wider look at the world of Web application security than Ivan Ristic. As a result I find their two books very complementary. You'll find coverage of topics in PWAWA that do not appear in AS. For example, Ryan explains how to use the Center for Internet Security Apache Benchmark Scoring Tool to evaluate your httpd.conf file. He uses the Apache Benchmark (ab) application (packaged with Apache) to measure Web server performance characteristics. He uses these tools in before-and-after situations to show how his recommended changes improve the defaults.

I thought PWAWA's coverage of the fundamentals of Web security was not as good as that of AS. That's ok, though, because PWAWA addresses areas not as well covered by AS. For example, PWAWA spends a lot of quality ink on mod_security filters. This is ironic, given that AS author Ivan Ristic coded mod_security! What's impressive about PWAWA's mod_security explanations are the many sample filters. These are developed after discussions of various attack techniques and serve as countermeasures one can implement until a patch is ready.

PWAWA is a mix of defense and offense, with a whole chapter showing how to attack and defend the WebMaven/Buggy Bank learning Web application. Attacks are nice, but showing development of defenses is excellent. PWAWA features some clever ideas too, like snort2modsec.pl and an Open Web Proxy Honeypot. I was not as keen on the inclusion of the Web Application Security Consortium's Web Security "Threat" Classification document. Please search my blog for a thorough discussion of why that guide should be an "attack, vulnerabilities, and exposures" document.

I found few technical nits. It's not correct that a NIDS protects its sniffing interface by "removing [the] IP stack" (p 299). Inline IDS isn't just for honeypots, either. I could have used inline packet rewriting to defend a Web hosting company that had lost control of its IIS customer sites. The customers were compromised and were unwittingly attaching malicious frames in their Web pages, thanks to an intruder.

I was also concerned by the author's statement that upon seeing a Snort Web attack alert, he connects to the Web server via SSH and begins reviewing logs (p 419). Proper network security monitoring wouldn't necessarily require immediate log review, and if log review is needed it should be done via a central log host. Connecting to a potential victim immediately after suspected compromise is a great way to alert the intruder and potentially alter evidence.

Overall, I liked PWAWA. The book is a mix of Apache security and Web application assessment, so if you are more interested in purely securing Apache you might prefer AS. If you want to learn about Web application hacking in general, your best bets are probably Hacking Exposed: Web Applications, 2nd Ed, and Professional Pen Testing for Web Applications. I will read and review those two books shortly.

pretty good.......2006-04-26

It's a good book. I'm glad to have it. But I'm only giving it 4 stars, not 5. To me - not as mind blowing as some of the other people have said. I found some information not useful, but the other half is quite useful and going through the whole book is giving me confidence in my servers.

A comprehensive treatment of the thorny area of web server security.......2006-04-12

According to Netcraft's latest Website Server Survey (February 2006), over 68% of internet websites are hosted on Apache servers. This presents a large group of potential targets for malicious attacks.

'Preventing Web Attacks with Apache' attempts to provide a comprehensive treatment of the thorny area of web server security with the sole emphasis being on Apache. Initial doubts about the viability of a 500 page treatise on securing an Apache server were dispelled by the in-depth and thorough approach of the author.

The book kicks off by exposing common misconceptions about web server security. For example, the fact that web servers need to have ports 80 (http) and 443 (SSL) open in order to function properly means that the effectiveness of security measures such as firewalls, DMZs and intrusion detection systems is somewhat diminished.

The proper configuration of the underlying operating system is then highlighted as the first line of defence. Issues such as the timely application of vendor patches, disabling of non-essential services, user management and proper application of file permissions are addressed.

At this stage it is necessary to note that the author has tailored the book specifically to cater for the 2.0 version fork of Apache as opposed to the 1.3 version. This is in spite of the fact that the 1.3 legacy version holds the majority of market share. His reason is that the version 2.0 fork contains a number of new security features, amongst other improvements, which make it easier to secure. Therefore users of the 1.3 version will need to take this into account when reading the book. Obviously, the general principles of "OS-hardening" and other common features, which both forks still share, will ensure that the book is still a useful read for version 1.3 administrators.

The exhaustive approach is continued with a chapter dedicated to downloading and compiling the source code, while another 40-page chapter provides secure settings for httpd.conf, the primary configuration file for Apache. An interesting comparative exercise was performed using Nikto, the popular open-source vulnerability scanner. The scanner was run initially against a newly installed Apache server with the default configuration, and then again after httpd.conf had been "hardened" with revealing results.

Apache has been designed so that its functionality can be extended by the installation of additional modules. Chapter 5 deals with the installation and configuration of security-related modules that can be added to Apache in order to improve its security.

The installation and running of the CIS Apache Benchmark Scoring Tool rounds up the first part of the book, which concentrates on securing Apache and the underlying operating system. The second part of the book majors on the protection of web applications that run on top of Apache.

A vast array of possible web threats such as SQL injection attacks, cross-site scripting and path traversal attacks are detailed with corresponding countermeasures. These concepts are then applied to a suitably named demonstration web application called Buggy Bank. The use of web honeypots is also covered with a whole chapter on an open web proxy honeypot project conducted by the author.

Finally, a practical scenario is enacted to allow the application of appropriate Apache countermeasures to a vulnerability alert email. Step by step details are provided making use of skills acquired in the previous chapters.

This book will serve as a very useful tool to anyone charged with securing web servers, especially those running Apache. Concepts are clearly presented and then demonstrated using practical illustrations and examples.

Very well written book from an author who knows his stuff.......2006-03-25

I have to admit I am only half way through the book, but have to say that I am very impressed. First the book is very well written, clear and concise and does a great job of explaining technical terms a novice may not quite understand as he goes through the material. The author is able to provide a great deal of information in a smaller book as opposed to the larger "bibles" as he is able to get directly to the point. You can tell that the author has a clear grasp of the material from experience as opposed to merely theortical or academic research. The topics covered are eye opening and enlightning and through the reading of the book the reader comes to a better understanding not just of Apache security, but also of network and application security.

I would suggest this book even to anyone who works with Apache as their server of choice and not just security professionals, but also webmasters, web developers and even designers as the language and structure of the book is easy to follow and understand.

Run Your Own Web Server Using Linux & Apache

Average customer rating:

Good introduction to LAMP servers for average computer user
Good broad strokes, light on details
a non-technical book for non-technical people
VERY VERY HIGHLY RECOMMENDED!!
A surprisingly simple 'must'.

Run Your Own Web Server Using Linux & Apache
Tony Steidler-Dennison
Manufacturer: SitePoint
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

SitePoint | By Publisher | Books
Similar Items:

ASIN: 0975240226

Book Description

This book is for Web Developers who want to learn how to use Linux & Apache for Website Hosting. The first chapters will teach you how to install Linux and Apache 2.0 on a home or office machine for testing purposes. Then you'll learn how to perform dozens of common tasks including:

Updating server software
Setting up new Websites, Email Accounts and Subdomains
Configuring various Linux & Apache files related to performance and security
Install spam filtering software
Perform automatic backups and crash recoveries

And much more.

This is the ideal book for anyone who wants to run Websites using a leased or co-located Linux server, without having to spends thousands of dollars annually on third party support and management.

Customer Reviews:

Good introduction to LAMP servers for average computer user.......2006-08-31

The focus in this book is on one of the most common implementations of Linux; as a complete Internet solution with a Linux server, Apache web server, MySQL database, and PHP language. This combination is commonly called a LAMP installation. The authors lead the reader through how to pick an appropriate Linux distribution for your needs, install and configure the Apache web server, use MySQL to store data and use PHP to build Web applications.

The authors assume little or no knowledge of Linux and so include a basic introduction to Linux including common daily tasks and administration. Once your Linux server is up and running they also cover how to use various utilities to administer it remotely. Other chapters include information on server security, GNOME, file system, and permissions. This is not a bad introduction to Linux and Apache but it does almost nothing with MySQL and PHP. This is a basic text on how to get a LAMP server up and running. It is not a text on how to program with PHP or how to create and administer a MySQL database. For this information you will need to consult other texts. However, since a LAMP server is one of the most common uses of Linux and there are specific techniques to get the Linux server, Apache, MySQL and PHP all installed and working together seamlessly this book is very valuable for this specific task. Build Your Own Web Server Using Linux and Apache is recommended to anyone who wants to get a LAMP server up and running with a minimum of frustration.

Good broad strokes, light on details.......2006-07-25

I'm a web developer and bought this book hoping that it would--as advertised--teach me how to setup and install a working LAMP server. I found this book to read more like a checklist than anything. Install this, uncheck that. The book provided little insight as to the reasoning behind these decisions, nor did it provide any detail on how to fine tune or configure some of the more arcane components like email or ftp. It definitely did not teach you anything about how to live and operate in the Linux environment. These I had to figure out on my own. This book reads like a free website article repackaged and bound. Stay clear of this one.

a non-technical book for non-technical people.......2006-06-02

50% of its contents can be found in a general Red Hat Linux book. Most other parts can be found in the web sites of Apache, Webmin and so on. This is the worst book I bought from Amazon.com, the first book from Sitepoint. I wouldn't buy a book from Sitepoint for a long time. I feel sorry for my company which paid for the book.

VERY VERY HIGHLY RECOMMENDED!!.......2006-05-31

Are you a systems administrator, but know very little about Linux? If you are, then this book is for you! Authors Tony Steidler-Dennison and Stuart Langridge, have done an outstanding job of writing a practical book that shows you how to build, configure and maintain servers running the LAMP open source Web application platform.

Steidler-Dennison and Langridge, begin by showing you how to install Linux successfully on your server. Then, the authors explain hot to run and how to manage your Linux server on a daily basis. They continue by identifying those extra capabilities, and discuss the command line's advantages over GUI. Next, the authors discuss the lot as they take you on a tour of the Linux system administrator's toolkit. Then, the authors explore some of the basics of Apache itself, including how it works and how it fits into the Linux environment. Then, they focus on a selection of handy tools that will help you to configure your LAMP server and add new packages to it. They also get a feel for working with SSH, which allows command line access to a server across the network , and VNC, which enables you to access your LAMP server's GUI remotely. Next, the authors give you an introduction to backup tools. Finally, the authors set up a firewall on their LAMP server, and install intrusion detection services as a means to identify remote cracking attempts.

This most excellent book gives you the knowledge you need to build, configure and maintain servers running LAMP open source Web application platform. More importantly, this book will show you how to build a Linux server, and help you decide which flavor of Linux best suits your situation.

A surprisingly simple 'must'........2006-04-14

Any seeking a step-by-step answer guide to adapting your own Apache web server running on a Linux system based on Fedora will find a surprisingly simple 'must' in Stuart Langridge & Tony Steidler-Dennison's RUN YOUR OWN WEB SERVER USING LINUX & APACHE .From basic initial installation for Linux, Apache and MySQL 4 to daily usage and advanced administration jobs such as customizing and configuring, users will find plenty of tips on performance and mastering common server admin tasks.

The Definitive Guide to Apache mod_rewrite (Definitive Guide)

Average customer rating:

Just read the online documentation
Definitely definitive
Great way to learn how to make Apache adapt to your needs
Welcomed alternative to the obscure official documentation
mod_rewrite explained very well

The Definitive Guide to Apache mod_rewrite (Definitive Guide)
Rich Bowen
Manufacturer: Apress
ProductGroup: Book
Binding: Hardcover

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

General | Reference | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Look Inside Reference Books | Trip | Specialty Stores | Books

All Deals | Blowout Books | Stores | Books

Computers & Internet | Blowout Books | Stores | Books

Reference | Blowout Books | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

Accessories:

ASIN: 1590595610

Book Description

Organizing websites is highly dynamic and often chaotic. Thus, it is crucial that host web servers manipulate URLs in order to cope with temporarily or permanently relocated resources, prevent attacks by automated worms, and control resource access.

The Apache mod_rewrite module has long inspired fits of joy because it offers an unparalleled toolset for manipulating URLs. The Definitive Guide to Apache mod_rewrite guides you through configuration and use of the module for a variety of purposes, including basic and conditional rewrites, access control, virtual host maintenance, and proxies.

This book was authored by Rich Bowen, noted Apache expert and Apache Software Foundation member, and draws on his years of experience administering, and regular speaking and writing about, the Apache server.

Customer Reviews:

Just read the online documentation.......2007-08-21

I was very disappointed with this book. The information inside is so basic and cursory that you're bound to quickly run into situations more advanced than the contents can cover.

For instance, it doesn't deal at all with using a rewritemap within a rewritecond, and it only gives one small paragraph to rewritecond backreferences. I've spent the last few weeks scouring the internet for details about mod_rewrite, and there's very little documentation.

This book, at most, aggregates that documentation in one place. To call it the "definitive guide" is a bit much.

Definitely definitive.......2006-06-27

The Definitive Guide to Apache mod_rewrite by Rich Bowen leaves nothing to be desired. After pointing out when not to use mod_rewrite, a chapter on regular expressions and one on installing and configuring mod_rewrite (both statically and as a dynamic object), the author digs right in to the RewriteRule directive with clear examples for doing simple and more complex redirection. Chapter five expands on those rules with the RewriteCond directive illustrating its strength with time-based redirection (different pages day & night) and how to solve the "image theft" problem, and chapter six lays out the RewriteMap directive which allows to map URLs based on external data; I again found some very good examples here.

The next two chapters cover real-world examples which include adjusting URLs, reorganization of content, forcing SSL, and serving content based on a username. Access control, virtual hosts (yes, using mod_rewrite!), proxying and debugging make up the remaining chapters which are packed full of information (a lot of which I didn't know about).

I think that The Definitive Guide to Apache mod_rewrite really is just that: definitive. It is a must have for any systems administrator who wants to use mod_rewrite on an Apache web server, and I strongly recommend it.

Great way to learn how to make Apache adapt to your needs.......2006-05-31

Apache is the most commonly employed web server software on the Internet. While it is powerful and flexible out of the box your needs may require more advanced security, virtual web servers, flexibility or other items that can easily be changed. The ability to use mod_rewrite allows you to rewrite your URL in many ways so that it works the way you want it to. Among its other capabilities it allows you to set up Mass Virtual Hosting and rearrange your site with ease. And for those of us who love the Linux world the use of regular expressions allows a lot of flexibility. Some of the more powerful features include the ability to use conditional rewrites (the content is different based on usernames), force users to enter the site only through the main page, limit user access to particular directories, prevent spider access, and prevent image theft. The Definitive Guide to Apache mod_rewrite is a highly recommended introduction to this very popular but vastly under-documented program.

Welcomed alternative to the obscure official documentation.......2006-05-30

mod_rewrite is a powerful tool, but, unfortunately, it has always been poorly documented and its somewhat arcane syntax makes things even worst. Bowen offers a very welcomed alternative to the obscure official documentation. Be advised a decent understanding of Regular Expressions is required to fully leverage mod_rewrite

mod_rewrite explained very well.......2006-03-23

When I first came across RewriteRule directives I was mostly horrified. It was only because I was learning about Perl Regular Expressions at the time that I didn't make the sign of a cross at the stuff and just go another direction. But I realized that the power I craved came at a cost.

I admit that I had did the whole "trial and error" thing coupled with scouring the net for examples before I realized having a book would make things so much easier. So I resorted to searching Amazon for mod_rewrite. This is the only book that my search turned up.

I have to say the book was definitely well worth it. The tips about when to NOT use mod_rewrite was very much appreciated. Some of my uses could have been accomplished with a FilesMatch or DirectoryMatch directives instead of a RewriteRule.

The VirtualHosts chapter was useful, as was the Proxy chapter. I didn't realize how useful mod_proxy was until this chapter gave a few good examples.

All in all I'm very satisfied with this book. Because of the short length I was worried that it wouldn't cover the material well enough. However I don't think there is anything I've needed to do with mod_rewrite that this book didn't cover well enough for me to accomplish without another resource.

Books:

Books Index

Books Home

Recommended Books