Apache Security

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

AcceptMutex directive

access control     attacks against

     authentication and network access, combined     authentication methods

         basic         Digest

         factors (authentication types 1-;3)

         flawed, real-life example of         form-based

         two-factor authentication     basic plaintext authentication         groups

         htpasswd utility

     certificate-based authentication

     combining authentication modules

     DBM file authentication         dbmmanage problems

         htdigest for password database

     Digest authentication         mod_auth_digest module required

     network         environment variables

     notes on

     overview     proxy

         central and reverse proxies

         reverse proxies

     request methods, limiting

     SSO

         web-only

accountability security goal

AddHandler directive 2nd

AddType directive

Advanced Encryption Standard (AES)

AES (Advanced Encryption Standard)

AgentLog directive (deprecated)

Alan Ralsky DoS retribution

Allow directive AllowEncodedSlashes directive AllowOverride directive

     access file usage control

antivirus, Clam AntiVirus programApache

     backdoors

    chroot (jail) [See chroot]

     chroot(2) patch

     clients, limiting

     configuration and hardening

         AllowOverride directive         binary file permissions

         CGI scripts, enabling         email address, turning off

         information leaks, preventing         logging

         Options directive

         root sole write access         secure defaults

         server configuration limits         server identity, changing         server user accounts

     connection timeout

     -DBIG_SECURITY_HOLE compile option

     documentation

     installation         binary or source

         documentation

         folder locations         module selection

         modules, default activation list         patch download

         procedures for

         source code download         static binary or dynamic modules

         system-hardening matrix for planning

         testing of

    jail [See chroot]

     mod_parmguard module

     module repository

     MPMs

     options, adding and removing

     PHP integration functions

     Slapper Worm

     SSL

         broken SSL clients

         certificates, signing

         configuring         directives         keys, generating

         mod_ssl, installing

         non-SSL content         reliable startup

         server private key

         session issues

     SSO

apache-protect brute-force DoS tool

application logs

apxs third-party module interface toolarchitectures [See network architectures]

Argus network monitoring toolassessment

     security phase asymmetric (public-key) encryption 2nd 3rd 4th [See also public-key cryptography]

attack surface 2nd

attack vector attacks [See also DoS attacks; injection attacks; intrustion detection; mod_security firewall module; web application security]

     command execution and file disclosure     content management systems problems     database

     database-specific patterns

     detecting common

     XSS

         attack warning patterns audit log 2nd

AuthAuthoritative directive

AuthDBMAuthoritative directive AuthDigestDomain directive

authentication methods     Basic 2nd

     Digest 2nd

     form-based availability security goal