Apache Security

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [H] [I] [J] [K] [L] [M] [N] [O] [P] [R] [S] [T] [U] [V] [W] [X]

fail safely security principle

FastCGI FastCGI protocol

file descriptor leakage vulnerability 2nd file_uploads directive

files     access restrictions, PHP

     configuration review of

     large causing DoS     monitoring integrity

     reviewing permissions for     security disclosure         download script flaws

         path traversal

         predictable locations

         source code disclosure

     Tripwire integrity checker     upload logging

     virtual filesystems, permissions

FilesMatch directive firewalls

     basic rules for     configuration mistake, recovering from

     deep-inspection

     deployment guidelines         configuration starting point, reasonable

         steps

     host-based

         Linux Netfilter, configuring with

     hosts, each having

     HTTP, appliances for

     mod_security

         actions

         anti-evasion features

         basic configuration

         byte-range restriction

         complex configuration scenarios

         configuration advice

         dynamic requests, restriction to         encoding-validation features         file upload interception and validation

         installation

         logging         positive security model, deploying

         request body monitoring

         request processing order

         response body monitoring

         rule engine flexibility

         scope

     WAFs forensic logging

     alternative integration method     format, recommended

     HTTP status codes     PHP integration 2nd

form fields, logic flaws

form-based authentication functional reviews

     applications         infrastructure     hotspots

     RATS statistical source code analysis tool