Errata

Errata for Apache Security

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious technical mistake Minor technical mistake Language or formatting error Typo Question Note Update

Version	Location	Description	Submitted by	Date submitted
Printed	Page 16 top of page	location of "Securing Apache: Step-by-Step" and "Securing Apache 2: Step-by-Step" should be changed from http://www.securityfocus.com/printable/infocus/1694 and http://www.securityfocus.com/printable/infocus/1786 to http://www.securityfocus.com/print/infocus/1694 and http://www.securityfocus.com/print/infocus/1786 respectfully.	Anonymous	Nov 23, 2009
Printed	Page 53 Second last paragraph	There is a comment "Java class files end in .class but there is little chance of clash because these files should never be accessed directly by Apache". Surely this is incorrect -- people serve .class files over the web all the time as java applets and I think the Apache directives described would make apache use php to interpret .class files? (Maybe this is safe, as a Java class is unlikely to contain something that php will think is php code?)	Anonymous
Printed	Page 64 First paragraph in "File access restrictions" section	The sentence "For the operation to proceed, PHP will insist that the uid of the file owner matches the uid of the account owning the script." seems a little unclear to me, as no particular file has been mentioned earlier in the paragraph. I think you mean "When you try to perform an operation on any file PHP will insist that the uid of the file owner matches the uid of the account owning the script."	Anonymous
Printed	Page 72 second last bullet point	"45 (9 + 8 + ... + 1) should probably read "45 = (9 + 8 + ... + 1)".	Anonymous
Printed	Page 86-101 missing section	Somewhere in the SSL section I was expecting a discussion of untrusted cgi/php/... and how it interacts with keeping your SSL certificate secret.	Anonymous
Printed	Page 107 Last paragraph before "Distributed Denial of Service Attacks"	This section should almost certainly referr to RFC 3704 (which is also BCP document 84) to tell people about ingress/egress filtering. It's not just a good idea -- it's also Internet Best Current Practice!	Anonymous
Printed	Page 120 PAM Limits section	The section called "PAM limits" should be called "process limits" -- they really have nothing to do with PAM, other than the pam_limits module lets you set them. The changes do not take effect immediately, as claimed by second paragraph. You must recreate the session using the pam limits module. This may be done by Apache when it creates its worker children -- I don't know for certain.	Anonymous
Printed	Page 121 Process accounting section	The command given to activate process accounting will only activate it until the next reboot. Usually some addition needs to be made to the boot scripts to make sure this happens early in the boot process. It may be that the Redhat psacct package adds such a boot script automatically?	Anonymous