
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
314
Chapter 10
CHAPTER 10
Securing Web Servers
You’ve hardened your server from the bottom up, with an external firewall protect-
ing your DMZ, a local firewall blocking ports, and all the latest patches applied to
your operating system. Your fortress is impregnable. But then you blast a hole
straight through all these walls to a port on your server. Then you let anyone in the
world wander in and run programs on your server, using their own input. You’ve lost
touch with reality—and/or you’re a web administrator.
The Web continues to grow, and security problems follow. As firewalls and security
tools improve, attacks move up the food chain, particularly toward web applica-
tions. In this chapter, I assume that you are hosting web servers and are responsible
for their security. Although the examples discuss servers exposed to the Internet,
most of the discussion applies to intranets and extranets as well. The platform is still
LAMP: Linux, Apache, MySQL, PHP (and Perl). I’ll talk about A, M,andP here.
MySQL database server security is covered in Chapter 8, but database access from
Perl and PHP is discussed here. We’ll see how to protect your whole web environ-
ment—server, content, applications—and keep the weasels out of your web house.
Web Security
Bad things happen to good servers. Malice ...