4. Configuring the httpd.conf File

Unfortunately, most web server’s default configurations are not adequate for deployment on today’s Internet, and Apache is no exception. Usually these default settings are configured with a too “open” mindset as vendors would rather have their application work easily for end users. The rationale is to turn everything on by default; thus, the benefit for the vendor is twofold: Users are happy because the functionality that they wanted is available without any extra configuration, and there is a reduction in “help-desk” type of service calls due to functionality not working out-of-the-box. This mindset has proven to be a major source of problems for computer security in general. In actuality, the exact opposite ...

Get Preventing Web Attacks with Apache now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.