4. Configuring the httpd.conf File
Unfortunately, most web server’s default configurations are not adequate for deployment on today’s Internet, and Apache is no exception. Usually these default settings are configured with a too “open” mindset as vendors would rather have their application work easily for end users. The rationale is to turn everything on by default; thus, the benefit for the vendor is twofold: Users are happy because the functionality that they wanted is available without any extra configuration, and there is a reduction in “help-desk” type of service calls due to functionality not working out-of-the-box. This mindset has proven to be a major source of problems for computer security in general. In actuality, the exact opposite ...
Get Preventing Web Attacks with Apache now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.