6. Using the Center for Internet Security Apache Benchmark Scoring Tool

In the previous two chapters, we discussed numerous updates and configuration changes that should be made to an Apache installation in order to make it more secure. Some of the settings were easier to implement than others, and some of them required that some tests were performed in order to verify that the desired security configuration had been achieved. Although the rationale for testing these settings is well understood, an undesired side effect may manifest itself. Some security settings may be mistakenly left in an insecure configuration due to testing. Often, testing of configurations requires that some security settings be disabled or changed so that you can focus ...

Get Preventing Web Attacks with Apache now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.