Apache is the epitome of free software that is both the standard in a critical area (the Web), and widely accepted by proprietary software companies. With increased usage, server security becomes an issue of paramount importance.
Security is one of the most important factors that Apache administrators need to consider. Determining who is allowed access to what, verifying that people and systems are who they say they are, and eliminating security holes that could allow crackers to gain unauthorized access to a system are all issues that the conscientious web server administrator needs to worry about on a daily basis.
Apache provides many features that can be used to either compromise server security or gather information about a server that the administrator would prefer kept secret. Of course, these features aren't there to create security holes, but the more complex the configuration the more chances we have of creating an unanticipated use of the server. Understanding what is and what is not expected behavior is essential, both when creating the server configuration and detecting possible misuse.
There is no such thing as a totally one hundred percent secure server, but in this book we'll delve into crucial aspects of Apache security and practical ways to setting up a safer, more secure implementation of an Apache server.