O'Reilly Network articles about this topic:
Every layer of security you can add is one more deterrent for the bad guys. Writing (or choosing) secure code is important, but it's not the only defense. Ivan Ristic, creator of mod_security, explains how this Apache module can turn back potential attacks before they reach your code.
Buffer Overflows in PHP Forms and mod_ssl
In this week's Security Alerts, Noel Davis reports buffer overflow problems in PHP forms and mod_ssl, as well as security holes in Oracle 8 and 9 systems, User Mode Linux, and the webtop application of Caldera's Open UNIX and UnixWare systems.
Apache.org Server Compromised
Noel Davis shows us the compromise of the Apache Software Foundation Server; buffer overflows in yppasswd, Qpopper, and mailtool; vulnerabilities in TWIG, webmin, and GnuPG; a new type of attack against sendmail; and discuss the use of the user nobody.
Securing a PHP Installation
Darrell Brogdon shows us a few basic things that should be done to secure a PHP installation.
Apache Insecurity Reveals Directory Contents
Noel Davis discusses buffer overflows and format string vulnerabilities in icecast, Half-Life Dedicated Server, Solaris SNMP, ipop2d, ipop3d, imapd, mutt, and cfengine; temporary-file problems in the SGML-Tools package and Mesa; and problems with Apache, several FTP daemons, a Solaris SNMP agent, vBulletin, FTPFS, and Ikonboard.
Learning From Mistakes
A quick security fix for the Python wiki program MoinMoin presents an opportunity to learn from the mistakes of others.
Security Alerts: KTH Kerberos, Red Hat PAM, and More
Noel Davis summarizes open source and Unix exploits. Problems this week include local and remote root exploits in KTH Kerberos, buffer overflows in Red Hat's PAM, a discussion of security problems with web-based applications, and an example of one of these security problems in phpGroupWare.
Securing Your Apache Server
This excerpt is from Chapter 13 of O'Reilly's book Apache: The Definitive Guide, 2nd Edition. Enable Apache to communicate securely over Secure Sockets Layer (SSL). Covers building, configuring, and securing an SSL-enabled Apache server under Unix.
Other documents about this topic:
Below are other references available on the web for this topic. Since other sites may change their links, please if you find any that may need to be updated.
Apache Server FAQs: Authentication and Access Restrictions
Frequently asked Apache authentication and access restriction questions. [Source: Apache.org]
Security and Apache: An Essential Primer
Chances are that your Web site has at least a few pages that you really don't want published to the Internet at large. [Source: LinuxPlanet]
Apache SSL Documentation
This server documentation covers the Apache-SSL secure Webserver, which is based on SSLeay/OpenSSL.
Short Q&A for the Apache-SSL module. It is part of the Apache-SSL home page. [Source: Apache-SSL]
Pointers to the Secure Sockets Layer (SSL) 3.0 specification (11/96) and some additional information. [Source: Netscape]
Securing Your Apache Server for Business with VeriSign Secure Server IDs
Verisign tells you how to obtain a digital certificate from them and install it in the Apache server, creating a secure server. [Source: Verisign]