Properly securing a Web server entails walking a fine line between accessibility and system security. A Web server, by its very nature, needs to be accessible to the "outside world." But the Internet can be a rough and tumble place. Viruses are rampant; hackers are constantly looking for ways to break into systems and use them for their own means; and "script kiddies" find amusement in defacing prominent Web sites. So system administrators must balance accessibility with system security.

This tutorial addresses this balancing act by examining the following three topic areas:

• Web server security: Understanding the httpd.conf file and its access directives.
• Authentication options: Using basic and digest authentication to control user access.
• Jailing your users: How to create a chroot environment for your Web server.

Upon completion of this tutorial you will understand both the whys of Web server security and the how-tos of tightening and/or closing potential security holes.