Skip to main content
IBM  
Shop Support Downloads
IBM Home Products Consulting Industries News About IBM
IBM developerWorks : Security : Education - Tutorials
Securing your Web server		ZIPPDF (letter)PDF (A4)e-mail
Main menuSection menuFeedbackPreviousNext
1. Introduction
  


Tutorial background page 2 of 4


Examples and code listings used throughout this tutorial are based on the latest stable release of the 1.3.x series Apache Web server (which at the time of this writing is 1.3.26). All material discussed is also directly applicable to IBM WebSphere, as it is a derivative of the Apache codebase and employs the same program structure and configuration files. File locations may differ according to how your Web server was compiled, what modules were included in the configuration, etc.

In addition, this tutorial is based on a default "Server" installation of Red Hat 7.3. Again, file locations and initialization techniques may differ across distributions, but the underlying principles discussed apply to all *NIX-based systems running a Web server.

The material presented assumes you have a basic understanding of *NIX administration including user and group UIDs, user file permissions, program installation and maintenance, and editing configuration files. If you want to follow along with the examples provided, you'll need access to a system with an existing Apache installation or a system with enough disk space to install Apache on.

This tutorial also assumes you have secured your production system adequately, meaning, it's behind a well-configured firewall, system user permissions are in order, your Web server of choice is installed correctly, and filesystem permissions -- as a whole -- are in order. The Further resources section at the end of this tutorial lists several books on the topic of general system security.

One important issue this tutorial does not address due to space constraints is the topic of securing dynamic content (Common Gateway Interface, or CGI content, embedded scripting languages such as PHP, wrappers such as suEXEC, etc.). All Web server administrators need to be aware of the dangers inherent in all dynamic content, and the methods available to prevent their misuse. A good resource to check out is www.cgisecurity.com.

Questions, comments, and errata submissions are welcome; you can either email the author directly (dwcomments@syroidmanor.com) or use the Feedback form at the end of the tutorial.


Main menuSection menuFeedbackPreviousNext
Privacy Legal Contact