![Apache Today [Your Apache News Source]](/pics/at_logo.png)  
| Linux Planet |
| Enterprise Linux Today |
| Linuxnewbie.org |
| Linux Programming |
| Linux Central |
| Linux Apps |
| Linux Start |
| Just Linux |
| BSD Today |
| Linux Today |
|
Apache Today
|
| PHPBuilder |
| BSD Central |
| All Linux Devices |
| SITE DESCRIPTIONS |
|
|
| |
internet.com
Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ECommerce/Marketing
ISP Resources
ASP Resources
Wireless Internet
Downloads
Internet Resources
Internet Lists
International
EarthWeb
Career Resources
Search internet.com
Advertising Info
Corporate Info
|
| The Apache FAQ |
| Apache Project |
| The Apache Software Foundation |
| Apache Module Registry |
| Apache-Perl Integration Project |
| The Jakarta Project |
| PHP Server Side Scripting |
| The Java Apache Project |
| ApacheCon |
| Apache XML Project |
| Apache-Related Projects |
|
| linuxcentral.com: New Products |
|
"Learning Red Hat Linux, 2nd Edition
"Darwin 1.4.1
"Reliable Linux
"Practical PostgreSQL
"Linux Tux Money Clips
"Linux Tux PC Badges-USA Version
"Red Hat Linux Security and Optimization
"Red Hat Linux Survival Guide
"Red Hat Linux 7.2 Bible Unlimited Edition
"Linux Complete 2nd Edition
|
|
Apache Today
Newsletters
|
View: Security
(Oct 3, 2001, 21:21 UTC) (4140 reads) (0 talkbacks) (Posted by )
"Gartner recommends that enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS, including moving Web applications to Web server software from other vendors, such as iPlanet and Apache."
(Jul 30, 2001, 17:47 UTC) (2938 reads) (0 talkbacks) (Posted by )
"We have received reports that the 'apache' http daemon, as included in the Debian 'stable' distribution, is vulnerable to the 'artificially long slash path directory listing vulnerability' as described in http://www.securityfocus.com/vdb/bottom.html?vid=2503."
(Jul 2, 2001, 16:43 UTC) (6734 reads) (4 talkbacks) (Posted by )
This posting to Bugtraq outlines a Java servet scripting vulnerability that could affect many systems, including Tomcat and WebSphere.
(Jun 21, 2001, 21:19 UTC) (2883 reads) (0 talkbacks) (Posted by )
"There is a vulnerability in apache by which an attacker can get a directory listing even when an index file (such as index.html) is present."
(Jun 6, 2001, 19:52 UTC) (2312 reads) (0 talkbacks) (Posted by )
Kurt Seifried discusses how Apache.org was compromised, offering that part of a growing problem we face in computer security is trust: "The SSH protocol is used to secure these connections with strong encryption, which provides a tunnel between the two communicating machines. Furthermore, it is assumed that the end developer's machine is secure, and that there are no keystroke loggers running, or items like KeyGhost hooked up to the machine. Herein lies a problem. More and more people are using machines that are not always secure or should not be considered "trusted."
(May 31, 2001, 12:38 UTC) (3425 reads) (1 talkbacks) (Posted by )
The recent compromise of SourceForge servers had farther-reaching impact than on the users of that service alone. This report from Brian Behlendorf of the Apache project explains a crack one of the project's public servers underwent involving an ssh client compromised to log outgoing names and passwords. A rather extensive audit and verification process remains underway.
(May 13, 2001, 04:50 UTC) (2415 reads) (0 talkbacks) (Posted by )
"An exploit was recently reported that allows a malicious user to terminate the Apache server running on Win32 or OS2."
(Apr 9, 2001, 15:35 UTC) (1002 reads) (1 talkbacks) (Posted by )
"Hewlett-Packard today announced enhanced security software, services and alliances to help businesses secure their e-commerce environments, prevent intrusions and protect against attacks in real-time. The products include HP Virtualvault 4.5, a newly enhanced version of HP's multi-layered, secure operating system, which now integrates Apache-based Web servers and provides integration with the HP Bluestone Total-e-server and Public Key Infrastructure (PKI)."
(Mar 26, 2001, 17:03 UTC) (760 reads) (0 talkbacks) (Posted by )
Tempest Software, a provider of technology and products that facilitate secure, standards-based information exchange over the Internet, today announced it is shipping Version 2 of SiteShield, the new "plug and play" software solution to secure websites.
(Mar 9, 2001, 21:29 UTC) (650 reads) (0 talkbacks) (Posted by )
"A recent change to the access validation machinery made this bug begin to affect security restrictions. The bug, with the change to validation, made it possible to access Zope objects via acquisition that a user would not otherwise have access to."
(Feb 13, 2001, 05:45 UTC) (1146 reads) (0 talkbacks) (Posted by )
"A potential security vulnerability has been discovered in Oracle JSP Releases 1.0.x through 1.0.2 when using Oracle Apache/JServ only."
(Dec 14, 2000, 16:45 UTC) (1141 reads) (0 talkbacks) (Posted by )
"Who should own Apache? I have nobody as the owner and the group, but I'm not sure if this is safe or not."
(Nov 30, 2000, 18:47 UTC) (1132 reads) (0 talkbacks) (Posted by )
"The virus searches for .php and .htm files and inserts code to call itself. The virus executes only on servers with PHP interpreters."
(Nov 28, 2000, 14:02 UTC) (869 reads) (0 talkbacks) (Posted by )
Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages.
(Nov 28, 2000, 14:01 UTC) (705 reads) (0 talkbacks) (Posted by )
Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages.
(Nov 22, 2000, 16:12 UTC) (585 reads) (0 talkbacks) (Posted by )
"Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages."
(Nov 22, 2000, 16:09 UTC) (566 reads) (0 talkbacks) (Posted by )
"Apache 1.3.12 and 1.3.14 are not binary compatible if both have been modified to support mod_ssl. These modules have been rebuilt using updated development packages."
(Nov 13, 2000, 15:51 UTC) (16107 reads) (5 talkbacks) (Posted by )
You have the power to control access to your Apache server based on the hostname or IP address of the connecting user. Rich Bowen explains how to use the mod_access Apache module to enforce these rules.
(Oct 28, 2000, 13:49 UTC) (1156 reads) (0 talkbacks) (Posted by )
"Security bugs in versions of Apache prior to 1.3.14 also affect Secure Web Server. A new release which incorporates 1.3.14 is now available."
(Oct 27, 2000, 16:34 UTC) (1316 reads) (1 talkbacks) (Posted by )
"The Apache Consortium, producers of the world's most popular Internet server software, sucks when it comes to privacy. So much so that it won a Big Brother award for it's "irresponsible default settings."
(Oct 24, 2000, 00:30 UTC) (2030 reads) (0 talkbacks) (Posted by )
Updated apache, php, mod_perl, and auth_ldap packages are now available for Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.
(Oct 20, 2000, 16:04 UTC) (673 reads) (0 talkbacks) (Posted by )
"There's a format bug in the logging code of the mod_php3 module. It uses apache's aplog_error function, passing user-specified input as the format string."
(Oct 19, 2000, 20:40 UTC) (1056 reads) (0 talkbacks) (Posted by )
"Apart from firewalls, which aim at protecting internal networks against attacks from the internet, web servers are the second important field requiring a high degree of security. This article shows how this can be done on a Linux system within just 45 minutes."
(Oct 19, 2000, 12:51 UTC) (734 reads) (0 talkbacks) (Posted by )
"The permissions on the -14mdk apache-suexec package were still incorrect. While some CGI scripts would perform, others would not due to the permissions being 4700 and not 4711. The -15mdk RPMs for 7.1 fix this issue. "
(Oct 12, 2000, 17:14 UTC) (859 reads) (0 talkbacks) (Posted by )
"The Apache web server comes with a module called mod_rewrite which is used to rewrite URLs presented by the client prior to further processing. There is a flaw in the mod_rewrite logic that allows an attacker to view arbitrary files on the server system if they contain regular expression references. All Linux-Mandrake users using Apache are encouraged to upgrade to these updated versions that fix this flaw."
(Sep 11, 2000, 20:28 UTC) (3185 reads) (0 talkbacks) (Posted by )
"It's possible for a remote attacker to supply arbitrary file names as values for FOO, by submitting a standard form input tag by that name, and thus cause the PHP script to process arbitrary files."
(Jul 19, 2000, 22:28 UTC) (911 reads) (0 talkbacks) (Posted by )
"Is Apache the most secure HTTP server available? The answer is simple: Apache can be made to be the most secure, and this article will show you how. Please note that I will concentrate on the Unix variant of Apache. While a Windows NT port is available, it has yet to reach the level of maturity currently enjoyed by the Unix version."
(Jun 16, 2000, 19:54 UTC) (657 reads) (0 talkbacks) (Posted by )
"We have recently become aware of an important security issue that affects all released Zope versions including the recent 2.2 beta 1 release."
(Jun 16, 2000, 06:34 UTC) (573 reads) (0 talkbacks) (Posted by )
"The issue involves an inadequately protected method in one of the base classes in the DocumentTemplate package that could allow the contents of DTMLDocuments or DTMLMethods to be changed remotely or through DTML code without forcing proper user authorization."
|
 
Latest Feature
Development continues to roll along on Apache 2.0. In his latest column, Ryan Bloom details what's new in the recently released Apache 2.0 Alpha 4.
(Jun 30, 2000)
Apache Today Features
Over the years, a lot of people have become interested in the idea of contributing to the Apache HTTP Server project, but have hung back or remained silent because they felt only hardcore C programmers with tons of experience need apply. Some actually have contacted the Project, saying they'd like to help out but don't have the coding skills and so didn't know what they could do. And some have offered specifically to help out on the documentation, either translating it, or correcting technical nits, or improving its readability or navigability. In July of 2000, however, the Apache HTTP server project created a subproject and reorganised the documentation files so that they can be worked on directly by non-programmers. This article describes more about this, and how you can get involved.
(Sep 27, 2000)
Webmasters are ever searching for ways to make their sites look cool and attractive. One way is to dress it up with images, logos, and other graphics--sometimes referred to as 'eye candy.' Of course, if you happen to be in the forefront of this in any way, you run the risk of having others cadge your art in order to dress up their sites. This article shows how you can use Apache configuration directives to limit access to your art so that it's more difficult to use elsewhere.
(Jun 14, 2000)
With this column Martin C. Brown begin his regular coverage of Apache and E-Commerce for Apache Today. This initial column maps out the burgeoning area of E-Commerce and what every Apache Webmaster needs to know about implementing E-Commerce on their site.
(May 31, 2000)
Apache 2.0 has already been through three alpha releases. In this preview, Ryan Bloom of the Apache Group previews Apache 2.0 and explains why it will make life easier for every Webmaster on the Internet.
(May 28, 2000)
While you're licking your chops and waiting for Apache 2.0 to be released, you're probably facing a very real situation of having to set up an Apache Web server today. In this overview, Apache pioneer Ken Coar goes through all the steps needed to install and configure an Apache 1.3 Web server.
(Jun 1, 2000)
| www.BSDtoday.com |
"Survey highlights open source motivation factors
"FreeBSD 4.5 has been released
"OSNews: Interview with Robert Watson of the TrustedBSD Project
"Newsforge: A Linux guy looks at NetBSD
"Caldera offers several ancient UNIX versions under a BSD-style license
"Changes to the NetBSD Packages Collection in December 2001
"Measuring Interrupt Latency within the FreeBSD kernel
"Debian runs on NetBSD
"cnet: FreeBSD to change hands
"Sponsorship of FreeBSD to return to its roots
|
| PHPBuilder.com New Articles |
"Configuring PHP with ORACLE 8i Support
"Using PHP and MySQL with Flash
"Making PHP Applications Cache-Friendly
"Making forms object-oriented
"PHP programming methodologies and documentation
"Using Webalizer to analyze Apache logs
"Optimizing Postgresql
"Getting Started with PHP/Ming
"Cross-platform and Portable Development With PHP
"Site Maintenance & Transition
|
| Linux Today |
|
"news.kde.org: Impressions on the Paris Linux Expo
"O'Reilly Network: Introduction to Make
"HP 'Frees' Printer Drivers by Removing 'HP-Only' Clause
"Debian Security Advisory: updated rsync fix
"Jeremy Allison: Samba 2.2.3 released
|
Content settings.
|
