Maximum Apache Security by Anonymous
Posted on March 27th, 2006
Can't recommend this one at all. It bills itself as a book "that details the complex security weaknesses and risks of Apache, and provides hands-on solutions for keeping a Web site secure and buttressed against intruders." But all I found was material that an Apache non-beginner would already know, material that was already covered in the Apache documentation, and material that I wasn't vaguely interested in. I did come across a couple pointers to interesting modules that I hadn't heard of before, but when you can skim through over 400 pages in under an hour and not feel like you've missed out something is wrong.
I think the problem here is that Apache security is being approached from a general administration perspective. Chapter 3 starts off with discussions of physical server security, BIOS passwords, and biometrics. Then Chapter 4 talks about choosing an operating system, then Chapter 5 is on choosing a database, Chapter 7 covers IPv6. In other words, plenty of things you'd want to be aware of as a network administrator, but nothing that specifically makes you a better Apache administrator.
All bets were off for me by Chapter 8, where there's an explanation of how to change file permissions and how to understand octal numbers. That's the sort of material you cover on day 2 of using a Unix-like computer. It makes no sense in a book that in a few chapters will provide a prolonged cross reference of the Apache source files.
I kept hoping I'd eventually get to the "good" material, but there wasn't any. There's plenty of material covering things around and somewhat related to an Apache server, but almost nothing pragmatic that you could use to get yourself out of a pickle.