Section 8.1. Web Server Security

Bad things happen to good servers. What can happen? Where should you look? The Web has the same problems as the other important Internet services discussed in this book, differing mainly in the details.

8.1.1 Problems and Goals

Malice or mistake, whether local or remote, can foil the security goals mentioned in the first chapter. Table 8-1 lists some security problems you may encounter, as well as the desired goals.

Table 8-1. Web-security problems and goals

Sample problems

Security goals

Theft of service

Warez or pornography uploads

Pirate servers and applications

Password sniffing

Rootkit and trojan program installation

Denial of service targeting or participation

System integrity

Vandalism, data tampering, or site defacement

Inadvertent file deletion or modification

Data integrity

Theft of personal information

Leakage of personal data into URLs and logs

Data confidentiality

Unauthorized use of resources

Denial of service attacks

Crash or freeze from resource exhaustion (e.g., memory, disk, process space, file descriptors, or database connections)

System and network availability

8.1.2 What, When, and Where to Secure

Vulnerabilities exist everywhere, but some are more frequently targeted:


Buffer overflows, string-format hacks, race conditions, logic errors, memory leaks


Ownership, permissions, symbolic links, setuid/setgid

Authentication and authorization

Coverage gaps, data leaks, spoofing


Promiscuous mode, denial of service; connectivity


User accounts, passwords

I'll describe web-server security more or less in chronological order, pointing out the problems and best practices as we go:

Build time

Obtaining and installing Apache

Setup time

Configuring Apache


Securing CGI scripts, with PHP and Perl examples

Special topics

Issues spanning the operating system, web server, and CGI scripts: authentication, authorization, sessions, SSL, and others

8.1.3 Some Principles

Many times, I'll invoke one or more of these security mantras:


Configure with least privilege. Avoid using root and restrict file ownership and permissions. Provide the bare minimum to serve files, run CGI scripts, and write logs.


Minimize surface area; a smaller target is harder to hit. Disable or remove unneeded accounts, functions, modules, and programs. Things that stick out can break off.


Never trust user input. Secure access to external files and programs.


Use layers of protection. Don't rely on security by the obscurity of a single mechanism, such as a password.


Write down what you've done because you won't remember it. Trust us on this one.