httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aman Raheja <>
Subject Re: [users@httpd] Compression and Security
Date Sun, 26 Jun 2005 01:07:35 GMT
It is indeed possible to compress images, and if you specify apache to 
do so, it will.

The issue is that some browsers like some of the Netscape versions have 
had history of having problems with HTTP/1.1 with compressed images. So 
you  would more likely fend off a percentage of users. there might be 
other browsers with same issue that I am not aware of.
Moreover even if you compress an image, you won't gain much, as I tried 
to zip a 20.7Kb jpg and got a 20.3Kb file and a 202 Kb gif to a 202 Kb 
zip file.

As far as security, what version of apache are you using? Get the most 
recent one in the 1.3.x or 2.0.x and you will be alright. Choose the 
modules carefully and only Load the ones you need, besides the fact that 
there is a doc on apache's site about security that can guide you more 
on securing apache. Get back here if you have any more questions.

Aman Raheja

Arthur Guy wrote:

>Isn't it possible to compress images any further?
>I guess I am not really sure what I am asking when it comes to security, I
>have setup an apache server running parallel to my current IIS server but on
>port 8080. 
>I want to switch them over but I would like to be sure that the instillation
>is secure, are there any problems with apache that I need to be worried
>about? Are there any patches / configuration setups that need to be applied?
>-----Original Message-----
>From: Nick Kew [] 
>Sent: 25 June 2005 22:42
>Subject: Re: [users@httpd] Compression and Security
>Arthur Guy wrote:
>>Does gzip compression and browser decompression support images or is it
>>html and text?
>Irrelevant.  Web image formats are already compressed.  You should also
>avoid compressing some other formats (such as PDF) or a certain
>crippled browser will refuse to display them.
>>Is the name mod_security correct, searching for it in the documentation
>>doesn't return anything?
>It's a third-party module.  But it's not really required for Apache
>in the sense of IIS.  We don't have a long history of devastating bugs
>like CodeRed and Nimda (despite having three times MS's market share).
>mod_security protects vulnerable applications rather than the server

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message