httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Folino, Nick E CTR USARMY HRC (US)" <>
Subject [users@httpd] RE: Apache major features (UNCLASSIFIED)
Date Thu, 20 Feb 2014 18:09:53 GMT
Classification: UNCLASSIFIED
Caveats: FOUO

While you're at it you might want to find a class in web security.  You just told the whole
world that ConAgra Foods is running some extremely vulnerable versions of Apache products.

-----Original Message-----
From: Joe Jensen (ConAgra Foods) [] 
Sent: Thursday, February 20, 2014 12:38 PM
Subject: [users@httpd] Apache major features

What major features have been released in the last 8 years for apache?    My apache infrastructure
is quite dated and behind.  I'd like to update and improve it but am new to apache and don't
know much more than that I have nothing modern.


Joe Jensen 
Application Hosting Services


From: Jeff Trawick [] 
Sent: Wednesday, February 19, 2014 3:50 PM
Subject: Re: [users@httpd] Available online Training/documentation


On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <>

I'm looking for some advice on how to learn the intricacies of both apache httpd and tomcat.
 I'm unlikely to get a paid training class, and failed to find any overall training about
it online.  Considering it's popularity and open source nature it strikes me as very odd that
there isn't any good and extensive "on your own" training to read through.   If someone can
point me to something online it would be awesome!


I'm charged with a series of apache/tomcat servers as part about 70% of my job, but we run
a ~3-4 year old setup largely unchanged from 7 years ago.  I'd like to learn what I don't
know exists, and am hoping for more than just the apache module and configuration manuals.
 If I have to though that may be what I do learn from.  


Joe Jensen 
(402)-240-3645 <tel:%28402%29-240-3645>  
Application Hosting Services  


Look at the User's Guide and Howto/Tutorials parts of the documentation.


If it were me, I'd start with this:


1. Make sure you understand how httpd and Tomcat are installed on all systems you support
and how updates are obtained.

2. Check the versions of the software and confirm that they are supported branches (e.g.,
2.2.x or 2.4.x for httpd, whatever is currently supported for Tomcat).

3. See how old the exact versions are (e.g., 2.2.15), and if they are relatively old then
ensure that you are getting updates regularly from a vendor (e.g., Linux vendor) which applies
security fixes to old versions.


If there's a problem already (unsupported, vulnerable versions), work with your team to find
out how to deal with it.  You may end up looking through CHANGES logs for vulnerabilities
and crossing out the ones in modules that aren't used in your configuration, and then seeing
what is a potential concern.


4-98. (stuff I can't think of at the moment)


99. Try to identify the most common or most important use of httpd in your environment (e.g.,
front-end to Tomcat) and get a fresh VM and set up httpd with a sample application (or static
site) that requires similar configuration features.  Use that to play around and experiment
with things in the product documentation.  Even if you won't use a particular feature in production,
the experimentation gives you more insight into how the server can be configured.


Born in Roswell... married an alien...

Classification: UNCLASSIFIED
Caveats: FOUO

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message