httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joe Jensen (ConAgra Foods)" <>
Subject RE: [users@httpd] Apache major features
Date Thu, 20 Feb 2014 18:28:00 GMT
We are on a current patch version and being old software there are likely few remaining security
vulnerabilities or bugs for me to worry about in the version we run.

Joe Jensen
Application Hosting Services

From: Curtis Maurand []
Sent: Thursday, February 20, 2014 12:25 PM
Subject: Re: [users@httpd] Apache major features

Google is your friend in this case.  There are tons of books re: apache and even hardening

search term: apache books

About 29,700,000 results (0.35 seconds)


On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote:
What major features have been released in the last 8 years for apache?    My apache infrastructure
is quite dated and behind.  I'd like to update and improve it but am new to apache and don't
know much more than that I have nothing modern.

Joe Jensen
Application Hosting Services

From: Jeff Trawick []
Sent: Wednesday, February 19, 2014 3:50 PM
Subject: Re: [users@httpd] Available online Training/documentation

On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <<>>
I'm looking for some advice on how to learn the intricacies of both apache httpd and tomcat.
 I'm unlikely to get a paid training class, and failed to find any overall training about
it online.  Considering it's popularity and open source nature it strikes me as very odd that
there isn't any good and extensive "on your own" training to read through.   If someone can
point me to something online it would be awesome!

I'm charged with a series of apache/tomcat servers as part about 70% of my job, but we run
a ~3-4 year old setup largely unchanged from 7 years ago.  I'd like to learn what I don't
know exists, and am hoping for more than just the apache module and configuration manuals.
 If I have to though that may be what I do learn from.

Joe Jensen
Application Hosting Services

Look at the User's Guide and Howto/Tutorials parts of the documentation.

If it were me, I'd start with this:

1. Make sure you understand how httpd and Tomcat are installed on all systems you support
and how updates are obtained.
2. Check the versions of the software and confirm that they are supported branches (e.g.,
2.2.x or 2.4.x for httpd, whatever is currently supported for Tomcat).
3. See how old the exact versions are (e.g., 2.2.15), and if they are relatively old then
ensure that you are getting updates regularly from a vendor (e.g., Linux vendor) which applies
security fixes to old versions.

If there's a problem already (unsupported, vulnerable versions), work with your team to find
out how to deal with it.  You may end up looking through CHANGES logs for vulnerabilities
and crossing out the ones in modules that aren't used in your configuration, and then seeing
what is a potential concern.

4-98. (stuff I can't think of at the moment)

99. Try to identify the most common or most important use of httpd in your environment (e.g.,
front-end to Tomcat) and get a fresh VM and set up httpd with a sample application (or static
site) that requires similar configuration features.  Use that to play around and experiment
with things in the product documentation.  Even if you won't use a particular feature in production,
the experimentation gives you more insight into how the server can be configured.

Born in Roswell... married an alien...

View raw message