httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Tkach <ntk...@gmail.com>
Subject Re: [users@httpd] Apache major features
Date Thu, 20 Feb 2014 20:38:52 GMT
On Thu, Feb 20, 2014 at 12:28 PM, Joe Jensen (ConAgra Foods) <
Joe.Jensen@conagrafoods.com> wrote:

> We are on a current patch version and being old software there are likely
> few remaining security vulnerabilities or bugs for me to worry about in the
> version we run.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> *From:* Curtis Maurand [mailto:curtis@maurand.com]
> *Sent:* Thursday, February 20, 2014 12:25 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Apache major features
>
>
>
>
> Google is your friend in this case.  There are tons of books re: apache
> and even hardening it.
>
> search term: apache books
>
> About 29,700,000 results (0.35 seconds)
>
> http://httpd.apache.org/docs/2.4/
>
>
>
>
> --Curtis
>
> On 2/20/2014 12:38 PM, Joe Jensen (ConAgra Foods) wrote:
>
> What major features have been released in the last 8 years for apache?
> My apache infrastructure is quite dated and behind.  I'd like to update and
> improve it but am new to apache and don't know much more than that I have
> nothing modern.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> *From:* Jeff Trawick [mailto:trawick@gmail.com <trawick@gmail.com>]
> *Sent:* Wednesday, February 19, 2014 3:50 PM
> *To:* users@httpd.apache.org
> *Subject:* Re: [users@httpd] Available online Training/documentation
>
>
>
> On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) <
> Joe.Jensen@conagrafoods.com> wrote:
>
> I'm looking for some advice on how to learn the intricacies of both apache
> httpd and tomcat.  I'm unlikely to get a paid training class, and failed to
> find any overall training about it online.  Considering it's popularity and
> open source nature it strikes me as very odd that there isn't any good and
> extensive "on your own" training to read through.   If someone can point me
> to something online it would be awesome!
>
>
>
> I'm charged with a series of apache/tomcat servers as part about 70% of my
> job, but we run a ~3-4 year old setup largely unchanged from 7 years ago.
> I'd like to learn what I don't know exists, and am hoping for more than
> just the apache module and configuration manuals.  If I have to though that
> may be what I do learn from.
>
>
>
> Joe Jensen
> (402)-240-3645
> Application Hosting Services
>
>
>
> Look at the User's Guide and Howto/Tutorials parts of the documentation.
>
>
>
> If it were me, I'd start with this:
>
>
>
> 1. Make sure you understand how httpd and Tomcat are installed on all
> systems you support and how updates are obtained.
>
> 2. Check the versions of the software and confirm that they are supported
> branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported
> for Tomcat).
>
> 3. See how old the exact versions are (e.g., 2.2.15), and if they are
> relatively old then ensure that you are getting updates regularly from a
> vendor (e.g., Linux vendor) which applies security fixes to old versions.
>
>
>
> If there's a problem already (unsupported, vulnerable versions), work with
> your team to find out how to deal with it.  You may end up looking through
> CHANGES logs for vulnerabilities and crossing out the ones in modules that
> aren't used in your configuration, and then seeing what is a potential
> concern.
>
>
>
> 4-98. (stuff I can't think of at the moment)
>
>
>
> 99. Try to identify the most common or most important use of httpd in your
> environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd
> with a sample application (or static site) that requires similar
> configuration features.  Use that to play around and experiment with things
> in the product documentation.  Even if you won't use a particular feature
> in production, the experimentation gives you more insight into how the
> server can be configured.
>
>
>
> --
> Born in Roswell... married an alien...
> http://emptyhammock.com/
>
>
>

Yes, having been through a similar experience in the past I can definitely
say start small.  VMs are your friend!  Make *sure* you're okay right now
so nothing is vulnerable (don't count on it being "old" as meaning it's not
vulnerable to anything).

I've found that if you are making a "big" leap (mostly 1.x -> 2.x) you're
liable to run into trouble with modules.  That big of a jump some have been
absorbed into Apache core httpd, some don't exist any more, some have been
replaced, some won't work with 2.x without patching or re-compiling, etc.

Mime
View raw message