Sections on this page...
Web Server resources
Since I look after both Apache and IIS web servrs I regularly need to look up various information about them, and thats what this page is for.
Server Vulnerability Lists
-
SecurityFocus.com (MUST SEE SITE)
-
http://www.securityfocus.com/
SecurityFocus is the a comprehensive and source of security information on the Internet. They provide a vendor-neutral, objective, timely and comprehensive security information to all members of the security community. -
SNORT and regex
-
http://www.securityfocus.com/infocus/1768
Artcile explaining how SNORT (an OpenSource security tool detects SQL Injections and Cross Site Scriipting attacks. -
Open Web Application Security Project
-
http://www.owasp.org/
The Open Web Application Security Project (OWASP) is dedicated to helping organizations understand and improve the security of their web applications and web services. Imprtant reading for all web developers. -
CERT® Coordination Center
-
http://www.cert.org/
The CERT Coordination Center (CERT/CC) is a center of Internet security expertise, located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. -
Common Vulnerabilities and Exposures (CVE)
-
http://www.cve.mitre.org/
A list of standardized names for vulnerabilities and other information security exposures â?" CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. -
Overview of security vulnerabilities in Apache httpd 1.3
-
http://www.apacheweek.com/features/security-13
Brief list of the security vulnerabilities found during the lifecycle of Apache 1.3. -
Overview of security vulnerabilities in Apache httpd 2.0
-
http://www.apacheweek.com/features/security-20
Brief list of the security vulnerabilities found during the lifecycle of Apache 2.0. -
Hacking resources
-
http://www.wittys.com/textfiles.html
Brain Candy for hacking sites. -
How to SpamProof your site
-
http://www.sitepoint.com/article/914
Article aimed at webmasters on how to reduce the amount of junk mail they receive. Essential reading for all those who have to place their contact details on a publicly available website.
Apache Resources
-
The Apache Project Home Page
-
http://httpd.apache.org/
Home page for Apache web server, which is an open-source HTTP server for modern operating systems including UNIX and Windows NT. -
Apache Software Foundation
-
http://www.apache.org/
Home page for Apache - they provide support for the Apache community of open-source software projects. -
Apache Week
-
http://www.apacheweek.com
Apache Week aims to become an essential resource for anyone running an Apache server, or anyone responsible for running Apache-based services. it inlcudes regular updates on Apache, lists of new or suspects bugs, press links plus longer specialised articles. -
mod_backhand
-
http://www.backhand.org/mod_backhand/
Fantastic load balancing/proxying module for apache. -
Apache Modules
-
http://modules.apache.org/
List of Apache modules -
Apache API
-
http://httpd.apache.org/dev/apidoc/index.html
Official attempts to provide definitive documentation for the Apache Web server API for version 1.3... but as they say themselves, it does not yet live up to that intention. Still under construction and Apache 2.0 is out, so it mey never be finished. -
Apache 1.3 CVS Documentation
-
http://apache.dev.wapme.net/doxygen-1.3/main.html
-
Apache 2.0 CVS Documentation
-
http://apache.dev.wapme.net/doxygen-2.0/main.html
-
Comprehensive guide to .htaccess
-
http://javascriptkit.com/howto/htaccess.shtml
I am sure that most of you have heard of htaccess, if just vaguely, and that you may think you have a fair idea of what can be done with an htaccess file. You are more than likely mistaken about that, however. Regardless, even if you have never heard of htaccess and what it can do for you, the intention of this tutorial is to get you two moving along nicely together. -
mod_ssl .org
-
http://www.modssl.org/
The mod_ssl project provides strong cryptography for the Apache 1.3 webserver via the Secure Sockets Layer. This site is the home of the project and provides doucmentation and examples to get SSL running on Apache. -
The Rise of the Spammers
-
http://www.securityfocus.com/guest/24043
Excellent detailed article about how a spammer got control of this guys Apache machine through a small vulnerability in PHP. Required reading for any serious web developer.
IIS links
-
CreateWebSite using WMI
-
http://blogs.msdn.com/ramesh_r/archive/2004/03/24/95109.aspx
Blog that shows how to use WMI to Create a Website -
IIS 6.0 Admin Scripts
-
http://www.microsoft.com/technet/scriptcenter/scripts/iis/iis6/web/...
MSDN scritps for administering IIS 6.0 using WMI. -
Enabling compression on IIS6
-
http://orcsweb.com/articles/iis_compression_6.0.aspx
Excellent article about how to enable compression in IIS6. -
Ten things to do with IIS
-
http://www.securityfocus.com/guest/16819
Another excellent SecurityFocus - this time about IIS and how to make it work better. Reuired reading for any IIS administrator. -
IIS FAQ
-
http://www.iisfaq.com/default.aspx
Fantastic resources for all thing IIS related, including ADSI scripts, DNS FAQs, and many more of those things you can never figure out about IIS. -
IIS 5.0 at 15 Seconds
-
http://www.15seconds.com/focus/IIS%205.0.htm
As always, 15 seconds has a great list of articles tips and tricks for both IIS 4.0 and 5.0. (well they always have great resources for Microsoft products.) -
Remove dud mappings
-
http://www.aspfree.com/adsi/scriptmappings.asp
This script removes un-needed script mappings on an IIS 5.0 web server. Read the warnings before using this (and back up your Metabase!) -
IIS Resources
-
http://www.iis-resources.com/modules/news/
Excellent site for simple tips and tricks to do with IIS. All the articles I've read have been short and not too deep. This site is a must see for anyone new to IIS administration, and also recommended for those whove been dealing with IIS for a while. -
Securing IIS 4.0
-
http://www.iis-resources.com/modules/freecontent/index.php?id=2
Excellent list of how to secure IIS 4.0 at IIS-Resources.com - they say an IIS 5 one will be up shortly. -
skyBuilders Security Policy
-
http://www.skybuilders.com/users/jesse/docs/securityPolicy.html
Simple explanation of lots of IIS security issues, in plain english. Recommended reading for any IIS administrator. -
PipeBoost
-
http://www.pipeboost.com/default.asp
PipeBoost is an ISAPI Filter that compresses pages using the zlib algorithm. -
MetaEdit
-
http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3B301386%233
Metabase editing tool from MS. -
Web Site Compression
-
http://www.15seconds.com/issue/020314.htm
IIS allows you to compress static pages, dynamic pages, or both. The compression option is turned off by default. To turn it on follow these instructions...
Other webservers
-
NetMedia's RJ-45 WebServer
-
http://www.linuxdevices.com/articles/AT7186701822.html
This is a web server that fits onto a RJ-45 connector. Seriously. Also accepts real time data updates via a serial port. (Its designed for embedded controllers.) -
Web Enabling Your Products Without Writing Any TCP/IP Code
-
http://www.siteplayer.com/DOCS/web_enable_doc.htm
This explains how to dynamically update the data on a NetMedia Siteplayer webserver. (Thats the web server that fits onto a RJ-45 connector.)
view the RawXml for this page © Woric Faithfull 2002-2004.