Re: [users@httpd] Compression and Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Here's a link talking about the Netscape issue with compressed images
http://www.zope.org/Members/Mamey/mod_gzip

Securing apache
http://www.securityfocus.com/infocus/1694
http://www.securityfocus.com/infocus/1786
and lots more if you search google

- Aman Raheja (again!!!)
http://www.techquotes.com

Aman Raheja wrote:

It is indeed possible to compress images, and if you specify apache to do so, it will.

The issue is that some browsers like some of the Netscape versions have had history of having problems with HTTP/1.1 with compressed images. So you would more likely fend off a percentage of users. there might be other browsers with same issue that I am not aware of. Moreover even if you compress an image, you won't gain much, as I tried to zip a 20.7Kb jpg and got a 20.3Kb file and a 202 Kb gif to a 202 Kb zip file.


As far as security, what version of apache are you using? Get the most recent one in the 1.3.x or 2.0.x and you will be alright. Choose the modules carefully and only Load the ones you need, besides the fact that there is a doc on apache's site about security that can guide you more on securing apache. Get back here if you have any more questions.
HTH

Regards
Aman Raheja
http://www.techquotes.com

Arthur Guy wrote:

Isn't it possible to compress images any further?

I guess I am not really sure what I am asking when it comes to security, I have setup an apache server running parallel to my current IIS server but on port 8080. I want to switch them over but I would like to be sure that the instillation
is secure, are there any problems with apache that I need to be worried
about? Are there any patches / configuration setups that need to be applied?

Arthur

arthur@xxxxxxxxxxxxxxxxxxxx
-----Original Message-----
From: Nick Kew [mailto:nick@xxxxxxxxxxxx] Sent: 25 June 2005 22:42
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Compression and Security

Arthur Guy wrote:
Does gzip compression and browser decompression support images or is it

just
html and text?


Irrelevant.  Web image formats are already compressed.  You should also
avoid compressing some other formats (such as PDF) or a certain
crippled browser will refuse to display them.

Is the name mod_security correct, searching for it in the documentation
doesn't return anything?


It's a third-party module.  But it's not really required for Apache
in the sense of IIS.  We don't have a long history of devastating bugs
like CodeRed and Nimda (despite having three times MS's market share).
mod_security protects vulnerable applications rather than the server
itself.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux