Here's a link talking about the Netscape issue with compressed images http://www.zope.org/Members/Mamey/mod_gzip Securing apache http://www.securityfocus.com/infocus/1694 http://www.securityfocus.com/infocus/1786 and lots more if you search google - Aman Raheja (again!!!) http://www.techquotes.com Aman Raheja wrote:
It is indeed possible to compress images, and if you specify apache to do so, it will.The issue is that some browsers like some of the Netscape versions have had history of having problems with HTTP/1.1 with compressed images. So you would more likely fend off a percentage of users. there might be other browsers with same issue that I am not aware of. Moreover even if you compress an image, you won't gain much, as I tried to zip a 20.7Kb jpg and got a 20.3Kb file and a 202 Kb gif to a 202 Kb zip file.As far as security, what version of apache are you using? Get the most recent one in the 1.3.x or 2.0.x and you will be alright. Choose the modules carefully and only Load the ones you need, besides the fact that there is a doc on apache's site about security that can guide you more on securing apache. Get back here if you have any more questions.HTH Regards Aman Raheja http://www.techquotes.com Arthur Guy wrote:Isn't it possible to compress images any further?I guess I am not really sure what I am asking when it comes to security, I have setup an apache server running parallel to my current IIS server but on port 8080. I want to switch them over but I would like to be sure that the instillationis secure, are there any problems with apache that I need to be worriedabout? Are there any patches / configuration setups that need to be applied?Arthur arthur@xxxxxxxxxxxxxxxxxxxx -----Original Message----- From: Nick Kew [mailto:nick@xxxxxxxxxxxx] Sent: 25 June 2005 22:42 To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Compression and Security Arthur Guy wrote:Does gzip compression and browser decompression support images or is itjusthtml and text?Irrelevant. Web image formats are already compressed. You should also avoid compressing some other formats (such as PDF) or a certain crippled browser will refuse to display them.Is the name mod_security correct, searching for it in the documentation doesn't return anything?It's a third-party module. But it's not really required for Apache in the sense of IIS. We don't have a long history of devastating bugs like CodeRed and Nimda (despite having three times MS's market share). mod_security protects vulnerable applications rather than the server itself.---------------------------------------------------------------------The official User-To-User support forum of the Apache HTTP Server Project.See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|