Classification: UNCLASSIFIED
Caveats: FOUO

While you're at it you might want to find a class in web security.  You just 
told the whole world that ConAgra Foods is running some extremely vulnerable 
versions of Apache products.


-----Original Message-----
From: Joe Jensen (ConAgra Foods) [mailto:joe.jen...@conagrafoods.com] 
Sent: Thursday, February 20, 2014 12:38 PM
To: users@httpd.apache.org
Subject: [users@httpd] Apache major features

What major features have been released in the last 8 years for apache?    My 
apache infrastructure is quite dated and behind.  I'd like to update and 
improve it but am new to apache and don't know much more than that I have 
nothing modern.

 

Joe Jensen 
(402)-240-3645 
Application Hosting Services

 

From: Jeff Trawick [mailto:traw...@gmail.com] 
Sent: Wednesday, February 19, 2014 3:50 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] Available online Training/documentation

 

On Wed, Feb 19, 2014 at 3:24 PM, Joe Jensen (ConAgra Foods) 
<joe.jen...@conagrafoods.com> wrote:

I'm looking for some advice on how to learn the intricacies of both apache 
httpd and tomcat.  I'm unlikely to get a paid training class, and failed to 
find any overall training about it online.  Considering it's popularity and 
open source nature it strikes me as very odd that there isn't any good and 
extensive "on your own" training to read through.   If someone can point me to 
something online it would be awesome!

 

I'm charged with a series of apache/tomcat servers as part about 70% of my job, 
but we run a ~3-4 year old setup largely unchanged from 7 years ago.  I'd like 
to learn what I don't know exists, and am hoping for more than just the apache 
module and configuration manuals.  If I have to though that may be what I do 
learn from.  

 

Joe Jensen 
(402)-240-3645 <tel:%28402%29-240-3645>  
Application Hosting Services  

 

Look at the User's Guide and Howto/Tutorials parts of the documentation.

 

If it were me, I'd start with this:

 

1. Make sure you understand how httpd and Tomcat are installed on all systems 
you support and how updates are obtained.

2. Check the versions of the software and confirm that they are supported 
branches (e.g., 2.2.x or 2.4.x for httpd, whatever is currently supported for 
Tomcat).

3. See how old the exact versions are (e.g., 2.2.15), and if they are 
relatively old then ensure that you are getting updates regularly from a vendor 
(e.g., Linux vendor) which applies security fixes to old versions.

 

If there's a problem already (unsupported, vulnerable versions), work with your 
team to find out how to deal with it.  You may end up looking through CHANGES 
logs for vulnerabilities and crossing out the ones in modules that aren't used 
in your configuration, and then seeing what is a potential concern.

 

4-98. (stuff I can't think of at the moment)

 

99. Try to identify the most common or most important use of httpd in your 
environment (e.g., front-end to Tomcat) and get a fresh VM and set up httpd 
with a sample application (or static site) that requires similar configuration 
features.  Use that to play around and experiment with things in the product 
documentation.  Even if you won't use a particular feature in production, the 
experimentation gives you more insight into how the server can be configured.

 

-- 
Born in Roswell... married an alien...
http://emptyhammock.com/


Classification: UNCLASSIFIED
Caveats: FOUO



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to