Today,Brian Mulreany and I delivered our paper on securing and managing the Oracle HTTP Server (OHS), aka Apache, at Collaborate09 in Orlando for the Independent Oracle Users Group (IOUG).
The paper , and corresponding presentation , describe practical solutions for securing OHS. First, the concept of Defense in Depth is introduced along with the important role of OHS within the context of the overall security architecture. Next, we cover how to securely install OHS and configure httpd.conf. The focus here is on real life examples of Apache directives that attendees can make use of in their own OHS environments. After addressing the basic hardening issues with OHS, the more advanced topics of configuring OHS as a reverse proxy server as well as implementing mod_security are covered. Finally, the paper concludes with tips and tricks for managing OHS.