Here's a link talking about the Netscape issue with compressed images
http://www.zope.org/Members/Mamey/mod_gzip
Securing apache
http://www.securityfocus.com/infocus/1694
http://www.securityfocus.com/infocus/1786
and lots more if you search google
- Aman Raheja (again!!!)
http://www.techquotes.com
Aman Raheja wrote:
It is indeed possible to compress images, and if you specify apache to
do so, it will.
The issue is that some browsers like some of the Netscape versions
have had history of having problems with HTTP/1.1 with compressed
images. So you would more likely fend off a percentage of users.
there might be other browsers with same issue that I am not aware of.
Moreover even if you compress an image, you won't gain much, as I
tried to zip a 20.7Kb jpg and got a 20.3Kb file and a 202 Kb gif to a
202 Kb zip file.
As far as security, what version of apache are you using? Get the most
recent one in the 1.3.x or 2.0.x and you will be alright. Choose the
modules carefully and only Load the ones you need, besides the fact
that there is a doc on apache's site about security that can guide you
more on securing apache. Get back here if you have any more questions.
HTH
Regards
Aman Raheja
http://www.techquotes.com
Arthur Guy wrote:
Isn't it possible to compress images any further?
I guess I am not really sure what I am asking when it comes to
security, I
have setup an apache server running parallel to my current IIS server
but on
port 8080. I want to switch them over but I would like to be sure
that the instillation
is secure, are there any problems with apache that I need to be worried
about? Are there any patches / configuration setups that need to be
applied?
Arthur
[EMAIL PROTECTED]
-----Original Message-----
From: Nick Kew [mailto:[EMAIL PROTECTED] Sent: 25 June 2005 22:42
To: users@httpd.apache.org
Subject: Re: [EMAIL PROTECTED] Compression and Security
Arthur Guy wrote:
Does gzip compression and browser decompression support images or is it
just
html and text?
Irrelevant. Web image formats are already compressed. You should also
avoid compressing some other formats (such as PDF) or a certain
crippled browser will refuse to display them.
Is the name mod_security correct, searching for it in the documentation
doesn't return anything?
It's a third-party module. But it's not really required for Apache
in the sense of IIS. We don't have a long history of devastating bugs
like CodeRed and Nimda (despite having three times MS's market share).
mod_security protects vulnerable applications rather than the server
itself.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
