“Chances are that your Web site has at least a few pages that
you really don’t want published to the Internet at large. How do
you keep the Black Hats from seeing them, whilst not impeding the
access of the White Hats who need the pages?”
“At the time I’m writing this (February 2000), there’s a lot of
current-events news about major Web sites being taken down
temporarily by denial-of-service (DoS) attacks. The specific attack
type in question cannot be stopped by Apache, even though it may be
aimed at the Web site. Apache is just a software application
running on the system; these attacks are aimed at the systems
themselves. As someone has pointed out, “If you have 1GB/s heading
for your server then the pipe is going to saturate before Apache
even gets a chance to see the packets.”
“But for less extreme cases, Apache’s implementation of the
Web security mechanisms, when properly implemented, should be more
than adequate to protect your sensitive pages from
exposure.“