FileETag MTime Size

<IfModule mod_expires.c>
 ExpiresActive On

 ExpiresDefault "access plus 1 days"
 ExpiresByType image/gif "access plus 1 days"
 ExpiresByType image/png "access plus 1 days"
 ExpiresByType image/jpeg "access plus 1 days"
 ExpiresByType text/css "access plus 1 days"
 ExpiresByType application/javascript "access plus 1 days"
 ExpiresByType application/x-shockwave-flash "access plus 1 days"
</IfModule>

이미지 서버의 apache 설정 중 mod_expires 랑 FileETag 설정 이다.
기냥.. 1 days 로 설정을 해봤다..
각각의 퍼포먼스에 대해서는 구글링 하면 많이 나오니 참고들 하세요.

ref. http://www.cgisecurity.com/apache-security.html

Apache Security

1. Don't run unnecessary servers or interpreters. If you don't need the FTP (File Transfer Protocol) server that's bundled with your Web server, don't give hackers another target: Disable it, or don't install it at all. Similarly, disable scripting languages and sample scripts that you don't absolutely require.

2. Subscribe to your server vendor's security alert list. Or at least monitor its Web site regularly for patches and apply them immediately. The Computer Emergency Response Team advisory list at www.cert.org/advisories/ can be a useful resource. Don't forget to watch out for alerts and patches for your OS as well as for the Web server itself.

3. Practice good password habits. Avoid simple, easy-to-guess passwords, particularly for privileged administrator accounts. On the other hand, don't make your password rules so draconian that users resort to writing them down. Always change default passwords and eliminate unnecessary accounts (such as guest). Make sure passwords are actually enabled for sensitive areas and administration functions.

4. Know what's happening on your network. Many Web servers are free and easy to install, so watch out for well-meaning but ill-informed users who may inadvertently create security holes.

5. Use your operating system's permission mechanism. Usually the Web server runs with the permission of a particular user. Make sure that user has appropriately limited access.

6. Monitor your logs. Your Web server keeps track of every request; review your logs regularly for signs of out-of-the-ordinary behavior.

7. Segregate public and private data. Don't store sensitive data on the same machines as public Web servers if you don't have to do it. For an extranet, you might consider a "sacrificial lamb" configuration, where a Web server sits outside the firewall so that it doesn't jeopardize corporate data behind the firewall.

8. Be careful with your server configuration. Limit executable files to specific directories, and make sure their source codes can't be downloaded. Turn off features such as automatic directory indexing and WebDAV publishing support if you don't need them. Run any security tools your OS or Web-server vendor provides, such as Microsoft's IIS Lockdown Tool, to identify potential weak spots.

9. Check programs for security holes. CGI scripts on Web servers are particularly prone to security breaches, especially if they don't validate user-supplied data before accessing files or operating-system services.

비로그인 사용자들의 posting 에 대해 고민 하고있다가 기냥 한번 포털의 쿠키에 어떤 값들이 있는지 궁금해서..
뭐.. 별 의미없이 값을 뽑아 봤다는거. ^^;

- 네이버 비로그인 상태 쿠키값
npic=jUr+cUCGVKdjpbJwd62X0RqpRHJfWNpzHzzA0DL673pOET0AAFlM2timsR6wJPjQCA==; nsr_acl=1; NB=GA2DEOBSGQ3TEOJV; NNB=SYMRWM3VLWMEQ; nsr_acl_nautocomplete=1; nvn_ofc; nvnc_cnt=0; refreshx=1


- 야후코리아 비로그인 상태 쿠키값
B=05hdgc149j8fk&b=4&d=xsUQMcRpYFwQBbroDQmsZiftY5LUe9LW7p4-&s=qk; KR_S1=qh=uqO4rsW4vbp8fMDPueMgsOG55nx8wMzDtbz2IMHWuNSwqMDafHy9usbkwM4gwM6wo7Gkv.y6tHx8uMW4s8f8ILPXuvGw1MDMvMcgsLPBtnx8uMW4s8f8ILPXuvGw1MDMvMcgvLPEoXx8s9e68bDUwMy8xyC8s8ShfHzDu7Tjuem53Xx8uK652cDMvbp8fMG2wM68uiC8usCvuK4gyK26uHx8&qc=2; ukfmp=125.176.145.33%5E20080806220958%5E1218028198.4187%5E1011270.3953488; SO=v%3D0.3%26t%3D1236516693; DetailInfoList=CPN03023604=@|@=CPN03#|#%BF%F8%B5%BF%C0%DA%BF%AC%C8%DE%BE%E7%B8%B2#|#1408015007#|#%B3%BB%C6%F7%B8%AE#|##|#=|=CPN03033712=@|@=CPN03#|#%BE%E7%BB%EA%B3%BB%BF%F8%BB%E7%B0%E8%B0%EE#|#1408008007#|#%BF%EB%BF%AC%B8%AE#|##|#=|=2609679516#|#%B9%E9%BE%CF%BB%EA%B0%FC%B1%A4%B3%F3%BF%F8#|#1510004001#|#%BC%B1%B1%B8%B8%AE#|#1040#|#%C0%AF%BF%F8%C1%F6%2C%B3%EE%C0%CC%B5%BF%BB%EA=|=CPN03539153=@|@=CPN03#|#%BF%EB%B9%AE%BB%EA%C0%DA%BF%AC%C8%DE%BE%E7%B8%B2#|#0807003002#|#%B9%E9%BE%C8%B8%AE#|##|#=|=2604928166#|#%BC%F6%B7%B9%BD%C7%B0%A1%B5%E7#|#0802001007#|#%B4%C9%C6%F2%B8%AE#|#2566#|#%BF%C0%B8%AE%C5%C1; KR_DIC=qh=wM3Az3x8ud217cDMfHy53bXlvcN8fFBoYXNlfHxzdXJwcmlzZXJ8fLW_sbx8fGtvcmVhfHxhdXR1bW58fLChwLt8fGRpbm5lcnx8&qc=2; F=a=VL2ERowMvTDTsxLqZnoYxLShA5afemiwdkJHZOwFydiLYkN7CORv9y8RkALG83rZwvdrmhI-&b=6LFT; YLS=v=1&p=0&n=9; C=mg=1; ykfpBktB=6; Y=v=1&n=fvgqhvvcjpv1c&p=; NP_C=sony080818; FPEK=LG%uD30C%uC6CC%uCF64; mgs_tt=47566510664469146915; mgs_tp=5689678668936901689769097390; mgs_cookie=0502%3A5%2C0302%3A3%2C05%3A2%2C0501%3A2%2C03%3A1%2C031003%3A1%2C0401%3A1%7C3; mgs_tab=lst; mgs_p=1

ref. http://www.nczonline.net/blog/2008/05/17/browser-cookie-restrictions/
ref. http://blogs.msdn.com/ie/archive/2007/08/29/update-to-internet-explorer-s-cookie-jar.aspx

I’ve been doing some research into cookies for my upcoming book and came across some interesting facts about the way browsers handle cookies. I started out by looking at the number of cookies that browsers allowed per domain. The results were interesting:

• Microsoft indicated that Internet Explorer 8 increased the cookie limit per domain to 50 cookies but I’ve found that IE7 also allows 50 cookies per domain. Granted, this may have been increased with a system patch rather than having the browser’s first version ship like this, but it’s still more than the 20 that was commonly understood to be the limit.
• Firefox has a per-domain cookie limit of 50 cookies.
• Opera has a per-domain cookie limit of 30 cookies.
• Safari/WebKit is the most interesting of all as it appears to have no perceivable limit through Safari 3.1. I tested setting up to 10,000 cookies and all of them were set and sent along in the Cookie header. The problem is that the header size exceeded the limit that the server could process, so an error occurred.

So the prevailing knowledge that browsers limit per-domain cookies to 20 is no longer valid. Another interesting inconsistency is how browsers react when too many cookies are set. With the exception of Safari, which sets all cookies regardless of the number, there are two approaches:

1. The least recently used (LRU) approach automatically kicks out the oldest cookie when the cookie limit has been reached in order to allow the newest cookie some space. Internet Explorer and Opera use this approach.
2. Firefox does something strange: it seems to randomly decide which cookies to keep although the last cookie set is always kept. There doesn’t seem to be any scheme it’s following at all. The takeaway? Don’t go above the cookie limit in Firefox.

The total size of cookies also varies from browser to browser. This is another one that is a little hard to comprehend, but here’s what my tests show:

• Firefox and Safari allow cookies with up to 4097 characters, that’s 4096 for the name and value and one for the equals sign.
• Opera allows cookies with up to 4096 characters, which is for the name, value, and equals sign.
• Internet Explorer allows cookies with up to 4095 characters, which is for the name, value and, equals sign.