I noticed there's a lot of information about how to code/secure/optimize this and that, but very little information about a less fun part of handling security - which is monitoring/maintaining the web platform's health and overall activity. Currently I'm trying to find out what exactly is what I found in my web server's access log but beyond this specific thing I feel the need of a general guide to web server security. Of course, with some examples.
The sticky I'd like to see here would answer most of the following questions:
1. What makes a secure/vulnerable web server?
General security guidelines and platform-specific information would be great.
2. How can an administrator use log monitoring in detecting and anticipating intrusions?
Explaining the log structure and referencing log analysis software would help a lot.
3. Which tools are best to use in a web app/server in order to complement the regular logs of the web server?
4. What are the (best) ways to monitor a web server's capacity?
5. What are the most common practices in avoiding web server congestion?
6. Which are the best techniques/tools to protect the web server/app against flood/(D)DOS/etc?