apache server 2 bible

Apache, PHP, Perl, Tomcat, MySQL, and more • PHP, Perl, mod_ perl, MySQL, and other open source tools for dynamic Web pages • OpenSSL and ApacheSSL security software Inside, You’ll Find

easy to maintain Bestselling author Mohammed Kabir offers complete guidance on every detail of Apache

implementation, from installation and configuration to Web site administration, server-side applications, security,

and performance tuning Whether you’re a novice Web administrator or an Apache veteran, this is the only book

you need to harness the power of the world’s leading Web server

Pentium-class PC running Windows 9X/2000/Me

and XP; Linux; or Unix; CD-ROM drive

See About the CD Appendix for details

Linux/Unix or Win32 system Leverage Apache using SSI, CGI, PHP, Perl, and Java servlets

Secure your site using SSL, certificate- signing services, and other tools

on CD-ROM!

BONUS CD-ROM!

Apache, PHP, Perl, Tomcat, MySQL, and more

• PHP, Perl, mod_ perl, MySQL, and other

open source tools for dynamic Web pages

• OpenSSL and ApacheSSL security software

Inside, You’ll Find Complete Coverage of Apache Server 2

• Master source compilation and binary installation

• Customize Apache to match your system

• Create and manage virtual Web sites with Apache

• Monitor server performance with a log analyzer package

• Set up an Apache-based proxy server

• Create a Web cycle involving development, testing, and production systems

• Turbocharge Web interactivity with FastCGI, PHP, Perl, and Java servlets

• Secure Apache with Apache SSL and your own Certificate Authority

• Configure Apache for Win32 systems

• Create a high-availability Web network using Apache

Create an interactive Web site using JSP servelets, CGI, and mod_perl scripts

Request Load Balancer

Back-end Network

192.168.1.1

Configure your Web servers for reliability and security

Apache Server 2

Bible

Apache Server 2

Bible

Mohammed J Kabir

Best-Selling Books • Digital Downloads • e-Books • Answer Networks • e-Newsletters • Branded Web Sites • e-Learning

New York, NY ✦ Cleveland, OH ✦ Indianapolis, IN

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST EFFORTS

IN PREPARING THIS BOOK THE PUBLISHER AND AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE THERE ARE NO WARRANTIES WHICH EXTEND BEYOND THE DESCRIPTIONS CONTAINED IN THIS PARAGRAPH NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES REPRESENTATIVES OR WRITTEN SALES MATERIALS THE ACCURACY AND COMPLETENESS OF THE INFORMATION PROVIDED HEREIN AND THE OPINIONS STATED HEREIN ARE NOT GUARANTEED OR WARRANTED TO PRODUCE ANY PARTICULAR RESULTS, AND THE ADVICE AND STRATEGIES CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY INDIVIDUAL NEITHER THE PUBLISHER NOR AUTHOR SHALL BE LIABLE FOR ANY LOSS OF PROFIT OR ANY OTHER COMMERCIAL DAMAGES, INCLUDING BUT NOT LIMITED TO SPECIAL, INCIDENTAL, CONSEQUENTIAL, OR OTHER DAMAGES.

Apache Server 2 Bible

Library of Congress Control Number: 2001092889

ISBN: 0-7645-4821-2

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

1B/RT/QT/QS/IN

Distributed in the United States by Hungry Minds, Inc.

Distributed by CDG Books Canada Inc for Canada; by Transworld Publishers Limited in the United Kingdom; by IDG Norge Books for Norway; by IDG Sweden Books for Sweden; by IDG Books Australia Publishing Corporation Pty Ltd for Australia and New Zealand; by TransQuest Publishers Pte Ltd for Singapore, Malaysia, Thailand, Indonesia, and Hong Kong; by Gotop Information Inc for Taiwan; by ICG Muse, Inc for Japan; by Intersoft for South Africa; by Eyrolles for France; by International Thomson Publishing for Germany, Austria, and Switzerland; by Distribuidora Cuspide for Argentina; by LR International for Brazil; by Galileo Libros for Chile; by Ediciones ZETA S.C.R Ltda for Peru; by WS Computer Publishing Corporation, Inc., for the Philippines; by Contemporanea de Ediciones for Venezuela; by Express Computer Distributors for the Caribbean and West Indies; by Micronesia Media Distributor, Inc for Micronesia; by Chips Computadoras S.A de C.V for Mexico; by Editorial Norma de Panama S.A for Panama; by American Bookshops for Finland.

For general information on Hungry Minds’ products and services please contact our Customer Care department within the U.S at 800-762-2974, outside the U.S at 317-572-3993 or fax 317-572-4002.

For sales inquiries and reseller information, including discounts, premium and bulk quantity sales, and foreign-language translations, please contact our Customer Care department at 800-434-3422, fax 317-572-4002 or write to Hungry Minds, Inc., Attn: Customer Care Department, 10475 Crosspoint Boulevard, Indianapolis, IN 46256.

For information on licensing foreign or domestic rights, please contact our Sub-Rights Customer Care department at 212-884-5000.

For information on using Hungry Minds’ products and services in the classroom or for ordering examination copies, please contact our Educational Sales department at 800-434-2086 or fax 317-572-4005.

For press review copies, author interviews, or other publicity information, please contact our Public Relations department

at 317-572-3168 or fax 317-572-4168.

For authorization to photocopy items for corporate, personal, or educational use, please contact Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, or fax 978-750-4470.

Trademarks: Bible and Hungry Minds are trademarks or registered trademarks of Hungry Minds, Inc All other trademarks

are the property of their respective owners Hungry Minds, Inc., is not associated with any product or vendor mentioned in this book.

is a trademark of Hungry Minds, Inc.

CreditsAcquisitions Editor

Vice President & Executive Group Publisher

Quality Control Technicians

Laura AlbertJohn GreenoughAndy HollandbeckAngel Perez

Media Development Specialist

Travis Silvers

Illustrator

Kate Shaw

Proofreading and Indexing

TECHBOOKS Production Services

Cover Image

Kate Shaw

About the Author

Mohammed Kabir is the founder and CEO of Evoknow, Inc His company specializes

in CRM software development When he is not busy managing software projects orwriting books, he enjoys traveling Kabir studied computer engineering at CaliforniaState University, Sacramento He can be reached at kabir@evoknow.com

To the memory of my mother, Nazma Bathen.

about Apache server In fact, more than 60 percent of all Web tors use Apache Apache is the most powerful, open-source, Web-server platform inthe world

administra-As a practicing Web developer, researcher, and administrator, I find Apache to bethe perfect fit for most Web sites Apache 2.0 is a major revision of Apache server.Apache Group originally created a highly configurable Web server in the first ver-sion, which became popular very fast; in version 2, Apache Group focused on scala-bility, reliability, and performance Major code revisions were done to create a veryscalable Apache architecture

Today, Apache stands tall as the most widely used Web platform Every day anincreasing number of corporations accept this open-source marvel into their ITinfrastructure Many large IT companies, such as IBM, have embraced Apache intheir product offerings The future of Apache looks great Whether you’re new toApache or are already a practicing Apache administrator, now is the perfect time toget started with Apache 2.0 This book will help you do just that

How This Book Is Organized

The book has six parts Very short descriptions of each part follow

Part I: Getting Started

With a brief introduction to the world’s number one Web server, in this part I guideyou through the process of obtaining and compiling Apache I show you how to getApache up and running with minimal changes to the default configuration files sothat you can get Apache up and running on your system as quickly as possible Thispart ends with complete references to the Apache core directives and standardmodules so that you can get ready for serious Apache administration tasks

Part II: Web Site Administration

This part focuses on typical Web administration tasks such as virtual Web-site ation, user authentication and authorization tasks, monitoring, logging, rewritingand redirecting URLs, proxy service, and the like You learn a great deal there is toknow about creating and managing virtual Web sites You master various methods

cre-of user authentication, authorization, and access control techniques You learn tomonitor Web servers and to customize log files for analysis

Part III: Running Web Applications

This part focuses on the ways in which you can serve dynamic contents usingApache It covers Common Gateway Interface (CGI), Server-Side Includes (SSI),FastCGI, PHP, mod_perl, and Java servlets You quickly learn to use these technolo-gies with Apache

Part IV: Securing Your Web Site

Any computer on the Internet is subject to abuse or attempts of misuse It is always

a good idea to play it safe and to take precautionary measures In this part, youlearn to make your Web sites more secure and resistant to hacker attacks You arealso introduced to the potential risks of running SSI and CGI programs and how totake preventive measures to avoid these risks You also learn to enable SecureSocket Layer (SSL) service using Apache modules to enable secure e-commerce

Part V: Running Apache on Windows

Apache on Windows (Win32) platform has become very popular; more and morepeople are trying Apache on Windows platform With Apache 2.0, the performance

of Apache Web server under this platform has become very promising In this part,you learn how to install and configure Apache on Win32 platform

Part VI: Tuning for Performance and Scalability

In this part, I discuss how you can speed up Apache by tuning your Web server tem and by optimizing various Apache server configuration The chapter provides agreat deal of information on how to benefit from high-performance hardware, how

sys-to tune hard disks and file systems under Linux sys-to enhance system performance Italso covers Web caching and tuning issues related to Perl-based Web applications

Conventions Used in This Book

You don’t have to learn any new conventions to read this book Just remember thatwhen you are asked to enter a command, you need press the Enter or the Return

used to denote configuration or code segment

Also, pay attention to these icons:

The Note icon indicates that something needs a bit more explanation

The Tip icon tells you something that is likely to save you some time and effort

The Caution icon makes you aware of a potential danger

The On The CD-ROM icon clues you in to files, programs, and other goodies thatare on the CD-ROM

The Cross=Reference icon helps you navigate the book better, pointing you to ics that are related to the one you’re currently reading about

top-Tell Us What You Think of This Book

Both Hungry Minds and I want to know what you think of this book Please register

us your feedback If you are interested in communicating with me directly, send

The Book Web Site

This book has a Web site at http://www.evoknow.com/kabir/apache2 You can visitthis Web site for updated contents, errata, and FAQ

Cross-Reference

On the CD-ROM Caution Tip Note

and modular Web server in the world I give special thanks to Ralf S Engelschall

development of Chapter 9 on URL rewriting rules The practical examples in thatchapter are derived from his personal collection, which keeps growing at his Web

I also thank the Hungry Minds team, who made this book a reality It is impossible

to list everyone involved but I must mention the following kind individuals:

James Russell, the project development editor, kept this project going I don’t knowhow I could have done this book without his generous help and suggestions everystep of the way Thanks James

Terri Varveris, the acquisitions editor, provided me with this book opportunity andmade sure I saw it through to the end Thanks, Terri

Sheila Kabir, my wife, had to put up with many long work hours during the fewmonths it took to write this book Thank you, sweetheart

Contents at a Glance

Preface ix

Acknowledgments xiii

Part I: Getting Started 1

Chapter 1: Apache: The Number One Web Server 3

Chapter 2: Obtaining and Installing Apache 13

Chapter 3: Getting Apache Up and Running 31

Chapter 4: Configuring Apache with Winnt MPM directives 55

Chapter 5: Apache Modules 105

Part II: Web Site Administration 157

Chapter 6: Hosting Virtual Web Sites 159

Chapter 7: Authenticating and Authorizing Web Site Visitors 181

Chapter 8: Monitoring Access to Apache 213

Chapter 9: Rewriting Your URLs 239

Chapter 10: Setting up a Proxy Server 265

Chapter 11: Running Perfect Web Sites 293

Part III: Running Web Applications 319

Chapter 12: Running CGI Scripts 321

Chapter 13: Server Side Includes (SSI) 377

Chapter 14: Configuring Apache for FastCGI 399

Chapter 15: PHP and Apache 421

Chapter 16: Using Perl with Apache 455

Chapter 17: Running Java Servlets and JSP Pages with Tomcat 469

Part IV: Securing Your Web Site 493

Chapter 18: Web Security 495

Chapter 19: Securing Apache with SSL 543

Part V: Running Apache on Windows 567

Chapter 20: Installing and Running Apache for Windows 569

Chapter 21: Configuring Apache for Windows 579

Part VI: Tuning for Performance and Scalability 591

Chapter 22: Speeding Up Apache 593

Chapter 23: Creating a High-Availability Network 637

Appendix A: HTTP 1.1 Status Codes 705

Appendix B: Understanding Regular Expressions 709

Appendix C: Online Apache Resources 713

Appendix D: What’s on the CD-ROM? 719

Index 723

End-User License Agreement 755

Preface ix

Acknowledgments xiii

Part I: Getting Started 1 Chapter 1: Apache: The Number One Web Server 3

Apache Rocks On 4

Apache: The Beginning 5

The Apache Feature List 5

Understanding Apache 2.0 Architecture 7

Multiprocessing modules 7

Filtering I/O 9

New CGI daemon 9

Apache Portable Run-Time 10

Understanding the Apache License 10

Chapter 2: Obtaining and Installing Apache 13

The Official Source for Apache 13

System Requirements 14

Requirements for building Apache from source distribution 14

Requirements for running an Apache Web server 16

Downloading the Software 18

Installing Apache from Source Code 19

Configuring Apache source 19

Advanced configuration options for high-load Web sites 24

Compiling and installing Apache 26

Installing Apache from RPM Binary Packages 30

Keeping Up with Apache Development 30

Chapter 3: Getting Apache Up and Running 31

Configuring Apache 31

Configuring the global environment for Apache 36

Configuring the main server 40

Starting and Stopping Apache 50

Starting Apache 50

Restarting Apache 52

Stopping Apache 52

Testing Apache 53

Chapter 4: Configuring Apache with Winnt MPM

Directives 55

Apache Directive Contexts 56

Server config context 56

Container context 57

Per-directory context 58

General Configuration Directives 59

AccessFileName 59

AddDefaultCharset 60

ContentDigest 60

DefaultType 61

DocumentRoot 61

ErrorDocument 62

<IfDefine> 63

<IfModule> 64

Include 65

Options 65

Port 67

ServerAdmin 68

ServerName 68

ServerRoot 69

ServerSignature 69

ServerTokens 69

SetInputFilter 70

SetOutputFilter 70

Performance and Resource Configuration Directives 70

Controlling Apache processes 71

Making persistent connections 72

Controlling system resources 74

Using dynamic modules 75

Standard Container Directives 76

<Directory> 77

<DirectoryMatch> 78

<Files> 78

<FilesMatch> 79

<Location> 79

<LocationMatch> 80

Virtual Host-Specific Directives 80

NameVirtualHost 80

ServerAlias 82

ServerPath 82

<VirtualHost> 82

Logging Directives 83

LogLevel 84

PidFile 85

ScoreBoardFile 85

Authentication and Security Directives 86

AllowOverride 86

AuthName 87

AuthType 87

HostNameLookups 87

IdentityCheck 88

<Limit> 88

<LimitExcept> 89

LimitRequestBody 89

LimitRequestFields 89

LimitRequestFieldsize 90

LimitRequestLine 90

Require 90

Satisfy 91

ScriptInterpreterSource 92

MPM threaded-Specific Directives 92

CoreDumpDirectory 92

Group 93

Listen 93

ListenBacklog 94

LockFile 94

MaxClients 94

MaxRequestsPerChild 95

MaxSpareThreads 95

MinSpareThreads 95

SendBufferSize 96

StartServers 96

ThreadsPerChild 97

User 97

MPM perchild-Specific Directives 98

AssignUserID 98

ChildPerUserID 98

ConnectionStatus 99

CoreDumpDirectory 99

Group 99

Listen 99

ListenBacklog 100

LockFile 100

MaxRequestsPerChild 100

MaxSpareThreads 100

MaxThreadsPerChild 100

MinSpareThreads 100

NumServers 100

PidFile 101

ScoreBoardFile 101

SendBufferSize 101

StartThreads 101

User 101

MPM winnt-Specific Directives 101

CoreDumpDirectory 102

Listen 102

ListenBacklog 102

MaxRequestsPerChild 102

PidFile 102

SendBufferSize 102

ThreadsPerChild 102

MPM prefork Specific Directives 102

CoreDumpDirectory 103

Group 103

Listen 103

ListenBacklog 103

LockFile 103

MaxClients 103

MaxRequestsPerChild 103

MaxSpareServers 103

MinSpareServers 104

PidFile 104

ScoreBoardFile 104

SendBufferSize 104

StartServers 104

User 104

Chapter 5: Apache Modules 105

An Overview of the Modules 105

Environment-Related Modules 106

mod_env 106

mod_setenvif 107

mod_unique_id 109

Authentication and Access Control Modules 109

mod_auth_anon 110

mod_auth_dbm 112

mod_auth_db 116

Dynamic Contents Generation Modules 117

mod_actions 118

mod_ext_filter 122

Content-Type Configuration Modules 124

mod_mime 124

mod_mime_magic 128

mod_negotiation 128

Directory Listing Modules 130

mod_dir 130

mod_autoindex 131

Response Header Modules 137

mod_asis 138

mod_headers 138

mod_expires 139mod_cern_meta 141Server Information and Logging Modules 143mod_log_config 143mod_status 143mod_info 143mod_usertrack 143URL Mapping Modules 144mod_userdir 144mod_alias 145mod_speling 148mod_vhost_alias 149Miscellaneous Modules 151mod_so 151mod_imap 152mod_file_cache 155mod_dav 155

Part II: Web Site Administration 157

Chapter 6: Hosting Virtual Web Sites 159

Understanding Apache’s Virtual Hosting Capabilities 159Setting Up a Virtual Host 161Name-based virtual hosts 161IP-based virtual hosts 162Multiple main servers as virtual hosts 163Configuring DNS for a Virtual Host 166Setting User and Group per Virtual Host 169Managing a Large Number of Virtual Hosts 170Automating Virtual Host Configuration using mod_perl 171Generating Virtual Host Configuration By Using the makesite Script 175Managing Virtual Hosts By Using MySQL with mod_v2h Module 178

Chapter 7: Authenticating and Authorizing Web Site Visitors 181

Authentication vs Authorization 181Understanding How Authentication Works 182Authenticating Users Via the mod_auth Module 184Understanding the mod_auth directives 184Creating a members-only section in your Web site 186Creating a members-only section using a htaccess file 187Grouping users for restricted access to different Web sections 188Authorizing Access via Host Name or IP Addresses 190allow directive 190deny directive 192order directive 192Combining Authentication and Authorization 195

Authenticating with a Relational Database 195Using MySQL database server for authentication 196Using other databases for user authentication 202Managing Users and Groups in Any RDBM 204Secure Authenticated Sessions Using Cookies 208

Chapter 8: Monitoring Access to Apache 213

Monitoring Apache 213Accessing configuration information with mod_info 214Enabling status pages with mod_status 216Creating Log Files 221TransferLog directive 222LogFormat directive 223CustomLog directive 223CookieLog directive 224Customizing Your Log Files 224Creating Multiple Log Files 227Logging Cookies 228Using Error Logs 230Analyzing Your Log Files 232Log Maintenance 234Using rotatelog 234Using logrotate 234Using logresolve 236

Chapter 9: Rewriting Your URLs 239

The URL-Rewriting Engine for Apache 239RewriteEngine 242RewriteOptions 243RewriteRule 243RewriteCond 245RewriteMap 248RewriteBase 249RewriteLog 249RewriteLogLevel 250RewriteLock 250URL Layout 251Expanding a requested URL to a canonical URL 251Redirecting a user home directory to a new Web server 252Searching for a page in multiple directories 253Setting an environment variable based on a URL 256Creating www.username.domain.com sites 257Redirecting a failing URL to another Web server 259Creating an access multiplexer 259Creating time-sensitive URLs 261

Content Handling 262Adding backward compatibility in URLs 262Creating browser-matched content URLs 262Creating an HTML to CGI gateway 263Access Restriction 263Blocking robots 263Creating an HTTP referer-based URL deflector 264

Chapter 10: Setting up a Proxy Server 265

Who Should Use a Proxy Server? 265Understanding Types of Proxy Servers 266Forward proxy 266Reverse proxy 267mod_proxy Directives 268ProxyRequests 269ProxyRemote 269ProxyPass 270ProxyBlock 270NoProxy 271ProxyDomain 271CacheRoot 272CacheSize 272CacheGcInterval 273CacheMaxExpire 273CacheLastModifiedFactor 273CacheDirLength 274CacheDirLevels 274CacheDefaultExpire 274NoCache 275Configuring an Apache Proxy Server 275Scenario 1: Connecting a private IP network to the Internet 276Scenario 2: Caching remote Web sites 276Scenario 3: Mirroring a Web site 278Setting Up Web Browsers to use a Proxy 278Manual proxy configuration 278Automatic proxy configuration 281Setting return values for FindProxyForURL 282Using pre-defined functions in FindProxyForURL 283

Chapter 11: Running Perfect Web Sites 293

What is a Web Development Cycle? 294Putting the Web Cycle into Action 296Setting up for the Web cycle 297Implementing the Web cycle 301Building a Web Site by Using Templates and makepage 304

Using HTTP PUT for Intranet Web Publishing 305Understanding the directives in mod_put module 306Compiling and installing mod_put 307Setting up a PUT-enabled Web directory 307Setting up a virtual host to use mod_put module 309Maintaining Your Web Site 310Online backup 310Offline backup 311Standardizing Standards 312HTML document development policy 312Dynamic application development policy 314Giving Your Web Site a User-Friendly Interface 315Make your site easy to navigate 316Create an appealing design 316Remove cryptic error messages 317Test your Web GUI 317Promoting Your Web Site 318

Part III: Running Web Applications 319

Chapter 12: Running CGI Scripts 321

What Is CGI? 321CGI Input and Output 323GET requests 323POST requests 326Comparing GET and POST 327Decoding input data 328Apache CGI Variables 328Server variables 329Client request variables 330Configuring Apache for CGI 335Aliasing your CGI program directory 335Choosing specific CGI file extensions 336Enabling cgi-bin access for your users 338Creating new CGI extensions by using AddType 341Running CGI Programs 342Writing CGI Scripts in Perl 342Enabling CGI Debugging Support in Apache 370ScriptLog 370ScriptLogLength 371ScriptLogBuffer 371Debugging Your Perl-Based CGI Scripts 371Debugging from the command line 371Debugging by using logging and debug printing 373Debugging with CGI::Debug 374

Chapter 13: Server Side Includes (SSI) 377

What Is a Server Side Include? 377Configuring Apache for SSI 378Enabling SSI for an entire directory 379Enabling SSI for a specific file type 380Using XBitHack for htm or html files 381Using SSI Commands 382config 382echo 385exec 385fsize 391flastmod 391include 392printenv 392set 393SSI Variables 393Flow Control Commands 394

Chapter 14: Configuring Apache for FastCGI 399

What is FastCGI? 399Achieving high performance by using caching 401Scalability through distributed applications 402Understanding How FastCGI Works 404Basic architecture of a FastCGI application 406Different types of FastCGI applications 407Migrating from CGI to FastCGI 408Things to keep in mind about migrating 409Migrating a sample script 410Setting Up FastCGI for Apache 413FastCGI directives for Apache 414Configuring httpd.conf for FastCGI 416

Chapter 15: PHP and Apache 421

Understanding How PHP Works 421Bringing PHP to Your Company 422Prerequisites for PHP 423Compiling and Installing PHP 424Building PHP as a CGI solution 424Building PHP as an Apache module 425Configuring Apache for PHP 426Configuring PHP by Using php.ini 427PHP directives in httpd.conf 427PHP Directives directives in php.ini 428

Working with PHP 435Creating a simple command-line PHP script 435Creating simple PHP Web pages 436Using a PHP script as a Server-Side Include 437Using a PHP page for a directory index 438Using include files 439Enhancing error handling with PHP 441Processing Web forms with PHP 441Creating sessions with PHP 444Using MySQL with PHP 448Creating a simple PHP page to access a MySQL database 448Securing PHP include files 451Authenticating users with PHP and MySQL 451

Chapter 16: Using Perl with Apache 455

Compiling and Installing mod_perl 455Running CGI Scripts by Using mod_perl 456Don’t Reinvent the Wheel 457Creating mod_perl Module By Using the Perl API for Apache 458Using CGI.pm to Write mod_perl Modules 462Preloading Perl Modules to Save Memory 464Keeping Track of mod_perl Modules in Memory 465Implementing ASP by Using the Apache::ASP Module 466

Chapter 17: Running Java Servlets and JSP Pages with Tomcat 469

Why Use Servlets? 470Installing Tomcat 471Installing the latest JDK for Tomcat 471Installing Tomcat and the mod_jk module 472Configuring Tomcat 473Configuring Tomcat for Apache 473Configuring Tomcat to use the Java Security Manager 477Configuring Apache for Servlets and JSP 479Working with Tomcat 483Disabling Tomcat’s default HTTP service 483Starting and stopping Tomcat 484Starting Tomcat with a shell wrapper script 484Running Java servlets 485

Part IV: Securing Your Web Site 493

Chapter 18: Web Security 495

Understanding Web Security 495The Security Checkpoints 496Checkpoint 1: Your network 497Checkpoint 2: The operating system 499Checkpoint 3: Web server software 499

Choosing a Security Configuration 500Security policy considerations 500

A sensible security configuration for Apache 502The Sacrificial Lamb Configuration 509The Paranoid Configuration 510Protecting Your Web Contents 511Content-publishing guidelines 511Protecting your contents from robots and spiders 512Logging and Security 515CustomLog and ErrorLog 515What to do if you see unusual access in your log files 515Securing Your CGI Implementation 517Fending off CGI Risks with smart programming 517Keeping user input secure 527Wrapping CGI Scripts 531Hiding clues about your CGI scripts 536Using CGI Scanners 537Reducing SSI Risks 540

Chapter 19: Securing Apache with SSL 543

Introducing SSL 543How SSL Works 544Understanding encryption 545Understanding certificates 547Setting up SSL for Apache 551SSL choices 551Setting up OpenSSL 552Choosing the mod_ssl module for SSL support 554Choosing Apache-SSL instead of mod_ssl for SSL support 558Getting a Certificate 562Getting a server certificate from a commercial CA 562Generating a private key 562Generating a certificate signing request 563Creating a private certificate authority 564Accessing SSL pages 565

Part V: Running Apache on Windows 567

Chapter 20: Installing and Running Apache for Windows 569

System Requirements 569Downloading Apache for Windows 570Installing Apache Binaries 570Running Apache 574Running Apache automatically as a Windows service 574Managing Apache from the Start menu 577Managing Apache from the command-line 577Running multiple Apache services 578

Chapter 21: Configuring Apache for Windows 579

Windows httpd.conf Syntax 579Tuning Apache for Performance 580Testing Apache Configuration 580Managing Apache with Comanche 581Configuring Apache for Dynamic Contents 584Running Perl-based CGI scripts 584Running mod_perl scripts 585Running PHP scripts 586Running ISAPI extensions with mod_isapi 587UserDir in Windows 588

Part VI: Tuning for Performance and Scalability 591

Chapter 22: Speeding Up Apache 593

Using High-Performance Hardware 593CPU 593RAM 594Hard drive 595Ethernet card 602Tuning Linux’s ext2 File system 602Changing the block size of the ext2 filesystem 603Tuning the ext2 file system with e2fsprogs 603Tuning Your Operating System 606Compiling and installing a custom kernel 607Tuning your system for demanding Web applications 607Making your Apache Server software lean and mean 608Tuning Your Network 610Using fast Ethernet 610Understanding and controlling network traffic flow 611Balancing load using the DNS server 613Using load-balancing hardware 614Tuning the Apache Configuration 614Minimizing DNS lookups 614Speeding up static file serving 615Tuning your configuration using ApacheBench 618Caching for Speed 620Caching frequently used files in memory with mod_fcache 620Getting Slick with the Squid proxy-caching server 621Using mod_backhand for a Web server farm 626Tuning Web Applications 627Speeding up mod_perl scripts 627Going with FastCGI instead of mod_perl 633

Chapter 23: Creating a High-Availability Network 637

Features of a High-end Web Network 637Enhancing DNS Reliability 638Load Balancing Your Web Network 639Distributing HTTP requests with Round-Robin DNS 639Distributing HTTP requests with

hardware load balancers 640Managing Web Storage 642RAID, SAN, or Storage Appliances 642Tuning your hard drives 643Tuning ext2 Filesystem 647Increasing reliability with journaling file systems

for Linux 651Sharing drive space with NFS server 656Replicating contents among Web servers 664Using rdist to distribute files 664Creating a RAM-based file system 668Creating a Reliable Back-end Network 671Fortifying Your Web Network 673Using Tripwire to protect your Web contents 674Securing Apache using the Linux Intrusion

Detection System (LIDS) 687

Appendix A: HTTP 1.1 Status Codes 705 Appendix B: Understanding Regular Expressions 709 Appendix C: Online Apache Resources 713 Appendix D: What’s on the CD-ROM? 719

Index 723 End-User License Agreement 755

Getting Started

where to get it from, and how to install and configure it Ialso get you up to speed with the Apache code directives andthe many popular modules that make Apache the most config-urable Web server on the planet

Chapter 3

Getting Apache Upand Running

Apache: The Number One Web Server

the world If you are toying with the idea of runningApache, you are in the right place! This chapter introducesthe Apache way of running a Web server

More than 60 percent of the Web servers in the world useApache, according to a prominent Web server survey company

publishes the Top Server statistics periodically Table 1-1shows the Top Server statistics that was available at the time

of writing this chapter If you want to put faces to the numbers,

Table 1-1

Top Server Statistics by Netcraft

Server Nov 2001 Percent Dec 2001 Percent

✦ Apache is a highly configurable Web Server with a modular design It is

very easy to extend the capabilities of Apache Web server Anyone with decent

C or Perl programming expertise can write a module to perform a specialfunction This means that there are tons of Apache modules available for use

✦ Apache is a free, open source technology Being free is important but not as

important as being open source

✦ Apache works great with Perl, PHP, and other scripting languages Most

Web applications are still scripts Perl excels in the script world and Apache

✦ Apache runs on Linux and other Unix systems Linux used to be an underdog

operating system, which has now found itself in enterprise computing arena.Linux and Apache go hand-in-hand in the enterprise world today I believeLinux’s acceptance in the business world has made Apache’s entry into suchterritory easy However, there are people who would argue that it wasApache’s fame that made Linux find its way into the business world easier.Either way, Apache and Linux is a powerful combination Other Unix systemssuch as FreeBSD and Solaris, and the new Mac OS X also play a great role inexpanding Apache’s user base horizon

✦ Apache also runs on Windows Although Apache will run much better on

Windows platform with version 2.0, Apache was already in Windows market

with Version 1.3.x We will see a lot of Windows systems switching to Apache

from Microsoft Internet Information Server (IIS) because Apache 2.0 ture gives it the power it needed to compete natively

architec-Apache: The Beginning

Here is a bit of Apache history In the early days of the Web, the National Center forSuper Computing Applications (NCSA) created a Web server that became the num-ber one Web server in early 1995 However, the primary developer of the NCSA Webserver left NCSA about the same time, and the server project began to stall In themeantime, people who were using the NCSA Web server began to exchange theirown patches for the server and soon realized that a forum to manage the patcheswas necessary The Apache Group was born The group used the NCSA Web servercode and gave birth to a new Web server called Apache Originally derived from thecore code of the NCSA Web server and a bunch of patches, the Apache server isnow the talk of the Web server community In three short years, it acquired the leadserver role in the market

The very first version (0.6.2) of publicly distributed Apache was released in April

1995 The 1.0 version was released on December 1, 1995 The Apache Group hasexpanded and incorporated as a nonprofit group The group operates entirely viathe Internet However, the development of the Apache server is not limited in anyway by the group Anyone who has the know-how to participate in the development

of the server or its component modules is welcome to do so, although the group isthe final authority on what gets included in the standard distribution of what isknown as the Apache Web server This allows literally thousands of developersaround the world to come up with new features, bug fixes, ports to new platforms,and more When new code is submitted to the Apache Group, the group membersinvestigate the details, perform tests, and do quality control checks If they are sat-isfied, the code is integrated into the main Apache distribution

The Apache Feature List

One of the greatest features that Apache offers is that it runs on virtually all widelyused computer platforms At the beginning, Apache used to be primarily a Unix-based Web server, but that is no longer true Apache not only runs on most (if not

all) flavors of Unix, but it also runs on Windows 2000/NT/9x and many other top and server-class operating systems such as Amiga OS 3.x and OS/2.

desk-Apache offers many other features including fancy directory indexing; directoryaliasing; content negotiations; configurable HTTP error reporting; SetUID execution

of CGI Programs; resource management for child processes; server-side imagemaps; URL rewriting; URL spell checking; and online manuals

The other major features of Apache are:

✦ Support for the latest HTTP 1.1 protocol: Apache is one of the first Web

servers to integrate the HTTP 1.1 protocol It is fully compliant with the newHTTP 1.1 standard and at the same time it is backward compatible with HTTP1.0 Apache is ready for all the great things that the new protocol has to offer

For example, before HTTP 1.1, a Web browser had to wait for a response fromthe Web server before it could issue another request With the emergence ofHTTP 1.1, this is no longer the case A Web browser can send requests in parallel, which saves bandwidth by not transmitting HTTP headers in eachrequest This is likely to provide a performance boost at the end-user sidebecause files requested in parallel will appear faster on the browser.

✦ Simple, yet powerful file-based configuration: The Apache server does not

come with a graphical user interface for administrators It comes with single

Apache to your liking All you need is your favorite text editor However, it isflexible enough to allow you spread out your virtual host configuration in

to manage with many virtual server configurations

✦ Support for CGI (Common Gateway Interface): Apache supports CGI using

the mod_cgiand mod_cgidmodules It is CGI 1.1 compliant and offersextended features such as custom environment variables and debugging sup-port that are hard to find in other Web servers See Chapter 12 for details

✦ Support for FastCGI: Not everyone writes their CGI in Perl, so how can they

make their CGI applications faster? Apache has a solution for that as well Usethe mod_fcgimodule to implement a FastCGI environment within Apache andmake your FastCGI applications blazing fast See Chapter 14 for details

✦ Support for virtual hosts: Apache is also one of the first Web servers to

sup-port both IP-based and named virtual hosts See Chapter 6 for details

✦ Support for HTTP authentication: Web-based basic authentication is

sup-ported in Apache It is also ready for message-digest-based authentication,which is something the popular Web browsers have yet to implement Apachecan implement basic authentication using either standard password files,DBMs, SQL calls, or calls to external authentication programs See Chapter 7for details

✦ Integrated Perl: Perl has become the de facto standard for CGI script

pro-gramming Apache is surely one of the factors that made Perl such a popularCGI programming language Apache is now more Perl-friendly then ever

memory and reuse it as many times as you want This process removes thestart-up penalties that are often associated with an interpreted language likePerl See Chapter 16 for details

✦ Support for PHP scripting: This scripting language has become very widely

See Chapter 15 for details

✦ Java Servlet support: Java servlets and Java Server Pages (JSP) are becoming

very commonplace in dynamic Web sites You can run Java servlets using theaward-wining Tomcat environment with Apache See Chapter 17 for details

✦ Integrated Proxy server: You can turn Apache into a caching (forward) proxy

server However, the current implementation of the optional proxy moduledoes not support reverse proxy or the latest HTTP 1.1 protocol There areplans for updating this module soon See Chapter 10 for details

✦ Server status and customizable logs: Apache gives you a great deal of

flexibil-ity in logging and monitoring the status of the server itself Server status can

be monitored via a Web browser You can also customize your log files to yourliking See Chapter 8 for details

✦ Support for Server-Side Includes (SSI): Apache offers set of server side

includes that add a great deal of flexibility for the Web site developer SeeChapter 13 for details

✦ Support for Secured Socket Layer (SSL): You can easily create an SSL Web

details

Understanding Apache 2.0 Architecture

Apache Server 2.0 makes Apache a more flexible, more portable, and more scalableWeb solution than ever before The new 2.0 releases offer many improvements; themajor improvements are discussed in the following sections

Multiprocessing modules

The first major change in Apache 2.0 is the introduction of multiprocessing ules (MPMs) To understand why MPMs are created, you need to understand howApache worked before Apache Version 1.3 or earlier used a preforking architecture

mod-In this architecture, an Apache parent process forked a set of child processes,which serviced the actual requests The parent process simply monitored the children and spawned or killed child processes based on the amount of requestsreceived Unfortunately, this model didn’t work well under platforms that are notprocess-centric such as Windows So, the Apache Group came up with the MPM-based solution

Each MPM is responsible for starting the server processes and for servicingrequests via child processes or threads depending on the MPM implementation

Several MPMs are available They are discussed in the following sections

The prefork MPM

The prefork MPM mimics the Apache 1.3 or earlier architecture, creating a pool

of child processes to service requests Each child process has a single thread

For example, if Apache starts 30 child processes, it can service 30 requests simultaneously

If something goes wrong and the child process dies, only a single request is lost.The number of child processes is controlled using a minimum and maximum setting.When the number of requests increases, new child processes are added until themaximum is reached Similarly, when the requests fall, any extra child processesare killed.

likely that a child’s death will take down at maximum of 1/n of all the total tion, where n presents the number of all simultaneous connections.

connec-A process is added or removed by monitoring its spare-thread count For example,

if a process has less than the minimum number of spare threads, a new process isadded Similarly, when a process has a maximum number of idle threads, it killed.All processes run under the same user and group ID assigned to Apache server.Because threads are more resource efficient than processes, this MPM is very scalable

The perchild MPM

This is also new in Apache 2.0 In this MPM model a set number of child processesare started with a specified number of threads As request load increases the pro-cesses add new threads as needed When request count reduces, processes shrinktheir thread counts using a minimum and maximum thread count setting

The key difference between this module and the threaded MPM is that the processcount is static and also each process can run using a different user and group ID.This makes it easy to run different virtual Web sites under different user and groupIDs See Chapter 6 for details

The winnt MPM

This is the MPM for the Windows platform, including Windows 2000, Windows NT,

and Window 9x It is a multithreaded module Using this module Apache will create

a parent process and a child process The child process creates all the threads that

services the request Also, this module now takes advantage of some Windows-onlynative function calls, which allows it to perform better than the earlier versions ofApache server on Windows platform.

Filtering I/O

Apache 2.0 now provides architecture for layered I/O This means that one module’soutput can become another module’s input This filtering effect is very interesting

For example, the output produced by CGI scripts, which is processed by the

mod_cgimodule, can now be handed to the mod_includemodule responsible forSSIs In other words, CGI scripts can produce output as SSI tags, which can be pro-cessed before the final output is sent to the Web browser Many other applications

of filtering I/O will be available in the future

New CGI daemon

Because many of the MPM modules use threads, executing CGI scripts become

module creates a daemon process, which spawns CGI processes and interacts with threads more efficiently Figure 1-1 shows how a CGI request for a script called

myscript.plis serviced

Figure 1-1: How the CGI daemon works with Apache child processes.

Here is how the CGI scripts are executed:

1 When the CGI request comes to a thread within a child process, it passes the

request to the CGI daemon

Web Browser

13

2

myscript.pl

Apache ChildProcess

Apache ChildProcess

CGI DaemonProcessApache Child

Process