|
Softpanorama |
May the source be with you, but remember the KISS principle ;-) 
Softpanorama Search
|
The Apache Web Server was originally created in 1995. It was based on the earlier NCSA server, written by the National Center for Supercomputing Applications (which also developed the Mosaic browser, predecessor to most of today's browsers, with a direct line to Netscape and Mozilla).
Apache runs as a permanent background task: a daemon (UNIX) or service (Windows). Start-up is a slow and expensive operation, so for an operational server, it is usual for Apache to start at system boot and remain permanently up. Early versions of Apache had documented support for an inetd mode (run from a generic superserver for every incoming request), but this mode was never appropriate for operational use.
The first applications development framework were dominated by Perl, under both CGI and mod_perl. Application developers concentrated on Perl, because mod_perl presented the first really useful and easy-to-use API. The Java Servlet API and numerous other scripting languages, including the current market leader PHP, soon followed.
The native API is much improved and the APR library is a separate entity. This helps programmers overcome most of the drawbacks of C programming—in particular, the problems of cross-platform programming and resource management. Working with Apache 2, C programmers can expect levels of productivity more commonly associated with higher-level and scripting languages.
A new extension architecture enables development of a whole new class of applications, as well as far cleaner implementations of existing modules and applications. This book will discuss in detail how to take advantage of this extension architecture.
A new core architecture makes Apache 2 a truly cross-platform server. The operating system layer has itself become a module (the MPM), enabling it to be separately tuned for each operating system. Whereas Apache 1 was a UNIX application that was ported with many limitations to other platforms, Apache 2 is truly cross-platform and is not tied to UNIX features, some of which perform poorly on, for example, Windows or Netware. The introduction of threaded MPMs also improves scalability on UNIX in many applications.
Apache 1.3, so many third-party modules and applications have been slow to upgrade to version 2.
directives in plain text configuration files. The main configuration
file is usually called httpd.conf. The location of this file
is set at compile-time, but may be overridden with the -f command
line flag. Some sites also have srm.conf and access.conf
files for
historical reasons. In addition, other configuration files may be added
using the
Include directive. Any directive may be placed in any of these
configuration files. Changes to the main configuration files are only recognized
by Apache when it is started or restarted.
Starting with Apache 1.3.13 any configuration file can actually be a directory, Apache will enter that directory and parse any files (and subdirectories) found there as configuration files. One possible use for this would be to add VirtualHosts by creating small configuration files for each host, and placing them in such a configuration directory. Thus, you can add or remove VirtualHosts without editing any files at all, simply adding or deleting them. This makes automating such processes much easier.
The server also reads a file containing mime document types; the filename
is set by the
TypesConfig directive, and is mime.types by default.
Apache configuration files contain one directive per line. The back-slash "\" may be used as the last character on a line to indicate that the directive continues onto the next line. There must be no other characters or white space between the back-slash and the end of the line.
Directives in the configuration files are case-insensitive, but arguments to directives are often case sensitive. Lines which begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on a line after a configuration directive. Blank lines and white space occurring before a directive are ignored, so you may indent directives for clarity.
You can check your configuration files for syntax errors without starting
the server by using apachectl configtest or the -t
command line option.
| Related Modules mod_so |
Related Directives AddModule ClearModuleList <IfModule> LoadModule |
Apache is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately and added at any time using the LoadModule directive. Otherwise, Apache must be recompiled to add or remove modules. Configuration directives may be included conditional on a presence of a particular module by enclosing them in an <IfModule> block.
To see which modules are currently compiled into the server, you can
use the -l command line option.
| Related Directives <Directory> <DirectoryMatch> <Files> <FilesMatch> <Location> <LocationMatch> <VirtualHost> |
Directives placed in the main configuration files apply to the entire
server. If you wish to change the configuration for only a part of the server,
you can scope your directives by placing them in
<Directory>,
<DirectoryMatch>,
<Files>,
<FilesMatch>,
<Location>, and
<LocationMatch> sections. These sections limit the application
of the directives which they enclose to particular filesystem locations
or URLs. They can also be nested, allowing for very fine grained configuration.
Apache has the capability to serve many different websites simultaneously.
This is called
Virtual
Hosting. Directives can also be scoped by placing them inside
<VirtualHost> sections, so that they will only apply to requests
for a particular website.
Although most directives can be placed in any of these sections, some directives do not make sense in some contexts. For example, directives controlling process creation can only be placed in the main server context. To find which directives can be placed in which sections, check the Context of the directive. For further information, we provide details on How Directory, Location and Files sections work.
| Related Directives AccessFileName AllowOverride |
Apache allows for decentralized management of configuration via special
files placed inside the web tree. The special files are usually called
.htaccess, but any name can be specified in the
AccessFileName directive. Directives placed in .htaccess
files apply to the directory where you place the file, and all sub-directories.
The .htaccess files follow the same syntax as the main configuration
files. Since .htaccess files are read on every request, changes
made in these files take immediate effect.
To find which directives can be placed in .htaccess files,
check the
Context of the directive. The server administrator further controls
what directives may be placed in .htaccess files by configuring
the
AllowOverride directive in the main configuration files.
For more information on .htaccess files, see Ken Coar's
tutorial on
Using .htaccess Files with Apache, or the
.htaccess tutorial in the Apache docs.
|
|||||||
Is your server actually running?
Believe it or not, this has happened to plenty of administrators. You take the server down, do some maintenance, and when you go to check out the server you’re getting errors. The first thing you do, naturally, is check out that /etc/apache2/apache.conf file to make sure your syntax is correct. But it’s perfect! What’s up? The first thing you might want to check is to make sure the server is running. But you don’t want to just issue the command to start the server or reload the server. Instead, issue the command:
sudo /etc/init.d/apache2 status
Which should return something like:
* apache is running (pid 9751).
If not, start the server with either:
sudo /etc/init.d/apache2 start
or
sudo apache2ctl start
NOTE: If you are using a distribution like Fedora, SuSE, or Mandriva you will need to first su to the root user and issue the above commands WITHOUT using sudo.
It’s not running and it won’t start
Did you just make changes to your Apache configuration file? Are the changes correct? If you’re not sure, you can use the apache2ctl command to check the syntax of your configuration file. This is done with the command:
sudo apache2ctl configtext
The above command should report:
Syntax OK
If you don’t get an OK, you will get information that points to the errors in your configuration file.
Apache wants to download .php files!
This is another common issue. When you add a new tool on your web server (such as Drupal), if your configuration file is set up properly, any .php file might not be displayed. Instead any attempt to view a .php file will instead have your browser trying to download the file. Why is this? Apache must be informed that certain extensions are to be displayed, not downloaded. This is done from within the Apache configuration file. Open up that file (in the Ubuntu server it will be /etc/apache2/apache2.conf) and first look for the following line:
DirectoryIndex index.html
If that file doesn’t include index.php nearly all sites that use php will be rendered useless.
The second line to look for is:
AddHandler application/x-httpd-php .php
If you find this line, and it is commented out, make sure you uncomment it by removing the “#” character. If it is not there add it to the bottom of the configuration file.
And, as always, when you make a change to the configuration file, restart Apache.
Know where to look for problems
Finally, it is crucial that you know where to first turn when the above doesn’t help you out. Any time I have an issue with Apache where Occam’s Razor does not apply, the first place I turn is the log files.
If you look in /var/log/apache2 you will find, at least, the following files:
- access.log: This keeps track of any connection made to your server.
- error.log: This keeps track of any errors that occur with Apache.
- other_vhosts_access.log: This is where virtual hosts will log when the virtual host has not been prescribed its own log file.
Of course, as your site evolves so will your available log files. Regardless of what you find in /var/log/apache2, that is where you should always first turn when you have problems. Even before you google.
Final thoughts
Now you should be able to handle some of the more common issues with the Apache server. And if your problem isn’t common, you also know where to turn to find clues that will lead you down the right path to correction.
I should preface this by noting that I usually install Apache from source for this very reason. It's often not clear where the contents of an RPM will end up and Apache is a prime example.
There is, however, a nifty way to do a little digging BEFORE you install an RPM. On the command line, type:
rpm -qpil path/to/apache-xyz.rpm | more
where 'path/to/apache-xyz.rpm' is the location of the RPM you wish to install.
Running this on apache-1.3.9-4.i386.rpm under RH6.1 reveals...
-----
% rpm -qpil apache-1.3.9-4.i386.rpm | more
[uninteresting bits and general verbosity deleted]
/etc/httpd/conf
/etc/httpd/conf/access.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
/etc/httpd/conf/srm.conf
/etc/httpd/logs
...
/etc/rc.d/init.d/httpd
...
/home/httpd
/home/httpd/cgi-bin
/home/httpd/html
/home/httpd/html/index.html
...
/usr/sbin/httpd
/usr/sbin/logresolve
/usr/sbin/rotatelogs
/usr/sbin/suexec
...-----
The Apache program itself is /usr/sbin/httpd. You can either run that from the command-line thusly:
% /usr/sbin/httpd
or by rebooting your server since all those files in /etc/rc.d will start Apache automagically when you start your server.
Before doing so, however, be sure to make the appropriate configuration changes in the /etc/httpd/conf/httpd.conf,
srm.conf, and access.conf files -- newer versions of Apache only use httpd.conf.There are some instructions available on RedHat's site; while they're not particularly geared toward a first time user, they may be of some help in initial Apache configuration...
http://www.redhat.com/support/docs/tips/WWW-Server-Tips/WWW-Server-Tips-3.html
Re: Latest Apache RPM; undefined symbol
Hi Arend, Thank you. I replaced the original httpd.conf file and restarted manually without error. I am wearing my dunce's hat with pride... Cheers Geoff >>> arend@meetsma.org 03 July 2002 17:46:50 >>> On Tue, 2 Jul 2002, Geoff Amabilino wrote: > Hi all, > > We have just upgraded our Apache packages to the latest RH version >(1.3.22-5.7.1) to avoid the recent security problem. > > We are now getting a problem starting the web server as follows: > > Syntax error on line 212 of /etc/httpd/conf/httpd.conf: > Cannot load /etc/httpd/modules/mod_log_config.so into server: >/etc/httpd/modules > /mod_log_config.so: undefined symbol: ap_escape_logitem > > I cannot find any clues around the web, and for the moment have had to >disable custom logging to get the site going again. > > Has anyone else seen this? Any help would be welcome. Hi Geoff, With the recent update, you need to stop and then restart apache by hand the first time, then the -HUP at 4:00 will work from then on. So do this: /etc/init.d/httpd stop /etc/init.d/httpd start then check the logs. Hope this helps, Arend
/home/bhattc/public_html/oraqmf.phtml /home/bhattc/public_html/learn.phtml /home/bhattc/public_html/split.phtml /home/bhattc/public_html/oraqmf3.phtml /home/bhattc/public_html/info.phtml /home/bhattc/public_html/testora.phtml /home/bhattc/public_html/oratest.phtml /usr/local/apache2/htdocs/ckbtest.phtml /ahd/site/maint_cat/string1.phtml /apache/htdocs/images/index.phtml /apache/htdocs/AHD/v1/Calendar.phtml /apache/htdocs/AHD/v1/SB_Chg_List.phtml /apache/htdocs/AHD/v1/SB_Req_List.phtml /apache/htdocs/AHD/v1/SB_WF_List.phtml /apache/htdocs/AHD/v1/ScoreBoard.phtml /apache/htdocs/AHD/v1/ShowDetail.phtml /apache/htdocs/AHD/v1/add_cnt-chg.phtml /apache/htdocs/AHD/v1/add_cnt-cr.phtml /apache/htdocs/AHD/v1/add_cnt-nr.phtml /apache/htdocs/AHD/v1/add_knl-chg.phtml /apache/htdocs/AHD/v1/add_knl-cr.phtml /apache/htdocs/AHD/v1/add_nr-chg.phtml /apache/htdocs/AHD/v1/chg_passwd.phtml /apache/htdocs/AHD/v1/rem_cnt-chg.phtml /apache/htdocs/AHD/v1/rem_cnt-cr.phtml /apache/htdocs/AHD/v1/rem_cnt-nr.phtml /apache/htdocs/AHD/v1/rem_knl-chg.phtml /apache/htdocs/AHD/v1/rem_knl-cr.phtml /apache/htdocs/AHD/v1/rem_nr-chg.phtml /apache/htdocs/AHD/add_cnt-cr.phtml /apache/htdocs/AHD/rem_cnt-cr.phtml /apache/htdocs/AHD/Reports/report_001.phtml /apache/htdocs/AHD/Reports/report_001_sel.phtml /apache/htdocs/AHD/Reports/report_002.phtml /apache/htdocs/AHD/Reports/report_002_sel.phtml /apache/htdocs/AHD/Reports/backup/report_001.phtml /apache/htdocs/AHD/Reports/backup/report_001_sel.phtml /apache/htdocs/AHD/Reports/backup/report_002.phtml /apache/htdocs/AHD/Reports/backup/report_002N.phtml /apache/htdocs/AHD/Reports/backup/report_002_sel.phtml /apache/htdocs/AHD/Reports/backup/report_002_selN.phtml /apache/htdocs/AHD/Reports/backup/report_001_N.phtml /apache/htdocs/AHD/Reports/backup/report_001_sel_N.phtml /apache/htdocs/AHD/chg_passwd.phtml /apache/htdocs/AHD/include/alg_download.phtml /apache/htdocs/AHD/SB_WF_List.phtml /apache/htdocs/AHD/addon/CR_noStatus.phtml /apache/htdocs/AHD/addon/split.phtml /apache/htdocs/AHD/ScoreBoard.phtml /apache/htdocs/AHD/SB_Req_List.phtml /apache/htdocs/AHD/SB_Chg_List.phtml /apache/htdocs/AHD/add_nr-chg.phtml /apache/htdocs/AHD/rem_nr-chg.phtml /apache/htdocs/AHD/add_knl-cr.phtml /apache/htdocs/AHD/rem_knl-cr.phtml /apache/htdocs/AHD/add_knl-chg.phtml /apache/htdocs/AHD/Calendar.phtml /apache/htdocs/AHD/rem_knl-chg.phtml /apache/htdocs/AHD/add_cnt-chg.phtml /apache/htdocs/AHD/rem_cnt-chg.phtml /apache/htdocs/AHD/extract/index.phtml /apache/htdocs/AHD/extract/download.phtml /apache/htdocs/AHD/extract/cr_download.phtml /apache/htdocs/AHD/extract/chg_download.phtml /apache/htdocs/AHD/extract/chg_download_prod_20040109.phtml /apache/htdocs/AHD/extract/cr_download_debug_20080508.phtml /apache/htdocs/AHD/rem_cnt-nr.phtml /apache/htdocs/AHD/add_cnt-nr.phtml /apache/htdocs/AHD/Doku/AHD_Web.phtml /apache/htdocs/AHD/Doku/index.phtml /apache/htdocs/AHD/AttachDoc.phtml /apache/htdocs/AHD/ShowDetail.phtml /apache/htdocs/AHD/NewAttachment.phtml /apache/htdocs/AHD/GrpAdd.phtml /apache/htdocs/AHD/GrpDel.phtml /apache/htdocs/Notify_new/Notify.phtml /apache/htdocs/Notify_new/Notify_del.phtml /apache/htdocs/Notify_old/Notify.phtml /apache/htdocs/Notify_old/Notify_del.phtml /apache/htdocs/misc/MakeRecord.phtml /apache/htdocs/misc/ckb06.phtml /apache/htdocs/misc/ckb00.phtml /apache/htdocs/misc/ckb05.phtml /apache/htdocs/misc/ckb03.phtml /apache/htdocs/misc/ckb04.phtml /apache/htdocs/misc/ckb01.phtml /apache/htdocs/AHD.091600/add_cnt-cr.phtml /apache/htdocs/AHD.091600/chg_passwd.phtml /apache/htdocs/AHD.091600/rem_cnt-cr.phtml /apache/htdocs/AHD.091600/SB_Chg_List.phtml /apache/htdocs/AHD.091600/SB_Req_List.phtml /apache/htdocs/AHD.091600/SB_WF_List.phtml /apache/htdocs/AHD.091600/ScoreBoard.phtml /apache/htdocs/AHD.091600/temp/ITNet.phtml /apache/htdocs/AHD.091600/temp/DruckPrio1.phtml /apache/htdocs/AHD.091600/temp/Provider.phtml /apache/htdocs/AHD.091600/temp/Beeston.phtml /apache/htdocs/AHD.091600/temp/Provider2.phtml /apache/htdocs/AHD.091600/add_nr-chg.phtml /apache/htdocs/AHD.091600/rem_nr-chg.phtml /apache/htdocs/AHD.091600/add_knl-chg.phtml /apache/htdocs/AHD.091600/add_knl-cr.phtml /apache/htdocs/AHD.091600/rem_knl-chg.phtml /apache/htdocs/AHD.091600/rem_knl-cr.phtml /apache/htdocs/AHD.091600/extract/ReqByType.phtml /apache/htdocs/AHD.091600/extract/download.phtml /apache/htdocs/AHD.091600/extract/index.phtml /apache/htdocs/AHD.091600/extract/cr_download.phtml /apache/htdocs/AHD.091600/add_cnt-chg.phtml /apache/htdocs/AHD.091600/rem_cnt-chg.phtml /apache/htdocs/AHD.091600/GetAsset.phtml /apache/htdocs/AHD.091600/Calendar.phtml /apache/htdocs/AHD.091600/Doku/index.phtml /apache/htdocs/AHD.091600/Doku/AHD_Web.phtml /apache/htdocs/AHD.091600/rem_cnt-nr.phtml /apache/htdocs/AHD.091600/add_cnt-nr.phtml /apache/htdocs/AHD.091600/ShowDetail.phtml /apache/htdocs/CAT/CAT_chgcat.phtml /apache/htdocs/CAT/assignee.phtml /apache/htdocs/CAT/chgcat.phtml /apache/htdocs/CAT/affected.phtml /apache/htdocs/CAT/author.phtml /apache/htdocs/CAT/AttachDoc.phtml /apache/htdocs/CAT/NewAttachment.phtml /apache/htdocs/CAT/string1.phtml /apache/htdocs/CAT/affectedgrp.phtml /apache/htdocs/CAT/GrpAdd.phtml /apache/htdocs/CAT/GrpDel.phtml /apache/htdocs/CAT/notifygrp.phtml /apache/htdocs/CAT/cnt_tabs.phtml /apache/htdocs/CAT/a.phtml /apache/htdocs/CAT/respgrp.phtml /apache/htdocs/CAT/chg_passwd.phtml /apache/htdocs/CAT/chgstat.phtml /apache/htdocs/CAT/csc.phtml /apache/htdocs/CAT/assets.phtml /apache/htdocs/CAT/add_nr-chg.phtml /apache/htdocs/CAT/rem_nr-chg.phtml /apache/htdocs/CAT/chg_download.phtml /apache/htdocs/CAT/CAT_Transport.phtml /apache/htdocs/custom/ahd/counter.phtml /apache/htdocs/custom/ahd/mlinks.phtml /apache/htdocs/custom/ahd/sap1day.phtml /apache/htdocs/custom/ahd/sap7day.phtml /apache/htdocs/custom/ahd/sapopen.phtml /apache/htdocs/custom/ahd/split.phtml /apache/htdocs/info.phtml /apache/htdocs/ckbinfo.phtml /apache/htdocs/ckb_ora_check.phtml /apache/htdocs/ckbtest.phtml /www_nti87/htdocs/ckbinfo.phtml /www_nti87/htdocs/ckb_ora_check.phtml
total 9584 drwxr-xr-x 2 www ahdsup 4096 Feb 8 2003 ./ drwxr-xr-x 15 sys sys 4096 Mar 26 2007 ../ -rwxr-xr-x 1 ahd system 3570 Feb 11 2002 file_upload.pl* -rwxr-xr-x 1 ahd system 1618327 Feb 11 2002 pdm_cgireport* -rwxr-xr-x 1 ahd system 3217366 Feb 11 2002 pdm_graph* -rwxr-xr-x 1 root ahdsup 10250 Feb 11 2002 pdmcgi* -rwxr-xr-x 1 root ahdsup 8159 Feb 8 2003 pdmcgi.ahd45* lrwxrwxrwx 1 root ahdsup 6 Apr 28 16:42 pdmcgi02@ -> pdmcgi* lrwxrwxrwx 1 root ahdsup 6 Apr 28 16:42 pdmcgi_cat@ -> pdmcgi* -rwxr-xr-x 1 www ahdsup 120 Jun 29 2000 printenv* -rwxr-xr-x 1 www ahdsup 757 Apr 7 1999 test-cgi* -rwxr-xr-x 1 ahd system 21712 Feb 11 2002 web_upload.pl*
root@nti2273/home/bezroun/Apache/bin #
Compiled in modules:
core.c
mod_authn_file.c
mod_authn_default.c
mod_authz_host.c
mod_authz_groupfile.c
mod_authz_user.c
mod_authz_default.c
mod_auth_basic.c
mod_include.c
mod_filter.c
mod_log_config.c
mod_env.c
mod_setenvif.c
prefork.c
http_core.c
mod_mime.c
mod_status.c
mod_autoindex.c
mod_asis.c
mod_cgi.c
mod_negotiation.c
mod_dir.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_so.c
(nixCraft)When you are updating website you may need to send error 503 to client. Error 503 indicates that web server is temporary out of service or down. This is useful if you are running popular database driven website such as a forum or e-commerce site. So when the site is under maintenance you can send user a good message indicating that site is down for some work.
This tip will help you to disable a site for maintenance using mod_rewrite without redirecting url.
Both Lighttpd and Apache webserver allows you to send this message to client using server side rewriting using mod_rewrite and php.
Error 503 means
=> Server is too busy to serve your request
=> Server is slashdotted or dugg to death
=> Server is forced to send this message etcBut why to send error 503?
Error 503 informs search engine that site is temporary out of service. This is quite important for site which is heavily depends upon search engine for selling products and services.
November 2006 (Bigadmin) This guide serves as a starting point for users to install, configure, and perform basic tuning of the open source stack SAMP (Solaris 10 OS, Apache 2.0.52, MySQL 5.0, and PHP 5). The article also covers PostgreSQL and Tomcat. The Solaris Zones feature (part of Solaris Containers technology in the Solaris 10 OS) is discussed to help users with scalability in mind.Download the document as PDF.
Until now FastCGI was behind mod_php, java and mod_perl in terms of popularity among web server administrators and web developers. But times have changed and changed for good.
In the early days of web development when the CGI interface was the leader and web servers were quite slow, developers felt that they needed a faster server technology, that can be used to run their web applications on high-traffic web sites. The solution to the problem seemed obvious – the developers had to take their CGI-based code and put it into the web server process.
With this solution, the operating system didn’t have to start a new process every time a request had been received, which is very expensive, and you could write your application with a persistent functionality in mind and ability to cache data between several different http requests.
These were the days when some of the most popular web server APIs were born – Internet Information Server’s ISAPI, Netscape Server’s NSAPI, and Apache’s module API. This trend created some of the best known and quite often used technologies in web development like mod_php, mod_python, java servlets (and later jsp), asp. But the conception that stays behind these technologies is not flawless. There are many problems with applications that run inside your average web server.
For example mod_perl’s high memory usage per child process can suck the available ram, php’s problems with threads can kill the whole web server, and many security problems arising from the fact that the most popular web server (Apache) can’t do simple things like changing the OS user it executes the request with. For quite some time there have been solutions, like putting a light-weight proxy server in front of apache, installing third-parity software for IIS or using php’s safe mode and OpenBasedir (Oh GOD!) on apache, but these are not elegant and pose other problems on their own. Also the hardware progress in the last few years made the server modules obsolete.
In the mean time, when the server modules were gaining glory and fame, a little-known technology with a different conception and implementation was born. It was called FastCGI and the basic problem it was designed to solve was to make CGI programs run faster. Later, it became clear that FastCGI solves many other problems and design flaws that the server modules had.
How FastCGI works?
FastCGI runs in the web server process, but doesn’t handle the request itself. Instead it manages a pool of the so-called FastCGI servers outside of the web server process and when a request arrives, the FastCGI manager sends the http data through a socket to one of the available fastcgi servers to handle this request. This strategy is quite simple and has the following advantages:In the beginning FastCGI was not so popular, because its use of external processes and communication through sockets required more resources to be allocated on the host system. Today this is not the case, because for the last few years the hardware development made huge leaps ahead and system memory is not so expensive anymore. In present days many of the web servers have full support for FastCGI and the trend is to migrate the current web applications to run under it. These are some of the most popular web servers that have support for FastCGI:
- The FastCGI servers can be written in any language that has an api to communicate through sockets
- The FastCGI servers run outside of the web server thus improving stability and allowing the web server to handle only requests for static data with very little overhead. You won’t need a front-end proxy for this. Thread-unsafe applications can be run with
threaded web servers.- The FastCGI manager can change the owner of the FastCGI servers, which allows the web administrator to have different virtual hosts served by different OS users. (Anyone remember Apache2’s perchild MPM?)
- The FastCGI servers are persistent processes, which serve requests many times faster than standard CGIs.
- Apache – http://httpd.apache.org
- Lighttpd – http://www.lighttpd.net/
- Zeus Web Server – http://www.zeus.com/products/zws/
- Sun Java System Web Server – http://www.sun.com
In November Microsoft announced support for FastCGI on IIS 5, IIS 6 and IIS 7 (Beta). Click here to read the announcement.
The Apache Software Foundation released a maintenance update to the 2.2 httpd branch. Version 2.2.2 is now considered the gold standard that outfits running Apache should be using. It is available for download, here.
As usual, the full cadre of release notes are online. Changes have been made to mod_deflate, so that it works correctly in an internal redirect; mod_proxy_balancer, which now initializes members of a balancer correctly; mod_proxy, so that it no longer releases connections from the connection pool twice; prevent the reading uninitialized memory while reading a line of protocol input; mod_dbd, whose defaults have been updated and error reporting improved; and mod_dbd, which creates its own pool and mutex to avoid problem use of process pool in request processing.
Version 2.2 was initially released in December 2005. Core enhancements include, refactored authentication and authorization modules; a host of changes to mod_cache, mod_disk_cache, and mod_mem_cache; a simplified and modularized default configuration layout; and graceful shutdown for prefork, worker, and event MPMs. Changes were also made to the mod_auth, mod_authnz_ldap, mod_authz_owner, mod_version, mod_info, mod_ssl, and mod_imagemap modules.
The ASF also recommends anyone still running the 2.0 or 1.3 forks that does not plan to upgrade be sure to patch to 2.0.58 and 1.3.37, respectively.
With mod_perl, Perl code can be embedded directly in the Apache configuration file. Perl in httpd.conf is commonly used to dynamically configure Apache, but anything from URL translation to content generation can be accomplished directly in the configuration file within <Perl> sections.
This example reads configuration settings from a text file and configures Apache's virtual hosts.
The httpd.conf setup:
NameVirtualHost 192.168.0.1:80 <Perl> my $config = "/etc/apache/vhosts.txt"; open HOSTS, $config or die "Failed to open $config: $!"; while (<HOSTS>) { my %config; my @params = qw/ServerName DocumentRoot ErrorLog TransferLog ServerAdmin/; @config{ @params } = split /\t/; $config{ Directory }{ $config{DocumentRoot} } = { Allow => 'from all' }; push @{ $VirtualHost{'192.168.0.1:80'} }, \%config; } close HOSTS; </Perl>See The Guide for other examples of configuring Apache with mod_perl.
This document is a quick overview of Solaris 10's zones, intended for use by ASF infrastructure to establish zones and for PMCs to manage their zones.Some quasi-helpful resources:
- blastwave.org - Solaris Zones
- Sun BigAdmin Solaris Zones
- Restricting Service Administration blueprint
- Google: add the phrase "solaris 10" will get docs.sun.com and forum.sun.com
These are notes to assist the root people at ASF infrastructure to create Solaris zones for certain PMCs. See the other notes below for PMCs to manage zones.Please add notes about your zone to the https://svn.apache.org/repos/asf/infrastructure/trunk/docs/helios/zones.txt file (PMC name, root name and other maintainers, docs reference). See the notes for other zones.
Creating a zone
One of the first things you will want to setup on your new Solaris/OpenSolaris operating system is a web server, even though Solaris now comes with Perl and Apache installed by default, it is still worth installing your own version. New versions of Perl and Apache will always be ahead of the Solaris version, plus you will never damage the pre-installed version.
The procedure has been test on:The following steps will install:
- Solaris 10 3/05 SPARC & X86
- Fully Patched
- Installed Solaris Software Companion (/opt/sfw)
- perl 5.8.7
- basic perl modules used by apache
- Apache 1.3.34 (Version 1 is still widely used)
- Copy the file, /etc/apache2/httpd.conf-example to /etc/apache2/httpd.conf
# cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf- Edit /etc/apache2/httpd.conf
- Set ServerName if necessary (default is 127.0.0.1)
- Set ServerAdmin to a valid email address
- From the command line type:
# svcadm enable apache2The Apache 2 web service should persist through server and/or zone boots. The actual web pages are located in the /var/apache2/htdocs directory by default.
I installed on m sun solaris 10, just the core sdistribution
I installed packages:
system SUNWapch2d Apache Web Server V2 Documentation
system SUNWapch2r Apache Web Server V2 (root)
system SUNWapch2u Apache Web Server V2 (usr)
But when i try to enable apache
svcadm enable apache2
i get:
svcadm: Pattern 'apache2' doesn't match any instances
i looked all day in doc's the internet, but no good solution.
Who has got the answer for me.hey rebooting a unix box worked????????
svcs -a | grep apache2
no showed disabled ???
before rebooting i didn't show up.
Strange!!
Posted by timothy on Sunday October 19, @08:19AM
from the driven-by-the-forces-of-evil dept.
ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."
For information on pricing, contact SpringSource's sales staff by emailing sales@springsource.com or calling 650/425-3515.
This sounds like a great idea. (Score:2)
by daviddennis
(10926) <david@amazing.com>
on Sunday October 19, @12:26PM (#7254633)
(http://www.amazing.com/)
Has anyone tried it? Any success or failure stories?
D
|
Re:This sounds like a great idea.
(Score:5, Interesting) by digitalsushi (137809) * <slashdot@digitalsushi.com> on Sunday October 19, @12:34PM (#7254685) (Last Journal: Wednesday August 20, @12:30PM) |
| I am using 1.7RC1. I'm using it for just one feature -- SecServerSignature. Lets you change the reported server type. I changed mine to Microsoft-IIS/2.0. In my built in status handler that shows me all the hits as they're being served live, I almost always have one request in there that is trying to send a buffer overflow to default.ida. That behavior changed the same day I flipped my reported server type over. Always amazes me how little time it takes! |
| [ Parent ] |
|
Re:This sounds like a great idea.
(Score:5, Informative) by bill_mcgonigle (4333) on Monday October 20, @12:45PM (#7261761) (http://www.zettabyte.net/ | Last Journal: Tuesday October 28, @02:20PM) |
| For those who don't have mod_security, a good thing
to put in your httpd.conf is: ServerTokens ProductOnly so your HTTP response looks like: HTTP/1.1 200 OK Date: Mon, 20 Oct 2003 17:23:13 GMT Server: Apache instead of: HTTP/1.1 200 OK Date: Mon, 20 Oct 2003 17:23:13 GMT Server: Apache/1.3.19 (Unix) mod_perl/1.27 PHP/4.0.5pl1 mod_ssl/2.8.2 OpenSSL/0.9.8 That's just way too much information to tell the world. |
| [ Parent ] |
powerful umbrella
shielding apps from attacks" (Score:2)
by brlewis (214632)
on Tuesday October 21, @12:25PM (#7272502)
(http://brl.codesimply.net/)
The article's description of mod_security as a "powerful umbrella shielding
applications from attacks" seems to oversell it. If you have a known app
with a known exploit, you can use mod_security instead of fixing the app.
But even the mod_security docs themselves say it's better to fix the app.
For apps which accept arbitrary text input (most do!) a general filter against, e.g. "insert into", is a bad idea? This slashdot post includes those two words together; you have to be specific about which inputs get filtered how. Again, this is better done in the app itself.
Another neat module
I've never heard of before... (Score:2)
by WoTG (610710)
on Tuesday October 21, @02:07PM (#7273748)
(http://www.myphotoprinter.net/
| Last Journal:
Monday August
04, @12:43AM)
I had to browse the site to see what this does, this
overview page [modsecurity.org] was good.
It reminds me of
URLScan [microsoft.com] for MS's IIS - but with extra features.
For those who don't
want to do this on the server (Score:1)
by jjeffrey (558890)
<james@jgj.org.uk>
on Wednesday October 22, @08:20AM (#7280159)
(http://jgj.org.uk/)
...you can of course spin up Apache on another box, preferably
not the firewall, and set it up in proxy mode to forward the requests. Though
this generates some SSL issues. Mabye you could even use mod_balance and
have a security appliance / load balancer?
Of course Checkpoint already offer this functionality in FW-1 NG to a limited
degree, and Netscreen are introducing it across their range as a free update
(for those with a software subscription) in ScreenOS 5 later this year or
early next.
mod_security evaluation
by Tegatai Systems (Score:1)
by konduct (691763)
on Wednesday October 29, @06:06AM (#7336442)
(http://www.tegatai.com/~jbl/)
Tegatai Systems
[tegatai.com] has been using
mod_security
[modsecurity.org] in its development labs recently. It has been determined
through white and blackbox testing that mod_security needs more work before
it will be stable enough for wide-spread production use.
Similar to Microsoft's
URLScan... (Score:1)
by sk3tch (165010)
on Wednesday October 29, @12:46PM (#7339210)
(http://www.sk3tch.com/)
http://www.microsoft.com/technet/security/tools/u
Nice to see Apache adding this functionality. As a web admin, the availability
of another layer of security is always appreciated.
About: The mod_securid Apache module implements RSA SecurID authentication for the Apache Web server. It allows administrators to restrict access to Web sites (or parts of Web sites) to users authenticated using a SecurID token and an ACE server.
Copyright © 1996-2009 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Site uses AdSense so you need to be aware of Google privacy policy. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
Disclaimer:
Last modified: November 09, 2009