O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Apache: The Definitive Guide, 3rd Edition

Book Description

Apache is far and away the most widely used web server platform in the world. This versatile server runs more than half of the world's existing web sites. Apache is both free and rock-solid, running more than 21 million web sites ranging from huge e-commerce operations to corporate intranets and smaller hobby sites.With this new third edition of Apache: The Definitive Guide, web administrators new to Apache will come up to speed quickly, and experienced administrators will find the logically organized, concise reference sections indispensable, and system programmers interested in customizing their servers will rely on the chapters on the API and Apache modules.Updated to cover the changes in Apache's latest release, 2.0, as well as Apache 1.3, this useful guide discusses how to obtain, set up, secure, modify, and troubleshoot the Apache software on both Unix and Windows systems. Dozens of clearly written examples provide the answers to the real-world issues that Apache administrators face everyday. In addition to covering the installation and configuration of mod_perl and Tomcat, the book examines PHP, Cocoon, and other new technologies that are associated with the Apache web server. Additional coverage of security and the Apache 2.0 API make Apache: The Definitive Guide, Third Edition essential documentation for the world's most popular web server.

Table of Contents

  1. A Note Regarding Supplemental Files
  2. Preface
    1. Who Wrote Apache, and Why?
    2. The Demonstration Code
    3. Conventions Used in This Book
      1. Typographic Conventions
      2. Icons
      3. Pathnames
      4. Directives
    4. Organization of This Book
    5. Acknowledgments
  3. 1. Getting Started
    1. 1.1. What Does a Web Server Do?
      1. 1.1.1. Criteria for Choosing a Web Server
      2. 1.1.2. Why Apache?
    2. 1.2. How Apache Works
    3. 1.3. Apache and Networking
      1. 1.3.1. What to Know About TCP/IP
      2. 1.3.2. How Apache Uses TCP/IP
      3. 1.3.3. Apache and Domain Name Servers
        1. 1.3.3.1. Multiple sites: Unix
        2. 1.3.3.2. Multiple sites: Win32
    4. 1.4. How HTTP Clients Work
    5. 1.5. What Happens at the Server End?
    6. 1.6. Planning the Apache Installation
      1. 1.6.1. Fitting Apache into Your Network
      2. 1.6.2. Which Operating System?
      3. 1.6.3. Which Unix?
    7. 1.7. Windows?
    8. 1.8. Which Apache?
      1. 1.8.1. Apache 2.0
      2. 1.8.2. Apache 2.0 and Win32
    9. 1.9. Installing Apache
      1. 1.9.1. Apache Executables for Unix
      2. 1.9.2. Making Apache 1.3.X Under Unix
      3. 1.9.3. Modules Under Unix
        1. 1.9.3.1. Compiled in modules
        2. 1.9.3.2. DSO modules
        3. 1.9.3.3. APXS
    10. 1.10. Building Apache 1.3.X Under Unix
      1. 1.10.1. Out of the Box
      2. 1.10.2. Semimanual Build Method
      3. 1.10.3. Choosing Modules
      4. 1.10.4. Shared Objects
      5. 1.10.5. Configuration Settings and Rules
      6. 1.10.6. Making Apache
    11. 1.11. New Features in Apache v2
      1. 1.11.1. Config File Changes in v2
      2. 1.11.2. httpd Command-Line Changes
      3. 1.11.3. Module Changes in v2
    12. 1.12. Making and Installing Apache v2 Under Unix
    13. 1.13. Apache Under Windows
      1. 1.13.1. Modules Under Windows
      2. 1.13.2. Compiling Apache Under Win32
  4. 2. Configuring Apache: The First Steps
    1. 2.1. What’s Behind an Apache Web Site?
      1. 2.1.1. Running Apache from the Command Line
    2. 2.2. site.toddle
    3. 2.3. Setting Up a Unix Server
      1. 2.3.1. webuser and webgroup
        1. 2.3.1.1. User
        2. 2.3.1.2. Group
      2. 2.3.2. “Out of the Box” Default Problems
      3. 2.3.3. Running Apache Under Unix
      4. 2.3.4. Several Copies of Apache
      5. 2.3.5. Unix Permissions
      6. 2.3.6. A Local Network
    4. 2.4. Setting Up a Win32 Server
      1. 2.4.1. Console Window
      2. 2.4.2. Apache as a Service
    5. 2.5. Directives
      1. 2.5.1. ServerName
      2. 2.5.2. DocumentRoot
      3. 2.5.3. ServerRoot
      4. 2.5.4. ErrorLog
      5. 2.5.5. PidFile
      6. 2.5.6. TypesConfig
      7. 2.5.7. Inclusions into the Config file
    6. 2.6. Shared Objects
      1. 2.6.1. Shared Objects Under Unix
        1. 2.6.1.1. LoadModule
      2. 2.6.2. Shared Modules Under Win32
        1. 2.6.2.1. LoadFile
        2. 2.6.2.2. ClearModuleList
        3. 2.6.2.3. AddModule
  5. 3. Toward a Real Web Site
    1. 3.1. More and Better Web Sites: site.simple
      1. 3.1.1. ErrorDocument
    2. 3.2. Butterthlies, Inc., Gets Going
      1. 3.2.1. Default Index
      2. 3.2.2. index.html
    3. 3.3. Block Directives
    4. 3.4. Other Directives
    5. 3.5. HTTP Response Headers
      1. Reference Section
      2. Reference Section
      3. Reference Section
      4. Reference Section
      5. 3.5.1. FollowSymLinks, SymLinksIfOwnerMatch
    6. 3.6. Restarts
    7. 3.7. .htaccess
    8. 3.8. CERN Metafiles
    9. 3.9. Expirations
  6. 4. Virtual Hosts
    1. 4.1. Two Sites and Apache
    2. 4.2. Virtual Hosts
      1. 4.2.1. Name-Based Virtual Hosts
        1. 4.2.1.1. NameVirtual host
      2. 4.2.2. IP-Based Virtual Hosts
      3. 4.2.3. Mixed Name/IP-Based Virtual Hosts
      4. 4.2.4. Port-Based Virtual Hosting
    3. 4.3. Two Copies of Apache
    4. 4.4. Dynamically Configured Virtual Hosting
      1. 4.4.1. Examples
  7. 5. Authentication
    1. 5.1. Authentication Protocol
      1. 5.1.1. site.authent
    2. 5.2. Authentication Directives
    3. 5.3. Passwords Under Unix
    4. 5.4. Passwords Under Win32
    5. 5.5. Passwords over the Web
    6. 5.6. From the Client’s Point of View
      1. 5.6.1. The Config File
    7. 5.7. CGI Scripts
    8. 5.8. Variations on a Theme
    9. 5.9. Order, Allow, and Deny
    10. 5.10. DBM Files on Unix
      1. 5.10.1. AuthDBUserFile
        1. 5.10.1.1. Security
      2. 5.10.2. AuthDBMUserFile
        1. 5.10.2.1. Security
    11. 5.11. Digest Authentication
      1. 5.11.1. ContentDigest
    12. 5.12. Anonymous Access
    13. 5.13. Experiments
      1. 5.13.1. Access.conf
    14. 5.14. Automatic User Information
      1. 5.14.1. IdentityCheck
    15. 5.15. Using .htaccess Files
      1. 5.15.1. AccessFileName
    16. 5.16. Overrides
      1. 5.16.1. AllowOverride
  8. 6. Content Description and Modification
    1. 6.1. MIME Types
    2. 6.2. Content Negotiation
      1. 6.2.1. MultiviewsMatch
      2. 6.2.2. Image Negotiation
    3. 6.3. Language Negotiation
    4. 6.4. Type Maps
    5. 6.5. Browsers and HTTP 1.1
    6. 6.6. Filters
  9. 7. Indexing
    1. 7.1. Making Better Indexes in Apache
    2. 7.2. Making Our Own Indexes
      1. 7.2.1. DirectoryIndex
    3. 7.3. Imagemaps
      1. 7.3.1. HTML File
      2. 7.3.2. Map File
    4. 7.4. Image Map Directives
  10. 8. Redirection
    1. 8.1. Alias
      1. 8.1.1. A Subtle Problem
    2. 8.2. Rewrite
      1. Reference Section
      2. Reference Section
      3. Reference Section
      4. Reference Section
      5. Reference Section
      6. Reference Section
      7. Reference Section
      8. Reference Section
      9. Reference Section
      10. 8.2.1. A Rewrite Example
    3. 8.3. Speling
      1. 8.3.1. CheckSpelling
  11. 9. Proxying
    1. 9.1. Security
    2. 9.2. Proxy Directives
    3. 9.3. Apparent Bug
    4. 9.4. Performance
      1. 9.4.1. Inward Caching
    5. 9.5. Setup
      1. 9.5.1. Reverse Proxy
  12. 10. Logging
    1. 10.1. Logging by Script and Database
    2. 10.2. Apache’s Logging Facilities
      1. Reference Section
      2. Reference Section
      3. Reference Section
      4. Reference Section
      5. Reference Section
      6. Reference Section
      7. 10.2.1. site.authent — Another Example
    3. 10.3. Configuration Logging
      1. 10.3.1. AddModuleInfo
    4. 10.4. Status
      1. 10.4.1. Server Status
      2. 10.4.2. ExtendedStatus
  13. 11. Security
    1. 11.1. Internal and External Users
    2. 11.2. Binary Signatures, Virtual Cash
    3. 11.3. Certificates
    4. 11.4. Firewalls
      1. 11.4.1. Packet Filtering
      2. 11.4.2. Separate Networks
        1. 11.4.2.1. Advantages
        2. 11.4.2.2. Disadvantages
    5. 11.5. Legal Issues
    6. 11.6. Secure Sockets Layer (SSL)
    7. 11.7. Apache’s Security Precautions
      1. 11.7.1. SSL with Apache v1.3
        1. 11.7.1.1. Apache-SSL
        2. 11.7.1.2. OpenSSL
        3. 11.7.1.3. Rebuild Apache
        4. 11.7.1.4. Config file
        5. 11.7.1.5. Environment variables
      2. 11.7.2. mod_ssl with Apache 1.3
      3. 11.7.3. SSL with Apache v2
        1. 11.7.3.1. Config file
        2. 11.7.3.2. Environment variables
      4. 11.7.4. Make a Test Certificate
      5. 11.7.5. Getting a Server Certificate
      6. 11.7.6. The Global Session Cache
    8. 11.8. SSL Directives
      1. 11.8.1. Apache-SSL Directives for Apache v1.3
      2. 11.8.2. SSL Directives for Apache v2
    9. 11.9. Cipher Suites
      1. 11.9.1. Cipher Directives for Apache v1.3
      2. 11.9.2. Cipher Directives for Apache v2
    10. 11.10. Security in Real Life
      1. 11.10.1. Cookbook Security
      2. 11.10.2. Demo Client Certificate
      3. 11.10.3. Get the CA Certificate
    11. 11.11. Future Directions
      1. 11.11.1. SE Linux
      2. 11.11.2. EROS
      3. 11.11.3. E
  14. 12. Running a Big Web Site
    1. 12.1. Machine Setup
    2. 12.2. Server Security
      1. 12.2.1. Root Password
      2. 12.2.2. File Positions and Ownerships
      3. 12.2.3. The Apache Web Site
        1. 12.2.3.1. Permissions on ServerRoot directories
        2. 12.2.3.2. Server-side includes
        3. 12.2.3.3. Nonscript-aliased CGI
        4. 12.2.3.4. Script-aliased CGI
        5. 12.2.3.5. CGI in general
        6. 12.2.3.6. Stopping users overriding system-wide settings...
        7. 12.2.3.7. Protect server files by default
    3. 12.3. Managing a Big Site
      1. 12.3.1. Development Machines
      2. 12.3.2. Beta Test
      3. 12.3.3. The Live Site
      4. 12.3.4. Upgrade Procedures
      5. 12.3.5. Maintenance Pages
    4. 12.4. Supporting Software
      1. 12.4.1. Database Manager
      2. 12.4.2. Mailserver
      3. 12.4.3. PGP
      4. 12.4.4. SSH Access to Server
      5. 12.4.5. Credit Cards
      6. 12.4.6. Passwords
      7. 12.4.7. Turn Off Unwanted Services
      8. 12.4.8. Backend Networks
      9. 12.4.9. SuEXEC
      10. 12.4.10. SSL
      11. 12.4.11. Certificates
    5. 12.5. Scalability
      1. 12.5.1. Performance
        1. 12.5.1.1. Tools
        2. 12.5.1.2. Apache’s mod_info
        3. 12.5.1.3. Bandwidth
        4. 12.5.1.4. Load balancing
        5. 12.5.1.5. Image server, text server
      2. 12.5.2. Shared Versus Replicated DBs
    6. 12.6. Load Balancing
      1. 12.6.1. Spreading the Load
      2. 12.6.2. mod_backhand
      3. 12.6.3. Installation of mod_backhand
      4. 12.6.4. Directives
      5. 12.6.5. Candidacy Functions
      6. 12.6.6. The Config File
      7. 12.6.7. Example Site
  15. 13. Building Applications
    1. 13.1. Web Sites as Applications
      1. 13.1.1. A Closer Look at HTTP
      2. 13.1.2. Creating a Form
      3. 13.1.3. Other Approaches to Application Building
    2. 13.2. Providing Application Logic
      1. 13.2.1. Server-Side Includes
      2. 13.2.2. PHP
      3. 13.2.3. Perl
      4. 13.2.4. Java
      5. 13.2.5. Other Options
    3. 13.3. XML, XSLT, and Web Applications
  16. 14. Server-Side Includes
    1. 14.1. File Size
    2. 14.2. File Modification Time
    3. 14.3. Includes
    4. 14.4. Execute CGI
    5. 14.5. Echo
    6. 14.6. Apache v2: SSI Filters
  17. 15. PHP
    1. 15.1. Installing PHP
    2. 15.2. Site.php
      1. 15.2.1. Errors
      2. 15.2.2. Standalone PHP Scripts
  18. 16. CGI and Perl
    1. 16.1. The World of CGI
      1. 16.1.1. Writing and Executing Scripts
      2. 16.1.2. Scripts and Apache
        1. 16.1.2.1. Executable script
    2. 16.2. Telling Apache About the Script
      1. 16.2.1. Script in cgi-bin
      2. 16.2.2. Script in DocumentRoot
      3. 16.2.3. Perl
      4. 16.2.4. Databases
      5. 16.2.5. HTML
      6. 16.2.6. Running a Script via Apache
      7. 16.2.7. Quote Marks
      8. 16.2.8. HTTP Header
      9. 16.2.9. Getting Data from the Client
        1. 16.2.9.1. Data from a link
        2. 16.2.9.2. CGI.pm
        3. 16.2.9.3. Questions and answers
      10. 16.2.10. Environment Variables
    3. 16.3. Setting Environment Variables
    4. 16.4. Cookies
      1. 16.4.1. Apache Cookies
      2. 16.4.2. The Config File
      3. 16.4.3. Email
      4. 16.4.4. Search Engines and CGI
      5. 16.4.5. Debugging
      6. 16.4.6. Debuggers
      7. 16.4.7. Security
    5. 16.5. Script Directives
    6. 16.6. suEXEC on Unix
      1. 16.6.1. A Demonstration of suEXEC
    7. 16.7. Handlers
    8. 16.8. Actions
      1. 16.8.1. Action
    9. 16.9. Browsers
  19. 17. mod_perl
    1. 17.1. How mod_perl Works
    2. 17.2. mod_perl Documentation
    3. 17.3. Installing mod_perl — The Simple Way
      1. 17.3.1. Linking More Than One Module
      2. 17.3.2. Test
      3. 17.3.3. Installation Gotchas
    4. 17.4. Modifying Your Scripts to Run Under mod_perl
    5. 17.5. Global Variables
      1. 17.5.1. Perl Flags
    6. 17.6. Strict Pregame
    7. 17.7. Loading Changes
    8. 17.8. Opening and Closing Files
    9. 17.9. Configuring Apache to Use mod_perl
      1. 17.9.1. Performance Tuning
      2. 17.9.2. Making Scripts Run Faster
        1. 17.9.2.1. Preloading modules and compiling
        2. 17.9.2.2. Database interface persistence
        3. 17.9.2.3. KeepAlives and MaxClients
        4. 17.9.2.4. Profiling
  20. 18. mod_jserv and Tomcat
    1. 18.1. mod_jserv
      1. 18.1.1. Making gmake
      2. 18.1.2. Building JServ
      3. 18.1.3. JServ Directives
      4. 18.1.4. JServ Status
      5. 18.1.5. Writing a Servlet
    2. 18.2. Tomcat
      1. 18.2.1. Installing the JDK
      2. 18.2.2. Installation of Tomcat
      3. 18.2.3. Tomcat’s Directory Structure
        1. 18.2.3.1. Bin
      4. 18.2.4. Conf
      5. 18.2.5. Writing and Testing a Servlet
    3. 18.3. Connecting Tomcat to Apache
      1. 18.3.1. mod_jk
  21. 19. XML and Cocoon
    1. 19.1. XML
    2. 19.2. XML and Perl
    3. 19.3. Cocoon
    4. 19.4. Cocoon 1.8 and JServ
    5. 19.5. Cocoon 2.0.3 and Tomcat
    6. 19.6. Testing Cocoon
  22. 20. The Apache API
    1. 20.1. Documentation
    2. 20.2. APR
    3. 20.3. Pools
    4. 20.4. Per-Server Configuration
    5. 20.5. Per-Directory Configuration
    6. 20.6. Per-Request Information
    7. 20.7. Access to Configuration and Request Information
    8. 20.8. Hooks, Optional Hooks, and Optional Functions
      1. 20.8.1. Hooks
      2. 20.8.2. Optional Hooks
      3. 20.8.3. Optional Hook Example
      4. 20.8.4. Optional Functions
      5. 20.8.5. Optional Function Example
    9. 20.9. Filters, Buckets, and Bucket Brigades
      1. 20.9.1. Bucket Interface
      2. 20.9.2. Output Filters
      3. 20.9.3. Input Filters
    10. 20.10. Modules
  23. 21. Writing Apache Modules
    1. 21.1. Overview
    2. 21.2. Status Codes
    3. 21.3. The Module Structure
    4. 21.4. A Complete Example
      1. 21.4.1. Overview
      2. 21.4.2. Example Output
    5. 21.5. General Hints
    6. 21.6. Porting to Apache 2.0
  24. A. The Apache 1.x API
    1. A.1. Pools
    2. A.2. Per-Server Configuration
    3. A.3. Per-Directory Configuration
    4. A.4. Per-Request Information
    5. A.5. Access to Configuration and Request Information
    6. A.6. Functions
      1. A.6.1. Pool Functions
      2. A.6.2. Array Functions
      3. A.6.3. Table Functions
      4. A.6.4. Cleanup Functions
      5. A.6.5. File and Socket Functions
      6. A.6.6. Regular Expression Functions
      7. A.6.7. Process and CGI Functions
      8. A.6.8. MD5 Functions
      9. A.6.9. Synchronization and Thread Functions
        1. A.6.9.1. Mutex functions
        2. A.6.9.2. Semaphore functions
        3. A.6.9.3. Event functions
        4. A.6.9.4. Thread functions
      10. A.6.10. Time and Date Functions
      11. A.6.11. String Functions
      12. A.6.12. Path, Filename, and URL Manipulation Functions
      13. A.6.13. User and Group Functions
      14. A.6.14. TCP/IP and I/O Functions
      15. A.6.15. Request-Handling Functions
      16. A.6.16. Timeout and Alarm Functions
      17. A.6.17. Configuration Functions
      18. A.6.18. Configuration Information Functions
      19. A.6.19. Server Information Functions
      20. A.6.20. Logging Functions
      21. A.6.21. Piped Log Functions
      22. A.6.22. Buffering Functions
      23. A.6.23. URI Functions
      24. A.6.24. Miscellaneous Functions
  25. Index
  26. About the Authors
  27. Colophon
  28. Copyright