Info 321 server technologies ii
Download
1 / 146

Choosing a web server - PowerPoint PPT Presentation


  • 416 Views
  • Updated On :

INFO 321 Server Technologies II. 1. Apache. Apache is synonymous with a web server app, but the Apache HTTP Server is just one project of the ten-year-old Apache Software Foundation (ASF) There are dozens of Foundation projects

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Choosing a web server' - Pat_Xavi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Info 321 server technologies ii l.jpg

INFO 321Server Technologies II

Weeks 5-6

1


Apache l.jpg
Apache

Apache is synonymous with a web server app, but the Apache HTTP Server is just one project of the ten-year-old Apache Software Foundation (ASF)

There are dozens of Foundation projects

They state “We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.”

Material from http://httpd.apache.org/ and notes by Dr. Randy Kaplan

Weeks 5-6

2


Overview l.jpg
Overview

This set of notes is divided into these sections

Web Server functionality

Choosing a web server

Installing Apache

Running Apache

Virtual Hosting

Authentication

Indexing

Alias and Redirect

Proxying



Web server protocols l.jpg
Web Server protocols

The main purpose of a web server is to handle HTTP and related protocols

DNS

FTP

HTTPS

Gopher, Telnet, etc. are also possible

For more info on these protocols, see the chapter 2 notes for INFO 330

Weeks 5-6

5


Web server protocols6 l.jpg
Web Server protocols

DNS uses UDP as its transport layer protocol

Connectionless, unreliable

The other protocols use TCP for transport

Connection oriented between host computers

Reliable

All protocols work by passing text messages back and forth

Weeks 5-6

6


Web server wish list l.jpg
Web Server Wish List

Run fast

Handle lots of requests with minimal hardware

Support multitasking

Deal with more than one request at a time

Need to maintain workload without shutting the server down

Authenticate requestors

Weeks 5-6

7


Web server wish list8 l.jpg
Web Server Wish List

Respond to errors in the messages it gets, and tell what is going on

Negotiate a style and language of response with the requestor

Support a variety of formats

Run as a proxy server

Be secure

Weeks 5-6

8


What does a web server do l.jpg
What Does a Web Server Do?

Translate a URL into a file name or a program name

If a file – return the file over the Internet

If a program – run the program, and send the output back over the Internet

URL = Uniform Resource Locator

Has three parts –<scheme>://<host>/<path>

Weeks 5-6

9


How does apache work l.jpg
How Does Apache Work?

Runs under a suitable multitasking operating system

Binary is called httpd under Unix

Binary is called apache.exe under Win32

Each copy of httpd or apache.exe has its attention directed at a web site

For our purposes, the web site is a directory

Weeks 5-6

10


Apache and tcp ip l.jpg
Apache and TCP/IP

A computer has a connection to the outside world, called an interface

Identify interface by a socket or port number

The server decides how to handle different requests because the four byte (32 b) IPv4 address that leads the request to its interface is followed by a two byte (16 b) port number

Weeks 5-6

11


Apache and tcp ip12 l.jpg
Apache and TCP/IP

Requests arrive on an interface for a number of different services offered by the server using different protocols

Network News Transfer Protocol (NNTP)

Simple Mail Transfer Protocol (SMTP)

Domain Name Service (DNS)

HTTP (WWW)

Weeks 5-6

12


Apache and tcp ip13 l.jpg
Apache and TCP/IP

Different services attach to different ports

NNTP: port number 119

SMTP: port number 25

DNS: port number 53

HTTP: port number 80

Weeks 5-6

13


Apache and tcp ip14 l.jpg
Apache and TCP/IP

UNIX/Linux

Port numbers below 1024 can only be used by the superuser (root)

Prevents other users from running programs masquerading as standard services

Win32

Under Win32 there is currently no security directly related to port numbers and no superuser

Weeks 5-6

14


How does apache work15 l.jpg
How Does Apache Work?

Idling state –

Listens to the IP addresses specified in its config files (important foreshadowing…)

When a request appears –

Apache receives it and analyzes the headers

Applies the rules in the config file

Takes the appropriate action

Weeks 5-6

15


How http clients work l.jpg
How HTTP Clients Work

When a URL (beginning http://) is sent to a browser,

The browser reads ‘http:’ and determines it should be using the HTTP protocol to communicate with web servers

A name server (DNS) is contacted to translate the host name in a URL to an IP address

Weeks 5-6

16


Apache and domain servers l.jpg
Apache and Domain Servers

It is the role of the DNS (Domain Name Server) to translate a computer’s telephone number (IP address) into a human readable (and memorable) name

Weeks 5-6

17


Dns errors l.jpg
DNS Errors

Suppose Apache is given a URL which does not have a trailing /

Apache will add a trailing / and try to access the URL again (called redirection)

Then use DNS to resolve the IP address

Weeks 5-6

18


Handling multiple web sites l.jpg
Handling Multiple Web Sites

The utility ifconfig binds IP addresses to physical interfaces (e.g. Ethernet ports)

ifconfig also allows binding multiple IP addresses to a single interface

A client can switch from one IP address to another while maintaining service

This is known as IP Aliasing

Weeks 5-6

19


Choosing a web server l.jpg

Choosing a web server

Weeks 5-6

20


Why choose apache l.jpg
Why choose Apache?

Apache has been the dominant web server app since 1996

Open source enables its source code to be examined by thousands of eyes

Substantially more reliable

Apache is extensible

Apache is freeware

Weeks 5-6

21


Other choices l.jpg
Other choices

Other web server apps include

Microsoft IIS or PWS

Google GWS

Lighttpd

Zeus ZWS

nginx

Sun (includes Netscape and Netsite variants)

Weeks 5-6

22


Apache market share l.jpg
Apache market share

Apache has been the leading web server since March 1996, but is losing ground

According to Netcraft surveys

In November 2005, Apache supported 71 percent of domains, more than 50% ahead of Microsoft IIS (20.2 percent) (N=74.6 million)

By June 2009, Apache had 47.12%, versus Windows (IIS and PWS) had 24.80% of the 238 million domains reporting

Weeks 5-6

23


Apache as in indian l.jpg
Apache as in Indian?

“The name 'Apache' was chosen from respect for the Native American Indian tribe of Apache (Indé), well-known for their superior skills in warfare strategy and their inexhaustible endurance.” (Apache FAQ)

Weeks 5-6

24


Apache version platforms l.jpg
Apache version & platforms

Apache is on version 2.2.17 (released Oct 19, 2010) and changes slowly

Most Linux distributions are a little behind the current release

Old releases (2.0.x and 1.3.x) are maintained

Apache runs on 32-bit Windows flavors, UNIX/Linux, and even NetWare (!)

Weeks 5-6

25


Installing apache l.jpg

Installing Apache

Weeks 5-6

26


Apache prereqs l.jpg
Apache prereqs

To install Apache, you need:

An Internet connection helps

Disk space – 50 MB to install, about 10 MB to run, depending on options

An ANSI-C compiler, such as the GNU C compiler (GCC) from the Free Software Foundation (FSF)

The Windows version can obtained in .exe form

Weeks 5-6

27


Apache prereqs28 l.jpg
Apache prereqs

Accurate time keeping such as the ntpdate or xntpd programs

Some parts of HTTP are based on time of day, so some form of NTP support is needed

Perl5 is needed for a few options

The utilities apr and apr-utilneed to be version 1.2

Upgrade them separately if needed, but they are included with Apache source code

Weeks 5-6

28


Overview apache install l.jpg
Overview – Apache install

Download

$ lynx http://httpd.apache.org/download.cgi

Extract

$ gzip -d httpd-NN.tar.gz

$ tar xvf httpd-NN.tar

$ cd httpd-NN

Configure

$ ./configure --prefix=PREFIX

Weeks 5-6

29


Overview apache install30 l.jpg
Overview – Apache install

Compile

$ make

Install

$ make install

Customize

$ vi PREFIX/conf/httpd.conf

Test

$ PREFIX/bin/apachectl -k start

Weeks 5-6

30


Overview apache install31 l.jpg
Overview – Apache install

NN must be replaced with the current version number (e.g. 2.2.17)

PREFIX must be replaced with the file system path under which the server should be installed

If PREFIX is not specified, it defaults to /usr/local/apache2

Weeks 5-6

31


Download l.jpg
Download

Most UNIX/Linux users will want to download Apache and compile it locally

After download, use PGP to verify the download’s integrity, e.g.

% pgp -ka KEYS

% pgp apache_1.3.24.tar.gz.asc

This verifies against the MD5 or PGP message digest ASCII file

Weeks 5-6

32


Extract l.jpg
Extract

This set of steps decompresses the tarball, extracts the tarball, and changes to the source code directory

$ gzip -d httpd-NN.tar.gz

$ tar xvf httpd-NN.tar

$ cd httpd-NN

Notice this is using the tar command we saw in the Backup section

Weeks 5-6

33


Configure l.jpg
Configure

Now things get messy!

The basic configure script, if you’re using the default PREFIX, can be run using

$ ./configure

The configure script allows you to select which features are active on your host

You can also change where specific files are installed, for example

Weeks 5-6

34


Apache architecture l.jpg
Apache architecture

Apache is a modular server

This implies that only the most basic functionality is included in the ‘core’ server

Even core functionality can be disabled

Extended features are available through modules which can be loaded into Apache

Weeks 5-6

35


Apache architecture36 l.jpg
Apache architecture

By default, a base set of modules is included in the server at compile-time

If the server is compiled to use dynamically loaded modules, then modules can be compiled separately and added at any time using the LoadModule directive

Otherwise, Apache must be recompiled to add or remove modules

Weeks 5-6

36


Some types of module status l.jpg
Some types of module status

Base

A module having "Base" status is compiled and loaded into the server by default

Extension

A module with "Extension" status is not normally compiled and loaded into the server; to enable the module and its functionality, you need to change the server build configuration files and re-compile Apache

External

Modules which are not included with the base Apache distribution ("third-party modules") may use the "External" status

Weeks 5-6

37


Apache architecture38 l.jpg
Apache architecture

Apache terminology note:

Features are implemented by modules, which are installed or not with your copy of Apache

Once installed, they can be enabled or disabled to allow them to run or not

Dozens of modules are enabled by default, so you’d have to explicitly disable them

The most dangerous one is --disable-http

Weeks 5-6

38


Apache architecture39 l.jpg
Apache architecture

Likewise, many modules are disabled by default, so you have to enable them explicitly

For example, --enable-ssl enables support for SSL/TLS provided by mod_ssl

Be very careful, misspelled features are ignored, without error message!

--enable-sssl will do nothing

Weeks 5-6

39


Configure script vs file l.jpg
Configure script vs. file

KEY POINT: Apache has a configure script which enables modules

./configure

And a configuration file (or several) which contain directives

PREFIX/conf/httpd.conf

Both are very important and powerful tools, but are completely separate!

Weeks 5-6

40


Configure41 l.jpg
Configure

The general syntax for enabling and disabling is

--disable-FEATURE

Do not include FEATURE; This is the same as --enable-FEATURE=no

--enable-FEATURE[=ARG]

Include FEATURE; the default value for ARG is yes

Weeks 5-6

41


Configure42 l.jpg
Configure

Less often used enabling options include

--enable-MODULE=shared

The corresponding module will be build as a DSO (dynamically shared) module; will be enabled if you use the --enable-mods-shared option

--enable-MODULE=static

By default, enabled modules are linked statically; you can force this explicitly

Weeks 5-6

42


Packages l.jpg
Packages

The configure script can invoke packages, which are typically third party features

--with-PACKAGE[=ARG]

Use the package PACKAGE; the default value for ARG is yes

Often these tell where to find specific libraries or databases

Weeks 5-6

43


Environment variables l.jpg
Environment variables

The configure script can also set environment variables

These mostly describe what C compiler or flags to use, or the location of compile libraries

Weeks 5-6

44


Configure summary l.jpg
./configure summary

So the Apache configure script controls which modules are enabled or not

When an ISP tells you they support SSL, Perl, etc., they are implying which modules they installed (if they’re using Apache)

Weeks 5-6

45


Build and install l.jpg
Build and Install

$ make

$ make install

These are the traditional Unix commands to build and install an app

They’ll take a while, especially make, since it includes compiling all the source code

Weeks 5-6

46


Customize l.jpg
Customize

The file PREFIX/conf/httpd.confis a customization focal point for Apache

Apache is configured by placing directives in plain text configuration files

Apache configuration files contain one directive per line

httpd.conf is the main file, but other config files can be linked from it via an Include directive

Weeks 5-6

47


Apache configuration l.jpg
Apache configuration

Webmaster’s main control over Apache is through the config file

The webmaster has 412 directives at their disposal

We’ll get to this soon…

No, not all of them 

Weeks 5-6

48


Apache directory structure l.jpg
Apache directory structure

First steps

In Apache, what exactly is a “web site”

A web site is a directory somewhere on the server

Every Apache web site directory contains at least three (and maybe a fourth) subdirectories

INFO 321

Weeks 5-6

49


Apache directory structure50 l.jpg
Apache directory structure

Regardless of OS, a site directory has

conf

Contains the important configuration file httpd.conf

htdocs

Contains the HTML documents, images, data and other files to be served up to the site’s clients

These directories and subdirectories, the web space, are accessible to anyone on the Web

INFO 321

Weeks 5-6

50


Apache directory structure51 l.jpg
Apache directory structure

logs

Contains the log files – history of accesses and errors

cgi-bin

Contains CGI scripts that are needed

If you don’t use scripts (CGI) you don’t need this directory

INFO 321

Weeks 5-6

51


Running apache l.jpg

Running Apache

Weeks 5-6

52


Running apache from the command line l.jpg
Running Apache from the Command Line

If the conf subdirectory is not the default location (it usually is not), you need to tell Apache where it is

httpd –d /usr/wwww/APACHE3/example.site


When apache is started l.jpg
When Apache is started

It sits and waits in the background, waiting for a client’s request to arrive

After all, it’s a server app!

When a request arrives, Apache attempts to respond to it or generates an error and places this in the log file


Configuration file l.jpg
Configuration File

Apache has a default configuration file

This file covers almost every option that Apache supports

It is quite complicated

It is better, at least in the beginning, to create your own, simpler configuration file


Firing up the server l.jpg
Firing up the server

Suppose we have a web site contained in a folder named 321

The command to run Apache hosting this web site would be –

httpd –d /usr/local/apache2/htdocs/321

If you will use this command a lot it is good idea to create a script file that contains it


If all goes well l.jpg
If all goes well …

Look in /usr/local/apache2* for the new executables

* Or wherever your PREFIX is

Use ls –l to see the timestamps

INFO 321

Weeks 5-6

57


Killing apache l.jpg
Killing Apache

To kill Apache, you must kill the main process and all of its children

One way to accomplish this is to get all processes with the name httpd

ps awlx | grep httpd

And then kill all of the poor innocent helpless processes –

killall httpd



Killing the server gracefully l.jpg
Killing the server … gracefully

A utility (program) is supplied with Apache called apachectl (= Apache control?)

It can be used to start and stop Apache and perform other utility operations


Apachectl l.jpg
apachectl

Syntax is

/usr/local/apache2/bin apachectl (start|stop|restart|fullstatus|status| graceful|configtest|help)

start  start httpd

stop  stop httpd

restart  restart httpd if running


Apachectl62 l.jpg
apachectl

/usr/local/apache2/bin apachectl (start|stop|restart|fullstatus|status| graceful|configtest|help)

fullstatus  dumps a full status screen

status  dumps a short status screen

graceful  do a graceful restart or start if not running

configtest  do a configuration syntax test

help  display command listing


Default problems l.jpg
Default Problems

If you get the message –

fopen: No such file or directory

httpd: could not open error log file …

Then to httpd.conf add the line –

Errorlog logs/error_log


Default problems64 l.jpg
Default Problems

If Apache still fails to start, and you get a message in /logs/error_log:

… No such file or directory.: could not open mime types …

In the httpd.conf file add the line –

TypesConfig conf/mime.types


Default problems65 l.jpg
Default Problems

If Apache still fails to start, and you get this message in the /log/error_log file –

fopen: no such file or directory

httpd: could not log pid to file …

In httpd.conf you need to add the line –

PIDFile logs/httpd.pid


A small but complete httpd conf l.jpg
A Small But Complete httpd.conf

user webroot

Group webgroup

ServerName myServerName

DocumentRoot /usr/local/apache2/htdocs/

# to fix common problems, uncomment these

#ServerRoot /usr/local/apache2/htdocs

#ErrorLog logs/error_log

#PIDFile logs/httpd.pid

#TypesConfig conf/mime.types



Testing to see the server l.jpg
Testing to See the Server

In a command line, type

telnet myServerName 80

Response should be –

Trying to connect to 192.168.2.223

Connected to myServerName.my.domain

Escape character is ‘^]’


Testing to see the server69 l.jpg
Testing to See the Server

Type –

GET / HTTP/1.0 <CR><CR>

You should see –

HTTP/1.0 200 OK

Sat, 28 Jan 2006 23:49 GMT

Server: Apache/1.3

Connection: close

Content-Type: text/html


Httpd conf directives l.jpg
httpd.conf Directives

ServerName

Gives the hostname of the server to use when creating redirection URLs

DocumentRoot

Directory from which Apache will serve files

Default: /usr/local/apache2/htdocs


Httpd conf directives71 l.jpg
httpd.conf Directives

ServerRoot

Where conf and logs can be found

Default: /usr/local/etc/httpd

ErrorLog

The name of the file to which the server will log any errors it encounters

Default: Errorlog logs/error_log


Httpd conf directives72 l.jpg
httpd.conf Directives

PIDFile

Allows the location of the file containing the PID to be changed

Default: logs/httpd.pid

TypesConfig

Path and filename to find the mime.types file if it is not in the default location

Default: conf/mime.types


Httpd conf directives73 l.jpg
httpd.conf Directives

LoadModule

Links in the specified object file or library

Adds the module structure to the list of active modules

AddModule

Enables a module that has been compiled into Apache but is not in use


Virtual hosting l.jpg

Virtual Hosting

Weeks 5-6

74


Virtual hosts l.jpg
Virtual Hosts

Let’s make the following assumptions –

We run a business that has been running a web site

We are ready to expand and have a need for more than one web site

As our business has grown we need to set up an Intranet for employees

The existing web server (Extranet) is for customers


Virtual hosts76 l.jpg
Virtual Hosts

Two approaches

Approach 1

Run a single copy of Apache

Maintain two web sites as virtual sites

Approach 2

Run two copies of Apache

Each copy maintains a single site

Allows optimization of Apache to a web site


Name based virtual hosts l.jpg
Name-based Virtual Hosts

Preferred method of managing virtual hosts

Takes advantage of the ability of HTTP 1.1 compliant browsers

Browser supports host header – specifies the name of the site they want to access


Sample config file l.jpg
Sample Config File

User webuser

Group webgroup

NameVirtualHost 192.168.123.2

<VirtualHost www.MyCompany.com>

ServerName www.MyCompany.com

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerName intranet.MyCompany.com

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

</VirtualHost>

Key directive

Tells Apache that requests to the IP will be subdivided by name


Namevirtual host l.jpg
NameVirtual Host

Key directive tells Apache that requests to that IP number will be subdivided by name

The ServerName directive provides a name for Apache to return to the client

NameVirtualHost allows you to specify –

IP addresses of your name-based virtual host

A port number can be added if necessary


Namevirtualhost l.jpg
NameVirtualHost

If an IP address is added it needs to match the IP address at the top of a <VirtualHost> block

A ServerName directive must be included

The ServerName directive must be followed by a registered name


Resolving a virtual host l.jpg
Resolving a Virtual Host

When Apache receives a request to a named host –

The <VirtualHost> blocks are scanned for a match of the IP address declared with a NamedVirtualHost directive to find one that includes the requested servername


Ip based virtual hosts l.jpg
IP-Based Virtual Hosts

Because the web is primarily IP addressed based, it makes sense to be able to do IP-based virtual hosting

The next config file accomplishes this style of virtual hosting


Ip based virtual hosting l.jpg
IP-Based Virtual Hosting

User webuser

Group webgroup

<VirtualHost www.MyCompany.com>

ServerName www.MyCompany.com

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerName intranet.MyCompany.com

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

</VirtualHost>


Ip based virtual hosting84 l.jpg
IP-Based Virtual Hosting

What’s Different?

No NameVirtualHost directive

Need ServerName directive


Mixed name ip based virtual hosts l.jpg
Mixed Name/IP-Based Virtual Hosts

In this case some of our virtual web sites will be accessed via name and others will be access via IP addresses

A useful approach when wanting to set up a web site for testing and limited exposure

The typical user will have no need to access a web site by IP address


Mixed name ip based virtual hosts86 l.jpg
Mixed Name/IP-Based Virtual Hosts

User webuser

Group webgroup

NameVirtualHost 192.168.123.2

<VirtualHost www.MyCompany.com>

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost 192.168.123.3>

ServerName test-new.MyCompany.com

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site3.virtual/htdocs/new-test

ErrorLog /usr/local/apache2/site3.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site3.virtual/htdocs/logs/access_log

</VirtualHost>



Authentication88 l.jpg
Authentication

Client sends username and password to Apache

Apache determines if the user is a valid one for access to the web site

Access to a site or database can be controlled precisely by the web master


Authentication89 l.jpg
Authentication

Can also be given to groups

Groups can be given or denied access as a whole

Let’s make the following assumption –

Bill and Ben are the group directors in our business

Betsy and Mike are in the group staff

Password will be “password” for all


Authentication90 l.jpg
Authentication

User webuser

Group webgroup

NameVirtualHost 192.168.123.2

<VirtualHost www.MyCompany.com>

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site1.virtual/htdocs/extranet

ErrorLog /usr/local/apache2/site1.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site1.virtual/htdocs/logs/access_log

</VirtualHost>

<VirtualHost intranet.MyCompany.com>

ServerAdmin [email protected]

DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet

ErrorLog /usr/local/apache2/site2.virtual/htdocs/logs/error_log

TransferLog /usr/local/apache2/site2.virtual/htdocs/logs/access_log

<Directory DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet>

AuthType Basic

AuthName darkness

AuthUserFile /usr/local/apache2/validUsers/intranetUsers

AuthGroupFile /usr/local/apache2/validGroups/intranetGroups

Require valid-user

</Directory>

</VirtualHost>


Authentication91 l.jpg
Authentication

Let’s examine the new part in detail:

<Directory DocumentRoot /usr/local/apache2/site2.virtual/htdocs/intranet>

AuthType Basic

AuthName darkness

AuthUserFile /usr/local/apache2/validUsers/intranetUsers

AuthGroupFile /usr/local/apache2/validGroups/intranetGroups

Require valid-user

</Directory>


Authentication92 l.jpg
Authentication

AuthType Basic –

Turns on authentication (a key directive), and specifies the type thereof (Basic, not MD5)

Requires AuthName, AuthUserFile, and AuthGroupFile to be specified as well

AuthName directive

Gives the name of the realm in which users’ names and passwords are valid

If more than one, enclose in quotes (“”)


Authentication93 l.jpg
Authentication

AuthUserFile directive

Contains usernames and encrypted passwords

AuthGroupFile directive

Contains the correspondence between users and groups


Authentication passwords l.jpg
Authentication – Passwords

Passwords are managed by the Apache utility htpasswd

Find the source for this utility in the support subdirectory of the Apache directory tree

Compiled with –

make htpasswd


Htpasswd l.jpg
htpasswd

Once compiled we can ask it for some help

htpasswd -?

This will return (as usual) the use of the command and the options supported in the command line


Htpasswd96 l.jpg
htpasswd

Usage:

htpasswd [-cmdps] passwordfile username

htpasswd –b[cmdps] passwordfile username password

-c Create a new file

-m Force MD5 encryption of the password

-d Force CRYPT encryption of the password (default)

-p Do not encrypt the password – plaintext

-s Force SHA encryption of the password

-b Use the password from the command line rather than prompting for it


Htpasswd97 l.jpg
htpasswd

Example –

htpasswd –m –c /usr/local/apache2/validUsers/intranetUsers bill

Once this command is entered you will be prompted for the password twice

You might have a look in the password file to see what was entered there

If you use the –c option on an existing password file, a new one will be created without warning, so be careful when using this option


Other approaches to control access l.jpg
Other approaches to control access

Apache provides directives to control access precisely

These include –

Allow

Deny

Order


Allow from directive l.jpg
Allow from directive

allow from host host … directory, .htaccess

Controls access to a directory

Host can be one of the following –

all – all hosts are allowed access

A partial domain name

Hosts whose names match or end in this string are allowed access

A full IP address

Used to restrict to subnets

1 – 3 bytes of the IP are used

Network/netmask pair

Network CIDR specification (some number of bits)


Allow from env directive l.jpg
Allow from env directive

Controls access by the existence of a named environment variable, for example

BrowserMatch ^KnockKnock/2.0 let_me_in

<Directory /docroot>

order deny, allow

deny from all

allow from env=let_me_in

</Directory>


Allow from env directive101 l.jpg
Allow from env directive

BrowserMatch ^KnockKnock/2.0 let_me_in

This is a directive that sets an environment variable, let_me_in

The pattern to be matched to set the environment variable is ^KnockKnock/2.0


Deny from directive l.jpg
Deny from directive

Controls access by host, such as:

deny from host host

Where host can be one of the following –

all

all hosts are denied access

A partial domain name

all hosts whose name match or end in this string are denied access

A full IP address

the first one to three bytes are denied access, for subnet restriction

A network/netmask pair

network a.b.c.d and netmask w.x.y.z are denied access


Deny from env directive l.jpg
Deny from env directive

Controls access by the existence of a named environment variable, for example

BrowserMatch ^BadRobot/0.9 go_away

<Directory /docroot>

order allow, deny

allow from all

deny from env=go_away

</Directory>


Order directive l.jpg
Order directive

Usage

order ordering

The ordering argument is one word

Controls the order in which the foregoing allow or deny directives are applied

If two order directives apply to the same host, the last one to be evaluated prevails


Order directive105 l.jpg
Order directive

Ordering

deny,allow

Deny directives are evaluated for allow directives (default)

allow,deny

The allow directives are evaluated before the denys. The user will still be rejected if a deny is encountered


Order directive106 l.jpg
Order directive

Ordering

mutual-failure

Hosts that appear on the allow list and do not appear on any deny list are allowed to access


Order directive examples l.jpg
Order directive examples

allow from all

Lets everyone in

allow from 123.156

deny from all

Denys everyone except those whose IP addresses happen to begin with 123.156

Allow is applied last


Order directive examples108 l.jpg
Order directive examples

order allow,deny

allow from 123.156

deny from all

The whole site is closed

Deny is applied last



Indexing110 l.jpg
Indexing

An index provides a listing of the files that are in a web site

If no file like index.html is prepared then Apache will prepare its own rudimentary index to access the web site

It is also possible to use Apache to create better indices


Indexing111 l.jpg
Indexing

The directive (in the config file) IndexOption makes Apache create an index on the fly

The index will be displayed when there is no file index.html


Indexing example l.jpg
Indexing - Example

Config File

Turn on indexing



Indexing114 l.jpg
Indexing

The directive for indexing is quite complex (lots of options) but it deserves to be examined as it provides valuable functionality

Assume the latest version of Apache

IndexOptions [+|-]option [[+|-]option] …


Indexing115 l.jpg
Indexing

Options

DescriptionWidth

FancyIndexing

FoldersFirst

IconHeight

IconWidth

NameWidth

ScanHTMLTitles

SuppressColumnSorting

SuppressDescription

SuppressHTMLPreamble

SuppressLastModified

SuppressSize

TrackModified

IndexOrderDefault

ReadmeName

FancyIndexing

IndexIgnore

AddIcon

AddAlt

AddDescription

DefaultIcon

AddIconByType

AddAltByType

AddIconBy Encoding

AddAltbyEncoding

HeaderName


Indexing116 l.jpg
Indexing

With so many options, which ones are important or more useful?


Indexing117 l.jpg
Indexing

The effect of most of these options is apparent from its name

DescriptionWidth

FancyIndexing

FoldersFirst

IconHeight

IconWidth

NameWidth

ScanHTMLTitles

SuppressColumnSorting

SuppressDescription

SuppressHTMLPreamble

SuppressLastModified

SuppressSize

TrackModified


Indexing118 l.jpg
Indexing

IndexOrderDefault

This option is used to specify the ordering of the entries in the index. You can specify ascending, descending, by name, date, size, and description

ReadmeName

The ReadmeName is the name of the file that will be appended to the end of the index listing

HeaderName

Inserts a header, read from a file, at the top of the page


Indexing119 l.jpg
Indexing

These options deal with specifying the icons that are displayed with index entries and the alternate text that is used

AddIcon

AddAlt

AddDescription

DefaultIcon

AddIconByType

AddAltByType

AddIconBy Encoding

AddAltbyEncoding



Redirection l.jpg
Redirection

Two directives allow requests to be shunted around your file system

Directives

Alias

Redirect

These directives allow HTML files to be moved around a file server


Alias directive l.jpg
Alias Directive

Alias

A legitimate purpose of the ALIAS directive is to be able to logically place files around the server

File could also be placed on other servers

In this way, files can be maintained by their owners


Alias directive123 l.jpg
Alias Directive

Alias

Useful directive

Store documents elsewhere

Demonstration

Create a new directory

/usr/local/apache2/htdocs/somewhere_else

Put a file named lost.txt in this directory with the contents

I am somewhere else

Add the following line to the conf file

Alias /somewhere_else /usr/local/apache2/htdocs/somewhere_else


Alias directive124 l.jpg
Alias Directive

If you now access this directory via the browser (as a named directory off of the root) you will see the following –

Index of /somewhere_else

. Parent Directory

. lost.txt


Alias directive125 l.jpg
Alias Directive

Use –

Alias url_path directory_or_filename

Map a user’s resource URL to its physical location in the file system


Aliasmatch l.jpg
AliasMatch

Use –

AliasMatch regex directory_or_filename

Like ScriptAliasMatch

Takes a regular expression as the first argument otherwise it works like Alias


Redirect directive l.jpg
Redirect Directive

Use –

Redirect [status] url-path url

Maps an old URL to a new one; the new URL is returned to the client

The client attempts to access the information again using the new URL, for example –

Redirect /service http://foo2.bar.com/service

If the user requests http://myserver/service/foo.txt it will be told to access http://foo2.bar.com/service/foo.txt


Redirect directive128 l.jpg
Redirect Directive

If no status argument is given, the status is temporary

The status argument can be used to return HTTP status codes

Status –

permanent

Returns a redirect status of 301 indicating the resource has moved permanently

temp

Returns a redirect status of 302 indicating the resource has move temporarily

seeother

Returns a status 303 indicating the resource has been replaced

gone

Returns a status 410 indicating the resource has been permanently removed


Redirectmatch directive l.jpg
RedirectMatch Directive

Use –

RedirectMatch regex url

Uses a regular expression to specify the resource to be redirected



Proxying131 l.jpg
Proxying

Don’t connect a busy web site straight to the web – Why?

Better performance

Cache popular web pages

Distribute requests among a number of servers

Give the bad guys more defended ground to get past

Give local users protected by a firewall access to the Internet


Proxying132 l.jpg
Proxying

Security

Keep the the bad guys out of the network

To do this, keep the network hidden behind a firewall

Doing this shuts off access to the Internet

A proxy server is used to create access to the Internet


Proxying133 l.jpg
Proxying

As with other functionality with Apache, directives in the .conf file specify proxy functionality

In this capacity, Apache is acting as an agent to send user’s requests out to the Internet


Proxy directives l.jpg
Proxy Directives

A new site will be created named proxy

This site has three subdirectories –

cache

proxy

real


Sample config l.jpg
Sample Config

User webuser

Group webgroup

ServerName www.myCompany.com

Port 8000

ProxyRequests on

CacheRoot /usr/local/apache2/proxy/cache

CacheSize 1000


Sample config136 l.jpg
Sample Config

ProxyRequests on

Turns proxy serving on

CacheRoot /usr/local/apache2/proxy/cache

Sets the directory to contain cache files

Must be writable by Apache

CacheSize 1000

Specifies the size of the cache area in KB


Setup l.jpg
Setup

Cache directory

Needs to be set up carefully

Owner = webuser

Group = webgroup

The browser must be told you are going to access the web via a proxy

To do this you specify the IP address of the proxy server and the port 8000


Setup138 l.jpg
Setup

Proxy setting panel from Firefox (see Tools > Options > Advanced > Network tab, Settings)


Proxy simulation l.jpg
Proxy Simulation

Four elements needed to test the proxy server functionality

A browser configured to access the web via proxy

A firewall (real or imaginary)

Copy of Apache running the proxy

Copy of Apache running the website


Proxy simulation140 l.jpg
Proxy Simulation

One copy of Apache will run with the Proxy configuration file

User webuser

Group webgroup

ServerName www.myCompany.com

Port 8000

ProxyRequests on

CacheRoot /usr/local/apache2/proxy/cache

CacheSize 1000

Since we are simulating this on a single computer, we will use port 8000 as the port to receive proxy requests


Proxy simulation141 l.jpg
Proxy Simulation

The web server will use the following configuration (we are simulating a site out on the web by running Apache as a web server)

Config for the web site

User webuser

Group webgroup

ServerName www.myCompany.com

Listen www.myCompany.com:80

DocumentRoot /usr/local/apache2/real/htdocs


Proxy simulation142 l.jpg
Proxy Simulation

In /etc/hosts we place the following entry –

192.168.124.1 www.myCompany.com

This simulates DNS registration for www.myCompany.com

Notice this domain will be on a different subnet than the one we have been using


Proxy simulation143 l.jpg
Proxy Simulation

Next we need to configure the Ethernet interface for the simulation

We will use the following commands –

ifconfig eth0 192.168.123.2

ifconfig eth0 192.168.123.3 alias netmask 0xFFFFFFFF

ifconfig eth0 192.168.124.1 alias


Proxy simulation144 l.jpg
Proxy Simulation

Start a copy of Apache for each of the config files and sites

At this point you can fire up your configured browser and enter the URL

http://192.168.124.1

You should see the site’s web page displayed

But how do you know the site is being proxy served?


Proxy simulation145 l.jpg
Proxy Simulation

Go to the browser and reconfigure to NOT use a proxy

Now, enter the URL again

http://192.168.124.1

You should get a network error


References l.jpg
References

Apache Web Server

Apache FAQ

Web server 2.2 documentation

The configure script

apache.conf directives index

Netcraft web server survey

Apache Week (online periodical)

Weeks 5-6

146


ad