pro_apache_third_edition..pdf

时间:2022-09-05 04:40:46
【文件属性】:

文件名称:pro_apache_third_edition..pdf

文件大小:4.66MB

文件格式:PDF

更新时间:2022-09-05 04:40:46

OSGi Apache  third edition

Contents About the Author...............................................................................................xix About the Technical Reviewer and Contributing Author.................xxi Chapter1 Apache and the Internet..............................................1 Apache: The Anatomy of a Web Server.........................................................1 The Apache Source .............................................................................................1 The Apache License............................................................................................1 Support for Apache.............................................................................................2 How Apache Works..............................................................................................3 The Hypertext Transfer Protocol..................................................................7 HTTP Requests and Responses..........................................................................7 HTTP Headers...................................................................................................12 Networking and TCP/IP......................................................................................13 Definitions.........................................................................................................13 Packets and Encapsulation...............................................................................14 ACKs, NAKs, and Other Messages....................................................................15 The TCP/IP Network Model.............................................................................16 Non-IP Protocols...............................................................................................19 IP Addresses and Network Classes...................................................................19 Special IP Addresses..........................................................................................20 Netmasks and Routing......................................................................................21 Web Services: Well-Known Ports......................................................................23 Internet Daemon: The Networking Super Server...........................................24 The Future: IPv6................................................................................................25 Networking Tools...............................................................................................26 Server Hardware...................................................................................................29 Supported Platforms.........................................................................................29 Basic Server Requirements...............................................................................30 Memory..............................................................................................................31 Network Interface..............................................................................................32 Internet Connection.........................................................................................32 Hard Disk and Controller.................................................................................33 Operating System Checklist.............................................................................33 Redundancy and Backup..................................................................................34 Specific Hardware Solutions............................................................................35 Get Someone Else to Do It.............................................................................36 Summary....................................................................................................................36 v 3006_Ch00_CMP2 12/14/03 8:56 AM Page v Chapter 2 Getting Started with Apache.................................37 Installing Apache..............................................................................................38 Getting Apache..................................................................................................38 Installing Apache from Binary Distribution....................................................39 Installing Apache from Source.........................................................................41 Installing Apache from Prebuilt Packages.......................................................41 Installing Apache by Hand...............................................................................45 Upgrading Apache.............................................................................................47 Other Issues.......................................................................................................49 Basic Configuration..........................................................................................50 Decisions............................................................................................................50 Introducing the Master Configuration File.....................................................55 Other Basic Configuration Directives..............................................................56 Starting, Stopping, and Restarting the Server.................................57 Starting Apache on Unix...................................................................................58 Starting Apache on Windows...........................................................................59 Invocation Options...........................................................................................60 Restarting the Server.........................................................................................73 Stopping the Server...........................................................................................75 Starting the Server Automatically....................................................................76 Testing the Server............................................................................................81 Testing with a Browser......................................................................................82 Testing from the Command Line or a Terminal Program..............................82 Testing the Server Configuration Without Starting It.....................................85 Getting the Server Status from the Command Line.......................................86 Using Graphical Configuration Tools.......................................................86 Comanche..........................................................................................................87 TkApache...........................................................................................................91 LinuxConf..........................................................................................................91 Webmin..............................................................................................................91 ApacheConf.......................................................................................................97 Other Configuration Tools................................................................................99 Summary..................................................................................................................100 Chapter 3 Building Apache the Way You Want It...........101 Why Build Apache Yourself?.........................................................................101 Verifying the Apache Source Archive.............................................................103 Building Apache from Source......................................................................105 Configuring and Building Apache.................................................................106 Determining Which Modules to Include.......................................................111 Building Apache As a Dynamic Server..........................................................116 Contents vi 3006_Ch00_CMP2 12/14/03 8:56 AM Page vi Changing the Module Order (Apache 1.3)....................................................118 Checking the Generated Configuration........................................................120 Building Apache from Source As an RPM (Apache 2)..................................122 Advanced Configuration.................................................................................124 Configuring Apache’s Layout..........................................................................124 Choosing a Layout Scheme............................................................................124 Choosing a Multiprocessing Module (Apache 2)..........................................132 Rules (Apache 1.3)...........................................................................................135 Building Apache with suExec support...........................................................137 Configuring Apache’s Supporting Files and Scripts.....................................139 Configuring Apache 2 for Cross-Platform Builds.........................................140 Configuring Apache for Production or Debug Builds..................................142 Configuring Apache for Binary Distribution.................................................143 Configuring Apache’s Library and Include Paths..........................................143 Configuring the Build Environment.........................................................144 Building Modules with configure and apxs..........................................146 Adding Third-Party Modules with configure................................................146 Building Modules with apxs...........................................................................148 Installing Modules with apxs..........................................................................150 Generating Module Templates with apxs......................................................151 Overriding apxs Defaults and Using apxs in makefiles................................152 Summary..................................................................................................................153 Chapter 4 Configuring Apache the Way You Want It...155 Where Apache Looks for Its Configuration..........................................155 Configuration File Syntax...............................................................................156 Configuration for Virtual Hosts......................................................................156 Including Multiple Configuration Files.........................................................157 Per-Directory Configuration..........................................................................159 Conditional Configuration.............................................................................160 How Apache Structures Its Configuration............................................163 Apache’s Container Directives........................................................................164 Directive Types and Locations.......................................................................168 Where Directives Can Go................................................................................171 Container Scope and Nesting.........................................................................172 How Apache Combines Containers and Their Contents.............................174 Legality of Directives in Containers...............................................................175 Options and Overrides....................................................................................176 Enabling and Disabling Features with Options............................................176 Overriding Directives with Per-Directory Configuration.............................179 Contents vii 3006_Ch00_CMP2 12/14/03 8:56 AM Page vii Restricting Access with allow and deny..............................................182 Controlling Access by Name...........................................................................183 Controlling Access by IP Address...................................................................184 Controlling Subnet Access by Network and Netmask..................................185 Controlling Access by HTTP Header.............................................................186 Combining Host-Based Access with User Authentication...........................187 Overriding Host-Based Access.......................................................................188 Directory Listings..........................................................................................188 Enabling and Disabling Directory Indices....................................................189 How mod_autoindex Generates the HTML Page.........................................190 Controlling Which Files Are Seen with IndexIgnore.....................................196 Controlling the Sort Order..............................................................................197 Assigning Icons................................................................................................199 Assigning Descriptions...................................................................................202 Apache’s Environment......................................................................................203 Setting, Unsetting, and Passing Variables from the Shell.............................204 Setting Variables Conditionally......................................................................205 Special Browser Variables...............................................................................207 Detecting Robots with BrowserMatch...........................................................209 Passing Variables to CGI.................................................................................209 Conditional Access Control............................................................................210 Caveats with SetEnvIf vs. SetEnv....................................................................210 Setting Variables with mod_rewrite...............................................................211 Controlling Request and Response Headers..........................................211 Setting Custom Response Headers................................................................213 Setting Custom Request Headers...................................................................215 Inserting Dynamic Values into Headers........................................................216 Setting Custom Headers Conditionally.........................................................217 Retrieving Response Headers from Metadata Files......................................217 Setting Expiry Times.......................................................................................219 Sending Content As-Is....................................................................................222 Controlling the Server Identification Header.................................223 Sending a Content Digest.............................................................................224 Handling the Neighbors.................................................................................225 Controlling Robots with robots.txt................................................................226 Controlling Robots in HTML..........................................................................227 Controlling Robots with Access Control........................................................227 Attracting Robots.............................................................................................228 Making Sure Robots Index the Right Information........................................228 Known Robots, Bad Robots, and Further Reading.......................................229 Summary..................................................................................................................229 Contents viii 3006_Ch00_CMP2 12/14/03 8:56 AM Page viii Chapter 5 Deciding What the Client Needs........................231 Content Handling and Negotiation...........................................................231 File Types.........................................................................................................232 File Encoding...................................................................................................236 File Languages.................................................................................................243 File Character Sets...........................................................................................245 Handling URLs with Extra Path Information................................................247 Content Negotiation.......................................................................................248 Content Negotiation with MultiViews...........................................................250 File Permutations and Valid URLs with MultiViews.....................................256 Magic MIME Types..........................................................................................260 Error and Response Handling......................................................................264 How Apache Handles Errors...........................................................................265 Error and Response Codes.............................................................................265 The ErrorDocument Directive.......................................................................266 Limitations of ErrorDocument......................................................................270 Aliases and Redirection...............................................................................271 Aliases and Script Aliases................................................................................271 Redirections.....................................................................................................273 Rewriting URLs with mod_rewrite.................................................................277 Server-Side Image Maps.................................................................................300 Matching Misspelled URLS............................................................................305 Summary..................................................................................................................306 Chapter 6 Delivering Dynamic Content..................................307 Server-Side Includes......................................................................................308 Enabling SSI.....................................................................................................309 Format of SSI Commands...............................................................................311 The SSI Command Set....................................................................................312 SSI Variables.....................................................................................................312 Passing Trailing Path Information to SSIs (and Other Dynamic Documents).................................................................315 Setting the Date and Error Format.................................................................316 Templating with SSIs.......................................................................................317 Caching Server-Parsed Documents...............................................................319 Identifying Server-Parsed Documents by Execute Permission...................320 CGI: The Common Gateway Interface.........................................................321 CGI and the Environment..............................................................................321 Configuring Apache to Recognize CGI Scripts.............................................323 Setting Up a CGI Directory with ExecCGI: A Simple Way............................327 Triggering CGI Scripts on Events...................................................................330 Contents ix 3006_Ch00_CMP2 12/14/03 8:56 AM Page ix ISINDEX-Style CGI Scripts and Command Line Arguments................332 Writing and Debugging CGI Scripts.........................................................333 A Minimal CGI Script......................................................................................333 Interactive Scripts: A Simple Form................................................................337 Adding Headers...............................................................................................338 Debugging CGI Scripts....................................................................................339 Setting the CGI Daemon Socket.....................................................................345 Limiting CGI Resource Usage.........................................................................346 Actions, Handlers, and Filters................................................................347 Handlers...........................................................................................................348 Filters................................................................................................................354 Dynamic Content and Security....................................................................363 CGI Security Issues..........................................................................................363 Security Advice on the Web............................................................................364 Security Issues with Apache CGI Configuration...........................................364 An Example of an Insecure CGI Script..........................................................365 Known Insecure CGI Scripts...........................................................................370 CGI Wrappers...................................................................................................370 Security Checklist............................................................................................380 Inventing a Better CGI Script with FastCGI......................................381 Summary..................................................................................................................403 Chapter 7 Hosting More Than One Web Site........................405 Implementing User Directories with UserDir......................................406 Enabling and Disabling Specific Users..........................................................407 Redirecting Users to Other Servers................................................................408 Alternative Ways to Implement User Directories.........................................409 Separate Servers..............................................................................................410 Restricting Apache’s Field of View..................................................................411 Specifying Different Configurations and Server Roots................................412 Starting Separate Servers from the Same Configuration.............................412 Sharing External Configuration Files.............................................................413 IP-Based Virtual Hosting.............................................................................414 Multiple IPs, Separate Networks, and Virtual Interfaces..............................415 Configuring What Apache Listens To.............................................................416 Defining IP-Based Virtual Hosts.....................................................................418 Virtual Hosts and the Server-Level Configuration........................................421 Specifying Virtual Host User Privileges..........................................................422 Excluded Directives.........................................................................................426 Default Virtual Hosts....................................................................................427 Contents x 3006_Ch00_CMP2 12/14/03 8:56 AM Page x Name-Based Virtual Hosting.........................................................................428 Defining Named Virtual Hosts.......................................................................428 Server Names and Aliases...............................................................................430 Defining a Default Host for Name-Based Virtual Hosting...........................430 Mixing IP-Based and Name-Based Hosting..................................................431 Issues Affecting Virtual Hosting...........................................................434 Log Files and File Handles..............................................................................434 Virtual Hosts and Server Security..................................................................436 Secure HTTP and Virtual Hosts......................................................................437 Handling HTTP/1.0 Clients with Name-Based Virtual Hosts......................439 Dynamic Virtual Hosting...............................................................................441 Mass Hosting with Virtual-Host Aliases........................................................441 Mapping Hostnames Dynamically with mod_rewrite.................................448 Generating On the Fly and Included Configuration Files with mod_perl..449 Summary..................................................................................................................455 Chapter 8 Improving Apache’s Performance........................457 Apache’s Performance Directives..............................................................458 Configuring MPMs: Processes and Threads..................................................459 Network and IP-Related Performance Directives.........................................470 HTTP-Related Performance Directives.........................................................472 HTTP Limit Directives....................................................................................475 Configuring Apache for Better Performance........................................477 Directives That Affect Performance...............................................................477 Additional Directives for Tuning Performance.............................................482 Benchmarking Apache’s Performance.........................................................490 Benchmarking Apache with ab......................................................................490 Benchmarking Apache with gprof.................................................................495 External Benchmarking Tools........................................................................496 Benchmarking Strategy and Pitfalls...............................................................496 A Performance Checklist...............................................................................497 Proxying................................................................................................................498 Installing and Enabling Proxy Services..........................................................498 Normal Proxy Operation.................................................................................499 Configuring Apache As a Proxy......................................................................500 URL Matching with Directory Containers....................................................502 Blocking Sites via the Proxy............................................................................504 Localizing Remote URLs and Hiding Servers from View.............................504 Relaying Requests to Remote Proxies............................................................508 Proxy Chains and the Via Header...................................................................509 Proxies and Intranets......................................................................................512 Handling Errors...............................................................................................512 Contents xi 3006_Ch00_CMP2 12/14/03 8:56 AM Page xi Timing Out Proxy Requests............................................................................514 Tunneling Other Protocols.............................................................................514 Tuning Proxy Operations................................................................................515 Squid: A High-Performance Proxy Alternative.............................................516 Caching..................................................................................................................516 Enabling Caching............................................................................................516 File-Based Caching.........................................................................................517 In-Memory Caching (Apache 2 Only)............................................................520 Coordinating Memory-Based and Disk-Based Caches................................522 General Cache Configuration.........................................................................522 Maintaining Good Relations with External Caches......................................527 Fault Tolerance and Clustering................................................................529 Backup Server via Redirected Secondary DNS.............................................530 Load Sharing with Round-Robin DNS...........................................................531 Backup Server via Floating IP Address..........................................................531 Hardware Load Balancing..............................................................................532 Clustering with Apache...................................................................................533 Other Clustering Solutions.............................................................................536 Summary..................................................................................................................537 Chapter 9 Monitoring Apache.........................................................539 Logs and Logging..............................................................................................539 Log Files and Security.....................................................................................540 The Error Log...................................................................................................540 Setting the Log Level.......................................................................................541 Logging Errors to the System Log..................................................................542 Transfer Logs...................................................................................................544 Driving Applications Through Logs...............................................................554 Log Rotation....................................................................................................556 Lies, Logs, and Statistics.........................................................................560 What You Can’t Find Out from Logs...............................................................560 Analog: A Log Analyzer...................................................................................561 Server Information..........................................................................................577 Server Status....................................................................................................578 Server Info........................................................................................................581 Securing Access to Server Information.........................................................582 User Tracking.....................................................................................................583 Alternatives to User Tracking.........................................................................584 Cookie Tracking with mod_usertrack............................................................584 URL Tracking with mod_session....................................................................589 Other Session Tracking Options.....................................................................594 Summary..................................................................................................................595 Contents xii 3006_Ch00_CMP2 12/14/03 8:56 AM Page xii Chapter 10Securing Apache..............................................................597 User Authentication........................................................................................597 Apache Authentication Modules...................................................................598 Authentication Configuration Requirements...............................................599 Using Authentication Directives in .htaccess...............................................601 Basic Authentication.......................................................................................601 Digest Authentication.....................................................................................603 Anonymous Authentication...........................................................................606 Setting Up User Information..........................................................................606 Specifying User Requirements.......................................................................614 LDAP Authentication......................................................................................617 Using Multiple Authentication Schemes.......................................................624 Combining User- and Host-Based Authentication......................................626 Securing Basic Authentication with SSL.......................................................627 SSL and Apache...................................................................................................627 Downloading OpenSSL and ModSSL............................................................628 Building and Installing the OpenSSL Library...............................................629 Building and Installing mod_ssl for Apache 2..............................................633 Building and Installing mod_ssl for Apache 1.3...........................................633 Basic SSL Configuration.................................................................................637 Installing a Private Key....................................................................................639 Creating a Certificate Signing Request and Temporary Certificate.............640 Getting a Signed Certificate............................................................................642 Advanced SSL Configuration.........................................................................644 Server-Level Configuration............................................................................644 Client Certification..........................................................................................657 Using Client Certification with User Authentication..................659 SSL and Logging..............................................................................................660 SSL Environment Variables and CGI.............................................................662 SSL and Virtual Hosts......................................................................................666 Advanced Features..........................................................................................668 Summary..................................................................................................................671 Chapter 11Improving Web Server Security..........................673 Apache Features.................................................................................................673 Unwanted Files................................................................................................674 Automatic Directory Indices..........................................................................674 Symbolic Links................................................................................................675 Server-Side Includes.......................................................................................676 ISINDEX-Style CGI Scripts.............................................................................677 Server Tokens...................................................................................................677 Contents xiii 3006_Ch00_CMP2 12/14/03 8:56 AM Page xiii File Permissions..............................................................................................678 Viewing Server Information with mod_info..........................................679 Restricting Server Privileges..................................................................679 Restricting Access by Hostname and IP Address...............................680 Other Server Security Measures................................................................682 Dedicated Server..............................................................................................682 File Integrity...................................................................................................683 md5sum...........................................................................................................684 Tripwire............................................................................................................685 Hardening the Server......................................................................................686 Minimizing Services........................................................................................686 Port Scanning with nmap ..............................................................................688 Probing with Nessus.......................................................................................689 Hardening Windows 2000 and XP..................................................................689 Disabling Network Services.........................................................................690 File Transfer Protocol (FTP)............................................................................690 telnet................................................................................................................690 rlogin, rsh, rexec, rcp.......................................................................................690 Network Filesystem (NFS)..............................................................................690 sendmail/Other Mail Transport Agents (MTAs)...........................................691 Restricting Services with TCP Wrappers........................................................691 Security Fixes, Alerts, and Online Resources.................................693 The WWW Security FAQ..................................................................................693 The BugTraQ Mailing List and Archive..........................................................693 Operating System Newsletters.......................................................................693 Package and Module Notification..................................................................694 Removing Important Data from the Server............................................694 Enabling Secure Logins with SSH..............................................................694 Building and Installing OpenSSH..................................................................695 Authentication Strategies...............................................................................698 Configuring SSH..............................................................................................699 Testing SSH......................................................................................................702 Expanding SSH to Authenticate Users..........................................................703 Secure Server Backups with Rsync and SSH.................................................704 Forwarding Client Connections to Server Applications...............................705 Firewalls and Multifacing Servers.........................................................706 Types of Firewall..............................................................................................706 Designing the Network Topology...................................................................707 Running Apache Under a Virtual chroot Root Directory................709 What chroot Is.................................................................................................709 What chroot Isn’t.............................................................................................710 Setting Up Apache for chroot Operation.......................................................711 Contents xiv 3006_Ch00_CMP2 12/14/03 8:56 AM Page xiv Server Security Checklist...........................................................................723 Avoid Root Services.........................................................................................723 Maintain Logs Properly..................................................................................723 Keep It Simple..................................................................................................724 Block Abusive Clients......................................................................................724 Have an Effective Backup and Restore Process............................................725 Plan for High Availability, Capacity, and Disaster Recovery........................725 Monitor the Server..........................................................................................725 Take Care with Information Flow...................................................................726 Choose an Effective robots.txt Policy............................................................726 Summary..................................................................................................................726 Chapter 12Extending Apache............................................................727 WebDAV....................................................................................................................727 Adding WebDAV to Apache.............................................................................728 The WebDAV Protocol.....................................................................................729 Configuring Apache for WebDAV...................................................................731 Restricting Options and Disabling Overrides...............................................734 WebDAV and Virtual Hosts.............................................................................735 Configuring the DAV Lock Time.....................................................................735 Limitations of File-Based Repositories..........................................................736 Protecting WebDAV Servers............................................................................737 More Advanced Configurations.....................................................................737 Cooperating with CGI and Other Content Handlers....................................740 ISAPI......................................................................................................................741 Supported ISAPI Support Functions.............................................................742 Configuring ISAPI Extensions........................................................................743 Setting the Maximum Initial Request Data Size...........................................744 Logging ISAPI Extensions...............................................................................745 Preloading and Caching ISAPI Extensions....................................................746 Handling Asynchronous ISAPI Extensions...................................................746 Perl.........................................................................................................................746 Building and Installing mod_perl..................................................................748 Migrating mod_perl from Apache 1.3 to Apache 2.......................................755 Configuring and Implementing Perl Handlers.............................................758 Configuring and Implementing Perl Filters..................................................771 Warnings, Taint Mode, and Debugging.........................................................772 Managing Perl Threads in mod_perl 2...........................................................774 Initializing Modules at Startup.......................................................................779 Restarting mod_perl and Auto-Reloading Modules.....................................780 Creating a mod_perl Status Page...................................................................782 Running CGI Scripts Under mod_perl..........................................................782 Contents xv 3006_Ch00_CMP2 12/14/03 8:56 AM Page xv CGI Caveats......................................................................................................785 Passing Variables to Perl Handlers.................................................................787 Using mod_perl with Server-Side Includes...................................................788 Embedding Perl in HTML...............................................................................789 Embedding Perl in Apache’s Configuration..................................................794 PHP...........................................................................................................................795 Installing PHP..................................................................................................796 Getting the PHP source...................................................................................796 Configuring Apache to Work with PHP..........................................................802 Configuring PHP.............................................................................................803 Testing PHP with Apache................................................................................807 Tomcat/Java.........................................................................................................807 So What Is Tomcat?..........................................................................................807 Installation.......................................................................................................808 Tomcat Configuration.....................................................................................813 mod_jk.............................................................................................................818 Mod_python....................................................................................................829 mod_ruby.........................................................................................................835 Summary..................................................................................................................839 Index....................................................................................................................843


网友评论