an introduction to apache. different types of web servers apache is the default web server for may...
TRANSCRIPT
Different Types of Web Servers
Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.Other popular web server is Sun’s iPlanet. Or Netscape’s web server.
What is apache?
Apache is the most widely used web server software package in the world. Apache is highly configurable and can be setup to support technologies such as, password protection, virtual hosting(name based and IP based), SSL encryption.
Starting a stopping apache
To start /stop or restart apache one would use the apachectl command.apachectl restart
will stop the server then restart it (rereading the configuration files.)
Apache Configuration
All core configuration of apache is contained in a single file httpd.conf. This file is typically around 1000 lines (mostly comments)The location will vary from Unix version to Unix version.
What’s in the httpd.confNumber of processes to start, various timeout, performance settings,ports to use, User to run as;
BindAddress * (use all network interfaces for server.)
ServerName (sets the server name manually)
DocumentRoot(Specifies the root directory of the server.)
What’s in the httpd.conf
The Apache server is very modularized (loads between 30-40 modules)Modules are used for such things as php, cgi, authentication, making home directories available.
Making user home directories available under apache.
Simply uncomment the following lines.
#<IfModule mod_userdir.c># UserDir public_html#</IfModule>
Note: public_html is the name of the dir under the user’s home directory. Everyone must have read access to this directory.
Using apache to “web enable” additional directories
Simply create a <directory> entry in the httpd.conf to make any directory available to apache.
<directory /path/to/dir/>Options</directory>
A Sample <Directory> Entry
<Directory /home/*/public_html> AllowOverride FileInfo AuthConfig Limit Options MultiViews Indexes
SymLinksIfOwnerMatch IncludesNoExecOrder deny,allow Deny from all</Directory>
AllowOverride
This tell apache under what conditions previous settings may be over written.Authconfig - allows the use of authenticationMultiview- If the file /bobo is entered and bobo is not a directory then apache Will search for files bobo.*
<Directory> Options
ExecCGI Execution of CGI scripts is permitted.
FollowSymLinks The server will follow symbolic links in this directory.
SymLinksIfOwnerMatch The server will only follow symbolic links
for which the target file or directory is owned by the same user id as the link.
<Directory> Options
Indexes If a URL which maps to a directory is requested, and the there is no DirectoryIndex (e.g., index.html) in that directory, then the server will return a formatted listing of the directory.
Note: this option gets ignored if set inside a <Location> section.
Apache Authentication
Apache authentication should not be used to protect highly sensitive data. As passwords credentials are sent as plain text with each web request.
Setting up apache authentication
Make sure that for the <directory> entry that you are using, the
AllowOverride AuthConfig directive is on.Secondly you must create a password file for the “zone” that you are protecting.
Creating an apache password file
One would use the htpasswd command to create this file
htpasswd –c file user (you will then be prompted for the password )
Note: Use the –c switch to create a new file if that file already exists. and you are just adding another user then do not use the –c switch.
Automating the creation process
Should you wish to create an authentication entry via a script one may do it this way;
htpasswd –nb user passwd >>file
Where to put password files
Password files can reside anywhere on the server. However for security reasons it would not be a good idea to put this file in a directory that is “web-shared”Generally putting it in the same directory as the httpd.conf will suffice
Using the password fileNext you must create a .htaccess file in the directory that you wish to protect. The contents of the .htaccess will look similar to this;
AuthName “My Secret Place"AuthType BasicAuthUserFile /etc/apache/passwd/secretfilerequire valid-user
The .htaccess file
The AuthName specifies the name of the “Zone”. This will be displayed in the login box.AuthUserFile specifies the location of the password file.
Virtual Hosts
<VirtualHost *>Options IndexesServerAdmin [email protected] /var/www/pensServerName pens.caServerAlias *.pens.caErrorLog /var/www/logs/pens-error_logTransferLog /var/www/logs/pens-access_log</VirtualHost>
Virtual Hosts
<VirtualHost *>Options IndexesServerAdmin webmaster@localhostDocumentRoot /var/www/pencilsServerName pencils.caServerAlias *.pencils.caErrorLog /var/www/logs/pencils-error_logTransferLog /var/www/logs/pencils-access_log</VirtualHost>
Sample access log
65.48.0.105 - - [02/Feb/2003:12:56:58 -0500] "GET / HTTP/1.1" 200 10160
65.48.0.105 - - [02/Feb/2003:12:56:59 -0500] "GET /images/logo.jpg HTTP/1.1" 200 12105
65.48.0.105 - - [02/Feb/2003:12:56:59 -0500] "GET /images/menu-top.gif HTTP/1.1" 200 2111
65.48.0.105 - - [02/Feb/2003:12:57:00 -0500] "GET /images/fade.jpg HTTP/1.1" 200 439
65.48.0.105 - - [02/Feb/2003:12:57:00 -0500] "GET /images/pixel.gif HTTP/1.1" 200 43
What is this?
63.200.6.116 - - [04/Feb/2003:15:27:38 -0500] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 296