3006_Ch00_CMP2 12/14/03 8:56 AM Page i Pro Apache, Third Edition PETER WAINWRIGHT 3006_Ch00_CMP2 12/14/03 8:56 AM Page ii Pro Apache, Third Edition Copyright ©2004 by Peter Wainwright All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. ISBN (pbk): 1-59059-300-6 Printed and bound in the United States of America 12345678910 Trademarked names may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, we use the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Technical Reviewer and Contributing Author: Bradley Bartram Editorial Board: Dan Appleman, Craig Berry, Gary Cornell, Tony Davis, Steven Rycroft, Julian Skinner, Martin Streicher, Jim Sumser, Karen Watterson, Gavin Wray, John Zukowski Assistant Publisher: Grace Wong Project Manager: Tracy Brown Collins Development Editor: Robert J. Denn Copy Editor: Kim Wimpsett Production Manager: Kari Brooks Production Editor: Laura Cheu Proofreader: Nancy Sixsmith Compositor: Diana Van Winkle, Van Winkle Design Group Indexer: Kevin Broccoli Cover Designer: Kurt Krames Manufacturing Manager: Tom Debolski Distributed to the book trade in the United States by Springer-Verlag New York, Inc., 175 Fifth Avenue, New York, NY, 10010 and outside the United States by Springer-Verlag GmbH & Co. KG, Tiergartenstr. 17, 69112 Heidelberg, Germany. In the United States: phone 1-800-SPRINGER, email [email protected], or visit http://www.springer-ny.com. Outside the United States: fax +49 6221 345229, email [email protected], or visit http://www.springer.de. For information on translations, please contact Apress directly at 2560 Ninth Street, Suite 219, Berkeley, CA 94710. Phone 510-549-5930, fax 510-549-5939, email [email protected], or visit http://www.apress.com. The information in this book is distributed on an “as is” basis, without warranty. Although every precaution has been taken in the preparation of this work, neither the author(s) nor Apress shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in this work. . The source code for this book is available to readers at http://www.apress.comin the Downloads section. 3006_Ch00_CMP2 12/14/03 8:56 AM Page iii Contents at a Glance About the Author...............................................................................................xix About the Technical Reviewer and Contributing Author.................xxi Chapter 1 Apache and the Internet.......................................................1 Chapter 2 Getting Started with Apache............................................37 Chapter 3 Building Apache the Way You Want It........................101 Chapter 4 Configuring Apache the Way You Want It..................155 Chapter 5 Deciding What the Client Needs...................................231 Chapter 6 Delivering Dynamic Content............................................307 Chapter 7 Hosting More Than One Web Site...................................405 Chapter 8 Improving Apache’s Performance...................................457 Chapter 9 Monitoring Apache................................................................539 Chapter 10 Securing Apache....................................................................597 Chapter 11 Improving Web Server Security.....................................673 Chapter 12 Extending Apache..................................................................727 Index......................................................................................................................843 iii 3006_Ch00_CMP2 12/14/03 8:56 AM Page iv 3006_Ch00_CMP2 12/14/03 8:56 AM Page v Contents About the Author...............................................................................................xix About the Technical Reviewer and Contributing Author.................xxi Chapter 1 Apache and the Internet..............................................1 Apache: The Anatomy of a Web Server.........................................................1 The Apache Source .............................................................................................1 The Apache License............................................................................................1 Support for Apache.............................................................................................2 How Apache Works..............................................................................................3 The Hypertext Transfer Protocol..................................................................7 HTTP Requests and Responses..........................................................................7 HTTP Headers...................................................................................................12 Networking and TCP/IP......................................................................................13 Definitions.........................................................................................................13 Packets and Encapsulation...............................................................................14 ACKs, NAKs, and Other Messages....................................................................15 The TCP/IP Network Model.............................................................................16 Non-IP Protocols...............................................................................................19 IP Addresses and Network Classes...................................................................19 Special IP Addresses..........................................................................................20 Netmasks and Routing......................................................................................21 Web Services: Well-Known Ports......................................................................23 Internet Daemon: The Networking Super Server...........................................24 The Future: IPv6................................................................................................25 Networking Tools...............................................................................................26 Server Hardware...................................................................................................29 Supported Platforms.........................................................................................29 Basic Server Requirements...............................................................................30 Memory..............................................................................................................31 Network Interface..............................................................................................32 Internet Connection.........................................................................................32 Hard Disk and Controller.................................................................................33 Operating System Checklist.............................................................................33 Redundancy and Backup..................................................................................34 Specific Hardware Solutions............................................................................35 Get Someone Else to Do It.............................................................................36 Summary....................................................................................................................36 v 3006_Ch00_CMP2 12/14/03 8:56 AM Page vi Contents Chapter 2 Getting Started with Apache.................................37 Installing Apache..............................................................................................38 Getting Apache..................................................................................................38 Installing Apache from Binary Distribution....................................................39 Installing Apache from Source.........................................................................41 Installing Apache from Prebuilt Packages.......................................................41 Installing Apache by Hand...............................................................................45 Upgrading Apache.............................................................................................47 Other Issues.......................................................................................................49 Basic Configuration..........................................................................................50 Decisions............................................................................................................50 Introducing the Master Configuration File.....................................................55 Other Basic Configuration Directives..............................................................56 Starting, Stopping, and Restarting the Server.................................57 Starting Apache on Unix...................................................................................58 Starting Apache on Windows...........................................................................59 Invocation Options...........................................................................................60 Restarting the Server.........................................................................................73 Stopping the Server...........................................................................................75 Starting the Server Automatically....................................................................76 Testing the Server............................................................................................81 Testing with a Browser......................................................................................82 Testing from the Command Line or a Terminal Program..............................82 Testing the Server Configuration Without Starting It.....................................85 Getting the Server Status from the Command Line.......................................86 Using Graphical Configuration Tools.......................................................86 Comanche..........................................................................................................87 TkApache...........................................................................................................91 LinuxConf..........................................................................................................91 Webmin..............................................................................................................91 ApacheConf.......................................................................................................97 Other Configuration Tools................................................................................99 Summary..................................................................................................................100 Chapter 3 Building Apache the Way You Want It...........101 Why Build Apache Yourself?.........................................................................101 Verifying the Apache Source Archive.............................................................103 Building Apache from Source......................................................................105 Configuring and Building Apache.................................................................106 Determining Which Modules to Include.......................................................111 Building Apache As a Dynamic Server..........................................................116 vi 3006_Ch00_CMP2 12/14/03 8:56 AM Page vii Contents Changing the Module Order (Apache 1.3)....................................................118 Checking the Generated Configuration........................................................120 Building Apache from Source As an RPM (Apache 2)..................................122 Advanced Configuration.................................................................................124 Configuring Apache’s Layout..........................................................................124 Choosing a Layout Scheme............................................................................124 Choosing a Multiprocessing Module (Apache 2)..........................................132 Rules (Apache 1.3)...........................................................................................135 Building Apache with suExec support...........................................................137 Configuring Apache’s Supporting Files and Scripts.....................................139 Configuring Apache 2 for Cross-Platform Builds.........................................140 Configuring Apache for Production or Debug Builds..................................142 Configuring Apache for Binary Distribution.................................................143 Configuring Apache’s Library and Include Paths..........................................143 Configuring the Build Environment.........................................................144 Building Modules with configure and apxs..........................................146 Adding Third-Party Modules with configure................................................146 Building Modules with apxs...........................................................................148 Installing Modules with apxs..........................................................................150 Generating Module Templates with apxs......................................................151 Overriding apxs Defaults and Using apxs in makefiles................................152 Summary..................................................................................................................153 Chapter 4 Configuring Apache the Way You Want It...155 Where Apache Looks for Its Configuration..........................................155 Configuration File Syntax...............................................................................156 Configuration for Virtual Hosts......................................................................156 Including Multiple Configuration Files.........................................................157 Per-Directory Configuration..........................................................................159 Conditional Configuration.............................................................................160 How Apache Structures Its Configuration............................................163 Apache’s Container Directives........................................................................164 Directive Types and Locations.......................................................................168 Where Directives Can Go................................................................................171 Container Scope and Nesting.........................................................................172 How Apache Combines Containers and Their Contents.............................174 Legality of Directives in Containers...............................................................175 Options and Overrides....................................................................................176 Enabling and Disabling Features with Options............................................176 Overriding Directives with Per-Directory Configuration.............................179 vii 3006_Ch00_CMP2 12/14/03 8:56 AM Page viii Contents Restricting Access with allow and deny..............................................182 Controlling Access by Name...........................................................................183 Controlling Access by IP Address...................................................................184 Controlling Subnet Access by Network and Netmask..................................185 Controlling Access by HTTP Header.............................................................186 Combining Host-Based Access with User Authentication...........................187 Overriding Host-Based Access.......................................................................188 Directory Listings..........................................................................................188 Enabling and Disabling Directory Indices....................................................189 How mod_autoindex Generates the HTML Page.........................................190 Controlling Which Files Are Seen with IndexIgnore.....................................196 Controlling the Sort Order..............................................................................197 Assigning Icons................................................................................................199 Assigning Descriptions...................................................................................202 Apache’s Environment......................................................................................203 Setting, Unsetting, and Passing Variables from the Shell.............................204 Setting Variables Conditionally......................................................................205 Special Browser Variables...............................................................................207 Detecting Robots with BrowserMatch...........................................................209 Passing Variables to CGI.................................................................................209 Conditional Access Control............................................................................210 Caveats with SetEnvIf vs. SetEnv....................................................................210 Setting Variables with mod_rewrite...............................................................211 Controlling Request and Response Headers..........................................211 Setting Custom Response Headers................................................................213 Setting Custom Request Headers...................................................................215 Inserting Dynamic Values into Headers........................................................216 Setting Custom Headers Conditionally.........................................................217 Retrieving Response Headers from Metadata Files......................................217 Setting Expiry Times.......................................................................................219 Sending Content As-Is....................................................................................222 Controlling the Server Identification Header.................................223 Sending a Content Digest.............................................................................224 Handling the Neighbors.................................................................................225 Controlling Robots with robots.txt................................................................226 Controlling Robots in HTML..........................................................................227 Controlling Robots with Access Control........................................................227 Attracting Robots.............................................................................................228 Making Sure Robots Index the Right Information........................................228 Known Robots, Bad Robots, and Further Reading.......................................229 Summary..................................................................................................................229 viii 3006_Ch00_CMP2 12/14/03 8:56 AM Page ix Contents Chapter 5 Deciding What the Client Needs........................231 Content Handling and Negotiation...........................................................231 File Types.........................................................................................................232 File Encoding...................................................................................................236 File Languages.................................................................................................243 File Character Sets...........................................................................................245 Handling URLs with Extra Path Information................................................247 Content Negotiation.......................................................................................248 Content Negotiation with MultiViews...........................................................250 File Permutations and Valid URLs with MultiViews.....................................256 Magic MIME Types..........................................................................................260 Error and Response Handling......................................................................264 How Apache Handles Errors...........................................................................265 Error and Response Codes.............................................................................265 The ErrorDocument Directive.......................................................................266 Limitations of ErrorDocument......................................................................270 Aliases and Redirection...............................................................................271 Aliases and Script Aliases................................................................................271 Redirections.....................................................................................................273 Rewriting URLs with mod_rewrite.................................................................277 Server-Side Image Maps.................................................................................300 Matching Misspelled URLS............................................................................305 Summary..................................................................................................................306 Chapter 6 Delivering Dynamic Content..................................307 Server-Side Includes......................................................................................308 Enabling SSI.....................................................................................................309 Format of SSI Commands...............................................................................311 The SSI Command Set....................................................................................312 SSI Variables.....................................................................................................312 Passing Trailing Path Information to SSIs (and Other Dynamic Documents).................................................................315 Setting the Date and Error Format.................................................................316 Templating with SSIs.......................................................................................317 Caching Server-Parsed Documents...............................................................319 Identifying Server-Parsed Documents by Execute Permission...................320 CGI: The Common Gateway Interface.........................................................321 CGI and the Environment..............................................................................321 Configuring Apache to Recognize CGI Scripts.............................................323 Setting Up a CGI Directory with ExecCGI: A Simple Way............................327 Triggering CGI Scripts on Events...................................................................330 ix 3006_Ch00_CMP2 12/14/03 8:56 AM Page x Contents ISINDEX-Style CGI Scripts and Command Line Arguments................332 Writing and Debugging CGI Scripts.........................................................333 A Minimal CGI Script......................................................................................333 Interactive Scripts: A Simple Form................................................................337 Adding Headers...............................................................................................338 Debugging CGI Scripts....................................................................................339 Setting the CGI Daemon Socket.....................................................................345 Limiting CGI Resource Usage.........................................................................346 Actions, Handlers, and Filters................................................................347 Handlers...........................................................................................................348 Filters................................................................................................................354 Dynamic Content and Security....................................................................363 CGI Security Issues..........................................................................................363 Security Advice on the Web............................................................................364 Security Issues with Apache CGI Configuration...........................................364 An Example of an Insecure CGI Script..........................................................365 Known Insecure CGI Scripts...........................................................................370 CGI Wrappers...................................................................................................370 Security Checklist............................................................................................380 Inventing a Better CGI Script with FastCGI......................................381 Summary..................................................................................................................403 Chapter 7 Hosting More Than One Web Site........................405 Implementing User Directories with UserDir......................................406 Enabling and Disabling Specific Users..........................................................407 Redirecting Users to Other Servers................................................................408 Alternative Ways to Implement User Directories.........................................409 Separate Servers..............................................................................................410 Restricting Apache’s Field of View..................................................................411 Specifying Different Configurations and Server Roots................................412 Starting Separate Servers from the Same Configuration.............................412 Sharing External Configuration Files.............................................................413 IP-Based Virtual Hosting.............................................................................414 Multiple IPs, Separate Networks, and Virtual Interfaces..............................415 Configuring What Apache Listens To.............................................................416 Defining IP-Based Virtual Hosts.....................................................................418 Virtual Hosts and the Server-Level Configuration........................................421 Specifying Virtual Host User Privileges..........................................................422 Excluded Directives.........................................................................................426 Default Virtual Hosts....................................................................................427 x