Sair Linux and GNU Certification® Level II: Apache and Web Servers Sair Development Team Wiley Computer Publishing John Wiley & Sons, Inc. NEW YORK • CHICHESTER • WEINHEIM • BRISBANE • SINGAPORE • TORONTO Sair Linux and GNU Certification® Level II: Apache and Web Servers Sair Development Team Wiley Computer Publishing John Wiley & Sons, Inc. NEW YORK • CHICHESTER • WEINHEIM • BRISBANE • SINGAPORE • TORONTO Publisher: Robert Ipsen Editor: Cary Sullivan Assistant Editor: Christina Berry Managing Editor: Marnie Wielage Text Design & Composition: Benchmark Productions, Inc. Designations used by companies to distinguish their products are often claimed as trademarks. In all instances where John Wiley & Sons, Inc., is aware of a claim, the prod- uct names appear in initial capital or all capital letters. Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration. Copyright © 2001 by Sair Development Team. All rights reserved. Published by John Wiley & Sons, Inc. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authoriza- tion through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA01923, (978) 750-8400, fax (978) 750-4744. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 605 Third Avenue, New York, NY10158-0012, (212) 850-6011, fax (212) 850-6008, E-Mail: [email protected]. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in professional services. If professional advice or other expert assistance is required, the services of a competent professional person should be sought. This title is also available in print as ISBN 0-471-40537-X. Some content that appears in the print version of this book may not be available in this electronic edition. Contents Acknowledgments xi Introduction xiii Part One Knowledge Matrix 1 Chapter 1 Installation and Configuration 3 Objectives 3 Theory of Operations 3 History of Apache 4 Apache Today 5 How Does Apache Work? 5 How to Obtain Apache 10 Overview of Content Negotiation 11 Base Systems 18 Preparing Linux 18 Introduction to Packages 21 Installation 29 System Utilities 34 The httpd Daemon 34 Setting Up Apache 45 Chapter 2 System Administration 55 Objectives 55 iii iv Contents Theory of Operation 56 Being a Webmaster 56 Preparing Apache 58 Introduction to Virtual Hosting 63 Introduction to Apache Modules 64 Introduction to the Apache API 76 Introduction to Logging 83 Base Systems 84 Multiple Daemons 84 Configuration 85 Number of httpd Processes 88 Alias 89 CGI Scripts 89 How to Configure CGI 90 Apache Initialization 91 Log Files 93 Log File Formats 95 Shells and Commands 98 Benchmarking 98 System Utilities 100 Creating CGI Scripts 100 Performance Monitoring 107 Some Good Log Analysis Tools 109 Chapter 3 Networking 111 Objectives 111 Theory of Operation 111 What Is TCP/IPand How Does Apache Use It? 112 What Is HTTP? 113 Multiple Hosts 115 Base Systems 116 Virtual Hosting 117 Directing the Request to a Virtual Host 118 Single Daemon/Virtual Hosting 118 IP-Based Virtual Hosting 119 Name-Based Virtual Hosting 122 Shells and Commands 125 URLRewriting mod_rewrite 125 Chapter 4 Security 133 Objectives 133 Theory of Operation 133 Security Concerns 134 Contents v Security Policies 134 Authentication 136 Securing Apache 137 Vulnerabilities 138 Hostile Programs 139 Security Issues with CGI 142 The Apache Proxy Server 143 Firewalls 146 Password Protection 153 Base Systems 154 Apache, Users, and Groups 154 Permissions 155 Access Control 156 Setting Up the Apache Proxy 159 Security Fundamentals 164 User Access Control 167 Enabling Content from Home Directories 170 Access Directives 172 Defining within httpd.conf 173 Shells and Commands 174 Checksums 174 Password Authentication 176 System Utilities 177 Server-Side Includes 177 XSSI 179 ModSSLversus Apache+SSL 183 Chapter 5 Troubleshooting 187 Objectives 187 Online Troubleshooting Resources 187 Tracking Down an Apache Core Dump 188 Some Useful Sites 189 Configuration Issues 190 Logging Problems 190 Part Two Labs and Exercises 193 Lab I Installation 195 Purpose 195 Theory 195 Lab Exercises 196 vi Contents Downloading Modules 196 Preinstallation Query 197 Package Installation 198 Basic Server Setup 198 Questions 199 Answers 200 Advanced Questions 200 Lab II Install Apache+SSL 201 Purpose 201 Theory 201 Lab Exercises 202 Downloading the Apache server 202 Compile Apache with mod_ssl Support 203 Verify That Apache Was Compiled with mod_ssl 204 Test the Sample Page in a Web Browser 205 Questions 205 Answers 206 Advanced Questions 206 Lab III Configuring Apache to Perform Common Tasks 207 Purpose 207 Theory 207 Lab Exercises 210 Questions 210 Answers 211 Advanced Questions 211 Lab IV Create a Simple CGI Script 213 Purpose 213 Theory 213 Lab Exercises 214 Create a Basic CGI Script 214 Questions 215 Answers 216 Advanced Questions 216 Lab V Configure and Run mod_auth_mysql 217 Purpose 217 Theory 217 Setting Up the MySQLDatabase 218 Setting Up Apache 218 Lab Exercises 218 Contents vii Student Resources 221 Questions 221 Answers 221 Advanced Questions 221 Lab VI Apache and Tomcat 223 Purpose 223 Theory 223 Lab Exercises 224 Questions 225 Answers 225 Advanced Questions 225 Lab VII Configuration of a Proxy 227 Purpose 227 Theory 227 Installing mod_proxy 228 Configuring httpd 228 Configuring the Client 229 Lab Exercises 229 Installing mod_proxy 229 Configuring httpd 229 Configuring the Client 230 Questions 230 Answers 231 Advanced Questions 231 Lab VIII URL Rewriting 233 Purpose 233 Theory 233 Lab Exercises 236 Questions 237 Answers 237 Advanced Questions 237 Lab IX Create a Custom Log for Apache 239 Purpose 239 Theory 239 Lab Exercises 241 Questions 242 Answers 242 Advanced Questions 242
Description: