Features

The Apache server implements the same, if not more, features than the equivalent commercial Web server, and basically every aspect of the Apache server's functionality is configurable. This makes it easy to get the server to behave the way you want or need for your site.

Some of the most important features include the following:

• It's a plug-and-play replacement for NCSA Web servers.
  
  
• Fixes bugs and security holes found on NCSA 1.3 and 1.4 servers.
  
  
• It's very fast, much faster than NCSA servers.
  
  
• Compiles better with the current HTTP specifications. By the time you read this, Apache should be unconditionally compliant with HTTP/1.1 specifications.
  
  
• Apache provides several forms of implementing multihomed and virtual servers. A multihomed server serves requests under various names, such as http://www.x.com and http://www.y.com. Both of which are resident on the same computer and are served by the same process. One of these is a non-IP intensive method that works in conjunction with popular browsers.
  
  
• You can customize the error responses with the use of files or scripts. The server will intercept an error and display the specified file or execute a CGI that could perform an on-the-fly diagnosis of the problem. This allows your server to return more meaningful error messages to visitors or to perform some special action in response to an error condition.
  
  
• Apache servers can automatically negotiate content retrieval with a browser and can serve the most appropriate out of various sets of equivalent documents. This allows the server to retrieve the document having the best representation that the client is willing to accept. For example, when serving documents in English and Spanish, depending on your browser settings, Apache will automatically retrieve the version most appropriate for you.
  
  
• Apache includes an automatic index file selection. You can instruct the server to return any of several resources for directory requests (http://www.company.com/). The server will search for a matching index file(s) and return the first one found to the client. Should none of the specified files be found, the server can be configured to produce an automatically generated listing of all the resources available in that directory.
  
  
• Apache provides several user authentication—methods ranging from flat-file user databases, to indexed files and relational database support. Third-party modules allow Apache to interface with many popular network authentication systems.
  
  

Size of the Installed Base

At the time of this writing, Apache was the leader in Web server installed base. According to the August 1996 Netcraft survey (http://www.netcraft.co.uk/Survey/Reports/), Apache brand Web servers comprised 35.68 percent (37.16 percent if you add all the secure versions of the server) of the Web servers in their survey. That doesn't seem like much until you realize that the competition is far behind, and the entire Web server market is dominated by three products:

Server Brand Market Share

Apache 35.68%

NCSA 18.25%

Netscape Communications 7.25%

Netscape Commerce 6.83%

CERN 6.22%

Microsoft Internet Information Server 5.49%

WebSite 3.40%

WebSTAR 1.95%

BESTWWWD 1.68%

Apache SSL US 1.43%

Purveyor 1.38%

WebSitePro 1.07%

The other remaining 424 server brands didn't even get one percent of the market share! The Netcraft survey currently includes 342,081 servers. Check the details of the survey for yourself on Netcraft's Web site because this information changes monthly.

Ongoing Development

The Apache server was originally based on the NCSA code. Its development was started because of some security problems associated with the NSCA server and concerns for having an UNIX Web server that implemented some special features. Also driving the effort was a concern to somehow guarantee that a free UNIX server would always be available to the UNIX community. The Apache group was then formed, which developed a series of patches for the NCSA server—hence the name, Apache, from A PAtCHy server.

The Apache server has undergone several releases since its initial inception. There have been 32 different releases including five beta releases for version 1.1.0—the current version at the time of this writing is 1.1.1. However, by the time this book is printed, version 1.2 should be available. The Apache team develops new revisions faster than I can document. Bug fixes are addressed almost immediately. More importantly, advisories from Computer Emergency Response Team (CERT) Coordination Center and other parties are corrected immediately to ensure that no security problems are present in the server.

In terms of total code lines, the server has more than doubled from approximately 10,000 lines in its initial NCSA-fixed version, to over 25,000 in its current released incarnation (these counts include comment lines). In its current form, it bears little resemblance to the NCSA server; it's a whole new animal.

While all this performance is not an indication of anything but past performance, the development patterns are there. The main reason for Apache is to ensure that a freely available UNIX Web server is always available to the UNIX community. Apache was created so that there would be an HTTP server that functioned the way some WWW providers thought it ought to work. After all, many of the Apache programmers have real jobs involved with providing WWW services or Internet connectivity.

Performance and Resource Consumption

The Apache server offers superior performance than the NCSA server. It has a pre-forking model that manages a configurable amount of child processes. A preforking model is one where server processes are waiting to answer requests. Many servers start a process only when they receive a request. Once the request is fulfilled, the server process dies, requiring this cycle to start all over with the next request.

Under UNIX, forking (launching) a process can be very expensive. It takes time that a busy server doesn't have and creates an impact on the system that further aggravates performance. By preallocating a number of servers to wait for requests, Apache can respond quickly and more efficiently. By reusing already available servers to respond to new requests, Apache is able to gain additional performance because it spends more time serving requests than setting up and cleaning after itself.

Using a conservative approach, the number of children processes changes dynamically. As server demands change, the number of processes is adjusted accordingly. Children processes are reused for a certain number of connections after which the parent server process kills them and recycles those resources with a new process.

Apache also implements a new HTTP 1.1 draft feature: Keep-Alive persistent connections. (Apache 1.2 is fully HTTP/1.1 compliant.) Keep-alive allows a single TCP connection to serve several requests from a client. The original model instigated a new connection for each request, requiring the overhead of starting and closing a Transmission Control Protocol (TCP) connection with the server for each element in a page. If an HTML page referenced five images, a total of six different requests would be generated. Under the new persistent connection scheme, the six elements are transmitted through the same TCP connection. This approach increases performance on pages that contain multiple images by as much as 50 percent. However, this feature only works with supporting browsers (currently Netscape Navigator, Spyglass, and Microsoft's Internet Explorer) that provide browser support for this feature. Also, Keep-Alive connections only work if the size of a file is known beforehand, meaning that output from a CGI program doesn't benefit from the new connection model.

Secure Transaction Support

The standard Apache release does not provide secure transaction support. However, there are products based on the Apache source code that do (Apache-SSL and Apache-SSL-US). Both of these servers are fully compatible with Netscape's encryption mechanism, and rumor has it that these two products are the reason why the Netscape product offerings were drastically reduced in price.

Source Code Availability

Following UNIX's tradition of source code availability, Apache's source code is distributed with every copy at no extra charge, making it possible to compile your own customized version easily. This allows you to compile a version of Apache for a nonpopular UNIX box. Source code availability invariably plays an important role in UNIX software acceptance. On sites where stringent security is important, system administrators have the ability to examine the source code line by line, thus ensuring no undesirable effects or hidden security risks are present.

Technical Support

Great technical support for Apache is available from Usenet at comp.infosystems.www.servers.unix. Many members of the Apache team answer questions there regularly.

To search for questions that may have been already asked, surf to http://www.dejanews.com. Dejanews is a useful Usenet database. It archives all USENET newsgroups and has a fast search engine that allows you find the information you need in seconds. If your question has been asked before, it will be there.

Commercial support for Apache is available through a number of third-party organizations. One of the most popular is available from http://www.ukweb.com. However, it is expensive (around $1,500 per year).

Third-Party Support

Because of Apache's modular design, many third-party developers have programmed modules to meet their specific needs, such as custom authentication modules, embedded Perl interpreters, SSI scripting extensions, and so on. Chapter 7, "Third-Party Modules," covers many of the more important ones. Chances are good that something you need has already been developed by someone else. If the module you need was not included with the Apache release, you can probably find what you need at

 http://www.zyzzyva.com/erver/module_registry/

Some of the extensions and modules you'll find there include support for the following:

Cookie-based authentication

Support for setting the UID and GID of executing CGI scripts

User authentication using UNIX system account databases

Enhanced Server Side Include (SSI) modules

Embedded Perl interpreter

Kerberos-based authentication

Character set translators

Postgres95 and mSQL database user authentication modules

Web page counters

Extended log formats

NIS authentication

URI/URL rewriting modules

Tcl scripting processor

CGI module alternatives

Summary

The most important reason to use Apache should be subjective. It should be based on how Apache fits you. Software evaluation is like test-driving a car. You wouldn't buy a car just by looking at the brochure. To feel how you like the server, you need to test-drive it.

Luckily, most of the Web servers out there have some sort of demo version available. Unless you are going to customize some portion of the Apache server, such as writing a custom module, your commitment is small. Should a better product for UNIX appear, your HTML documents would migrate effortlessly. So your risk is minimal. To avoid a crap-shoot, test-drive the software and deploy on the basis of your experiences with it. Experience is your best guide.

While it is impossible to determine in a few hours if a solution will be the right one for you, the Internet is a close knit community of software junkies. Make use of the collective knowledge. Ask questions on Usenet and read the frequently asked questions (FAQ).

Apache is the choice for a server at accessLINK, Inc. They were NCSA users in the beginning, but a few features won them over and they have liked Apache ever since. To gain credibility, I don't have any association with the Apache group, save that I use their software and like it very much. The reasons why I use Apache are the subject of this book. Apache provides many features that make it a very powerful Web server. Its continued development has put pressure on even the high-powered brands that are currently available, which were complacent until recently.

Page Top Next Page