Apache Server Survival Guide asg08.htm

Previous Page TOC Next Page



8


Apache Configuration Overview


The Apache server loads most of its configuration settings from a series of files at runtime when the server starts up. These files specify directives that control the behavior of the server. As you explore and exploit additional functionality of your server, you will be referring to the main configuration files for your changes.

Understanding the structure of the configuration files may help you find what you need more effectively. Although you could create a giant master configuration file, this usually doesn't work from a practical point of view because you'll spend a lot of time searching through a single, large file for what you need. Some of the configuration files are already several pages in length. If you were to combine them, it would only make searching a more complicated task.

Apache Configuration Files


Apache reads its configuration from several files located in the conf directory of your server root:

  • httpd.conf

  • srm.conf

  • access.conf

  • mime.types


httpd.conf


httpd.conf contains the main server configuration information. The basic behavior of the server is contained in this file, such as how it runs, UIDs it runs under, what port it listens to, performance issues, and information on how to find other configuration files.

srm.conf


srm.conf is the server's resource configuration file. The directives in this configuration file define the namespace that users can access on your server and the settings that affect how requests are serviced and formatted. The directives in this file control the location of the various resources that the server will access to retrieve information, such as DocumentRoot, the path to user's home pages, the location of the cgi-bin directory, the file the server looks for when the URL ends in a directory, the icons and format the server uses for displaying automatic directory listings, and so on. Directives in this file also map other areas of your UNIX file system into the server's document tree. This allows you to store resources, such as your cgi-bin directory, and make them available as if they were located within the directory specified by DocumentRoot.

access.conf


access.conf is the server's global access-configuration file. This file defines the types of services that are allowed and under what circumstances. Careful configuration of this file is important because many security issues can be avoided if you do your configuration correctly. access.conf defines whether the server will handle server-side includes, execute CGI programs, follow symbolic links, or generate automatic indexes of directories when an index.html file is not found. Many aspects can be overridden by allowing use of per-directory access files (.htaccess files); however, this has a very adverse consequence on the performance of the server. If you can manage it, it is much better to handle all access-configuration issues in the global access-configuration file.

mime.types


The mime.types file more than likely won't ever need configuration from you. This file maps MIME formats to file types that the server uses to know which files comply with which MIME standard. Remember that your browser always sends a header like


HTTP_ACCEPT = image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

that informs the server of the various types it is able to handle. This file provides the crucial mapping that allows your server to understand the content of a file from its extension.

Organization of the Configuration Directives


It's hard to group directives into descriptive categories. The Apache approach has been to classify directives based on whether their functionality is part of the server core or added by optional modules.

Core directives are directives that are always available; the code and modules that incorporate core functionality are built in. This functionality is central to the operation of the Apache Web server.

Other directives is a broad category that includes everything else that is not part of the core. These directives enhance the server. Many of them are actually included in the default server configuration (also called the base) because they are incredibly useful. Directives that are part of the base build, are available for use without the need to recompile the server.

In addition to core and other directives, there are many other directives provided by optional modules. I call these specialized directives because they add specialized functionality that not all servers will need.

I find this broad classification not clear in terms of providing a good description of what is available right out of the box. I have further classified directives into subgroups (see Tables 8.1 and 8.2). I hope this will help portray the overall set of directives more clearly. Some directives may fit into one or more categories, but for clarity, I included them in only one category each.

Table 8.1. Apache core and base directives.

Directive Type Implemented In Base
ErrorLog Accounting Core
HostNameLookups Accounting Core
PidFile Accounting Core
TransferLog Accounting mod_log_common(mod_log_common) Yes
ResourceConfig Additional configuration files Core
AccessConfig Additional configuration files Core
AccessFileName Additional configuration files Core
TypesConfig Additional configuration files mod_mime Yes
AddDescription Automatic indexing mod_dir Yes
AddIcon Automatic indexing mod_dir Yes
AddIconByEncoding Automatic indexing mod_dir Yes
AddIconByType Automatic indexing mod_dir Yes
DefaultIcon Automatic indexing mod_dir Yes
FancyIndexing Automatic indexing mod_dir Yes
HeaderName Automatic indexing mod_dir Yes
IndexIgnore Automatic indexing mod_dir Yes
IndexOptions Automatic indexing mod_dir Yes
ReadmeName Automatic indexing mod_dir Yes
DirectoryIndex Automatic indexing mod_dir Yes
PassEnv CGI mod_env Yes
SetEnv CGI mod_env Yes
ErrorDocument Error handling Core
ServerAdmin Error handling Core
Action MIME, language, or handler management mod_actions Yes
Script MIME, language, or handler management mod_actions Yes
AddHandler MIME, language, or handler management mod_mime Yes
SetHandler MIME, language, or handler management mod_mime Yes
DefaultType MIME, language, or handler management Core
AddEncoding MIME, language, or handler management mod_mime Yes
AddLanguage MIME, language, or handler management mod_mime Yes
AddType MIME, language, or handler management mod_mime Yes
ForceType MIME, language, or handler management mod_mime Yes
LanguagePriority MIME, language, or handler management mod_negotiation Yes
XBitHack MIME, language, or handler management mod_include Yes
CacheNegotiatedDocs Proxy server/Cache management mod_negotiation Yes
ScriptAlias Resource location mod_alias Yes
Alias Resource location mod_alias Yes
Redirect Resource location mod_alias Yes
UserDir Resource location mod_userdir Yes
KeepAlive Resource management Core
KeepAliveTimeout Resource management Core
MaxClients Resource management Core
MaxRequestsPerChild Resource management Core
MaxSpareServers Resource management Core
MinSpareServers Resource management Core
StartServers Resource management Core
TimeOut Resource management Core
<Directory> Security/Access control Core
<Limit> Security/Access control Core
<Location> Security/Access control Core
AllowOverride Security/Access control Core
AuthName Security/Access control Core
AuthType Security/Access control Core
Options Security/Access control Core
require Security/Access control Core
IdentityCheck Security/Access control Core
Group Security/Access control Core
User Security/Access control Core
allow Security/Access control mod_access Yes
deny Security/Access control mod_access Yes
order Security/Access control mod_access Yes
AuthGroupFile Security/Access control mod_auth Yes
AuthUserFile Security/Access control mod_auth Yes
ImapBase Server-side image map mod_imap Yes
ImapDefault Server-side image map mod_imap Yes
ImapMenu Server-side image map mod_imap Yes
BindAddress Server I/O configuration Core
Listen Server I/O configuration Core
Port Server I/O configuration Core
<VirtualHost> Server I/O configuration Core
ServerAlias Server I/O configuration Core
ServerName Server I/O configuration Core
ServerType Server I/O configuration Core
ServerPath Server I/O configuration Core

Table 8.2. Apache specialized directives.

Directive Type Implemented In
CookieLog Accounting mod_cookies
AgentLog Accounting mod_log_agent
LogFormat Accounting mod_log_config
TransferLog Accounting mod_log_config
RefererIgnore Accounting mod_log_referer
RefererLog Accounting mod_log_referer
LoadFile External module loading mod_dld
LoadModule External module loading mod_dld
MetaDir Meta header mod_cern_meta
MetaSuffix Meta header mod_cern_meta
CacheDefaultExpire Proxy server/Cache management mod_proxy
CacheGcInterval Proxy server/Cache management mod_proxy
CacheLastModified Proxy server/Cache management mod_proxy
CacheMaxExpire Proxy server/Cache management mod_proxy
CacheRoot Proxy server/Cache management mod_proxy
CacheSize Proxy server/Cache management mod_proxy
NoCache Proxy server/Cache management mod_proxy
ProxyPass Proxy server/Cache management mod_proxy
ProxyRemote Proxy server/Cache management mod_proxy
ProxyRequests Proxy server/Cache management mod_proxy
Anonymous Security/Access control mod_auth_anon
Anonymous Authorative Security/Access control mod_auth_anon
Anonymous LogEmail Security/Access control mod_auth_anon
Anonymous VerifyEmail Security/Access control mod_auth_anon
AuthDBGroupFile Security/Access control mod_auth_db
AuthDBUserFile Security/Access control mod_auth_db
AuthDBMGroupFile Security/Access control mod_auth_dbm
AuthDBMUserFile Security/Access control mod_auth_dbm
Auth_MSQL_Authorative Security/Access control mod_auth_msql
Auth_MSQL_EncryptedPasswords Security/Access control mod_auth_msql
Auth_MSQLdatabase Security/Access control mod_auth_msql
Auth_MSQLgrp_field Security/Access control mod_auth_msql
Auth_MSQLgrp_table Security/Access control mod_auth_msql
Auth_MSQLhost Security/Access control mod_auth_msql
Auth_MSQLnopasswd Security/Access control mod_auth_msql
Auth_MSQLpwd_field Security/Access control mod_auth_msql
Auth_MSQLpwd_table Security/Access control mod_auth_msql
Auth_MSQLuid_field Security/Access control mod_auth_msql
AuthDigestFile Security/Access control mod_digest

As you can see, Apache is well equipped right from a basic configuration, and the specialized directives add a myriad of features. These additional modules enhance existing functionality by providing additional ways to perform a function, such as user authentication, or add completely new server features. Some modules such as mod_proxy implement a totally different kind of server, a proxy server.

Directives can be subclassified as

  • Accounting directives

  • Additional configuration file directives

  • Automatic indexing directives

  • Error-handling directives

  • MIME type, language, and handler directives

  • Resource-location directives

  • Resource-management directives

  • Security and access-control directives

  • Server I/O configuration directives

  • Server-side image map directives

  • Proxy server and cache-management directives


Accounting Directives


These directives set the location of log files where Apache will record data about the server operation, such as server access information.

Additional Configuration File Directives


The server will look for additional configuration information in the files specified by these directives. The server has compiled in defaults settings for these directives so if a directive is not overridden, the server will attempt to read additional configuration information from the compiled-in defaults.

Automatic Indexing Directives


These directives control what gets returned when a request is for a directory: http://localhost/directory/. First, the server will try to return an user-generated index file in directory that matches the DirectoryIndex file specification. If a user-generated index is not found, the server will automatically create an index file. Typical automatic indexes look like directory listings, but they can be quite fancy and graphical. Listings can associate an icon and description based on the file type or name and incorporate headers and readme information.

Error-Handling Directives


Apache can be configured to provide informational error messages. It provides a directive that lets you customize what gets returned when an error is generated for a request.

MIME, Language-Management, or Handler-Management Directives


These directives allow you to map a file extension into a MIME type. Some of the MIME types are processed by a program prior to returning data to the server. Programs that perform this processing are called handlers. For example, CGI programs that live in a cgi-bin directory or have a .cgi extension are processed by the mod_cgi module. The server passes execution to a handler program that knows how to deal with the special file type or condition.

Resource Location Directives


These directives help the server find files. They define places where you can put CGI programs, or where documents you publish on the Web live.

Resource-Management Directives


Resource-management directives control issues that affect the performance of the server. Default settings for many of these directives should not be changed unless there's a good reason for it, and you understand what you are doing. Apache manages many of its resources dynamically. Arbitrarily modifying these default settings can adversely affect the performance of the server.

Security and Access-Control Directives


Directives of this kind affect the security of your site in one way or another. They set the UID and GUI the server runs as, control who has access to what resources, and implement access control and user-validation measures. The <Directory>, <Limit>, and <Location> sections allow you to group a series of settings on a directory or URL basis.

Server I/O Configuration Directives


These directives control the IP and the port the server listens to for requests, as well as some other basic (and not-so-basic) things regarding the normal operation of the server.

Server-Side Image Map Directives


Apache has a built-in module to handle server-side image maps. Traditionally, image maps have been implemented with CGI programs. Incorporating image map handling into the server core provides a significant enhancement in performance. This functionality is really a subcategory of the MIME, language management, or handler management directives, but its functionality is distinct enough to merit its own category.

Proxy Server and Cache-Management Directives


Starting with Apache 1.1, Apache is able to function as a caching proxy server. This allows the server to make transactions on behalf of a browser and store the results in a cache. Future requests to the same URL by a different user in the network are satisfied from the cache, reducing the load of the network. These directives control the cache management: how long files will be cached, and how big the cache can grow.

Summary


The next two chapters will explain with great detail all the directives available in Apache. When searching for a directive, you may want to reference the tables in this chapter because the next two chapters organize directives alphabetically and by module for ease of reference.

Previous Page Page Top TOC Next Page