1. Lesson 9. The Apache Web Server
9.1. The Apache Web Server
Perhaps the second most1 popular network service available today is the world
wide web. In today’s lesson we will configure the Apache web server. The Apache web
server is produced by the ‘Apache Software Foundation’ (www.apache.org). The most
recent release of Apache is version 2.0. Few sites have adopted version 2.0, however,
since much add-in software only works with version 1.3. In this lesson, we will focus
on version 1.3.
9.1.1. Configuring Apache
Configuring Apache can be a complex process. Fortunately the default con-
figuration is usually reasonable. The configuration for Apache is stored in the
‘httpd.conf’ file.
The httpd.conf File
Unfortunately, the ‘httpd.conf’ file has no fixed location. Some systems have
it in ‘/etc/apache’, other systems have it elsewhere. Furthermore, older versions
of Apache split the configuration into three files, the other two called ‘access.conf ’
and ‘srm.conf ’.
There are a large number of options in the ‘httpd.conf ’ file, too many to cover
here. A few of the more important appear in Table 9.1.
In addition to these configuration options, it is possible to specify options
specific to a particular directory of web pages. An example is given below
<Directory /var/www>
Options Indexes FollowSymLinks ExecCGI
AllowOverride AuthConfig
order allow, deny
allow from all
</Directory>
The meaning of each of these configurtion options is described in Table 9.2.
The ‘.htaccess’ File
It is possible to cause Apache to require a username and password before
allowing access to the contents of a directory. This is done by placing a file called
1
Email is arguably the most popular.
78
2. 9.1. The Apache Web Server 79
Option Description
ServerType There are two possible servertypes, ‘standalone’ and ‘inetd’.
Standalone servers are designed to be run continuously in
the background processing web requests, whereas ‘inetd’
servers are invoked from inetd.
Port Specifieswhich port number Apache should listen on.
ServerAdmin Specifiesthe email address of the person responsible for the
web site.
MinSpareServers This option specifies the minimum number of apache pro-
cesses that should be running at any one time.
MaxSpareServers This option specifies the maximum number of apache pro-
cesses that should be running at any one time.
DocumentRoot This option specifies the location of the world wide web doc-
uments.
UserDir Specifies the name of a directory in a user’s home directory
where personal web pages are stored.
DirectoryIndex Sometimes a client will attempt to access a directory with-
out specifying a filename. The DirectoryIndex option speci-
fiesa number of filenamesthat are used when no filenameis
given.
Table 9.1. Configuration options in the ‘httpd.conf ’ file.
Option Description
Options The ‘Indexes’ option causes Apache to automatically generate a
list of files in a directory when no specific file is requested, and
no file in the directory has one of the DirectoryIndex names. If
the ‘ExecCGI’ option were missing, Apache would not execute
any CGI scripts in the directory.
AllowOverride The options specifiedin the ‘httpd.conf ’ filefor a particular direc-
tory can be overriden by a filecalled ‘.htaccess’ in that directory.
The AllowOverride option specifies which options can be over-
riden by the ‘.htaccess’ file.The ‘AuthConfig’option controls the
ability to require a password to access a web page.
order Definesthe order in which to process ‘allow’ and ‘deny’ options.
allow from Specifiesa host or domain name, or a (partial) IP address which
will be allowed access to the web pages in the directory.
deny from Specifiesa host or domain name, or a (partial) IP address which
will be denied access to the web pages in the directory.
Table 9.2. Configuration options inside the ‘<Directory>’ section.
3. 80 Lesson 9. The Apache Web Server
‘.htaccess’ in the directory to which you wish to restrict access. The ‘.htaccess’ file
contains configurationdirectives that override those given in the ‘httpd.conf ’ file.An
example ‘.htaccess’ file appears below.
AuthUserFile /usr/local/apache/etc/passwd
AuthGroupFile /dev/null
AuthName "The Secret Documents"
AuthType Basic
require valid-user
The meaning of each of these options is described in Table 9.3.
The HTPASSWD Command
The ‘htpasswd’ command is used to create and modify the password file(s)used
with Apache. The command
$ htpasswd -c /etc/apache/passwd jdoe
will prompt for a password and then create a new password file called
‘/etc/apache/passwd’ and add the user ‘jdoe’ with the specifiedpassword. Thereafter
the command
$ htpasswd /etc/apache/passwd jsmith
will add a new user called ‘jsmith’ to the ‘/etc/apache/passwd’ file.
9.1.2. Virtual Websites
It is common for a websites to be named after the company or organisation
which created them. Some websites, however, do not receive many hits. It would be
wasteful to dedicate a machine for such websites, when that machine could easily
serve a number of these sites. The problem is how we can cause Apache to serve
different web pages depending on which name was used to access the machine.
There are two solutions to this problem.
IP-Based Virtual Hosts
With IP-based virtual hosts, the DNS is configuredto resolve each website name
to a different IP address. IP aliasing is then used to allow a single machine to serve
all of the websites.
IP aliasing is a technique which enables a single network interface to have
multiple IP addresses assigned to it.1 In this way, one machine could serve several
web pages by determining which IP address was used to connect to it. For example,
suppose we wish to configure our ethernet interface with a second IP address
192.168.1.2 with netmask 255.255.255.0 using IP aliasing. The following commands
will do the trick:
1
The kernel must be configured to support IP aliasing, which is generally not the default.
4. 9.1. The Apache Web Server 81
Option Description
AuthUserFile The location of a filecontaining usernames and passwords. This
file is created and modified with the ‘htpasswd’ command.
AuthGroupFile The location of a filecontaining group membership information.
Access can be restricted to members of a particular group.
AuthName The name of the authorization realm. Mulitple directories can
share the same authorization realm. Once a user has logged
in to a particular authorization realm, they can access any
directory in the same authorization realm without needing to
log in again.
AuthType The type of authorisation used. Only ‘basic’ is available current-
ly. (Some clients are able to use ‘Digest’ but others cannot)
require Specifieswhich users can access the web pages in this directory.
The ‘valid-user’ option means any user in the AuthUserFile.
Access can be restricted to a particular user or users with
something like
require user janedoe johndoe
Table 9.3. Configuration options in the ‘.htaccess’ file.
$ ifconfig eth0:1 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
$ route add -host 192.168.1.2 dev eth0:1
Note that ‘eth0:1’ is used for the interface name. It is possible to configure the
interface with several IP addresses using ‘eth0:2’, ‘eth0:3’ etc. Also note the use of
the ‘-host’ option to ‘route’.
Once this is accomplished, we need to configure Apache so that it will respond
with different web pages based on the IP address used when the client connected to
the Apache server. To do this, we use the ‘VirtualHost’ directive in the ‘httpd.conf ’
file.For example:
<VirtualHost host.some_domain.com>
ServerName host.some_domain.com
ServerAdmin webmaster@host.some_domain.com
DocumentRoot /var/www/host.some_domain.com
ErrorLog /var/log/apache/host.some_domain.com-error.log
TransferLog /var/log/apache/host.some_domain.com-access.log
</VirtualHost>
In the example we assume the name ‘host.some_domain.com’ is mapped to one
of the IP addresses on our aliased ethernet interface. The ‘VirtualHost’ directive
describes the configuration which is specific to that website. We have seen some of
the options before. Those we haven’t are described in Table 9.4.
Once this is done, the aliased interface can be used to serve a different set of
5. 82
Option Description
ServerName The name used for the server.
ErrorLog Specifiesa file where error messages should be logged.
TransferLog Specifiesa file where transfers should be logged.
Table 9.4. Configuration options in the ‘<VirtualHost>’ section.
web pages. Unfortunately this scheme requires one IP address for each website,
even though there is only one machine. This is not an efficient use of already scarce
IP addresses.
Name-Based Virtual Hosts
Name-based virtual hosts are similar to IP-based virtual hosts with the excep-
tion that they do not require an IP address for every website. The DNS is configured
so that many names map to the same IP address. Apache is configured in a similar
way to that used for IP-based virtual hosts. Unfortuneately, name-based virtual
hosts only work with browsers that support HTTP 1.1 or above.
To configurename-based virtual hosts, the ‘NameVirtualHost’ directive is used
in the apache configuration, followed by the ‘VirtualHost’ directive we saw before.
The ‘NameVirtualHost’ directive instructs Apache to serve multiple websites from
the specified IP address. For example
NameVirtualHost 192.168.1.1
<VirtualHost 192.168.1.1>
ServerName host.some_domain.com
DocumentRoot /var/www/host.some_domain.com
ServerAdmin webmaster@host.some_domain.com
</VirtualHost>
<VirtualHost 192.168.1.1>
ServerName something.completely.different.net
DocumentRoot /var/www/something.completely.different.net
ServerAdmin webmaster@completely.different.net
</VirtualHost>
In this configuration,two names are mapped to the IP address 192.168.1.1, and the
‘NameVirtualHost’ directive instructs Apache to redirect requests coming in on that
IP to the relevant virtual host.
9.2. Exercises
1. How could Apache be configured to deny access to its web pages from all
machines in the ‘ug.cs.usyd.edu.au’ domain? You will need to ensure that your
6. 9.2. Exercises 83
‘order’ directive is correct. Refer to the Apache website (httpd.apache.org) if you
require more information.
2. How could Apache be configured to restrict access to group of users using the
AuthGroupFile option? Further information on the syntax can be found on the
Apache website.
3. What options, other than ‘Indexes’, ‘FollowSymLinks’, and ‘ExecCGI’, can be
used with the ‘Options’ directive described in Table 9.2.
4. Suppose you are using IP aliasing (described in Section 9.1.2) and have config-
ured your ethernet interface with the IP addresses 192.168.1.1 and 192.168.1.2,
using the netmask 255.255.255.0. How would you configurethe ethernet inter-
face with a third IP address, 192.168.1.3?
Further Reading
Chapter 22 of E. Nemeth, G. Snyder, S. Seebass and T. Hein. Unix System Adminis-
tration Handbook. Prentice Hall. 3rd Edition, 2001.
The Apache Software Foundation. The Apache HTTP Server Project. URL
http://httpd.apache.org/.