2. Table Of Content
A. What is Web Server and how it works?
B. How Web Request Works
C. What is Proxy Web Server and how it works?
D. Type of Proxies
E. What is a Thread and a Process?
F. What is Apache?
G. MPM (Multi-Processing Module)
H.What are PHP handlers or Module for
Apache?
I. Important Directories of Apache
J. Configuration
3. A web server is a computer system that processes requests via HTTP, the basic network protocol used
to distribute information on the World Wide Web.
The primary function of a web server is to store, process and deliver web pages to clients. The
communication between client and server takes place using the Hypertext Transfer Protocol (HTTP).
Pages delivered are most frequently HTML documents, which may include images, style sheets and
scripts in addition to text content.
What is Web Server and how it works?
4. When you connect to the URL of someone's home page -- say http:// www.example.com/
A URL such as http://www.example.com/ comes in three parts:
<method>://<host>/<absolute path URL (apURL)>
So, in our example, < method> is http, meaning that the browser should use HTTP (Hypertext
Transfer Protocol); <host> is www.example.com; and <apURL> is "/ ", meaning the top directory of
the host. Using HTTP/1.1, your browser might send the following request:
The request arrives at port 80 (the default HTTP port) on the host www.example.com.
The message is again in three parts: a method (an HTTP method, not a URL method), that in this
case is GET; the Uniform Resource Identifier (URI) "/"; and the version of the protocol we are using.
GET / HTTP/1.1
Host: www.example.com
How Web Request Works
5. When the server receives the HTTP request it locates the appropriate document and returns it.
However, an HTTP response is required to have a particular form. It must look like this:
HTTP/[VER] [CODE] [TEXT]
Field1: Value1
Field2: Value2 ...
Document content here...
The first line shows the HTTP version used, followed by a three-digit number (the HTTP status code)
and a reason phrase meant for humans. Usually the code is 200 (which basically means that all is
well) and the phrase "OK". The first line is followed by some lines called the header, which contains
information about the document. The header ends with a blank line, followed by the document
content. This is a typical header:
HTTP/1.0 200 OK
Server: Netscape-Communications/1.1
Date: Tuesday, 25-Nov-97 01:22:04 GMT
Content-length: 6372
Content-type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML> ...followed by document content...
6. Proxy server is an intermediary server between client and the internet. Proxy servers
offers the following basic functionalities:
Firewall and network data filtering.
Network connection sharing
Data caching
What is Proxy Web Server and how it works?
Proxy servers allow to hide, conceal and make your network id anonymous by hiding your
IP address.
Purpose of Proxy Servers
Monitoring and Filtering
Improving performance
Accessing services anonymously
Security
7. Type of Proxies
Forward Proxies
In this the client requests its internal network
server to forward to the internet.
Open Proxies
Open Proxies helps the clients to conceal their IP
address while browsing the web.
Reverse Proxies
In this the requests are forwarded to one or more
proxy servers and the response from the proxy
server is retrieved as if it came directly from the
original Server.
8. What is a Thread and a Process?
A process is an executing instance of an application.
A thread is a path of execution within a process.
A process can contain multiple threads.
A thread can do anything a process can do.
A thread could be considered a ‘lightweight’ process.
Threads are used for small tasks, whereas processes are used for more ‘heavyweight’ tasks – basically
the execution of applications.
Difference between a thread and a process is that threads within the same process share the same
address space, whereas different processes do not. This allows threads to read from and write to the
same data structures and variables, and also facilitates communication between threads.
9. Apache is a remarkable piece of application software. It is the most widely used Web Server
application in the world.
Apache is the most widely used Web Server application in Unix-like operating systems.
It is a modular, process-based web server application that creates a new thread with each
simultaneous connection. It supports a number of features; many of them are compiled as separate
modules and extend its core functionality, and can provide everything from server side
programming language support to authentication mechanism.
Virtual hosting is one such feature that allows a single Apache Web Server to serve a number of
different websites.
What is Apache?
10. Apache uses one of following MPM (Multi-Processing Module) for handling incoming requests and
processes them
Prefork MPM:- Prefork MPM launches multiple child processes. Each child process handle one
connection at a time.
Prefork uses high memory in comparison to worker MPM. Prefork is the default MPM used by
Apache2 server. Preform MPM always runs few minimum (MinSpareServers) defined processes as
spare, so new requests do not need to wait for new process to start.
Worker MPM:- Worker MPM generates multiple child processes similar to prefork. Each child
process runs many threads. Each thread handles one connection at a time.
In sort Worker MPM implements a hybrid multi-process multi-threaded server. Worker MPM uses
low memory in comparison to Prefork MPM.
Event MPM:- It is pretty similar to worker MPM but it designed for managing high loads.
This MPM allows more requests to be served simultaneously by passing off some processing work to
supporting threads. Using this MPM Apache tries to fix the ‘keep alive problem’ faced by other MPM.
When a client completes the first request then the client can keep the connection open, and send
further requests using the same socket, which reduces connection overload.
MPM (Multi-Processing Module)
11. What are PHP handlers or Module for Apache?
A PHP handler is the interpreter that interpret and run PHP code. PHP handler takes all of your
PHP code and generates the output which is then sent to the web server which forwards it on to the
user.
3 major PHP handlers available on Apache. These include mod_php (AKA DSO), FastCGI, and
suPHP.
mod_php (DSO)
DSO (Dynamic Shared Object) or mod_php is the oldest and fastest PHP handler.
mod_php is fast as it runs directly in the same process as your Apache server. Running it together
with Apache also means that it has a very low CPU and memory requirement which may be
beneficial in situations where computing resources are limited.
mod_php is that it runs as part of Apache which means that it runs as the same user that your
Apache process runs as. If you don’t give permissions to them to the Apache user the web server will
not be able to read or write to the files, but if you do give access to them to the Apache user and your
machine is compromised by an attacker.
12. suPHP
suPHP is a PHP handler for executing PHP scripts with the permissions of their owners. In other
words, suPHP helps you avoid permissions issues when running your php scripts.
When running PHP as suPHP all of your PHP scripts are executed as the user whose home directory
you are in. Using the example above, if you were to run a PHP script
in /home/userA/public_html/write-a-file.php the file would be executed as user ‘userA’ (the owner
of the account).
FastCGI
FastCGI is the last major PHP handler. It offers the security benefits of suPHP by executing files as
the owner of the file. Unlike suPHP however it keeps open a session for the file when the processing
is done resulting in significant memory use but also allowing for the use of memcached. If you do
have the memory for it however FastCGI is arguably the fastest handler even in comparison with
mod_php.
14. conf
Contains the configuration file(s), of which httpd.conf is the most important.
htdocs
Contains the HTML scripts to be served up to the site's clients. This directory and those below it, the
web space, are accessible to anyone on the Web and therefore pose a severe security risk if used for
anything other than public data.
logs
Contains the log data, both of accesses and errors.
Important Directories of Apache
15. Configuration
Apache configuration files are located in /etc/httpd/conf. The main configuration file
is /etc/httpd/conf/httpd.conf, which includes various other configuration files.
ServerRoot
The ServerRoot directive specifies the top-level directory containing website content. By
default, ServerRoot is set to "/etc/httpd" for both secure and non-secure servers.
PidFile
PidFile names the file where the server records its process ID (PID). By default the PID is listed
in /var/run/httpd.pid.
Timeout
Timeout defines, in seconds, the amount of time that the server waits for receipts and transmissions
during communications. Timeout is set to 300 seconds by default, which is appropriate for most
situations.
General Configuration
Apache HTTP Server is configured by placing directives in plain text configuration files.
The main configuration file is usually called httpd.conf.
16. KeepAlive
KeepAlive sets whether the server allows more than one request per connection and can be used to
prevent any one client from consuming too much of the server's resources.
MaxKeepAliveRequests
This directive sets the maximum number of requests allowed per persistent connection. The Apache
Project recommends a high setting, which improves the server's performance.
MaxKeepAliveRequests is set to 100 by default, which should be appropriate for most situations.
KeepAliveTimeout
KeepAliveTimeout sets the number of seconds the server waits after a request has been served before
it closes the connection. Once the server receives a request, the Timeout directive applies instead.
KeepAliveTimeout is set to 15 seconds by default.
IfModule
<IfModule> and </IfModule> tags create a conditional container which are only activated if the
specified module is loaded. Directives within the IfModule container are processed under one of two
conditions. The directives are processed if the module contained within the starting <IfModule> tag
is loaded.
17. MPM Specific
StartServers
StartServers sets how many server processes are created upon startup
MaxRequestsPerChild
MaxRequestsPerChild sets the total number of requests each child server process serves before the
child dies.
MaxClients
MaxClients sets a limit on the total number of server processes, or simultaneously connected clients,
that can run at one time.
MinSpareServers and MaxSpareServers
These Values are only used with the prefork MPM.
The MaxSpareServers directive sets the desired maximum number of idle child server processes. An
idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then
the parent process will kill off the excess processes..
The MinSpareServers directive sets the desired minimum number of idle child server processes. An
idle process is one which is not handling a request. If there are fewer than MinSpareServers idle,
then the parent process creates new children
18. MinSpareThreads and MaxSpareThreads
These values are only used with the worker MPM. The server checks the number of server threads
waiting for a request and kills some if there are more than MaxSpareThreads or creates some if the
number of servers is less than MinSpareThreads.
ThreadsPerChild
This value is only used with the worker MPM. It sets the number of threads within each child process.
The default value for this directive is 25.
Listen
The Listen command identifies the ports on which the Web server accepts incoming requests.
Include
Include allows other configuration files to be included at runtime.
User
The User directive sets the user name of the server process and determines what files the server is
allowed to access.
Group
Specifies the group name of the Apache HTTP Server processes.
ServerName
ServerName specifies a hostname and port number for the server.
19. DocumentRoot
The DocumentRoot is the directory which contains most of the HTML files which are served in
response to requests. The default DocumentRoot for both the non-secure and secure Web servers is the
/var/www/html directory. For example, the server might receive a request for the following document.
Directory
<Directory /path/to/directory> and </Directory> tags create a container used to enclose a group of
configuration directives which apply only to a specific directory and its subdirectories. Any directive
which is applicable to a directory may be used within Directory tags.
<Directory /home/my_cgi_directory>
Options +ExecCGI
</Directory>
AllowOverride
Allow
Deny
UserDir
DirectoryIndex
AccessFileName
CustomLog
ErrorLog
VirtualHost
<VirtualHost> and </VirtualHost> tags create a container outlining the characteristics of a virtual
host. The VirtualHost container accepts most configuration directives.