Apache

HEERAH D, PESU
Apache

 Although we call Apache a web server, it is not a physical server, but rather a
software that runs on a server.

 Its job is to establish a connection between a server and the browsers of

website visitors (Firefox, Google Chrome, Safari, etc.) while delivering files
back and forth between them (client-server structure).

 Apache is a cross-platform software, therefore it works on both Unix and

Windows servers.

HEERAH D, PESU
 When a visitor wants to load a page on your website, for instance, the
homepage or your “About Us” page, their browser sends a request to your
server and Apache returns a response with all the requested files (text,
images, etc.).

 The server and the client communicate through the HTTP protocol and
Apache is responsible for the smooth and secure communication between the
two machines.

 Apache is highly customizable, as it has a module-based structure. Modules

allow server administrators to turn additional functionalities on and off.

HEERAH D, PESU
 Apache has modules for security, caching, URL rewriting, password
authentication, and more.

 You can also set up your own server configurations through a file
called .htaccess, which is an Apache configuration file supported with
all Hostinger plans.

HEERAH D, PESU
 An Apache web server can be an excellent choice to run your website
on a stable and versatile platform. However, it also comes with some
disadvantages you need to pay attention to.
 Pros:
 Open-source and free, even for commercial use.
 Reliable, stable software.
 Frequently updated, regular security patches.
 Flexible due to its module-based structure.
 Easy to configure, beginner-friendly.
 Cross-platform (works on both Unix and Windows servers).
 Works out of the box with WordPress sites.
 Huge community and easily available support in case of any problem.

HEERAH D, PESU
 Cons:

 Performance problems on extremely traffic-heavy websites.

 Too many configuration options can lead to security vulnerabilities.

HEERAH D, PESU
httpd
 HTTP Daemon is a software program that runs in the background of a web
server and waits for the incoming server requests. The daemon answers the
request automatically and serves the hypertext and multimedia documents
over the Internet using HTTP.

 HTTPd stands for Hypertext Transfer Protocol Daemon

 Apache HTTPD is an HTTP server daemon produced by the Apache

Foundation. It is a piece of software that listens for network requests (which
are expressed using the Hypertext Transfer Protocol) and responds to them. It
is open source and many entities use it to host their websites.

HEERAH D, PESU
 ServerRoot
 ServerRoot is the path to the server’s configuration, error and log files.

 It is possible to change this path, provided all the necessary files are copied to
the new location accordingly.

 The default location is /etc/httpd.

 The file is rich with easy-to-understand comments.

HEERAH D, PESU
HEERAH D, PESU
PidFile
 PidFile is the process identification number for the httpd.

 This process number is important, because Apache spawns numerous child

processes when running to accommodate the web traffic.

 It allows you to monitor and manipulate your server processes.

HEERAH D, PESU
ServerName
 ServerName gives the name and port that the server uses to
identify itself.

 This option is to set to your DNS hostname, or IP address (to find out your IP
address, run command "ipconfig"), or your computer name, or "localhost"
(localhost is meant for local loop-back testing only, you can also use the
localhost's IP address 127.0.0.1)

HEERAH D, PESU
HEERAH D, PESU
 /etc/hosts file
 The hosts file allows easy matching of names to IP addresses.

 In general, using the hosts file is a good way of testing your IP-to-name (or
vice versa) configurations before committing these changes into a production
environment.

HEERAH D, PESU
DocumentRoot

 DocumentRoot tells you where your web documents (html files, images etc)
should be located.

 It is possible to reference files in other directories using aliases and symbolic

links.

HEERAH D, PESU
HEERAH D, PESU
ErrorLog
 ErrorLog tells you where the log containing all server errors is located.

 This file is critical for debugging and solving server misconfiguration problems
and for propertrafficshaping.

 Bydefault, all messages with the value of warning(warn) and higher will be
logged. This is described in the LogLevel directive just below.

 The default location is logs/error_log.

 Please note that this is relative to the ServerRoot. Therefore, our log file is
/etc/httpd/logs/error_log.
HEERAH D, PESU
Listen
 TheListencommandtellstheWebserverwhatportstouseforincomingconnections.

 By default, port 80 is used, although any one or several can be used.

 The accepted conventions calls for using port 80 for non-secure web
communications (without any encryption of traffic).

 Secure web communications are normally handled on port 443.

HEERAH D, PESU
HEERAH D, PESU
 Access Control

HEERAH D, PESU
Access Control in Apache HTTP Server

 Access control deals with controlling access to a resource, which could be a

set of directories, files or locations.

 Access control can be based on the client's identity, which is

called authentication

 Access control could also be based on other criteria, such as the network
address, the time of day, the browser which the client is using, the types of
request methods, and etc.

HEERAH D, PESU
Directory Access Control

 This section deals with access control to directories. The following sections
will deal with access control to files and locations.

 <Directory>...</Directory>: can be used to apply access control to a set of

directories.

 Syntax:

HEERAH D, PESU
 The <directory> block directive encloses a set of access-control directives,
which will be applied to the matched directory(ies) and its sub-directories.
The directories specifies the directories applicable to this block.

 Options: controls what kinds of actions are permitted for the set of resources
under control.

 + (or -) adds (or removes) that particular option, relative to the current setting.
All the other options remain the same.

HEERAH D, PESU
The available options are:
•Indexes: If the client requests for a directory and there is no indexing file (e.g.,
"Index.html") in the directory, then the server will return a listing of the directory. If
"Indexes" option is disabled, the server returns error "403 Forbidden".

•ExecCGI: Allow execution of CGI script.

•Includes: Allow Server-Side Include (SSI).

•IncludesNOEXEC: Allow SSI, but disable #exec command and #exec CGI.

•FollowSymLinks: Follow symbolic links.

•SymLinksIfOwnerMatch: Follow symbolic links only if the owner is the same.

•MultiViews: Allow content negotiation, such as language negotiation.

•None: Nothing.

•All: All options except MultiViews. This is the default setting.

HEERAH D, PESU
Since the <Directory> matching applies to sub-directories, "/www" has
options Indexes and ExexCGI, "/www/sales" has option Indexes only
(the setting in the parent directory is ignored), and "/www/support" has
option ExecCGI (inherited from its parent directory).

HEERAH D, PESU
 For example, "Option +Indexes -ExecGGI" directive adds the "Indexes"
option and removes the "ExecCGI" option from the current setting. The other
options remain unaffected.

 In the above example, since –Indexes is the option, this sub-directory has
option ExecCGI and Indexes option is removed.

HEERAH D, PESU
Order: specifies the order in
which Allow and Deny directives are evaluated.

•Deny,Allow:
•Access is allowed by default, and the Deny directives are evaluated before
the Allow directives. Any client which does not match a Deny directive "or"
does match an Allow directive will be allowed access to the server. (The client is
allowed access if it is in both Deny and Allow list, as Allow is evaluated last.)

•Allow,Deny:
•Access is denied by default, and the Allow directives are evaluated before
the Deny directives. Any client which does not match an Allow directive "or"
does match a Deny directive will be denied access to the server. (A client in
both Allow and Deny will be denied access, as Deny is evaluated last.)

HEERAH D, PESU
HEERAH D, PESU
HEERAH D, PESU
 .htaccess

HEERAH D, PESU
What is .htaccess?
 .htaccess is a configuration file for use on web servers running the Apache Web Server
software.

 When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache
Web Server', then the .htaccess file is detected and executed by the Apache Web Server
software.

 These .htaccess files can be used to alter the configuration of the Apache Web Server
software to enable/disable additional functionality and features that the Apache Web
Server software has to offer.

 These facilities include basic redirect functionality, for instance if a 404 file not found
error occurs, or for more advanced functions such as content password protection or
image hot link prevention.

HEERAH D, PESU
 '.htaccess' is the filename in full, it is not a file extension.

 For instance, you would not create a file called, 'file.htaccess', it is simply
called, '.htaccess’.

 This file will take effect when placed in any directory which is then in turn
loaded via the Apache Web Server software.

 The file will take effect over the entire directory it is placed in and all files
and subdirectories within the specified directory.

HEERAH D, PESU
Password Protection

 The password protection and authentication systems offered by the Apache

Web Server are probably the most important use of .htaccess files.

 Very easily, we can password protect a directory (or multiple) of a web site
which require a username and password to access.

 The login procedure for these secure directories is handled automatically by

the web browser using a pop-up login interface (you've probably seen these
before).

 Passwords are also encrypted using one of the best encryption methods
available which ensures login credentials are kept secure.
HEERAH D, PESU
Adding MIME Types
 MIME types set what a file is, or rather what file extensions refer to what file
types.

 For example, a '.html' file extension refers to a HTML document, a '.zip' file
extension refers to a ZIP archive file.

 The server needs to know this so it knows how to deal with the file. This is
often used to create custom file extension for common file types.

HEERAH D, PESU
 To setup a MIME type, create a .htaccess file following the main instructions
and guidance which includes the following text:

 AddType text/html htm0

 'AddType' specifies that you are adding a MIME type. The second part is the
MIME type, in this case text or HTML, and the final part is the file extension,
in this example 'htm0'.

HEERAH D, PESU