Credits: This site powered by the vi text editor, apache webserver, perl scripting, and Debian linux.

Apache Webserver admin - Day 2

Goals

In this session you will learn:

virtual hosting
user websites
setting up options with the config and .htaccess
modules
SSI
CGI
PHP
mime handlers, actions
authentication
security

Capsule Review

POST

What port does HTTP run on by default?
what is the name of the apache executable?
What are some reasons that apache might fail to start?

virtual hosting p.61-2

named-based - relies on HTTP 1.1 browsers to pass names

	=====httpd.conf=====
	NameVirtualHost 123.123.321.1
	
	user apache
	group apache
	
	# first virtual (default site to catch old browser "fall-through"
	<VirtualHost default.mydomain.com>
	ServerName default.mydomain.com
	ServerPath /default
	DocumentRoot [/path]
	TransferLog [/path/to/log]
	ErrorLog [/path/to/log]
	ServerAdmin [email]
	</VirtualHost>

	# your own website
	<VirtualHost www.mydomain.com>
	ServerName www.mydomain.com
	ServerPath /www
	DocumentRoot [/path]
	TransferLog [/path/to/log]
	ErrorLog [/path/to/log]
	ServerAdmin [email]
	</VirtualHost>

	# client's site
	<VirtualHost www2.mydomain.com>
	ServerName www2.mydomain.com
	ServerPath /www2
	DocumentRoot [/path]
	TransferLog [/path/to/log]
	ErrorLog [/path/to/log]
	ServerAdmin [email]
	</VirtualHost>
	=====end,httpd.conf===

IP-based - DNS points to separate IPs, which you bind to your NIC - wasteful of IPs

	=====httpd.conf=====
	#remember to assign IPs in DNS, and bind them to your NIC	
	user apache
	group apache
	
	# your own website
	<VirtualHost 123.123.321.1>
	ServerName www.mydomain.com
	DocumentRoot [/path]
	TransferLog [/path/to/log]
	ErrorLog [/path/to/log]
	ServerAdmin [email]
	</VirtualHost>

	# client's site
	<VirtualHost 123.123.321.2>
	ServerName www2.mydomain.com
	ServerPath /www2
	DocumentRoot [/path]
	TransferLog [/path/to/log]
	ErrorLog [/path/to/log]
	ServerAdmin [email]
	</VirtualHost>
	=====end,httpd.conf===

port-based - run separate copies of apache listening on different ports - ICK!

user websites p.160

~ = "user's home directory"
userdir [dirname like public_html]
user's homedir will have to be at least 711

setting up options with the config and .htaccess p.127+

These can also go in .htaccess if Overrides are defined.

ExecCGI
Includes
IncludesNOEXEC (could weasel around wrappers)
Indexes

modules p16-18, 196+

FastCGI - acts like a broker to keep CGI processes alive
mod_throttle - hammer bandwidth
mod_perl - hold onto pseudocompiled code
mod_put - for netscape style editors
PHP/FI - .asp or .cfm-like parsed source

SSI p.179

Embed local documents or snippets

CGI p.79-83

BYOL
simplest possible model
trouble with debugging
security bit later

PHP

cf. asp model (scripting embedded in html)

simplest tag: <?php echo $HTTP_USER_AGENT; ?>

form parsing

RTFM

mime handlers, actions p.132-33

Add new mime types for users

authentication p. 105-07

htpasswd

AuthType basic
AuthName [somename here]
AuthUserFile [/path/to/unwebbable/passwords]

security

OS security
server must not run as root!
server must run as a separate user/group!
trap user CGI with a wrapper like cgiwrap that changes the effective uid
inspect /all/ input before running; accept only what is ok, rather than denying what is bad
frontpage extensions are evil on unix; use an NT box instead

http://www.mousetrap.net/syllabus/apache/day2.html
$Id: day2.orb,v 1.5 2002/07/05 16:57:00 mouse Exp $

Remember, your login is based on your machine's hostname, not on any other number.
~/[initials] refers to the subdirectory under your homedir, named after your initials. Everything except for .dotfiles will be stored in your ~/[initials] directory.