Apache addendum

About Apache configuration and use, already have many LinuxAid articles do a detailed exposition, this article discusses using Apache, use the configuration file and the file's access control and other content that is on the used Apache has done some additional! if you have some knowledge of Apache, in particular on several configuration file has the certain knowledge that will help you to understand the content of this article; if you happen to you very little about this several configuration files to use, so take this opportunity to familiarize yourself with it.

First, on the CGI script configuration there are two ways to set up the CGI script. First, the CGI script file to .cgi extension; the second, set the script executable directory. But either way you need to perform to 711 file is set to before they can be executed. The first method, we need in the access.conf file to the directory you want to release is set to a resource in srm.conf OptionExecCGIAll, configuration file, add the following sentence: AddHandlecgi-script.cgi so in all the directories as long as your file is the .cgi extension, and file access permissions to 711, regardless of the file in your release directory in any one place can be called by the Apache server CGI. This approach is generally not the second approach security. The second method is to place a directory as an executable directory and all of the cgi files are placed in them, this does not necessarily have to be to .cgi extension to the file you can do, but as long as there are 711 properties file can be executed, and other non-executable files are forbidden. Our default configuration file is a good example: access.con: AllowOverrideNone OptionsExecCGI srm.con ScriptAlias/cgi-bin//home/httpd/cgi-bin/so long as/home/httpd/cgi-bin/directory of the executable file can be called by the Web server, and other non-executable will be denied access. 2, configure users release directory there are two settings: the first is the default method, i.e. the user directory public_html directory as a user of the release directory, and the default master page file to index.html, and the directory does not support CGI. The second is in the other directory specifically for the user to set the publish directory, if I want to do as a user/home/html directory Web Directory, the administrator should be in the directory for each user to set a subdirectory, such as:/home/html/user02/home/html/user01, etc. So, your srm.conf file UserDir followed can no longer be public_html, and should be changed to: UserDir/home/html/*/, note that "*" on behalf of anyone, when you request a in a browser, such as http://www.domain/~user01 Apache server will automatically be transferred to your request, and then go to/home/html/user01 for index.html file. This setting does not need to set this directory in access.conf access properties, also, when we set up a virtual host or directory when you set the access properties, but if you want a directory with permissions to CGI to Access.conf file to configure the directory access permissions, such as: do you want to let your users in their publishing catalog have CGI access, you will need your access.conf in this setting: AllowOverrideNone OptionsExecCGI note here set user directory for cgi execution cgi-bin subdirectory of the directory, this is a safe setting, but also as a UNIX habit. III. how the Apache server is set to inetd child services when you installed Apache, the default is set to run standalone mode, if you want to set it as a child of the inetd service, first in each time you activate the Linux does not activate the httpd, and then edit/etc/inetd.conf to include the following statement: httpstreamtcpnowaitroot/usr/sbin/inetd httpdttpd then reactivate server. So you use ps-aux command to view the process is running, you will find the httpd process exists, but once a client requests a page, the inetd will activate a httpd process as the request for service, and then automatically releases, this operation will help to conserve system resources, but if your web service is very important, is usually not recommended to run this way. 4. do the httpd.conf to a unique profile in Apache to the user provides three configuration files: srm.conf and access.conf and httpd.conffiles. Indeed these three files are equal, all configuration can be placed in a separate httpd.conf file, in fact in the Apache1.3.2 have already done, in httpd.conf should include the following two directives to prevent Apache's srm.conf and access.conf two configuration files: ACcessConfig/dev/null ResourceConfig/dev/null in apache1.3.2 just comment out the following two lines: AccessConfigconf/access.con ResourceConfigconf/srm.con v. user authorization and access control, you may access certain Web sites encounter such a situation, when you click on a link, your browser will pop up a dialog box for the authentication, enter the account number and password is required, and if not, will not be able to continue browsing. Some people may think that this is done with CGI, but it is not, this is the WWW server of the user authorization and access control mechanisms in play. Do you remember when setting up Apache service environment, … .. this directive, the can on different directories offer different protection. But such a setting, you need to restart the server for the changes to take effect, flexibility, through the AccessFile directive specifies the access control files are more flexible, in the Apache server to set a user's access control permissions as follows: 1. first of all to the httpd.conf file is set up as follows: # AllowOverrideFileInfoAuthConfigLimit # OptionsMultiViewsIndexesSymLinksIfOwnerMatchIncludesNoExec OptionsIncludesFollowSymLinksIndexes AllowOverrideAll//* note that AllowOverride must be set to All, so that the back of the .htaccess file will work Orderallow, Allowfromall ## deny, allow # Orderdeny Denyfromall ## specify configuration access control permissions to the file name AccessFileName.htaccess 2, create a .htaccess file content to control access to a directory you must create an access control file, before the file name specified in the ".htaccess" and its contents with the following format: AuthUserFile file name for the user account passwords AuthGroupFile group account password file name AuthName screen tip text AuthType authentication password authentication mode user authentication AuthType currently offers two Basic and Digest. Password check setting method and related settings in the httpd.conf. Specific examples are as follows: AuthUserFile/etc/secure.user AuthName security certification center AuthTypeBasic requirevalid-user 3, building a user password file if you first create a user password, the command in the following format: htpasswd-c password file name user name in the above example, we set the user password file to/etc/secure.user file, so there should be as follows: htpasswd-c/etc/secure.usersword program will prompt you to enter the user's password, and user password file has been created, the user can also add a sword is completed. If you want to provide the password file to add a new user, follow the following format: htpasswd password file user name so that, after restarting httpd, the WEB Directory, there will be a dialog pop-up that asks for user name and user password. 4. how to reduce access control on Apache performance of frequent use access control on Apache performance have a greater impact, then, how can I reduce this? the simplest and most effective method of reducing the number of .htaccess file so that you can avoid Apache on each request to the .htaccess file contents for authorization checks. It not only in the current directory to find the .htaccess file, it will still be in the current directory's parent directory lookups. //Usr/usr/local/usr/local/etc/usr/local/etc/ttpd/usr/local/etc/httpd/htdocs/usr/local/etc/httpd/htdocs/docs usually in the root directory has no htaccess file, Apache will still conduct routine checks to determine if the file does not exist. This is a great impact on server efficiency. The following methods to remove this annoying procedure: AllowOverride Options is set to None, so Apache will check the .htaccess file. The/root directory AllowOverride Options is set to None, only need to access the control directory of AllowOverride Options is set to all, as in the following example will/root AllowOverride options turned off, just open the/usr/local/etc/httpd/htdocs directory AllowOerride option so that the system only checks the .htaccess file/usr/local/etc/httpd/htdocs, achieve improvedService efficiency. If root AllowOverrideNone AllowOverrideAll, other store WWW file directory, or you can take the same approach. For example: If you use the UserDir to allow users access to their own directories, AllowOverride settings as follows: AllowOverrideFileInfoIndexesIncludesNOEXEC 5, prevent access to specified file system has a number of the file is not suitable for the WWW user, such as: .htaccess and htpasswd, * .pl, etc., can be used to achieve this aim: denyfromall orderallow, deny user access controls three .htaccess .htpasswd and .htgroup file, (for user authorization), for security reasons, you should