Introduction A basic web server works as follows : It is a program that runs on a host computer. It waits for a request from web browser/client for objects it has in its possession Upon receiving the request (GET command from client), it retrieves the requested information and sends it to the client. The objects it can serve include HTML documents, plain text, images, sounds, video and other data.
Introduction Apache is the most popular web server on the internet, running approximately 60% of all web servers. This is the default web server on Red Hat, SuSE, and Debian systems and is well known in industry for its flexibility and performance.
Introduction Installing and maintaining is easy and ranks far below email and DNS in complexity & difficulty of administration. Its free and open source and full source code is available from Apache group site at www.apache.org.www.apache.org
Why Apache ? Apache’s popularity is due to : Apache is highly configurable. It is extensible (for e.g. mod_perl and mod_php3 can be added). Supports virtual hosts or multi homed servers. It is free and open source.
Installation Apache is included with most Linux distributions. On a machine installed with recent version of Linux, chances are Apache is already installed and running. Processor status can be checked to see if its running by using the command machine1$ ps –ef | grep httpd
Installation If one wishes to download the source code and compile it then, Execute the configure script included with the distribution to detect type of system used and set up appropriate makefiles. use --prefix option to specify where in ones directory tree the Apache server should live.
Installation For example : %./configure --prefix=/etc/httpd Default modules can be used or some features may be included or removed by invoking -enable-module= and -disable-module= options to configure.
Installation Some modules like asis, autoindex, env may be disabled for security reasons. A complete list of modules can be viewed at src/configuration file or http://www.apache.org/docs/mod/index.html After executing configure run make and make install to actually compile and install the appropriate files.
Configuration All configuration files are in conf directory ( /etc/httpd/conf). The files that are to be examined and customized are httpd.conf, srm.conf and access.conf. httpd.conf is used to set the TCP port (usually port 80), location of log files, and various network and performance parameters
Configuration srm.conf file defines the root of the directory tree in which servable documents are located. access.conf file manages security concerns. This file contains directives that control access on a per-file or per- directory basis.
Running Apache Apache can be started from machine’s rc scripts or initiated by hand with % /usr/sbin/httpd –f /etc/httpd/conf/httpd.conf It can be started automatically at boot time by making a link in rc directory that points to /etc/init.d/httpd.
Security Modifying the Default Header : A hacker can exploit a web server by the information it sends in its header ( version, machine type, its built-up etc). Its always better to modify the default header by changing the lines that reveals this information in src/include/httpd.h file.
Security Upgrading old software when necessary. Protecting Web Data with IP Restrictions : Apache can be configured to allow restricted IP addresses only. This can be done by adding following lines in.htaccess : Order Deny, Allow Deny from All Allow from 192.168.1.100 Allow from 192.168.1.101
Security Using HTTP Authentication : HTTP user authentication restricts access to a particular directory and subdirectories of the web server. A browser implements authentication by prompting a dialog box for the user to type his username/password.
Security Using Secure HTTP Connections : The Secure Socket Layer (SSL) should be used to minimize the likelihood that a hacker can snoop a username/password. SSL not only encrypts the data before it is transferred to the web site, but also it decrypts the data received from the web site, thus securing the data transfers.