Книга: Fedora™ Unleashed, 2008 edition

Apache Modules

Apache Modules

The Apache core does relatively little; Apache gains its functionality from modules. Each module solves a well-defined problem by adding necessary features. By adding or removing modules to supply the functionality you want Apache to have, you can tailor the Apache server to suit your exact needs.

Nearly 50 core modules are included with the basic Apache server. Many more are available from other developers. The Apache Module Registry is a repository for add-on modules for Apache, and it can be found at http://modules.apache.org/. The modules are listed in the modules directory under /etc/httpd/, but the following directory is a link to the /usr/lib/httpd/modules directory where the modules reside (your list might look different):

mod_access.so      mod_cern_meta.so mod_log_config.so    mod_setenvif.so
mod_actions.so     mod_cgi.so       mod_mime_magic.so    mod_speling.so
mod_alias.so       mod_dav_fs.so    mod_mime.so          mod_ssl.so
mod_asis.so        mod_dav.so       mod_negotiation.so   mod_status.so
mod_auth_anon.so   mod_dir.so       mod_perl.so          mod_suexec.so
mod_auth_dbm.so    mod_env.so       mod_proxy_connect.so mod_unique_id.so
mod_auth_digest.so mod_expires.so   mod_proxy_ftp.so     mod_userdir.so
mod_auth_mysql.so  mod_headers.so   mod_proxy_http.so    mod_usertrack.so
mod_auth_pgsql.so  mod_imap.so      mod_proxy.so         mod_vhost_alias.so
mod_auth.so        mod_include.so   mod_python.so        mod_autoindex.so
mod_info.so        mod_rewrite.so

Each module adds new directives that can be used in your configuration files. As you might guess, there are far too many extra commands, switches, and options to describe them all in this chapter. The following sections briefly describe a subset of those modules available with Fedora's Apache installation.

mod_access controls access to areas on your web server based on IP addresses, hostnames, or environment variables. For example, you might want to allow anyone from within your own domain to access certain areas of your web. Refer to the "File System Authentication and Access Control" section earlier in this chapter for more information.

mod_alias manipulates the URLs of incoming HTTP requests, such as when redirecting a client request to another URL. It also can map a part of the file system into your web hierarchy. For example,

Alias /images/ /home/wsb/graphics/

fetches contents from the /home/wsb/graphics directory for any URL that starts with /images/. This is done without the client knowing anything about it. If you use a redirection, the client is instructed to go to another URL to find the requested content. More advanced URL manipulation can be accomplished with mod_rewrite.

mod_asis is used to specify, in fine detail, all the information to be included in a response. This completely bypasses any headers Apache might have otherwise added to the response. All files with an .asis extension are sent straight to the client without any changes.

As a short example of the use of mod_asis, assume that you've moved content from one location to another on your site. Now you must inform people who try to access this resource that it has moved, as well as automatically redirect them to the new location. To provide this information and redirection, you can add the following code to a file with an .asis extension:

Status: 301 No more old stuff!
Location: http://gnulix.org/newstuff/
Content-type: text/html
<HTML>
 <HEAD>
  <TITLE>We've moved...</TITLE>
 </HEAD>
 <BODY>
  <P>We've moved the old stuff and now you'll find it at:</P>
  <A HREF="http://gnulix.org/newstuff/">New stuff</A>!.
 </BODY>
</HTML>

mod_auth uses a simple user authentication scheme, referred to as Basic Authentication, which is based on storing usernames and encrypted passwords in a text file. This file looks very much like Unix's /etc/passwd file and is created with the htpasswd command. Refer to the "File System Authentication and Access Control" section earlier in this chapter for more information about this subject.

The mod_auth_anon module provides anonymous authentication similar to that of anonymous FTP. The module enables you to define user IDs of those who are to be handled as guest users. When such a user tries to log on, he is prompted to enter his email address as his password. You can have Apache check the password to ensure that it's a (more or less) proper email address. Basically, it ensures that the password contains an @ character and at least one . character.

mod_auth_dbm uses Berkeley DB files instead of text for user authentication files.

mod_auth_digest builds upon the mod_auth module, and sends authentication data via the MD5 Digest Authentication process as defined in RFC 2617. Compared to using Basic Authentication, this is a much more secure way of sending user data over the Internet. Unfortunately, not all web browsers support this authentication scheme.

To create password files for use with mod_auth_dbm, you must use the htdigest utility. It has more or less the same functionality as the htpasswd utility. See the man page of htdigest for further information.

The mod_autoindex module dynamically creates a file list for directory indexing. The list is rendered in a user-friendly manner similar to those lists provided by FTP's built-in ls command.

mod_cgi allows execution of CGI programs on your server. CGI programs are executable files residing in the /var/www/cgi-bin directory and are used to dynamically generate data (usually HTML) for the remote browser when requested.

The mod_dir module is used to determine which files are returned automatically when a user tries to access a directory. The default is index.html. If you have users who create web pages on Windows systems, you should also include index.htm, like this:

DirectoryIndex index.html index.htm
mod_env controls how environment variables are passed to CGI and SSI scripts.

mod_expires is used to add an expiration date to content on your site by adding an Expires header to the HTTP response. Web browsers or cache servers don't cache expired content.

mod_headers is used to manipulate the HTTP headers of your server's responses. You can replace, add, merge, or delete headers as you see fit. The module supplies a Header directive for this. Ordering of the Header directive is important. A set followed by an unset for the same HTTP header removes the header altogether. You can place Header directives almost anywhere within your configuration files. These directives are processed in the following order:

1. Core server

2. Virtual host

3. <Directory> and .htaccess files

4. <Location>

5. <Files>

mod_info provides comprehensive information about your server's configuration. For example, it displays all the installed modules, as well as all the directives used in its configuration files.

mod_log_config defines how your log files should look. See the "Logging" section for further information about this subject.

The mod_mime module tries to determine the MIME type of files from their extensions.

The mod_mime_magic module tries to determine the MIME type of files by examining portions of their content.

Using the mod_negotiation module, you can select one of several document versions that best suits the client's capabilities. You can select from among several options for which criteria to use in the negotiation process. You can, for example, choose among different languages, graphics file formats, and compression methods.

mod_proxy implements proxy and caching capabilities for an Apache server. It can proxy and cache FTP, CONNECT, HTTP/0.9, and HTTP/1.0 requests. This isn't an ideal solution for sites that have a large number of users and therefore have high proxy and cache requirements. However, it's more than adequate for a small number of users.

mod_rewrite is the Swiss army knife of URL manipulation. It enables you to use powerful regular expressions to perform any imaginable manipulation of URLs. It provides rewrites, redirection, proxying, and so on. There's very little that you can't accomplish with this module.

mod_setenvif allows manipulation of environment variables. Using small snippets of text-matching code known as regular expressions, you can conditionally change the content of environment variables. The order in which SetEnvIf directives appear in the configuration files is important. Each SetEnvIf directive can reset an earlier SetEnvIf directive when used on the same environment variable. Be sure to keep that in mind when using the directives from this module.

mod_speling is used to enable correction of minor typos in URLs. If no file matches the requested URL, this module builds a list of the files in the requested directory and extracts those files that are the closest matches. It tries to correct only one spelling mistake.

You can use mod_status to create a web page containing a plethora of information about a running Apache server. The page contains information about the internal status as well as statistics about the running Apache processes. This can be a great aid when you're trying to configure your server for maximum performance. It's also a good place to see whether something's amiss with your Apache server.

mod_ssl provides Secure Sockets Layer (version 2 and 3) and transport layer security (version 1) support for Apache. At least 30 directives exist that deal with options for encryption and client authorization and that can be used with this module.

mod_unique_id generates a unique request identifier for every incoming request. This ID is put into the UNIQUE_ID environment variable.

The mod_userdir module enables mapping of a subdirectory in each user's home directory into your web tree. The module provides several ways to accomplish this.

mod_vhost_alias supports dynamically configured mass virtual hosting, which is useful for Internet service providers (ISPs) with many virtual hosts. However, for the average user, Apache's ordinary virtual hosting support should be more than sufficient.

There are two ways to serve virtual hosts on an Apache server. You can have one IP address with multiple CNAMEs, or you can have multiple IP addresses with one name per address. Apache has different sets of directives to handle each of these options. (You learn more about virtual hosting in Apache in the next section of this chapter.)

Again, the available options and features for Apache modules are too numerous to describe completely in this chapter. You can find complete information about the Apache modules in the online documentation for the server included with Fedora or at the Apache Software Foundation's website.

Оглавление книги