Professional Apache

Title: Professional Apache Author: Peter Wainwright Publisher: Wrox Press Ltd, www.wrox.com ISBN: 1861003021 Price: $49.99 Reviewer: Ibrahim F Haddad

The September 2000 Netcraft Web Servers Survey found that the Apache web server is the most widely used web server, powering over 61% of the reviewed servers. This comes as no surprise since Apache provides a robust, commercial-grade reference implementation of the HTTP protocol and a solid platform upon which to build reliable systems.

Many books have been written to cover several aspects of the Apache web server. However, Professional Apache does a good job at fully explaining various aspects of Apache more thoroughly than many other books. The book starts with a very comprehensive introduction to TCP/IP and HTTP, the moves to Apache installation, build procedures and the server configuration. Then, the text progresses to CGI implementation, virtual hosting, performance optimization and security. It provides a thorough coverage of the many issues a web server administrator faces. A nice feature of the book is the usage of examples to show how to configure Apache to manage multiple sites, monitor the server's performance, apply security and extend the product with several third-party add-on modules.

Professional Apache consists of 11 chapters and 10 appendices.

Chapter 1 provides a very good introduction to Apache, networking in general, the HTTP protocol and the basic server hardware requirements.

Chapter 2 offers an in-depth investigation of the various options available when installing Apache. It covers how to configure the Apache server as a basic web server, the configuration files, configuration directives, starting and stopping the server, and using the graphical configuration tool.

Chapter 3 is directed more towards advanced users who like to build Apache their own way and optimize it for their own platform. Since Apache's source code is freely available, we can custom build it to suit our needs. This chapter covers building Apache from the source code, customizing Apache's default settings, determining which modules to include, and the differences between static and dynamic loading.

Chapter 4 is an advanced version of the second chapter. It examines the structure of Apache's configuration files, how directives are given context and the options of Apache that enable or disable configuration files. It shows how Apache combines different sources of the configuration information, and how it uses containers to structure the way directive relate to different web site requests.

Chapter 5 explains thoroughly how HTTP allows clients to specify what types of resources they are willing to accept. Apache uses this information to decide which version of a resource most suits the client. The chapter covers how to customize Apache's error messages and looks at various ways it interprets the URL of a request to decide precisely which resource the client needs.

Chapter 6 discusses ways of handling dynamic content in Apache, including generic support for dynamic content using the Action, SetHandler and AddHandler directives. It also covers CGI wrappers and how they can be used to improve security holes created in CGI and how to prevent them. A nice feature of this chapter is the explanation of how to improve the performance of dynamic content and CGI using the mod_fastcgi add-on module.

Chapter 7 is devoted to virtual hosts and how to configure Apache to support hosting more than one web site, using the same server and different approaches.

Chapter 8 is a very interesting chapter that deals with improving Apache's performance. This chapter covers using Apache's core performance directives, configuring Apache for better performance, setting Apache as a proxy server and a nice, but small, section on clustering web servers to gain reliability and performance.

Chapter 9 provides excellent coverage of how to configure Apache's log files, create new log files with the mod_log_config module and analyze logs to produce useful statistics with Analog, a freely available log statistics tool. The chapter also discusses how mod_status and mod_info can be used to generate dynamic status and configuration information pages. An interesting section of the chapter is the discussion of how to track users individually, as well as the reasons to do that and the reasons not to do that.

Chapter 10 is devoted to security issues. It shows how to authenticate users, set up and establish secure encrypted connections with clients. Also, precautions are listed that ensure the web server is as secure as we can make it.

Chapter 11 looks at some of the particular issues surrounding deploying server-side Java and PHP modules with Apache. It is dedicated to covering the most powerful and important third party modules available to provide dynamic content with Apache.

The appendices at the end of the book cover the following subjects: Apache related RFCs, lists of several other web servers, the Apache license, environment variables, server side includes and directives, regular expressions, third-party modules, HTTP headers and status codes.

Professional Apache will answer all the questions you may have concerning the Apache web server. It is a very good and interesting book for anybody who needs to get the most out of the Apache web server. I highly recommend reading it.

Ibrahim F. Haddad (ibrahim.haddad@lmc.ericsson.se) works for Ericsson Research Canada in the Open Architecture Research Division. He is currently a Dr Sc Candidate in Computer Science at Concordia University in Montreal.

______________________