Construct a WEB server using Apache (2)

NameVirtualHost 192.166.1.101

<VirtualHost 192.166.1.101>

ServerAdmin webmaster@yourdomain.com

DocumentRoot/home/httpd/www.new1.com

ServerName www.new1.com

ErrorLog/var/log/httpd/www.company1.com/error.log

</VirtualHost>

<VirtualHost 192.166.1.101>

ServerAdmin webmaster@yourdomain.com

DocumentRoot/home/httpd/www.new2.com

ServerName www.new2.com

ErrorLog/var/log/httpd/www.new2.com/error.log

</VirtualHost>

 

 

That is, add NameVirtualHost 192.166.1.101 Based on the IP address-based configuration. In this example, two virtual host services are specially set to reflect the need to be added once.

Finally, create a directory and put the content of the home page in the corresponding directory.

Configure CGI

1. What is CGI?

CGI is a language-independent Gateway Interface Specification. It can be implemented in any popular application development language, including C, C ++, Perl, Shell scripts, and even Java.

The WEB server obtains a URL from the client, which tells the WEB server that a CGI external application must be run. Then the WEB server starts the application and waits for it to complete and returns the output result. Finally, it transmits the output results of this application to the WEB client at the other end.

2. Configure Apache for CGI

So how can Apache handle CGI requests? We must inform Apache of where to store the CGI program through the corresponding configuration process, and specify the extension of the CGI program. The following describes the settings and steps one by one.

Create a directory for storing CGI programs

Creating a centralized CGI program directory is just the beginning of creating a CGI Environment. To improve security

The centralized CGI program directory should be stored outside the DocumnetRoot directory, so that visitors cannot directly access the CGI program.

Step 1: create a directory outside the DocumentRoot directory and store all CGI programs in this directory. For example, you can create a/home/httpd/public/apps directory as the base camp for CGI programs.

Step 2: Create an alias for the CGI program directory, that is, edit the configuration file httpd. conf, and add:

ScriptAlias/cgi-bin/
/Home/httpd/public/apps

After this is done, when the customer accesses the ingress.

Step 3: set appropriate permissions for the CGI directory. Generally, only Apache is allowed to read and execute but not write.

Allow user access to cgi-bin
How can I open up a personal homepage for a user? However, if your user needs to make his homepage more dynamic, he will often apply for cgi-bin access service from you. The following describes two cgi-bin access methods provided by the Apache server.

Use Directory or DirectoryMatch container

When the UserDir command is assigned a directory name in the srm. conf configuration file, Apache

Use it as the top-level directory of the WWW site. For example:

UserDir Public_html

When Apache receives www.xxx.com /~ The user request is sent to the/home/user/Public_html homepage.

To add CGI support for each user, add the following configuration in the Apache configuration file access. conf:

 

<DirectoryMatch "/home/[a-z] +/public_html/cgi-bin">

Options ExecCGI

AddHandler cgi-script. cgi. pl

</DirectoryMatch>

Note: You can change DirectoryMatch to Directory.

In this method, the Apache server converts www.xxx.com /~ The user/cgi-bin request is translated into/home/user/Public_html/cgi-bin/and allows execution of any cgi program with the correct extension (. CGI or. pl.

Use the ScriptAliasMatch command

You can also add CGI support for each user by using the ScriptAliasMatch command. For example:

ScriptAliasMatch ~ ([A-z] +)/cgi-bin/(. *)/home/$1/public_html/cgi-bin/$2

This command matches the user name with $1, where $1 and ~ ([A-z] +) equal. Match any content following/cgi-bin/with $2, where $2 is equal.

This configuration also implements /~ The user/cgi-bin/xxx. cgi request is interpreted:

/Home/user/Public_html/cgi-bin/xxx. cgi

If you want to interpret this request as follows:

/Home/httpd/public/apps/xxx. cgi

How can I set it? Yes, it should be:

ScriptAliasMatch ~ ([A-z] +)/cgi-bin/(. *)/home/httpd/public/apps/$2

3. environment variables provided by Apache for CGI

The Apache server provides many environment variables that can be used for compiling CGI programs. Understanding these variables will also help you write CGI programs that fully utilize Apache. Therefore, we will also give a brief introduction here.

Server Variables

Server variables are set by Apache to notify CGI programs about Apache. By using these variables, the CGI program can determine different information about the server: Apache version, administrator's e-mail address, and so on.

 

 

SERVER_SOFTWARE

This variable is the Version number of Apache on the WWW server. Its value is like Apache/Version, for example, Apache/1.3;

GATEWAY_INTERFACE

The value of this variable is the version number of the current CGI specification. Its value is in the form of CGI/1.1;

SERVER_ADMIN

If the httpd. conf file contains the e-mail address of the site administrator, this variable will store this e-mail address;

DOCUMENT_ROOT

This variable is stored in the value specified by the DocumentRoot command of the accessed WWW site.

Customer request variable

Apache provides many environment variables related to client requestors. The following are some of the most common variables that are selectively introduced.

SERVER_NAME

This variable tells the CGI program which host it accesses. This value can be an IP address or a complete host name;

HTTP_ACCEPT

This variable is assigned a list of MIME types acceptable to the customer, for example, HTTP_ACCEPT = image/gif;

HTTP_ACCEPT_CHARSET

This variable is assigned to a character set acceptable to the customer, for example:

HTTP_ACCEPT_CHARASET = iso-8859-1., *, UTF-8;

HTTP_ACCEPT_LANGUAGE

This variable is assigned the language acceptable to the customer, for example, HTTP_ACCEPT_LANGUAGE = en;

HTTP_ACCEPT_AGENT

This variable specifies the browser type and operating system in which the request is sent;

HTTP_PORT: the service port;

REMOTE_HOST: the IP address or IP name of the client;

REMOTE_PORT: the port number of the client;

 

 

4. A prompt

Over the past few years, the Gateway Interface (CGI) has become a de facto standard for server-side application development. However, over time, we found that many WWW server systems were not doing well under the heavy CGI burden. This is because the CGI specification has a bottleneck: whenever the customer system requests the CGI application, the WWW server must start a new CGI process until the process ends after the task is completed. This works normally when the load is not high. However, when the load is high, a large number of processes will become performance bottlenecks.

So now there are new standards to make up for this deficiency. FastCGI is a promising new open standard.

You can add the mod_fastcgi.c module to Apache to support FastCGI.

Establish basic security mechanisms for Apache sites

For the WWW Service, the dialogue process is not always maintained between the WWW server and the WWW browser. If you want the WWW server to complete the service for a URL request, the connection will be closed.

In this case, the only authentication mechanism that can be used on WWW is provided by HTTP itself. This authentication is implemented on the standard Apache server, which can control which hosts may access a specific site or a part of the site with specific characteristics.

There are two types of authentication: Host-Based Authentication and user name/password-based authentication. Because most users' IP addresses are dynamically obtained on the internet, host-based authentication is not always applicable. Therefore, in most cases, the traditional user name/password-based authentication method is more realistic. Next we will give a brief introduction to the implementation of the two authentication methods.

1. Host-Based Authentication

In the Authentication mode, access is controlled by the host name or Host IP address. This authentication method is supported by the mod_access module of Apache, which is installed by default. This module uses the following Apache commands to provide access control functions.

Allow command

Syntax: allow from host1 host2 host3...

This command defines the list of hosts that are allowed to access the site or directory. The host list can be expressed in the following forms:

ALL: indicates ALL hosts;

The full domain name of the host, such as www. mycom;

Some domain names of the host, such as .my.com;
Complete IP address, for example, 192.166.1.102;
Some IP addresses, such as: 192.166 network address/network mask pair, network address/nn (CIDR definition)

Deny command
Syntax: deny
From host1 host2 host3...

This command defines a list of hosts that prohibit access to the site or directory. Others are similar to the allow command.

Order command

Syntax: order deny, allow | allow, deny

This command defines the order in which the allow and deny commands are evaluated.

For example:

 

<Directory/home/httpd/html> <br>

Order deny, allow <br>

Deny from www.my.com <br>

Allow all <br>

</Directory>