Guide to Apache

klipitiklopwarrenSoftware and s/w Development

Nov 7, 2013 (3 years and 10 months ago)

72 views

Guide to Apache


Chapter 1

Introduction to the Web and Apache

Guide to Apache

2

Objectives


Learn about the World Wide Web


Learn the difference between static and dynamic
Web page content


Be exposed to languages used by Web applications


Learn about Web security issues


Become aware of Apache and other Web servers


Become aware of different Apache versions


Become aware of AMP and LAMP


Guide to Apache

3

Objectives (continued)


Learn about programming with Perl, PHP, Python,
Tcl, and Java


Learn about the role databases play on the Web


Learn what part DNS plays on the Web


Guide to Apache

4

The Web


The Web was invented by Tim Berners Lee


Early Web sites had static content consisting of text
and graphics


Content created using a markup language: the
Hypertext Markup Language (HTML)


The demand for using the Web for commerce and
advertising drove the need for more diverse and
flashier content

Guide to Apache

5

Cascading Style Sheets (CSS)


HTML does not allow the control and precision that
word processors offer for rendering text


To solve this, cascading style sheets (CSS) were
created


A single cascading style sheet can control the look
and feel of all the pages on a Web site, allowing
easy global style changes to all pages

Guide to Apache

6

Dynamic Content


Web pages with dynamic content display different
information depending on who's viewing the page,
what information is being sought, what items are in
your shopping cart, etc.


Plain markup languages like HTML can't do this; this
requires programming


This chapter and later chapters cover popular
programming languages like Perl, PHP, Python,
Ruby, etc.

Guide to Apache

7

Web Servers


Web content is made available via a Web server,
such as Apache


Apache is the most popular Web server and runs
on Linux, Mac OS X, UNIX, Windows, and virtually
all other operating systems


Web servers use the Hypertext Transfer Protocol
(HTTP)

Guide to Apache

8

Cookies



HTTP was designed to be a stateless protocol


There's no notion of a “session” with stateless
protocols; there's no ability for the Web server to
remember what it sent to a browser in the past


This is a significant disadvantage for Web
applications like shopping carts


Netscape's solution was to add a “cookies”
mechanism to HTTP


State is stored in cookies that are stored in the Web
browser

Guide to Apache

9

Push/Pull


Pull technologies are those where the client requests
that a server send information; the Web is a good
example


Push technologies are those where the client receives
information from a remote host or server without
requesting it; e
-
mail is a good example


Push technologies can “push” undesirable content to
the receiver; spam is a good example


Pull technologies are less troublesome and somewhat
easier to secure

Guide to Apache

10

Streaming


Apache and most other HTTP servers don't handle
streaming content


HTTP uses TCP, which is not well suited for sending
streaming content; UDP is a better choice


Another server is used to handle the streaming
content, such as the Helix server from RealNetworks

Guide to Apache

11

AJAX


AJAX stands for Asynchronous JavaScript and XML


It allows a Web browser to have a more interactive
dialog with a Web server than HTTP normally allows


A good example is filling out a form; some entry errors
aren't discovered until the form is submitted


AJAX allows these errors to be discovered, and the
user is asked to make corrections immediately

Guide to Apache

12

AJAX (continued)


With AJAX, the Web server changes very little
because most changes occur on the client side


Apache is fully compatible with AJAX


Google Maps is a good example of an AJAX Web
application

Guide to Apache

13

AJAX and Security


With AJAX, Web content developers have to pay
more attention to security matters


AJAX techniques allow more ways to exploit security
weaknesses in Web pages

Guide to Apache

14

AMP/LAMP


AMP and LAMP are popular acronyms for the popular
open source software used for building Web sites


AMP is an acronym for:


Apache Web server


MySQL database server


Perl, PHP, or Python programming language


LAMP adds Linux to the acronym


AMP can run on Windows

Guide to Apache

15

WebDAV


Web
-
based Distributed Authoring and Versioning


Allows a Web server to behave as a file server where
clients can collaborate on documents


Multiple Web developers can collaborate on Web site
development


WebDAV is supported by extensions to the HTTP
protocol


This is briefly covered in Chapter 2


Guide to Apache

16

WebDAV (continued)


Apache supports WebDAV via a module


Microsoft's Internet Explorer has supported WebDAV
since version 5


Microsoft has its own proprietary version of WebDAV
called Web Extender Client (WEC)


Guide to Apache

17

Web Security


Web applications are now the single greatest security
threat


Most of the Web security problems are due to faulty
PHP programming or vulnerabilities in PHP


Trying to run a secure PHP
-
based Web site is high
-
maintenance and maybe futile


Consider something else when security is important

Guide to Apache

18

Web Security (continued)


If you don't use PHP what else is there?


C/C++


Java


Perl


Python


Ruby


Tcl


Any language via CGI

Guide to Apache

19

Apache Versions


Apache version 1.3


older architecture but you may
need to use it because of Apache modules that only
work with this version


Apache version 2.0


the new architecture


you
should use this or newer versions for all new
installations


Apache version 2.1


the new architecture but with
additional features


Guide to Apache

20

Apache Modules


Apache's functionality can be extended with
modules


Apache includes many modules written by the
Apache programmers


There are many third
-
party modules available


Some are language modules that place
programming languages within the Apache server

Guide to Apache

21

Other Web Servers


Apache is king but other Web servers have their
niche


Lighttpd
-

“lighty”
-

has most of the Apache features
but in about 20 percent of the code


Lightweight Web servers such as Boa and thttpd
are smaller and more efficient but have far fewer
features


Publicfile can be used when you need the ultimate
in security, but it can only serve static content

Guide to Apache

22

Databases


Many Web applications need to store information to
and fetch information from a database


The most popular way to do this is to use a SQL
database server


The Structured Query Language (SQL) has been the
standard way of communicating with a database for
decades


SQL
-
accessible databases are managed with a
database server

Guide to Apache

23

Databases (continued)


MySQL is the most popular database server used
with Apache


PostgreSQL is more functional but less popular


Firebird is another open source database

Guide to Apache

24

Databases (continued)


Apache works with all open source databases as
well as popular commercial databases such as:


Oracle


IBM DB2


Microsoft SQL Server

Guide to Apache

25

SQLite


SQLite is a SQL database not implemented as a
server


It's a library


The application must link to the library and be written
specifically for SQLite


The benefit is lightweight code


The disadvantage may be poor performance under
heavy load


Guide to Apache

26

DNS


Your web server name (
www.example.com
) must be
supported by DNS


Anytime you add a new name to the Web server, you
must ensure that the name is supported in DNS


Having direct control of your DNS is ideal


changes
occur when you want them to


Others controlling your DNS is less than ideal


changes may take some time to occur

Summary


WebDAV allows Web developers to collaborate on
Web site design


PHP Web applications that do not check user
-
supplied data are the greatest cause of security
problems in Web applications


Apache is platform
-
independent


Apache modules extend its functionality


Apache language modules allow CGI programs to
run much faster by embedding the language
interpreter in Apache


You can use more lightweight Web servers than
Apache, such as lighttpd, Boa, and thttpd

27

Guide to Apache

Summary (continued)


Java servlets do not run on Apache directly, but on
a servlet container


Two popular servlet containers are Apache Tomcat
and Jetty


Commercial database products can also be used
with Apache

28

Guide to Apache