Home | Elite | Apache | Analog | SGI Irix | Computer History | Mac Trash | Online society
Apache is a very useful piece of software which powers over half of the world's websites. It runs on pretty much anything, including old hardware. Apache can be set up either as a lightweight server churning out large volumes of simple pages, or as a more heavyweight application server. Here are some configuration tips.
# KeepAlive allows multiple files (eg images) to be served
# over the same TCP connection. The problem is that KeepAlive
# uses resources, leading to potential denial-of-service. So
# keep the timeout and number of requests low.
KeepAlive On
MaxKeepAliveRequests 30
KeepAliveTimeout 3
# We log keepalives - amongst other things. We see that about 40% of our
# connections use the facility.
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %c %T %v" custom
# So we log keepalive, processing time, and virtual host info as well as
# the usual extended log format. NOTE: the %c has changed to %X in Apache 2.0
# The number of seconds before Apache receives and sends timeout should not be too high,
# as each process waiting uses up resources. The 3 minute default is just silly.
Timeout 30
# MacOSX leaves .DS_Store files around, which give potential
# attackers useful information. We don't like that.
<FilesMatch '^\.[Dd][Ss]_[Ss]'>
Order allow,deny
Deny from all
</FilesMatch>
# More misc information-leak type files:
<Files ~ ",v^\">
Order allow,deny
Deny from all
</Files>
<Files ~ "^\.imap\">
Order allow,deny
Deny from all
</Files>
# There are assorted Windows viruses out there which will
# probe Apache servers. Those requests are not our problem.
<Location /default.ida*>
deny from all
ErrorDocument 403 http://www.microsoft.com/technet/security/bestprac/isacored.mspx
</Location>
<Location /scripts/*>
deny from all
ErrorDocument 403 http://www.microsoft.com/technet/Security/topics/virus/nimda.mspx
</Location>
# php configuration that leans towards security, restricting access to system and network
# files, and putting limits on CPU usage. For more info, read the manual.
<IfModule mod_php4.c>
php_admin_flag short_open_tag off
php_admin_flag safe_mode on
php_admin_flag y2k_compliance on
php_admin_flag display_errors off
php_admin_flag log_errors on
php_admin_flag allow_url_fopen off
php_admin_flag expose_php off
php_admin_value max_execution_time 5
php_admin_flag safe_mode_gid on
</IfModule>
# Add mime type for .ico and .xml
AddType image/x-icon .ico
AddType application/rss+xml .xml
For Apache versions 2.0 and up, the following settings can help performance in the right context. Assuming you have plenty of memory and CPU power, try:
#A small memory cache CacheEnable mem / MCacheSize 2048 MCacheMinObjectSize 1 #write several log entries together at once BufferedLogs on #compress plain text files to save bandwidth SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary
Maybe one day all this stuff will find it's way into the default apache config.
$Id: apache.html,v 1.6 2006/10/19 05:38:58 david Exp $
back to top