Home | Elite | Apache | Analog | SGI Irix | Computer History | Mac Trash | Online society
Apache is a very useful piece of software which powers over half of the world's websites. It runs on pretty much anything, including old hardware. Apache can be set up either as a lightweight server churning out large volumes of simple pages, or as a more heavyweight application server. Here are some configuration tips.
# KeepAlive allows multiple files (eg images) to be served # over the same TCP connection. The problem is that KeepAlive # uses resources, leading to potential denial-of-service. So # keep the timeout and number of requests low. KeepAlive On MaxKeepAliveRequests 30 KeepAliveTimeout 3 # We log keepalives - amongst other things. We see that about 40% of our # connections use the facility. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %c %T %v" custom # So we log keepalive, processing time, and virtual host info as well as # the usual extended log format. NOTE: the %c has changed to %X in Apache 2.0 # The number of seconds before Apache receives and sends timeout should not be too high, # as each process waiting uses up resources. The 3 minute default is just silly. Timeout 30 # MacOSX leaves .DS_Store files around, which give potential # attackers useful information. We don't like that. <FilesMatch '^\.[Dd][Ss]_[Ss]'> Order allow,deny Deny from all </FilesMatch> # More misc information-leak type files: <Files ~ ",v^\"> Order allow,deny Deny from all </Files> <Files ~ "^\.imap\"> Order allow,deny Deny from all </Files> # There are assorted Windows viruses out there which will # probe Apache servers. Those requests are not our problem. <Location /default.ida*> deny from all ErrorDocument 403 http://www.microsoft.com/technet/security/bestprac/isacored.mspx </Location> <Location /scripts/*> deny from all ErrorDocument 403 http://www.microsoft.com/technet/Security/topics/virus/nimda.mspx </Location> # php configuration that leans towards security, restricting access to system and network # files, and putting limits on CPU usage. For more info, read the manual. <IfModule mod_php4.c> php_admin_flag short_open_tag off php_admin_flag safe_mode on php_admin_flag y2k_compliance on php_admin_flag display_errors off php_admin_flag log_errors on php_admin_flag allow_url_fopen off php_admin_flag expose_php off php_admin_value max_execution_time 5 php_admin_flag safe_mode_gid on </IfModule> # Add mime type for .ico and .xml AddType image/x-icon .ico AddType application/rss+xml .xml
For Apache versions 2.0 and up, the following settings can help performance in the right context. Assuming you have plenty of memory and CPU power, try:
#A small memory cache CacheEnable mem / MCacheSize 2048 MCacheMinObjectSize 1 #write several log entries together at once BufferedLogs on #compress plain text files to save bandwidth SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSIE !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \ \.(?:gif|jpe?g|png)$ no-gzip dont-vary Header append Vary User-Agent env=!dont-vary
Maybe one day all this stuff will find it's way into the default apache config.
$Id: apache.html,v 1.6 2006/10/19 05:38:58 david Exp $
back to top