Configuring Apache

The Apache Web server is highly configurable to help you tune and manage your Web site. The list of supported configuration options is quite long (take a look for yourself at the Apache Directive Index http://httpd.apache.org/docs-2.0/mod/directives.html), but very few of them actually need to be specified.

To read an Apache configuration file

Apache's configuration directives come in two flavors, which are quite straightforward, even if the httpd.conf file is found in a different location for almost every OS.

1.	Do one of the following: `cd /etc/httpd/conf` on Linux `cd /usr/local/etc/apache2` on FreeBSD `cd /usr/local/Apache2/conf` on Cygwin `cd /sw/etc/apache2` on Mac OS X Change to the Apache configuration directory.
2.	`less httpd.conf` View the main configuration file.
3.	The first type of directive in an Apache configuration file is a single-line directive: DirectiveName value This specifies the given `value` for `DirectiveName`. For example, this directive sets the server's name to www.example.com on the default HTTP port: ServerName www.example.com:80
4.	The second type of directive is a block directive, which looks a bit like an HTML or XML tag surrounding other single-line or block directives: <DirectiveName value> AssociatedDirective value ... </DirectiveName> As you can see, block directives can carry their own `value` and also have additional directives associated with them.
5.	Note the many helpful comments in the httpd.conf file. Comments start with the `#` character and end at the end of the line.

To configure basic server settings for Apache

By default, Apache sets up a Web server at port 80, the standard HTTP port.

1.	Using your favorite text editor, edit the httpd.conf file we found in the previous section (Code Listing 9.5).
2.	Search for the `ServerAdmin` directive, and change its value to the email address of the server administrator (or Webmaster). For example: ServerAdmin admin@example.com
3.	Search for the `ServerName` directive, and change its value to the fully qualified domain name and port of the server. This is used when generating redirection URLs. ServerName chrish.example.com:80
4.	Search for the `Listen` directive and set it to the port or IP address and port (if you have multiple network interfaces) you want the server to use. The default is port 80, the well-known HTTP port. For example, to set it to port 8000, a common personal server or proxy port: Listen 8000 This port should match the one you specify in the `ServerName` directive, unless your redirections are handled by a Web server running on a different port.
5.	Save the file, then exit your text editor.
6.	`apachectl -t` Test the configuration for syntax errors. It should respond with "Syntax OK."
7.	`apachectl restart` Restart the server to pick up the configuration changes. If you're not logged in as `root`, you'll need to use `su` to become `root` before running this command, or use `sudo` to run the command as `root`.

Code listing 9.5. Apache's basic server settings

 # The basic server settings for Apache 2. ServerAdmin admin@example.com ServerName chrish.example.com:80 Listen 80

To configure Web directories

The heart of any Web server is the set of files and other resources it provides.

1.	Using your favorite text editor, edit the httpd.conf file (Code Listing 9.6).
2.	Search for the `DocumentRoot` directive. This defines the base directory for all Web requests (although symbolic links and `Alias` directives can bring in resources from other locations). For example, this sets the document root to `/www`: DocumentRoot "/www"
3.	Every directory published through your Web server, including the `DocumentRoot`, needs a `Directory` block to specify permissions and directory-related options: <Directory /full/path> directives </Directory> The `/full/path` is the path on the server's file system, not the path that Web browsers use. For example, you'd use `/www` (the path of the `DocumentRoot`, above) instead of just `/` (the path a Web browser would use to access the `DocumentRoot`). The `directives` apply specifically to this directory and its subdirectories. The most common directives used with `Directory` are `Allow, AllowOverride, Deny, Options`, and `Order`. Here's what they're used for: `Allow from` `hosts` Allow access to the specified `hosts`. The `hosts` can be `All`, a partial domain name (such as apache.org), a full IP address, a partial IP address (for example, 10.1 would match all hosts in the 10.1.. network), a network/netmask pair (for example, 10.1.0.0/255.255.0.0 for all hosts in the 10.1.. network), or a network/CIDR specification (10.1.0.0/16 for all hosts in the 10.1.. network). Multiple `hosts` can be specified, separated by spaces. `AllowOverride` Indicate which directives in the httpd.conf file can be overridden by an .htaccess file in the directory. Can be set to `All`, `None` (the .htaccess files are completely ignored), `AuthConfig` (override authorization directives), `FileInfo` (directives for controlling document types), `Indexes` (directives for controlling directory indexing), `Limit` (directives for controlling host access), and `Options` (directives for controlling directory features). `Deny from` `hosts` Deny access to the specified `hosts`. The `hosts` can be any of the `hosts` values used with the `Allow` directive. `Options` Controls which features are available in the directory. Can be `All` (allow everything except `MultiView`), `ExecCGI` (allow CGI scripts in this directory to run), `FollowSymlinks` (the server will follow symbolic links), `Include` (process server-side include directives), `IncludesNOEXEC` (as `Includes`, but disable the `#exec cmd` and `#exec cgi` directives), `Indexes` (automatically produce directory indexes when the `DirectoryIndex` file, usually index.html, isn't present), `MultiViews` (enable content-negotiated multiviews), and `SymLinksIfOwnerMatch` (follow symbolic links only if the owner of the link matches the owner of the link's target). If you precede the specified `Options` with `+` (to enable) or `-` (to disable), they will be merged with any other `Options` that apply to this directory. `Order` Set this to `Allow,Deny` or `Deny,Allow` to specify the order in which `Allow` and `Deny` directives are evaluated. Code listing 9.6. Apache's directory-configuration directives. # Directory configuration directives DocumentRoot "/www" <Directory /> Options FollowSymlinks AllowOverride None Order Deny, Allow Deny from All </Directory> <Directory /www> Options +IncludesNOEXEC Order Allow, Deny Allow from All </Directory> Alias /icons/ /usr/local/share/icons/ <Directory /usr/local/share/icons/> Options -Indexes Order Allow, Deny Allow from All </Directory> ScriptAlias /cgi-bin/ /www/cgi-bin/ <Directory /www/cgi-bin/> AllowOverride None Options None Order allow,deny Allow from all </Directory> The `Directory` directives are checked in the order in which they appear in the httpd.conf file, and the most specific `Directory` directive that matches the requested file is used to determine the permissions and options that apply to that request.
4.	Find the `Directory` directive for /, and add `Order` and `Deny` directives to restrict access to every directory: <Directory /> Options FollowSymlinks AllowOverride None # We add these to improve # security. Order Deny, Allow Deny from All </Directory>
5.	Find the `Directory` directive for your `DocumentRoot` directory, and add an `Options` directive to modify the `Options` specified in the `Directory` directive for /: <Directory /www> # Add this to enable server-side # includes on the site. Options +IncludesNOEXEC # The standard directives for # your DocumentRoot directory: Order Allow, Deny Allow from All </Directory> In this example, we add `IncludesNOEXEC` to the `Options` so that the HTML documents on this site can use server-side includes (SSI) without allowing the potentially dangerous `#exec` commands.
6.	Add `Alias` directives to bring directories outside of `DirectoryRoot` into the Web server's space: Alias fakepath realpath For example, to bring `/home/marketing/` `company-site` into the Web server as `/company`, use Alias /company /home/marketing/ company-site Note that if the `Alias` ends in a `/`, it only matches URLs that include the `/`. For example, making an `Alias` for `/icons/` doesn't alias the URL for `/icons` (that is, http://myserver/icons will fail, but http://myserver/icons/ will succeed).
7.	Add `Directory` directives for each `Alias` to change the default directory access permissions and options. For some aliases, you might want to disable directory indexes: <Directory /www/icons/> ... Options -Indexes ... </Directory>
8.	Add `ScriptAlias` directives to add directories that can contain CGI programs. `ScriptAlias` works just like `Alias`: ScriptAlias /cgi-bin/ /www/cgi-bin/ `Directory` options should be more restrictive for `ScriptAlias` directories to reduce the potential for security problems: <Directory /www/cgi-bin/> ... AllowOverride None Options None Order Allow,Deny Allow from All ... </Directory>
9.	Save the httpd.conf file and exit your text editor.
10.	`apachectl -t && apachectl restart` Check your httpd.conf for errors, then restart the server if no errors are found.

To configure hostname lookups

By default, Apache's access logs record the IP addresses of visitors to your site, but it's possible to have the logs record their hostnames instead.

1.	Use your favorite text editor to edit Apache's httpd.conf file.
2.	Find the `HostnameLookups` directive and set it to `On` instead of `Off`.
3.	Save the httpd.conf file and exit your editor.
4.	`apachectl -t && apachectl restart` Check your httpd.conf for errors, and then restart the server if no errors are found.

Tip

Don't turn on HostnameLookups unless you really need it; it's off by default because it increases network traffic and also introduces latency for the visitor during the lookup. That's because the HTTP server needs to ask its DNS server to map your IP address into a hostname before it can log and process your request.

To configure extended status reporting

By default, Apache's extended status reporting is disabled. This prevents its information from being used to compromise the system unless you activate it yourself.

1.	Use your favorite text editor to edit Apache's httpd.conf file.
2.	Find the `ExtendedStatus` directive and set it to `On` instead of `Off`.
3.	Add a `Location` directive to attach the `server-status` handler to `/server-`
`status` <Location /server-status> SetHandler server-status </Location>
4.	Save the httpd.conf file and exit your editor.
5.	`apachectl -t && apachectl restart` Check your httpd.conf for errors, and then restart the server if no errors are found.

Tip

You can limit access to the server-status report by adding the standard Order, Deny, and Allow directives to the Location block (this example only allows connections from members of the foo.com domain):
```
 <Location /server-status>     SetHandler server-status     Order Deny,Allow     Deny from All     Allow from .foo.com </Location> 
```

To add handlers and types

By adding handlers and types, you can extend the functionality of Apache without needing to rebuild the software.

1.	Use your favorite text editor to edit Apache's httpd.conf file.
2.	Add an `AddHandler` directive to associate a handler with the given file extension: AddHandler cgi-script .cgi The above `AddHandler` directive tells Apache that any file ending with .cgi is a CGI script and should be handled by the `cgi-script` handler. Handlers represent the actions to perform when a file is accessed. By default, all files are simply downloaded to the visitor, but certain types may need to be handled differently. Apache's handlers include the following: `cgi-script` treat the file as a CGI script. `default-handler` The handler used by default to download the requested file to the visitor's Web browser. `imap-file` treat the file as a server-side image map. You should use client-side image maps instead unless you need to support ancient Web browsers for some pathological reason. `send-as-is` Send the file without adding HTTP headers. `server-info` Provide server information. `server-status` Provide a server-status report. `type-map` Parse a type map file for content negotiation.
3.	You can also insert `AddType` directives to specify the MIME type for certain files, overriding the standard mime.types file. For example, to tell Apache what an .shtml file (HTML with SSI commands) is: AddType text/html .shtml AddOutputFilter INCLUDES .shtml This `AddOutputFilter` directive explicitly activates SSI for this extension.
4.	Save the httpd.conf file and exit your editor.
5.	`apachectl -t && apachectl restart` Check your httpd.conf for errors, and then restart the server if no errors are found.