Section 42.5. Answers


42.5. Answers

  1. Use the apachectl command:

     # apachectl start 

  2. It should be a hidden file in the resource you wish to restrict.

  3. Edit httpd.conf or apache2.conf and enable support for .htaccess files. Look for a directive similar to the following and make sure that the directive is not commented out:

     AccessFileName .htaccess <Files ~ "^\.ht">     Order allow,deny     Deny from all </Files> 

  4. Issue the following command as root:

     # htpasswd -c /etc/apache2/users 

  5. Issue the following command:

     # apachectl startssl 

    You may also need to edit the http.conf file or the ssl.conf and ssl.load files.

  6. The http.conf file. Apache 2.0 is configured using the apache2.conf file.

  7. Squid ACLs are case-sensitive, as is common with many Unix-based applications and daemons. The ACL given forbids only Paris and Hilton, not paris and hilton.

42.5.1. Exercises

  1. Install the Apache server using any method you prefer (e.g., RPM for Red Hat/Fedora systems, apt or Synaptic for Debian-based systems). After you install Apache, review the location and contents of the Apache configuration files. Look for httpd.conf or the equivalent, as well as associated configuration files. Review the location of all log files, as well. If you wish, write down the location of the configuration and log files on a separate piece of paper.

  2. Configure the Apache server so that it will serve up a basic page. You may have to enable certain directives, such as the user and group Apache uses. It is also sometimes necessary to specify the server root (e.g., where the server's configuration files exist) and the directory that contains all of the sites. In some versions of Apache, all of this information is included in the httpd.conf file. In newer versions (Apache 2), look for the sites-available directory. Once you have confirmed that you have configured all the basic directives, start Apache and use either a web browser or netcat (nc) to verify connectivity. You can use a startup script or the apachectl or apache2ctl application, depending upon the version of Apache you are using.

  3. Find the location of the directives that allow the use of .htaccess files in Apache. Make sure that the directives are not commented out. If you have to uncomment any of these directives, restart Apache Server to ensure that it recognizes the use of .htacess files. Now, create an .htaccess file that requires user-based authentication. Use the htpasswd or htpasswd2 commands to create a new user database. Configure Apache to recognize this database. Test your work.

  4. Now, configure Apache to use SSL. If necessary, create SSL certificates using the openssl command or the CA.pl application, which is usually available in the /usr/lib/ssl/misc directory. The CA.pl application requires that Perl be installed. Once you have created the certificate, configure Apache to recognize it. Then configure a directory to require SSL-based access. Using any web browser that supports SSL, access the resource.

  5. Enable PHP and Perl support. Do this by editing the httpd.conf file or its equivalent and uncommenting the appropriate directives. You will have to restart Apache after doing so. Download some sample scripts from the Internet. For example, O'Reilly has a web site called ONLamp.com (http://www.onlamp.com) where you can obtain scripts that you can run. Make sure to put them into the cgi-bin directory and make them executable by the correct user.

  6. Web servers often have to throttle connections and bandwidth. Apache makes this quite simple. Open the httpd.conf or its equivalent and look for the following settings:


    StartServers

    The number of servers to start by default. The default setting is often 2; set it to a reasonable number for your system.


    MaxClients

    The maximum number of clients that will be served at one time. The default is often set to 150. Set it to the number that your system can reasonably support.


    MaxRequestsPerChild

    Limits the number of requests a child process can respond to. Usually set to 25. Set it to a reasonable number. The higher the number, the slower a particular process will be to serve clients if the system becomes overtaxed.


    MinSpareThreads

    Determines the lowest number of threads that the server is allowed to have at one time. Limits the number of servers that can be started.

  7. Review the log files that the Apache server generates. These include the access log, the referrer log, and the error logs. These are usually located off of the /var/log directory.

  8. Apache is not only a standard web server. It also sports a proxy server that is capable of caching requests, thereby speeding up access. Configure the Apache server proxy feature and then configure a web browser to use the proxy server. Review the Apache Server log files and list the files, proxy cache directory to verify that the proxy server is working.

  9. Now install Squid. You can obtain Squid using your system's package manager or at http://www.squid-cache.org. Once you have installed Squid, familiarize yourself with the configuration files, including squid.conf. Review the settings in squid.conf, then start the service. Review the Squid log files and /var/log messages to make sure Squid is running properly. Configure a web browser as a Squid client and access the Internet. You can also review the Squid cache directory to ensure that Squid is working.

  10. Once Squid is working, enable filtering. Create an ACL that limits usage by URL to a particular text string. Also, enable user authentication. Review the access logs and other log files that Squid generates to verify that your proxy server is running as expected.



LPI Linux Certification in a Nutshell
LPI Linux Certification in a Nutshell (In a Nutshell (OReilly))
ISBN: 0596005288
EAN: 2147483647
Year: 2004
Pages: 257

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net