Book Review: Professional Apache 2.0

"Professional Apache 2.0" by Peter Wainwright published recently in May 2002 by Wrox Press Ltd could be considered as the 2nd edition of "Professional Apache" out in 1999 by the same author and publisher with updated material on Apache 1.3, and information about Apache 2.0 such as new features and differences to Apache 1.3 added where appropriate. This "revision" includes contributions from 7 co-authors, splitting one chapter into two and fleshing out the second portion to create a new chapter about improving web server security, more third party modules, an introduction and a summary to each chapter, more diagrams, and the reorganisation of the sequence of some subsections within the chapters.

The target readers of this book are experienced Apache users and web server administrators who are using Apache for the first time. It requires you to have a fundamental knowledge of the Web, operating systems, and network settings although the first chapter revisits the basics of networking, HTTP, and how Apache works.

Its 896 pages are divided into 12 task-based chapters sequenced logically according to the flow of the thought processes when implementing a web server, and 10 appendices. Despite the name of this book, it does not fully concentrate on Apache 2.0 alone but covers a wide range of topics including performance, security, and third party modules such as FastCGI, PHP, mod_perl, mod_dav, mod_python, mod_snake, mod_tcl, mod_ruby, two connector modules for Tomcat - mod_jk and mod_webapp, and mod_ssl (including OpenSSL).

Like its predecessor, the book is written in a continuous narrative style with many examples and tables, but is not suitable for occasionally browsing through as it lacks eye-catching sections for notes, tips, and warnings. The examples are provided using a mixture of Apache 1.3.24, Apache 2.0.28 (second beta release), and Apache 2.0.32 (third beta release).

The book begins with a short introduction to basic concepts in chapter one, followed by different methods of installation, building Apache with various configuration parameters, structure of configuration file, followed by some basic configuration directives in chapter two to four. After that comes the advanced topics which include delivering customised and dynamic content, fine-tuning performance, and monitoring and analysing log files with third party programs. The next two chapters focus on a key topic - security: configuring various authentication methods, securing Apache with mod_ssl, hardening the underlying operating system and machine that Apache runs on, and setting up a security checklist. In the final chapter, detailed instructions on how to install third-party modules are provided for both Apache 1.3 and Apache 2.0.

Here, generally, the Apache directives are not listed one by one with syntax and explanation as in other Apache books but instead are presented to the reader gradually through real-world examples. However, the appendices have two lists of all the directives sorted by module and name for easy reference, a list of additional third party modules (commercial and non-commercial), details of some commercial Apache variants, and a quick guide to the regular expression syntax used by Apache.

Overall this is a comprehensive book for users interested in the Apache web server in general and for those intending to set up a secure Apache web server. Steps are provided on how to install a private key, generate a certificate request and temporary certificate, and apply for a signed certificate although it doesn't cover setting up a private Certificate Authority. It also includes enabling support for an SSL proxy, per-directory certificates, and external hardware cryptographic engines.

If you are interested solely in Apache 2.0 and migrating modules to Apache 2.0, you may be in for a disappointment. Although most Apache 2.0 information can be found within this book it is dispersed with information about Apache 1.3. Depth is also sacrificed slightly for breadth of coverage. It would have served the reader better if it had distinct sections for steps that apply to both Apache 1.3 and Apache 2.0, steps that only apply to one particular version, the differences between versions, and steps for migrating from Apache 1.3 to Apache 2.0 with emphasis on the pitfalls to avoid.

These flaws may be due to the fact that this book is actually a revised version of "Professional Apache". Instead of organising the book to enable readers to fully utilise and distinguish information between Apache 1.3 and Apache 2.0, the editors chose to insert information about Apache 2.0 into the original book where applicable and make updates to the information about Apache 1.3 where necessary.

Despite its shortcomings, all is not lost, as this book really does contain a wealth of information - although you may have a little difficulty locating what you need and it may not delve into the subject as much as you would like it to. Contrary to my complaints, Chapter 12 does have clear-cut sections on building third-party modules under Apache 1.3 and Apache 2.0 with a specific section on how to migrate mod_perl from Apache 1.3 to Apache 2.0. It also includes steps for installing mod_snake (which is no longer maintained by its creator). Therefore, it may be worthwhile to get this book just for this last chapter of "Extending Apache" if you really need the third-party modules that are covered to work with Apache 2.0. Some readers may need to be reminded that chapter 12 is not about how to write modules for Apache 2.0 and thus does not cover the Apache 2.0 API.

This book is ideal for someone who wants to know almost everything about Apache 1.3 and Apache 2.0, and has the patience and time to read through the book. Due to its verbose nature, some paragraphs may need to be re-read to fully grasp the meaning. If you're a very experienced Apache user and can't find a book about Apache 2.0, give this book a go and you may be pleasantly surprised (if you do not set your expectations too high). All you stand to lose is £37 (USD 50).