"Professional Apache 2.0" by Peter Wainwright published
recently in May 2002 by Wrox Press Ltd could be considered
as the 2nd edition of "Professional
Apache" out in 1999 by
the same author and publisher with updated material on
Apache 1.3, and information about Apache 2.0 such as new
features and differences to Apache 1.3 added where
appropriate. This "revision" includes contributions from
7 co-authors, splitting one chapter into two and fleshing
out the second portion to create a new chapter about
improving web server security, more third party modules,
an introduction and a summary to each chapter, more
diagrams, and the reorganisation
of the sequence of some subsections within the chapters.
The target readers of this book are experienced Apache
users and web server administrators who are using Apache
for the first time. It requires you to have a fundamental
knowledge of the Web, operating systems, and network
settings although the first chapter revisits the basics of
networking, HTTP, and how Apache works.
Its 896 pages are divided into 12 task-based chapters
sequenced logically according to the flow of the thought
processes when implementing a web server, and 10 appendices.
Despite the name of this book, it does not fully concentrate
on Apache 2.0 alone but covers a wide range of topics
including performance, security, and
third party modules such as FastCGI, PHP,
two connector modules for Tomcat - mod_jk
and mod_webapp, and
mod_ssl (including OpenSSL).
Like its predecessor, the book is written in a continuous
narrative style with many examples and tables,
but is not suitable for occasionally browsing through as it lacks
eye-catching sections for notes, tips, and warnings. The
examples are provided using a mixture of Apache 1.3.24,
Apache 2.0.28 (second beta release), and Apache 2.0.32
(third beta release).
The book begins with a short introduction to basic
concepts in chapter one, followed by different methods of
installation, building Apache with various configuration
parameters, structure of configuration file, followed by some basic
configuration directives in chapter two to four. After that
comes the advanced topics which include delivering
customised and dynamic content, fine-tuning performance,
and monitoring and analysing log files with third party
programs. The next two chapters focus on a key topic -
security: configuring various authentication methods,
securing Apache with mod_ssl, hardening
the underlying operating system and machine that Apache
runs on, and setting up a security checklist. In the
detailed instructions on how to install third-party
modules are provided for both Apache 1.3 and Apache 2.0.
Here, generally, the Apache directives are not listed one by
one with syntax and explanation as in other Apache books
but instead are presented to the reader gradually through
real-world examples. However, the
appendices have two lists of all the directives sorted by
module and name for easy reference, a list of additional
third party modules (commercial and non-commercial), details of some
commercial Apache variants, and a quick guide to the regular
expression syntax used by Apache.
Overall this is a comprehensive book for users interested
in the Apache web server in general and for those intending
to set up a secure Apache web server. Steps are provided
on how to install a private key, generate a certificate
request and temporary certificate, and apply for a signed
certificate although it doesn't cover setting up a
private Certificate Authority. It also includes enabling
support for an SSL proxy, per-directory certificates, and
external hardware cryptographic engines.
If you are interested solely in Apache 2.0 and migrating
modules to Apache 2.0, you may be in for a disappointment.
Although most Apache 2.0 information can be found within
this book it is dispersed with information about Apache
1.3. Depth is
also sacrificed slightly for breadth of coverage. It would
have served the reader better if it had distinct sections for
steps that apply to both Apache 1.3 and Apache 2.0, steps
that only apply to one particular version, the
differences between versions, and steps
for migrating from Apache 1.3 to Apache 2.0 with emphasis
on the pitfalls to avoid.
These flaws may be due to the fact that this book
is actually a revised version of "Professional Apache".
Instead of organising the book to enable readers to fully
utilise and distinguish information between Apache 1.3 and
Apache 2.0, the editors chose to insert information about
Apache 2.0 into the original book where applicable and make
updates to the information about Apache 1.3 where necessary.
Despite its shortcomings, all is not lost, as this book
really does contain a wealth of information - although you may
have a little difficulty locating what you need and it may
not delve into the subject as much as you would like it to.
Contrary to my complaints, Chapter 12 does have clear-cut
sections on building third-party modules under Apache 1.3
and Apache 2.0 with a specific section on how to migrate
mod_perl from Apache 1.3 to Apache 2.0.
It also includes steps for installing
mod_snake (which is
no longer maintained
by its creator). Therefore, it may be worthwhile to get this book
just for this last chapter of "Extending Apache" if you
really need the third-party modules that are covered to
work with Apache 2.0. Some readers may need to be
reminded that chapter 12 is not about how to write modules
for Apache 2.0 and thus does not cover the Apache 2.0 API.
This book is ideal for someone who wants to know almost
everything about Apache 1.3 and Apache 2.0, and has the
patience and time to read through the book. Due to its
verbose nature, some paragraphs may need to be re-read
to fully grasp the meaning. If you're a very experienced
Apache user and can't find a book about Apache 2.0,
give this book a go and you may be pleasantly surprised
(if you do not set your expectations too high).
All you stand to lose is £37 (USD 50).