Apache Week
   
   Issue 32, 13th September 1996:  

Copyright 1996-2005
Red Hat, Inc.

In this issue


Apache Status

Release: 1.1.1
Beta: None
Bugs reported in 1.1.1:

  • VirtualHost sections can get different behaviour if listed in different order
  • VirtualHost sections sometimes ignored if a port is given and the IP address is a real (non-virtual) IP address of the host
  • Long URLs might cause buffer overflow in imap module
  • Reports of access_log missing some hits (possibly related to keep-alives)
  • Possible mod_include bug causing core dumps if SSI include fails due to incorrect .htaccess directive

Bugs fixed in next release:

  • Possible cause of out-of-sync scoreboard data fixed
  • Race condition can cause occasional parent hangs on heavily loaded systems

The following items are under development for the next release of Apache.

New Perl and Rewrite Modules

The Apache module which speeds up Perl scripts, mod_perl, has been updated. It can now work with perl scripts written for standard CGI (using CGI.pm). Also, a new version of the URL mapping mod_rewrite has been released.

Run-time Ability to Select Modules

A possible new addition in Apache will be a way to compile in lots of modules, and chose which ones to activate when the server is started. This would allow binary distributions of Apache to come with all modules compiled in, and the user selects which ones to use with configuration file directives.

Browsers Problems with HTTP/1.1

When Apache 1.2 is released, it will be compliant with the new HTTP/1.1 specification. Since it implements HTTP/1.1, it will return a protocol version string of "HTTP/1.1" to browsers. Initial testing has revealed a couple of browsers which cannot handle this. Properly written browsers which meet the existing HTTP/1.0 specification should have no problems, since they will ignore parts of the HTTP/1.1 specification that they do not understand. However, there are likely to be a few teething problems with badly written HTTP/1.0 browsers.


Search Apache Issues

The full-text of every Apache Week issue can now be searched. The "Search Issues" link from the Apache Week home page goes straight to the powerful search page. The index contains the full text of every issue, including the current one.


Feature: Module Soup

Apache's 'modular' architecture makes is possible for anyone to add new functions to the server. In fact, most of the code that comes as part of the Apache distribution is in the form of modules, and can be removed or replaced. For example, if the 'asis' function is never needed, the asis module (mod_asis) can be removed, making the server executable smaller and potentially reducing the load on the server host.

There are a large number of modules now written for Apache. Besides those included with the distribution, modules are also written to add functions not already in the code, or to do things which are needed on some sites but are not of widespread use. Some of these modules are written by Apache developers. Most of them, however, are written by other users of Apache who want to adapt its functionality for their needs.

In this article, we will look at a range of Apache modules which can be added to the server. First though, we show how to add a new module.

Adding a Module

It is easy to add a module to Apache:

  • Obtain the module source code file and place in the Apache src directory
  • Add the module definition to the Apache 'Configuration'
  • Re-compile Apache
  • Install the server executable and re-start the server

So first you need to download the new module. Most modules come as a single source file, called mod_something.c. Place this file in Apache's src directory. If the module comes as more than one file (for example, the PHP/FI module) follow the instructions that come with the module.

Having got the module source, Apache needs to be configured so that it will compile this code. To do this, edit the Configuration file in the src directory, and add a suitable Module line. This will have the format

  Module    name_module    mod_something.o

The first argument, name_module, must match the name given in the module's source code - look for the 'module definition' near the end of the file, which will look like this:

  module name_module = {
     NULL,
     ...
  };

The name_module text in the Configuration file must match the name_module text in the module source exactly. The second argument on the Module line is the filename of the module, with the final .c replaced by .o.

After editing Configuration, re-compile Apache by running

  ./Configure
  make

Finally, stop your current server (with kill -TERM pid), install the new httpd executable, and start it running (e.g. ./httpd -d /usr/local/httpd).

The Standard Modules

If you have not looked at the standard modules which come with Apache, you might be missing some functions you could find useful. In addition, you might be compiling in some things you never use. All the standard Apache modules are listed in the Configuration file.

The next release of Apache will come with a few more standard modules, such as a module to rewrite URLs on the fly, and a module to add PICS content-rating labels to responses.

Finding More Modules

Modules can be found in several different places:

  • In the Apache 'src' directory
  • In the Apache FTP 'contrib/modules' directory
  • In the 'Module Registry'
  • Other sites (try a search engine and look for "Apache Module").

A Selection of Modules

To simplify finding modules to do what you want, here is the Apache Week guide to add-on modules by function. These are taken from all the above sources, and are presented as an example of what is available. We cannot guarantee that these modules with do what they say they do, or even that they work with all versions of Apache. If a module named below is not a link, then that module is distributed with Apache 1.1.1. Otherwise the link will take you to that module (if the link is to a .c or .tar file, save it to a file, else the link goes to an HTML page or FTP directory).

  • Authentication
    There are a whole range of options for different authentication schemes. The usernames and passwords can be stored in flat files (with the standard mod_auth), or in DBM or Berkeley-DB files (with mod_auth_dbm or mod_auth_db respectively).

    For more complex applications, usernames and password can be stored in mSQL, Postgres95 or DBI-compatible databases, using mod_auth_msql, mod_auth_pg95 or mod_auth_dbi.

    If passwords cannot be stored in a file or database (perhaps because they are obtained at run-time from another network service), the mod_auth_external.c module lets you call an external program to check whether the given username and password is valid. If your site uses Kerebos, mod_auth_kerb allows Kerebos-based authentication.

    The mod_auth_anon module can be used to allow an 'anonymous-ftp' style access to authenticated areas, where users give an anonymous username and a real email address as password.

    There are also modules to hold authentication information in cookies, and to authenticate against standard /etc/passwd and NIS password services. See the Module Registry.

  • Blocking Access
    mod_block.c blocks access to pages based on the 'referer' field. This can be used to help prevent (for example) your images being used on other people's pages.

    For more complex cases, mod_rewrite can be used to implement blocking based on arbitrary headers (e.g. referer and user-agent), as well as on the URL itself.

  • Counters
    There are a number of counter modules available, including mod_counter.c and mod_cntr. Some server-side scripting languages, such as PHP/FI can also provide access counters.

  • Faster CGI Programs
    Perl CGIs can be sped up considerably by using the mod_perl or mod_perl_fast modules, which build a perl interpreter into the Apache executable, and optionally allows scripts to start up when the server starts.

    Alternatively, the mod_fastcgi module implements FastCGI on Apache, giving much better performance from a CGI-like protocol.

  • Languages and Internationalisation
    The Russian Character Set (RCS) module provides support for Russian character sets, while mod_fontxlate can translate characters in single-byte character sets, for countries with multiple non-standard character sets.

  • Miscellaneous
    mod_speling.c attempts to fix mis-capitalised URLs, by comparing with files and directories in a case-insensitive manner.

    A module which makes your ftp archive into web pages is available at mod_conv.tar.gz.

  • Server-Side Scripting
    There are several different modules which allow simple (or not so simple) scripts to be embedded into HTML pages. XSSI is an extended version of standard SSI commands, while PHP/FI and NeoScript are more powerful scripting languages.

  • Throttling connections
    mod_simultaneous.c limits the number of simultaneous accesses to particular directories, which could be a way of implementing limits for images directories.

  • URL rewriting
    The mod_rewrite module is a powerful (and complex) way of mapping the request URL onto a new URL on the fly, using regular expressions and optionally mapping files in text or DBM format. It can also implement conditional rewrites based on other request headers (e.g. User-Agent). A much simpler URL rewriter is available in mod_uri_remap.c


Apache.... the server of the Gods?

NetGuide reviews Web servers for Unix, NT and the Mac, including Apache. It says Apache "appeals to the basic instincts of the self-proclaimed Unix gods".


A single-page reference card for Apache has been written. It is available as a postscript file in both US paper and A4 sizes.

Following last week's report of a Netscape Navigator bug which can cause images to be downloaded repeated, Microsoft are fighting back with their proxy server. Now in beta test, MS Catapult seems to repeatedly request documents even if the server is returning 403 (forbidden) status. One site reports over a million unnecessary requests, which skews banner viewer figures. See also a news.com 'rumour'.


Comments or criticisms? Please email us at editors@apacheweek.com