Post on 29-Dec-2015
Web Services
CSCI N321 – System and Network Administration
Copyright © 2007,2008 by Scott Orr and the Trustees of Indiana University
References
Apache Site – http://www.apache.org
RedHat Deployment GuideChapter 22 – Apache HTTP Server
World Wide Web Components
Widget Widget WebWeb
ServerServer
UserUserWorkstationWorkstation
Widget 2.0------------------------------------------------------------
Download Demo
Buy it Now
Name:CC #:
SubmitSubmit ResetReset
Browser
Hypertext Transfer Protocol
GET /index.html HTTP/1.1Host: tempest.cs.iupui.edu <cr><cr>
HTTP/1.1 200 OKDate: Sun, 25 Nov 2007 20:43:31 GMTServer: Apache/2.2.3 (Red Hat)Last-Modified: Thu, 16 Aug 2007 01:48:43 GMTETag: "50602ec-71-4638f4c0"Accept-Ranges: bytesContent-Length: 113Connection: closeContent-Type: text/html; charset=UTF-8
File Content…
HTTP Status Codes
1xx – Informational 2xx – Success3xx – Redirection4xx – Client Error5xx – Server Error
Common Gateway Interface (CGI)
Allowed for dynamic web contentRelies on external programs Form processing Parameters passed as part of URL Outputs valid context Header/Content
Coding problems create security issues!
Apache Web Server
Runs on multiple platformsModules define capabilitiesSSL SupportWeb Hosting Multiple IP/Posts Virtual Hosts
Proxies/etc/http/conf/httpd.conf & /etc/httpd/conf.d
Basic Apache Configuration
ServerRoot – Where to find configurationListen – Which port(s) to bindDaemon Ownership
User GroupServerAdmin – Email address for AdministratorServerName – FQDN for serverDocumentRoot – Web content directoryDirectoryIndex – Files to load if only directory specifiedLoadModule – Feature module code to include
Many included by default LoadModule <module_name> <path_to_module>
Basic Performance Settings
Persistent Connections KeepAlive Off MaxKeepAliveRequests 100 KeepAliveTimeout 15
Concurrent Daemons (prefork module) StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 256 MaxClients 256 MaxRequestsPerChild 4000
Web Request Logging
Remote Address (%h)Client ID (%l)Authenticated User (%u)Date/Time of Request (%t)Request Line (\"%r\" )Request Status (%s)Size of data sent to client (%b)Referrer and Client info can also be included
Log Files
access_log - All web page requestserror_log – Problems & Failed requestsagent_log – Client info (browser/OS)referrer_log – Site that directed to URLCombined logs – Merge access_log, agent_log and referrer_log into one file
Directory Specific Settings
Override system defaultsEnclosed in <Directory></Directory>Options – Features to allow/disallow
Indexes Includes/IncludesNOEXEC FollowSymLinks/SymLinksIfOwnerMatch Multiviews All Multiple Options not merged, ‘+’ and ‘-’ to merge
Limit - Access Control Allow/Deny Order
User Personal Sites
URL: http://<site>/~<user>/Activation<IfModule mod_userdir.c>
# UserDir Disabled
UserDir public_html
</IfModule>
<Directory /home/*/public_html>
.htaccess
If present in directory, modifies settingsAllowOverride Must be in <directory> directive for tree Can be all All or list specific settings
Password Authentication Require directive in limit htpasswd - create users/passwords
.htaccess Example
AuthUserFile /etc/httpd/.htpasswdAuthGroupFile /dev/nullAuthName "HTAccess Demo"AuthType Basic
<Limit GET>require valid-user
</Limit>
Secure Socket Layer
Used to encrypt web trafficSSL Directives SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
Generating a Self-Signed Cert
openssl req -new > new.cert.csropenssl rsa -in privkey.pem -out new.cert.keyopenssl x509 -in new.cert.csr -out new.cert.cert \
-req -signkey new.cert.key -days 3650cp new.cert.key \
/etc/httpd/conf/ssl.key/server.keycp new.cert.cert \
/etc/http/conf/ssl.crt/server.crtservice httpd restart
Virtual Hosts
Multiple sites using the same server IP Based Port Based Name Based (No SSL support)
Example (Name)<VirtualHost *> DocumentRoot /var/www/webmail/ ServerName webmail.cs.iupui.edu</VirtualHost>