Lesson 9. The Apache Web Server
9.1. The Apache Web Server
Perhaps the second most1 popular network service available today is the world
wide web. In today’s lesson we will conﬁgure the Apache web server. The Apache web
server is produced by the ‘Apache Software Foundation’ (www.apache.org). The most
recent release of Apache is version 2.0. Few sites have adopted version 2.0, however,
since much add-in software only works with version 1.3. In this lesson, we will focus
on version 1.3.
9.1.1. Conﬁguring Apache
Conﬁguring Apache can be a complex process. Fortunately the default con-
ﬁguration is usually reasonable. The conﬁguration for Apache is stored in the
The httpd.conf File
Unfortunately, the ‘httpd.conf’ ﬁle has no ﬁxed location. Some systems have
it in ‘/etc/apache’, other systems have it elsewhere. Furthermore, older versions
of Apache split the conﬁguration into three ﬁles, the other two called ‘access.conf ’
and ‘srm.conf ’.
There are a large number of options in the ‘httpd.conf ’ ﬁle, too many to cover
here. A few of the more important appear in Table 9.1.
In addition to these conﬁguration options, it is possible to specify options
speciﬁc to a particular directory of web pages. An example is given below
Options Indexes FollowSymLinks ExecCGI
order allow, deny
allow from all
The meaning of each of these conﬁgurtion options is described in Table 9.2.
The ‘.htaccess’ File
It is possible to cause Apache to require a username and password before
allowing access to the contents of a directory. This is done by placing a ﬁle called
Email is arguably the most popular.
9.1. The Apache Web Server 79
ServerType There are two possible servertypes, ‘standalone’ and ‘inetd’.
Standalone servers are designed to be run continuously in
the background processing web requests, whereas ‘inetd’
servers are invoked from inetd.
Port Speciﬁeswhich port number Apache should listen on.
ServerAdmin Speciﬁesthe email address of the person responsible for the
MinSpareServers This option speciﬁes the minimum number of apache pro-
cesses that should be running at any one time.
MaxSpareServers This option speciﬁes the maximum number of apache pro-
cesses that should be running at any one time.
DocumentRoot This option speciﬁes the location of the world wide web doc-
UserDir Speciﬁes the name of a directory in a user’s home directory
where personal web pages are stored.
DirectoryIndex Sometimes a client will attempt to access a directory with-
out specifying a ﬁlename. The DirectoryIndex option speci-
ﬁesa number of ﬁlenamesthat are used when no ﬁlenameis
Table 9.1. Conﬁguration options in the ‘httpd.conf ’ ﬁle.
Options The ‘Indexes’ option causes Apache to automatically generate a
list of ﬁles in a directory when no speciﬁc ﬁle is requested, and
no ﬁle in the directory has one of the DirectoryIndex names. If
the ‘ExecCGI’ option were missing, Apache would not execute
any CGI scripts in the directory.
AllowOverride The options speciﬁedin the ‘httpd.conf ’ ﬁlefor a particular direc-
tory can be overriden by a ﬁlecalled ‘.htaccess’ in that directory.
The AllowOverride option speciﬁes which options can be over-
riden by the ‘.htaccess’ ﬁle.The ‘AuthConﬁg’option controls the
ability to require a password to access a web page.
order Deﬁnesthe order in which to process ‘allow’ and ‘deny’ options.
allow from Speciﬁesa host or domain name, or a (partial) IP address which
will be allowed access to the web pages in the directory.
deny from Speciﬁesa host or domain name, or a (partial) IP address which
will be denied access to the web pages in the directory.
Table 9.2. Conﬁguration options inside the ‘<Directory>’ section.
80 Lesson 9. The Apache Web Server
‘.htaccess’ in the directory to which you wish to restrict access. The ‘.htaccess’ ﬁle
contains conﬁgurationdirectives that override those given in the ‘httpd.conf ’ ﬁle.An
example ‘.htaccess’ ﬁle appears below.
AuthName "The Secret Documents"
The meaning of each of these options is described in Table 9.3.
The HTPASSWD Command
The ‘htpasswd’ command is used to create and modify the password ﬁle(s)used
with Apache. The command
$ htpasswd -c /etc/apache/passwd jdoe
will prompt for a password and then create a new password ﬁle called
‘/etc/apache/passwd’ and add the user ‘jdoe’ with the speciﬁedpassword. Thereafter
$ htpasswd /etc/apache/passwd jsmith
will add a new user called ‘jsmith’ to the ‘/etc/apache/passwd’ ﬁle.
9.1.2. Virtual Websites
It is common for a websites to be named after the company or organisation
which created them. Some websites, however, do not receive many hits. It would be
wasteful to dedicate a machine for such websites, when that machine could easily
serve a number of these sites. The problem is how we can cause Apache to serve
different web pages depending on which name was used to access the machine.
There are two solutions to this problem.
IP-Based Virtual Hosts
With IP-based virtual hosts, the DNS is conﬁguredto resolve each website name
to a different IP address. IP aliasing is then used to allow a single machine to serve
all of the websites.
IP aliasing is a technique which enables a single network interface to have
multiple IP addresses assigned to it.1 In this way, one machine could serve several
web pages by determining which IP address was used to connect to it. For example,
suppose we wish to conﬁgure our ethernet interface with a second IP address
192.168.1.2 with netmask 255.255.255.0 using IP aliasing. The following commands
will do the trick:
The kernel must be conﬁgured to support IP aliasing, which is generally not the default.
9.1. The Apache Web Server 81
AuthUserFile The location of a ﬁlecontaining usernames and passwords. This
ﬁle is created and modiﬁed with the ‘htpasswd’ command.
AuthGroupFile The location of a ﬁlecontaining group membership information.
Access can be restricted to members of a particular group.
AuthName The name of the authorization realm. Mulitple directories can
share the same authorization realm. Once a user has logged
in to a particular authorization realm, they can access any
directory in the same authorization realm without needing to
log in again.
AuthType The type of authorisation used. Only ‘basic’ is available current-
ly. (Some clients are able to use ‘Digest’ but others cannot)
require Speciﬁeswhich users can access the web pages in this directory.
The ‘valid-user’ option means any user in the AuthUserFile.
Access can be restricted to a particular user or users with
require user janedoe johndoe
Table 9.3. Conﬁguration options in the ‘.htaccess’ ﬁle.
$ ifconfig eth0:1 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255
$ route add -host 192.168.1.2 dev eth0:1
Note that ‘eth0:1’ is used for the interface name. It is possible to conﬁgure the
interface with several IP addresses using ‘eth0:2’, ‘eth0:3’ etc. Also note the use of
the ‘-host’ option to ‘route’.
Once this is accomplished, we need to conﬁgure Apache so that it will respond
with different web pages based on the IP address used when the client connected to
the Apache server. To do this, we use the ‘VirtualHost’ directive in the ‘httpd.conf ’
In the example we assume the name ‘host.some_domain.com’ is mapped to one
of the IP addresses on our aliased ethernet interface. The ‘VirtualHost’ directive
describes the conﬁguration which is speciﬁc to that website. We have seen some of
the options before. Those we haven’t are described in Table 9.4.
Once this is done, the aliased interface can be used to serve a different set of
ServerName The name used for the server.
ErrorLog Speciﬁesa ﬁle where error messages should be logged.
TransferLog Speciﬁesa ﬁle where transfers should be logged.
Table 9.4. Conﬁguration options in the ‘<VirtualHost>’ section.
web pages. Unfortunately this scheme requires one IP address for each website,
even though there is only one machine. This is not an efﬁcient use of already scarce
Name-Based Virtual Hosts
Name-based virtual hosts are similar to IP-based virtual hosts with the excep-
tion that they do not require an IP address for every website. The DNS is conﬁgured
so that many names map to the same IP address. Apache is conﬁgured in a similar
way to that used for IP-based virtual hosts. Unfortuneately, name-based virtual
hosts only work with browsers that support HTTP 1.1 or above.
To conﬁgurename-based virtual hosts, the ‘NameVirtualHost’ directive is used
in the apache conﬁguration, followed by the ‘VirtualHost’ directive we saw before.
The ‘NameVirtualHost’ directive instructs Apache to serve multiple websites from
the speciﬁed IP address. For example
In this conﬁguration,two names are mapped to the IP address 192.168.1.1, and the
‘NameVirtualHost’ directive instructs Apache to redirect requests coming in on that
IP to the relevant virtual host.
1. How could Apache be conﬁgured to deny access to its web pages from all
machines in the ‘ug.cs.usyd.edu.au’ domain? You will need to ensure that your
9.2. Exercises 83
‘order’ directive is correct. Refer to the Apache website (httpd.apache.org) if you
require more information.
2. How could Apache be conﬁgured to restrict access to group of users using the
AuthGroupFile option? Further information on the syntax can be found on the
3. What options, other than ‘Indexes’, ‘FollowSymLinks’, and ‘ExecCGI’, can be
used with the ‘Options’ directive described in Table 9.2.
4. Suppose you are using IP aliasing (described in Section 9.1.2) and have conﬁg-
ured your ethernet interface with the IP addresses 192.168.1.1 and 192.168.1.2,
using the netmask 255.255.255.0. How would you conﬁgurethe ethernet inter-
face with a third IP address, 192.168.1.3?
Chapter 22 of E. Nemeth, G. Snyder, S. Seebass and T. Hein. Unix System Adminis-
tration Handbook. Prentice Hall. 3rd Edition, 2001.
The Apache Software Foundation. The Apache HTTP Server Project. URL