CS2510 A-Z

Question 1

What are ports?

In computer networking, the term port can refer to either physical or virtual connection

points.

Physical network ports allow connecting cables to computers, routers, modems and other

peripheral devices.

Virtual ports are part of TCP/IP networking. These ports allow software applications to share

hardware resources without interfering with each other. Computers and routers automatically

manage network traffic traveling via their virtual ports. Network firewalls additionally

provide some control over the flow of traffic on each virtual port for security purposes

Specific address on a specific machine

Default port 80

Associated Memory = Socket File

Question 2

Set up a web server / multiple websites / one intranet

Virtual host for each individual website

Intranet – specific directory within that website is private whose identity is within a certain

range.

Robots

What are the different ways of excluding robots?

robots.txt file

o User-agent: *

o Disallow: /

HTML ROBOTS meta_tags : <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">

ALLOW / DENY = the only compulsory way.

How would you exclude from complete website?

User-agent: *

Disallow: /website

How would you exclude from a small part of a website?

User-agent: *

Disallow: /website/private.html

Write a program which prevents all possible ways a robot uses?

The .htaccess file / .htpasswd file can be used to prevent all access by robots as the cannot index

what they cannot get access to.

The system has slowed down / crashed, how would I find out what happened ?

The logfile.txt contains a list of requests made to it, so this would be the first place to start.

If there have been repeated requests for the same page(s) then it may be a Denial Of Service Attach

(DOS), but it could also mean that the website had been really popular at the time due to for

example a software update that has been released.

Error Logs could also be checked.

Major update of Apache, how would you go about it ?

Install the new version of Apache on the server but assign it a different port number eg 88.

Test the current websites to see do they perform as normal with the new update, if not fix

the problems they are experiencing which could be embedded perl, old sql or cgi script

problems.

If all is well, switch the new update over to Port 80 and remove the old version.

Question 3

Installing from source

Dividing into sub-sections

Apache

MySQL

Example

Install Apache on D drive on a machine in specific directories ?

Example

In UNIX environment, why should you not install Apache as ROOT ?

Answer - Security / Ownership

Any software that can alter files is a bad idea.

MySQL

Example How do you install it?

Commands

Name of directory / disk / disk & directory

RAW installation – user ROOT password BLANK – These need to be changed.

Delete Tables / Insert Rows / Modify Data etc

Question Does MySQL always need to listen ?

Answer No, it doesn’t because:

It’s on the same server as Apache

It’s not serving anybody else except Apache webserver

Installing of programming languages

- Perl

- Python

- PHP

Give set of commands for installing one of the above, where an Apache server already exists.

Difference between installing one of the above as a dynamic shared object vs cgi install language.

Do you sometimes need both or only one ?

Alternative Dynamic shared object with Apache is much faster than cgi in-built XYZ interpreter.

For a production environment, only use dynamic

For a development environment, use both interpreter and dynamic.

Apache Configuration

Directives can be classified as

Global – apply to Apache execution

Server Specific – apply to server

Virtual Host Specific – apply to virtual hosts

Directives can also be classified as

Core – in all Apache installations

MPM – in an OS-native installation

Base – provided by modules included in Apache by default

Extension – part of a module that is optional

Experimental – use at your own risk

Main configuration file: httpd.conf

Virtual host configuration:

Can be defined in section of httpd.conf ***

…or…

Can be placed in .htaccess file in virtual host home directory, with directive in

https.conf: AllowOverride all|none [not all directives permitted in .htaccess]#

Directives:

Listen[Server]

Defines IP and/or port where Apache listens.

E.g. Listen 80

Listen 143.238.1.1:80

Listen 143.239.1.1.8080

DocumentRoot[Server, Virtual Host]

Defines the root directory where web pages should reside.

E.g. DocumentRoot “C:/websites/atlanticferries”

DirectoryIndex[Server, Virtual Host, Directory, .htaccess]

DirectoryIndex index.html index.htm

DirectoryIndex index.html /cgi-bin/list.pl

ServerName[Server, Virtual Host]

Specifies server name(optional port no) that Apache uses to identify itself.

E.g. ServerName www.atlanticferries.com

Configuring Log Files:

ErrorLog[Server, Virtual Host]

Specifies name/location of error logfile

E.g. ErrorLog /etc/apache_error_log

LogLevel[Server, Virtual Host]

Adjusts the verbosity of the messages recorded in the error logs.

E.g. LogLevel warn

[levels are: emerg, alert, crit, error, warn, notice, info, debug]

CustomLog[Server, Virtual Host]

Specifies name & format of logfile for http requests, with optional nickname

E.g. CustomLog /logs/connect_logfile “%h %u %t %r %s” mylogformat

Logformat[Server, Virtual Host]

Specifies format of logfile for http requests, with optional nickname

E.g. LogFormat “%a %u %B %t %r %s” mynewlogformat

Running Scripts[Script Alias Directive]

Server-side scripting is commonly supported so as to provide dynamic websites. Scripting languages of various styles exist:

ColdFusion Markup Language (*.cfm) Java via JavaServer Pages (*.jsp) JavaScript using Server-side JavaScript (*.ssjs) PHP (*.php) Perl (*.pl)

The modern Apache approach is to provide optional modules [e.g. mod_perl, mod_php] for many of these scripting languages, These modules, if loaded, will handle processing of the relevant script.

CGI Scripts Prior to the development of such languages, early scripting was done using a combination of C programs, (Unix) shell scripts and Perl scripts. This combination of approaches was referred to as the Common Gateway Interface (CGI), and is still employed in websites to this day. A CGI script will be stored in a file, the first line of which specifies how the file contents are to be interpreted. For example, the following first line of a CGI script states that the file contains a shell script, to be executed by the bash shell:

♯! /bin/bash

An alternative first line of a file might state that it contains a Perl script, to be executed by the Perl interpreter:

♯!/usr/local/bin/perl

CGI Directory [ScriptAlias Directive] By convention, Apache stores all CGI scripts in a directory named cgi-bin. The location of this directory should be specified with an appropriate ScriptAlias directive within the htttpd configuration file:

e.g. ScriptAlias /cgi-bin/ “C:/xampp/apache/cgi-bin/” e.g. ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/

Then, for example, if a script is invoked from a HTML form:

<form action= “/cgi-bin/processform.cgi” method=”POST”>

A request is made for the file /cgi-bin/processform.cgi to Apache which looks for it in the directory /usr/local/apache2/cgi-bin and then executes it.

MIME Types [AddType & Action Directives] MIME [Multipurpose Internet Mail Extensions] types are identifiers used to identify file types, such as text, image, audio, etc. While originally designed for mail, MIME has been extended to the Web in general. When a Web server is handling a file, either for direct manipulation or for transfer to a client, it needs to identify the file type so that he correct handling application can be chosen. MIME types have the format type/subtype, and examples are:

text/plain text/html text/xml image/jpeg image/gif video/mpeg application/pdf application/zip

The definition of supported MIME types is stored in a file [default location: /conf/mime.types], which uses the file extension to determine its type and identifies the handler application(s). If it cannot determine the file type, it assigns it the default type, test/plain. [Note that, if the optional mime-magic module is loaded, it looks inside the file to determine its type]

Editing the mime-types File [AddType & Action Directives] If you need to add a type, it is done using the AddType directive, as in:

AddType mime-type extension e.g. AddType application/x-httpd-php .php

which adds a line to the file.

Similarly, you can instruct Apache to run a particular script when it receives a request for a file type, using the Action directive:

Action mime-type script

e.g. to handle all requests for png images with a CGI script: Action image/png /cgi-bin/processPNG.cgi

Or, you can create an action for PHP using the MIME type created above as follows: Action application/x-httpd-php /php/php.exe

In this case, /php/ must have been defines as a script directory using the ScriptAlias directive.

Configuring Directories [Options, AllowOverride, Order, Allow, Deny Directives] Directories are used in Apache for organizing both the server components and the individual virtual hosts. Both the access to, and the features of, directories can and should be controlled.

Directory Access A general rule is that Apache should not have any more access to a directory than is absolutely necessary. A further general rule is that access to a directory applies to subdirectories, etc, unless specifically refused by a directive. To achieve control, a default directory is normally defined with minimal access permission for Apache: <Directory />

Options FollowSymLinks AllowOverride None

</Directory> This defines a top-level directory [from which all others inherit], which allows Apache to follow symbolic links, but it cannot process a .htaccess configuration file. Other directories can then have specific directive applied to them using the template: <Directory dirpath>

Directives </Directory> e.g. <Directory /usr/local/apaches/htdocs> An example of this might be: <Directory /usr/local/apache/htdocs/secret>

Order Deny, Allow Allow from cs.ucc.ie Deny from all

</Directory> which will deny access to the directory from all clients except those originating from

the domain cs.ucc.ie. Note that Deny is evaluated before Allow, thereby achieving the desired result. When using the Deny or Allow directives, they take the form

Allow from identifier Deny from identifier

where Identifier can take the form All Domain-Name [cs.ucc.ie] IP Address [143.239.1.17] Partial IP Address [143.239]

Directory Features In addition to enabling access, we may also want to control features of a directory, using the Options directive, as in: Options features where features take the form:

All ExecCGI FollowSymLinks Includes Indexes None SymLinksIfOwnerMatch

Using Directives with Files [Order, Allow, Deny Directives] You can restrict access to files in the same way you restrict access to directories, using the Files directive: <Files filename>

Directives </Files> You can specify wildcards in the filename option: <Files *.gif> The Directives, which control file access, can include Allow, Deny and Order.

Apache Modules Since the release of Apache2, the design of the software has been modular, where each module supports a particular feature – and can be omitted if that feature is not required. Modules can be base (enabled by default), extension (enabled by choice when installing Apache) or external (provided by third parties). The latter two

categories of software module can either be compiled statically (compiled with Apache; adding or removing involves recompiling the Apache software) or dynamically (they are Dynamically Shared Objects – DSO – that require a LoadModule directive in httpd.conf in order to be loaded). Some useful extension modules include: PHP [mod_php]

a scripting modules for dynamic data-driven websites Secure Socket Layer (SSL) [mod_ssl]

a connection on Port 443 that uses the HTTPS protocol, not HTTP. Information transmitted between Apache and the browser is encrypted, with the server holding a digital certificate, issues by a certification authority, that verifies its identity; uses a library OpenSSL that must also be installed.

Perl [mod_perl]

executes Perl CGI scripts, employed for text/file manipulation; run much faster than Perl scripts executed as CGI scripts.

Python [mod_python]

another scripting language employed for text/file manipulation; objectoriented, comparable to Perl & java..

Security Tips Update Regularly

Update Apache with each new release, particularly those relating to security issues.

Restrict Access to Apache Directory [Unix] Create Apache directory as root, with root permissions. Do not allow writes to

Apache directory.

Don’t Run Apache as Root [Unix] You must start Apache as root. However, the User & Group directives in the

configuration file should switch to another dedicated account, one with fewer privileges.

Monitor Server Requests

Check logfiles regularly. Look out for suspicious requests, such as requests for the passwd file or repeated requests from same user.

Use a Restricted Default Directory

In httpd configuration file, specify Deny from All in default directory <Directory />. Then use Allow directory to open up access to specific directories.

Don’t Let Users See Your Files Don’t allow indexes in any directories unless specifically required (so that

users won’t try each file). Don’t set Options directive to Index in default directory – only in directories where file browsing is required.

Limit CGI Scripts Limit the execution of CGI scripts to specific directories, such as cgi-bin.

Don’t place them in any other directory, unless you trust users who can execute them. Ensure that any directory containing executable scripts is not writeable to outside users.

Don’t Allow .htaccess Files

Do all configuration in httpd.conf. Use SSL for Important Communications

Encrypt important communications

Apache From Source

Installing Apache WebServer on Unix from source from binaries from a package manager [RPM]

Installing Apache from Source Files Step 1: Download

1. Download from httpd.apache.org 2. Select appropriate mirrorsite [choose default] 3. Choose required source file for download, e.g. httpd-2.2.17.tar.gz 4. Save to an appropriate directory, such as /usr/src

Step 2: Installation After downloading:

1. Go to a Linux shell and login as the system administrator root:

sudo bash [become root]

2. Change to the download directory:

cd /usr/src and check that the downloaded file httpd-2.2.17.tar.gz is there

3. Unpack the tarball:

gunzip –c httpd-2.2.17.tar.gz | tar –xf – A new directory named httpd.2.2.17 is created that contains several subdirectories with all the files unpacked from the tarball

4. Configure the installation [choosing where to install Apache]:

The default location is /usr/local/apache2, achieved by: ./configure

To locate the installation elsewhere, use the prefix option: ./configure --prefix=/software/apache2

5. Compile the source code programs using the make utility:

Make

6. Install the software:

make install

Apacheis now installed below the /usr/local/apache2 directory.

Step 3: Start Assuming that you choose the default for the configure command, the /usr/local/apaches2 directory will have a bin subdirectory that contains the executables. In particular, it will contain the following:

httpd: this is the apache executable, and can be run directly with suitable parameters apachect1: this is a script that will start httpd executing, having done some checking of the parameters; it is the standard way of starting apache.

To start apache using apachect1:

/usr/local/apache2/bin/apachectl start

By default, apachectl looks for the httpd executable in /usr/local/apache2/bin directory. If you installed in non-standard directories, you should edit the apachectl script and amend the line

HTTPD=’/usr/local/apache2/bin/httpd’

So that it contains the correct path to the httpd executable, e.g.

HTTPD=’software/apaches/bin/httpd’

Step 4: Test To check that Apache is running, lookup all processes:

ps –A

and check if the list of processes includes some named httpd.

Stopping Apache To stop Apache simply call this command: /usr/local/apache2/bin/apachectl stop

Restarting Apache To restart Apache just type in this command: /usr/local/apache2/bin/apachectl restart Installation Options In Step2 above, we have seen that the configure command can have a prefix option that determines where the Apache executables will be placed. In fact, the user can determine the placement of all Apache files, using the enable-layout option. Its format is enable-layout=LAYOUT, which states that the installation should take its layout format from a file named LAYOUT. The default is layout.config.

./configure --prefix=/software/apache2 – enable-layout=LAYOUT

The default layout.config file contains: <Layout Apcahe>

prefix: /usr/local/apache2 exec_prefix: $[prefix] bindir: $[exec_prefix]/bin sbindir: $[exec_prefix].bin libdir: $[exec_prefix].lib libexecdir: $[exec_prefix]/modules mandir: $[prefix]/man

<Layout>

Serving Multiple Websites

Hosting More Than One Website

User Home Pages [Directory-Based]

group all websites under one controlling hostname e.g.

www.MyServer.com/~abc/siteone.html www.MyServer.com/~cde/sitetwo.html www.MyServer.com/xyz/newsite.html

simple to implement by assigning a directory to each separate website

home directory for each supported website can be automatically setup with UserDir

directive:

e.g

UserDir /home/www/MyServer/users/

this will take an incoming URL of www.MyServer.com/~abc/siteone.html and redirect it to the page at /home/www/MyServer/users/abc/siteone.html [i.e. it substitutes the URL for the tilde

individual websites can be given some level of control with a .htaccess file

Use Separate Servers run more than one instance of Apache at the same time

each could listen on the same IP/Port, but requests must include the “Host: …”

header of HTTP1.1 [see “Name-based Virtual Hosting” below]

alternatively, each could on a separate IP number and port [see ”IP-based Virtual Hosting” below]

heavyweight solution, but considered useful for high-security systems [especially if

Apache instances run as different user/group identities]

IP-Based Virtual Hosting run only one instance of Apache but, for each hosted website, have it listen on a

separate IP number and port [i.e. on separate network cards or on a single network card that has several IP numbers multiplexed]

more efficient than having separate servers [since a common pool of processes is

effectively shared]

can define the behaviour of virtual host in the configuration file

e.g. <VirtualHost IP>

ServerName www.MyServer.com

ServerAlias MyServer.com, *.MyServer.com ServerAdmin webmaster@MyServer.com DocumentRoot /home/www/MyServer ErrorLog logs/MyServer_errors TransferLog loga/MyServer_log

</VirtualHost>

Name-Based Virtual Hosting an instance of Apache could support multiple websites, each having its own

directory structure and configuration file

all requests must have the “Host: …” header of HTTP1.1]

2011 Mock Summer Answers [Web Servers]

1. Internet Infrastructure & Protocols

(a) Specify the essential principles of the TCP/IP protocol. [5 Marks]

The function of a TCP/IP protocol is to transmit data between two hosts in one

network where you need two network adapters which consist of a network interface

card and a NIC. Here one adapter sends a data packet and the other one receives it.

The IP Address is assigned to each network adapter and is unique for identifying the

sender and the receiver in a network with multiple hosts.

The IP Name defines how the network adapter is known to the network. An IP Name

is assigned to each IP Address.

The host name is a logical name for the host itself and is set in the operating system.

(b) What are the strengths and weaknesses of TCP/IP? [5 Marks]

Strengths

The ability to add networks without interrupting existing services

Provides high error-rate handling

Packet loss is minimised using reliable data transfer.

Weaknesses

Much planning and costs involved in setting up a network

Overhead on each packet is quite large

(c) How is TCP/IP related to protocols such as SMTP and FTP? [5 Marks]

SMTP and FTP are protocols build on top of TCP/IP. TCP is the underlying

transport layer that supports protocols such as SMTP and FTP.

(d) What are ports in modern computer systems, and how are they implemented? [5 Marks]

The port field in a modern computer is used to identify processes running

network applications such as an Apache web server on port 80. A demon

listens on port 80 for incoming requests and then forwards them to the

process running the Apache we server. A demon is a small piece of code

running in a loop querying the network connection on a specified port.

2. Installing Apache

(a) What methods of installation can be employed for the Apache webserver? What

benefits does each method have? [5 Marks]

From source

The benefit of source packages is that they are tailored to the

system and will give better performance which is vital for an Apache

server.

From binaries

Quick and easy to install but are usually larger than source files

meaning less file storage space.

From a package manager

Package managers usually have extra modules already installed

which are helpful for quickly setting up a web server.

(b) If you wished to install an experimental Apache webserver alongside a fully

functioning version, how would you go about it? [5 Marks]

You would install the version of Apache in a sub directory and then

configure the server to listen on a different port (or IP address if you have

multiple network cards on the server). This will then allow both to accept

connections.

(c) How would you check that an installed Apache webserver is properly running? [5

Marks]

In linux you can type in ps –a which will display an Apache process, if the

process is running then browse to localhost :port_number to check if

Apache is online. Port_number would be configured in httpd.conf to allow

two servers on the same IP i.e. 80, 8080.

(d) What function do the httpd.conf and .htaccess files serve? How do they differ?

Why do some webserver administrators frown on the use of .htaccess files? [5

Marks]

Httpd.conf is the main configuration file of Apache, where as .htaccess can

only be used if AllowOverride directive is set to allow. .htaccess can only

configure the directory it is currently in and is loaded every time the

directory is requested. According the Apache documentation .htaccess gives

performance issues due to Apache searching every directory for a .htaccess

file which is why administrators might frown on it. As well as that, .htaccess

gives users a lot more control over their directory which could be unsafe.

3. Configuring Apache

(a) What different strategies exist for supporting multiple hosts? [5 Marks]

We can group all websites under one controlling hostname.

We can also use separate servers for each host.

We can also use IP-Based Virtual Hosting.

We can also use Name-Based Virtual Hosting but only if all requests have a

host in the header of the http packet.

(b) Suppose an enterprise wished to have a publically-available website on the

internet, with a set of intranet pages available only from within that enterprise.

How might this be achieved? [5 Mark]

Firstly you would set up an instance of Apache listening on port 80 to accept

a request to their public site. As well as this you could have a directory on

the site called /private which can be configured in the httpd.conf to only

allow connections from the internal enterprise network.

(c) How can a webserver be made browser-aware, i.e. be aware of which browser is

sending it a request for service? [5 Marks]

The webserver can read the http_user_agent value from the header of the

http request. ???

(d) What is the difference between directives that are core, MPM, extension? [5

Marks]

Core – in all Apache installations

MPM – in an OS-native installation

Extension – part of a module that is optional

4. Installing from Source

(a) What are the primary steps involved in installing Apache from source? .[5 Marks]

Download the latest source file.

Become the root user, change to the directory of the download, unpack the

tarball.

Configure the installation using ./configure an optional prefix can be added

to change the directory of the installation ./configure --

prefix=/software/apache2

Compile the source code by typing make and then make install.

(b) What advantages/disadvantages does this installation method have? [5 Marks]

Only advanced users can install in this way but it’s a quick and easy method

for installing a basic Apache server. It can easily be installed remotely, so an

administrator can update to the latest version without being near the

server.

(c) What are the primary steps involved in installing an Apache module?. [5 Marks]

(d) What Apache modules would you consider to be necessary in a webserver? [5

Marks]

php

mysql

perl

python