Linux & Apache

Courseware-Linux & APACHE

Page 1 of 31

INDEX

CHAPTER TITLE PAGE

1 INTRODUCING APACHE 2

2 APACHE CONFIGURATION 7

3 DYNAMIC CONTENT AND SECURITY 21

4 SECURITYAND AUTHENTICATION 29


Page 2 of 31

INTRODUCING APACHE

What is a Web Server?

Before we get into the particulars of Apache, let's talk about what a web server is. A

web server is a program that runs on a host computer (also, confusingly enough,

called a web server) that serves up web sites. In other words, the web server

program sits around awaiting requests from visitors' web browsers for objects it has

in its possession, and then sends these objects back for the visitor's viewing

pleasure. Objects that web servers can serve include HTML documents, plain text,

images, sounds, video, and other forms of data. These objects may not necessarily

exist in static form, but instead are generated on-the-fly by programs run by the

server; CGI scripts are the most common of these programs.

Web servers and browsers communicate using HTTP, Hypertext Transfer Protocol, a

simple but effective language for requesting and transmitting data over a network.

Thus, you'll sometimes hear web servers referred to as HTTP servers.

Web servers come in various shapes and sizes. They run under a variety of operating

systems, have varying levels of power and complexity, and range in price from

rather expensive to free.

What's so special about Apache?

Apache is:

• Powerful -- Apache's performance and reliability is legendary.

• Feature-Rich -- The Apache server sports a host of features, including: XML

support, server-side includes, powerful URL-rewriting, and virtual hosting, to

name but a few. We'll be talking about some of these features in future

articles.

• Modular -- Looking for a feature not implemented in the core Apache server?

Chances are you'll find a module that can add the functionality you need.

• Extensible -- Can't find a module that suits your purposes? Well, as Apache

is open source, you can write one yourself. In fact, you can even make


Page 3 of 31

changes to the inner workings of Apache. All the information you need is right

there in the source code and numerous online resources. Share your patches

or modules with the community by making them open source as well!

• Popular -- At the time of this writing, Apache holds a smidge under 60

percent of the web server market. And, yes, popularity does count; help

abounds and is only a mailing list or newsgroup posting away.

• Free -- This is one instance where you don't necessarily get what you pay for.

Installing Apache

1. Login as root. You can do this for the current command terminal using su:

su root

2. We are going to install Apache in /usr/local/etc. Go there now.

cd /usr/local/etc

3. Download the latest stable Apache from apache.org into this directory. Here

we explained you apache_1.3.14. I keep all my downloads in a directory in

case I need them again:

/usr/local/downloads

If you like this idea and don't already do it you might need to create the

directory:

mkdir /usr/local/downloads

Here are the ftp commands to get the file:

cd /usr/local/downloads

ftp ftp.apache.org

cd dist

bin

get apache_1.3.14.tar.gz

bye

4. Untar the file with: (note the capital C)

tar xzf apache_1.3.14.tar.gz -C ../etc

5. This will have created a directory apache_1.3.14. Let's make this nicer by

providing a link:

cd /usr/local/etc

ln -s apache_1.3.14 httpd


Page 4 of 31

I've decided to start using httpd for the link since that's what everyone else

seems to do.

The Apache Layout:

Now is a good time to explain the eventual layout of our Apache installation. All of

the version specific (1.3.14) binaries and files are stored in:

/usr/local/etc/apache_1.3.14

We currently have:

/usr/local/etc/httpd

linked to this directory specifying it as the current version. In theory when we

upgrade Apache in the future we can just install it side by side and then switch over

the httpd link to the newly installed version.We will be placing all of our non-version

specific files such as configuration files, log files and the web pages in:

/www

We will have a few directories here to maintain this structure:

/www

/www/conf -- configuration files

/www/logs -- web server logs

/www/logs/mysite.com -- log files for mysite.com

/www/logs/mycharity.org -- log files for mycharity.com

/www/servers -- sites

/www/servers/mysite.com -- web pages for mysite.com

/www/servers/mycharity.org -- web pages for mycharity.com

Running Apache

1. If another version of Apache is running on your machine then you will

need to stop it before going any further. Neat ways are described here,

the quick and dirty way is:

killall httpd

2. Starting your new server is simple.

cd /usr/local/etc/httpd/bin

./apachectl start


Page 5 of 31

3. apachectl is the easiest way to start and stop your server manually. Just

use it's help if you get stuck:

./apachectl help

Starting and Stopping Apache Automatically

If you use Red Hat or one of it's variants you can use these instructions to make

Apache start and stop automatically with your machine.

After you've installed Apache it's often a good and convenient idea to make it start

and stop automatically with the machine. These instructions are specific for Red Hat

Linux and it's variants since different Linux distributions tend to layout the start up

scripts differently.

The example script is based on my Apache installation instructions.

1. Firstly, log in as root

su root

2. The next thing we need to do is create a start up and shutdown script for

Apache. I use a slightly modified version of the standard Red Hat one. You

need to create or modify this script located at:

/etc/rc.d/init.d/httpd

Here is a copy (removed) of the start up script I use for my installation. You

can just change the PID file (PIDFILE) and httpd binary (BINFILE) locations

in that script if you set up your Apache differently.

3. We need to make this file executable:

cd /etc/rc.d/init.d

chmod 755 httpd

4. Now we need to link to this script, causing it to be run on automatically on

server shutdown. I'm not sure if all of these are needed, here I'm just

copying the Red Hat solution. If these links already exist then you do not

need to change them so long as they point to the httpd file we just created.

cd /etc/rc.d/rc0.d

ln -s ../init.d/httpd K15httpd

cd /etc/rc.d/rc6.d

ln -s ../init.d/httpd K15httpd

5. Now add a link to the script to be run when the server starts:

cd /etc/rc.d/rc3.d


Page 6 of 31

ln -s ../init.d/httpd S15httpd

cd /etc/rc.d/rc5.d

ln -s ../init.d/httpd S15httpd

6. You can check if everything worked as expected by rebooting your machine

(after saving everything):

shutdown -r now

APACHE CONFIGURATION

Configuring and Compiling Apache

Mount the CD-ROM 1 and install the package for apache. The package will

automatically create all the directories for you besides installing the software.

The document root will be placed in /home/httpd in 6.0 and in /var/www in

7.0. The server root will be located in /etc/httpd. The path to the apache

program will be /usr/sbin/httpd.

In the document root three directories are created: cgi-bin, html and icons. In

the html directory you will store the Web pages for your server. In the cgi-bin

directory you will store your CGI programs.

In the server root three directories are created: conf, logs and modules. In

the /etc/httpd/conf directory you will find the three basic Apache


Page 7 of 31

configuration files: httpd.conf, access.conf and srm.conf. In the

/etc/httpd/logs directory you will find the access and error logs. The

/etc/httpd/modules directory is where the Apache modules are resident.

• Configuring Apache in 7.0

Apache in 7.0 comes with the same three configuration files, but only

httpd.conf needs to be configured, changed, by you. The other two are

considered obsolete and should not be changed.

o httpd.conf: this is the overall configuration file. Open the file

httpd.conf in Kedit or any other text editor like Pico or Emacs. Find

first the line #BindAddress * and delete the # (uncomment it) to make

it active. Find the line ServerAdmin and enter your e-mail address, and

look for the line ServerName and enter the FQDN, or IP number of

your machine, or yet localhost. The server comes configured to run in

standalone mode, to listen in port 80, with user and group apache (

with low level of permissions for security reasons), and you don't need

to change these options. The document root directory is by default in

the line DocumentRoot "/var/www/html"

Look for the section that starts with <Directory "/var/www/html"> and look

for the Options line and change it to allow Server Side Includes, but disabling

scripts to be run from a Web page, as follows: Options Indexes Includes

FollowSymLinks IncludesNOEXEC. This will allow the dynamic dating of your

changes, the dynamic display of time and date in your pages, but will prevent

scripts to be run outside of your cgi-bin directory. For example, the HTML

code 

will be displayed as

Saturday September 23, 2006 -- 12:53 AM

Look for the line UserDir and I suggest you replace public_html (the default)

by www a more familiar directory name. This will allow users to place files in

their www directory and be seen on the Web using the server address

followed by the tilde (~) and the username, like my URL in UBMail:

http://home.ubalt.edu/~abento .

If you do this, also change the line <Directory /home/*/public_html>

replacing public_html with www.


Page 8 of 31

You may want to change the order of your index files, making index.shtml

(the SSI version) to be the first to be displayed by the browsers. In order to

do so, look for the line DirectoryIndex and change it to DirectoryIndex

index.shtml index.html index.htm

Check that your cgi-bin directory is properly identified as follows: ScriptAlias

/cgi-bin/ /var/www/cgi-bin/ . If you moved your document root path change

this line accordingly. As an additional security measure you may also change

the section starting with <Directory /var/www/cgi-bin> so that the Options

line be commented out as follows: # Options ExecCGI. This will not prevent

you to run CGI programs in cgi-bin, but rather it will prevent the command

exec to be used even in the cgi-bin directory.

Look for the line starting with # AddHandler. If you want your CGI script files

to be identified with .cgi be sure that the line AddHandler cgi-script .cgi is not

commented out (market with in * in front). To complete the installation of

server side includes be sure that the following two lines are present:

AddType text/html .shtml

AddHandler server-parsed .shtml

Finally, to make your Web server support image maps be sure that the

following line exists: AddHandler imap-file map

The follwing points suggest you to compile your apache:

1. First we need to create the directory structure above:

cd /

mkdir www

If you have space issues or a super fast disk you would like to use then you

might like to create /www as a link to the preferred location. For example:

cd /u01

mkdir www

cd /

ln -s /u01/www www

2. Now create directories for the configuration files, log files and servers:


Page 9 of 31

cd /www

mkdir conf logs servers

3. As mentioned above,Before compiling we must configure the Apache

makefiles.

cd /usr/local/etc/httpd

./configure --prefix=/usr/local/etc/httpd --sysconfdir=/www/conf -

- enable-module=rewrite --enable-module=status

This sets up the installation with the apache binaries in /usr/local/etc/httpd

and puts the configuration files in /www/conf. It also sets up status reporting

and the rewrite module allows url redirection and rewriting.

If you want to go really nuts with your apache installation, adding extra

modules and so on then check out the options by using:

./configure --help

4. Now we can make our Apache executable. This may take a while on older

machines:

make

5. And install all the Apache files with:

make install

One nice thing here is that if you are installing a new apache, it will not

override the existing configuration files. Of course, this can also be a gotcha if

you want to wipe the old installation completely...

Setting Up Your Apache Server

1. Often Apache is already installed with Linux. You can check if it is running

on your system by using the command

top

top gives a list of all processes that are currently running on the machine.

Make sure that you size the xterm window so that you can see all of the

processes (lines) that are listed. Apache is running if you can see a number of

lines that look something like:

475 nobody 0 0 1388 1388 1232 S 0 0.0 1.0 0:00

httpd

If you want to see what Apache is doing on your machine the simplest way is

to point your browser (on the same machine) at it:


Page 10 of 31

http://localhost

2. The server configuration file for our installation is at:

/www/conf/httpd.conf

Go there now with:

cd /www/conf

3. If you do have Apache installed and you already use it for looking at web

pages then you will probably want to keep your configuration file. Often this

file is located at:

/etc/httpd/conf/httpd.conf

If you are upgrading and you want to keep your old configuration file

(and it is from a compatible Apache version) then just copy it over the new

one:

cp /etc/httpd/conf/httpd.conf .

You may also need to use your existing access and srm config files:

cp /etc/httpd/conf/access.conf .

cp /etc/httpd/conf/srm.conf .

4. If you are setting up Apache for the first time then you need to edit the

default http.conf file. The line numbers below work for Apache 1.3.14 but

will probably be different for other versions.

If you want to run Apache on a different port to the default (80) then change

the number on line 238. Ports less than 1024 will require Apache to be

started as root. Port 80 is probably the easiest to use since all other ports

have to be specified explicitly in the web browser, eg: http://localhost:81.

Port 80

You may want to change the server admin email address on line 260:

ServerAdmin [email protected]

You should specify your machine name on line 278, you may just have to

remove the # comment marker. If you configure virtual hosts as outlined

below then Apache will use the virtual server you name here as the default

documents for the site.

ServerName synop.com

You should set the document root on line 285:

DocumentRoot "/www/servers"


Page 11 of 31

And on line 310:

<Directory "/www/servers">

If you want to be able to change the Apache configuration on a per directory

basis then the use of .htaccess files needs to be allowed. To enable this set

AllowOverride to All on line 326:

AllowOverride All

The default file to serve in directories is index.html. You can change this or

add new file names (in order or importance) on line 365:

DirectoryIndex index.html index.htm

If you don't get a large number of hits and you want to know where your

visitors are from then turn host name look ups on at line 450. Turning this on

does place extra load on your server as it has to look up the host name

corresponding to the IP address of all your visitors.

HostnameLookups On

Setting Up Virtual Hosts

1. You can only have one web server program running on your machine and

listening on the default HTTP port, 80. To enable the single Apache server

to serve different web pages for different domains we need to set up virtual

hosts in Apache. Using virtual hosts we can configure how Apache should

handle requests to each domain.

One of the things that a browser sends to the web server when requesting a

web page is the host name of the server that it is connecting to. Apache

catches all the HTTP requests that come to this machine (on the ports it was

told to listen to). It then examines the host name included in the request

and uses that to determine the virtual host configuration it should utilize.

2. When Apache receives a request it gets the:

1. IP address (eg: 216.167.19.49)


Page 12 of 31

2. Port (eg: 80)

3. Host: (eg: ipower.com)

In the Apache configuration file we must specify each IP address and port

combination for which we will be specifying virtual host domains. So, for the

example above we would add this to the end of the httpd.conf file:

NameVirtualHost 216.167.19.49:80

It is important to note that you cannot use an IP address unless your machine

has been configured to use it. If you are setting up a single development

machine then you should probably just use the address 127.0.0.1 which

always refers to the local machine.

3. If your machine has a number of IP addresses or you want virtual hosts

running on other ports you can repeat the previous step for each one. For

example, my machine also runs synop.com:


4. Next we must configure the actual Virtual Hosts. Each virtual host will have

its own directory for the web pages to be stored. This can be anywhere that

the Apache web server has permission to read. Personally I prefer to keep

all my web pages in one structure as described earlier:

cd /www/servers

5. Now you must create a directory for each virtual host. I use the actual

domain name of the virtual host.

mkdir synop.com

mkdir ipower.com

So, for example, the ipower home page is located at:

/www/servers/ipower.com/index.phtml

The instructions you are reading right now live at:

/www/servers/ipower.com/instructions/install-

apache1xx-on-linux.phtml

6. We also need to create directories for the log files:

cd /www/logs

mkdir synop.com


Page 13 of 31

mkdir ipower.com

7. Remember that you cannot create a virtual host unless the machine

running the web server is the destination for those domain names. For

example, synop.com is hosted somewhere in the US on the machine with IP

address 216.167.19.40. This has been developed in Australia. If you don’t

have a permanent IP address for your development machine then you can

set up your development machine with dev. versions of the domain name.

You can do this by adding entries to your /etc/hosts file. Here is what mine

looks like (note that the gaps are tabs):

127.0.0.1 ws01.synop.com localhost dev.synop.com dev.ipower.com

aolserver.doc apache.doc php.doc solid.doc mysql.doc

8. Now if you ping any of these domains on your development machine

they should respond immediately.

ping dev.synop.com

PING ws01.synop.com (127.0.0.1): 56 data bytes

64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.2 ms




--- ws01.synop.com ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max = 0.1/0.1/0.2 ms

ping apache.doc

PING ws01.synop.com (127.0.0.1): 56 data bytes





--- ws01.synop.com ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss

round-trip min/avg/max = 0.1/0.1/0.2 ms

9. We can now create the virtual host entries in the Apache configuration file:

ww/conf/httpd.conf


Page 14 of 31

The example in the default configuration file is fairly self explanatory. We just

add the virtual host entries to the end of the httpd.conf file. Here are the

entries on our development machine:


#

# VirtualHost example:

# Almost any Apache directive may go into a VirtualHost container.

#

#<VirtualHost ip.address.of.host.some_domain.com>

# ServerAdmin [email protected]_domain.com

# DocumentRoot /www/docs/host.some_domain.com

# ServerName host.some_domain.com

# ErrorLog logs/host.some_domain.com-error_log

# CustomLog logs/host.some_domain.com-access_log combined

#</VirtualHost>

#<VirtualHost _default_:*>

#</VirtualHost>

<VirtualHost 127.0.0.1:80>


DocumentRoot /www/servers/synop.com

ServerName dev.synop.com

ErrorLog /www/logs/synop.com/error-log

CustomLog /www/logs/synop.com/access-log combined

</VirtualHost>



DocumentRoot /www/servers/ipower.com

ServerName dev.ipower.com

ErrorLog /www/logs/ipower.com/error-log

CustomLog /www/logs/ipower.com/access-log combined

</VirtualHost>


Page 15 of 31



DocumentRoot /www/servers/apache.doc

ServerName apache.doc

ErrorLog /www/logs/apache.doc/error-log

CustomLog /www/logs/apache.doc/access-log combined

</VirtualHost>



DocumentRoot /www/servers/php.doc

ServerName php.doc

ErrorLog /www/logs/php.doc/error-log

CustomLog /www/logs/php.doc/access-log combined

</VirtualHost>



DocumentRoot /www/servers/mysql.doc

ServerName mysql.doc

ErrorLog /www/logs/mysql.doc/error-log

CustomLog /www/logs/mysql.doc/access-log combined

</VirtualHost>



DocumentRoot /www/servers/aolserver.doc

ServerName aolserver.doc

ErrorLog /www/logs/aolserver.doc/error-log

CustomLog /www/logs/aolserver.doc/access-log combined

</VirtualHost>




Page 16 of 31

DocumentRoot /www/servers/solid.doc

ServerName solid.doc

ErrorLog /www/logs/solid.doc/error-log

CustomLog /www/logs/solid.doc/access-log combined

</VirtualHost>

10. Now we are ready to run the server!

APACHE MIME TYPES:

This is a dump of a typical MIME type file on a Linux/Unix

server. This file controls what MIME types are sent to the client for the given

file extensions. Sending the correct MIME type to the client is important so

they know how to handle the content of the file. Extra types can either be

added here or by using an AddType directive in your config files. For more

information about MIME types please read RFC 2045, 2046, 2047, 2048, and

2077.

Some of # MIME type Extension:

application/activemessage

application/andrew-inset

application/applefile

application/atomicmail

application/macwriteii

application/msword doc

application/news-message-id

application/news-transmission

application/octet-stream bin dms lha lzh exe class

application/oda oda

application/pdf pdf

application/powerpoint pptapplication/x-compress

application/x-gtar gtar

application/x-gzip

application/x-hdf hdf

application/x-javascript js

application/x-koan skp skd skt skm


Page 17 of 31

application/x-wais-source src

application/zip zip

audio/basic au snd

audio/midi midi kar

audio/x-midi mid

audio/mpeg mpga mp2 mp3

audio/x-wav wav

chemical/x-pdb pdb xyz

image/gif gif

image/ief ief

image/jpeg jpeg jpg jpe

image/png png

image/tiff tiff tif

message/external-body

message/news

message/partial

message/rfc822

model/iges igs iges

model/vrml wrl vrml

model/mesh msh mesh silo

multipart/alternative

multipart/appledouble

multipart/digest

multipart/mixed

multipart/parallel

text/css css

text/html html htm

text/plain txt

text/richtext rtx

video/mpeg mpeg mpg mpe

video/quicktime qt mov

video/x-msvideo avi

video/x-sgi-movie movie

x-conference/x-cooltalk ice


Page 18 of 31

This file can be found in /etc/httpd/conf, or /usr/local/etc/httpd/conf, or you

may have to look around the server for the correct path. It is sometimes

necessary to add a specific MIME type for an application or server based

program.

How to add a MIME type to the Apache web server

Use Telnet or SSH to gain shell access to your server. Type: su - at the

command prompt to gain root access. Enter the root password and then you'll

have to locate the mime.types file on your server. Change directory with: cd

/etc/httpd/conf/ or cd /usr/local/etc/httpd/conf/ and edit the file mime.types

with any text editor such as VI or Pico. You can add and edit or delete any

line. Make sure you're using the correct syntax!

For example, to add the Mime type for Flash SWF files, you would add the

following line:

application/x-shockwave-flash swf

Once the mime.types file has been saved, you'll have to restart the Apache

web server. If you don't have webmaster access, you can add a new or edit

an existing .htaccess file. This is a read-only file which handles a few things,

such as mime types, page extension names and password access to a

directory. To add a MIME type, enter the following statement AddType

[mime type name].

A typical .htaccess file looks something like this:

DirectoryIndex index.html index.html

AddType executable exe

AddType zip file zip

AddType text/x-server-parsed-html html htm

AddType application/x-shockwave-flash swf

To add the .htaccess file to a directory, simply edit it with any text editor, and

upload it to your server using FTP.


Page 19 of 31

DYNAMIC CONTENT AND SECURITY

SSI:

SSI (Server Side Includes) are directives that are placed in HTML

pages, and evaluated on the server while the pages are being served. They

let you add dynamically generated content to an existing HTML page, without

having to serve the entire page via a CGI program, or other dynamic

technology.

The decision of when to use SSI, and when to have your page entirely

generated by some program, is usually a matter of how much of the page is

static, and how much needs to be recalculated every time the page is served.

SSI is a great way to add small pieces of information, such as the current

time. But if a majority of your page is being generated at the time that it is

served, you need to look for some other solution.

BASIC SSI DIRECTIVES:

SSI directives have the following syntax:



It is formatted like an HTML comment, so if you don't have SSI correctly

enabled, the browser will ignore it, but it will still be visible in the HTML

source. If you have SSI correctly configured, the directive will be replaced

with its results.

The element can be one of a number of things, and we'll talk some more

about most of these in the next installment of this series. For now, here are

some examples of what you can do with SSI.

Today's date




Page 20 of 31

The echo element just spits out the value of a variable. There are a number of

standard variables, which include the whole set of environment variables that

are available to CGI programs. Also, you can define your own variables with

the set element.

If you don't like the format in which the date gets printed, you can use the

config element, with a timefmt attribute, to modify that formatting.

 Today is 

Modification date of the file

This document last modified 

This element is also subject to timefmt format configurations.

Including the results of a CGI program

This is one of the more common uses of SSI - to output the results of a CGI

program, such as everybody's favorite, a ``hit counter.''



ADDITIONAL EXAMPLES:

Following are some specific examples of things you can do in your HTML

documents with SSI.

When was this document modified?

Earlier, we mentioned that you could use SSI to inform the user when the

document was most recently modified. However, the actual method for doing

that was left somewhat in question. The following code, placed in your HTML

document, will put such a time stamp on your page. Of course, you will have

to have SSI correctly enabled, as discussed above.

 This file last modified 


Page 21 of 31

Of course, you will need to replace the ssi.shtml with the actual name of the

file that you're referring to. This can be inconvenient if you're just looking for

a generic piece of code that you can paste into any file, so you probably want

to use the LAST_MODIFIED variable instead:

 This file last modified 

For more details on the timefmt format, go to your favorite search site and

look for strftime. The syntax is the same.

Including a standard footer

If you are managing any site that is more than a few pages, you may find

that making changes to all those pages can be a real pain, particularly if you

are trying to maintain some kind of standard look across all those pages.

Using an include file for a header and/or a footer can reduce the burden of

these updates. You just have to make one footer file, and then include it into

each page with the include SSI command. The include element can determine

what file to include with either the file attribute, or the virtual attribute. The

file attribute is a file path, relative to the current directory. That means that it

cannot be an absolute file path (starting with /), nor can it contain ../ as part

of that path. The virtual attribute is probably more useful, and should specify

a URL relative to the document being served. It can start with a /, but must

be on the same server as the file being served.

 I'll frequently combine the last two things, putting a LAST_MODIFIED

directive inside a footer file to be included. SSI directives can be contained in

the included file, and includes can be nested - that is, the included file can

include another file, and so on.

Hence SSI is certainly not a replacement for CGI, or other technologies used

for generating dynamic web pages. But it is a great way to add small amounts

of dynamic content to pages, without doing a lot of extra work.


Page 22 of 31

APACHE COOKIES:

NAME

Apache::Cookie - HTTP Cookies Class

SYNOPSIS

use Apache::Cookie ();

my $r = Apache->request;

my $cookie = Apache::Cookie->new($r, ...);

DESCRIPTION

The Apache::Cookie module is a Perl interface to the cookie routines in

libapreq. The interface is based on Lincoln Stein's CGI::Cookie module.

METHODS

Apache::Cookie does not export any symbols to the caller's

namespace. Except for the request object passed to Apache::Cookie::new,

the OO interface is identical to CGI::Cookie. Please consult the CGI::Cookie

documentation for more details.

NEW

Just like CGI::Cookie::new, but requires an Apache request object:

my $cookie = Apache::Cookie->new($r, -name => 'foo', -value => 'bar', -expires => '+3M', -domain => '.capricorn.com', -path => '/cgi-bin/database', -secure => 1 );

BAKE

Put cookie in the oven to bake. (Add a Set-Cookie header to the outgoing

headers table.)

$cookie->bake;

PARSE


Page 23 of 31

This method parses the given string if present, otherwise, the incoming

Cookie header:

my $cookies = $cookie->parse; #hash ref

my %cookies = $cookie->parse;

my %cookies = $cookie->parse($cookie_string);

fetch

Fetch and parse the incoming Cookie header:

my $cookies = Apache::Cookie->fetch; #hash ref

my %cookies = Apache::Cookie->fetch;

as_string

Format the cookie object as a string:

#same as $cookie->bake

$r->err_headers_out->add("Set-Cookie" => $cookie->as_string);

name

Get or set the name of the cookie:

my $name = $cookie->name;

$cookie->name("Foo");

value

Get or set the values of the cookie:

my $value = $cookie->value;

my @values = $cookie->value;

$cookie->value("string");

$cookie->value(\@array);

domain

Get or set the domain for the cookie:

my $domain = $cookie->domain;

$cookie->domain(".cp.net");


Page 24 of 31

path

Get or set the path for the cookie:

my $path = $cookie->path;

$cookie->path("/");

expires

Get or set the expire time for the cookie:

my $expires = $cookie->expires;

$cookie->expires("+3h");

secure

Get or set the secure flag for the cookie:

my $secure = $cookie->secure;

$cookie->secure(1);

Apache Handlers:

A “handler” is an internal Apache command that tells the Apache server

software what action to perform when a file is called. Generally, files have

what is know as implicit handlers, which are based on the file type. Normally,

all files are simply served by the server, but certain file types are “handled”

separately.

For example, PHP files when served to the user are first run through the PHP

program running on the server. They are processed and returned back to the

Apache server to be sent to the user. The ability to explicitly add handlers to

Apache started with version 1.1. This means that handlers can be specifically

added to files without regard to the inherent type of file but based on the file

extension.

What this means is that you can put PHP or asp code in a .html file and it will

be processed by the PHP program on the server before being sent to the user.

Why would you want to do that? Well, just think of all the .html or .htm files

that you probably currently have on your or some other server you are

managing. And just think about all the links to those files. Wouldn't it be nice


Page 25 of 31

to just add PHP code to those files and not have to worry about renaming

them or changing all the links to them? Sure it would.

So here is how to do it.

I am going to show you the method using the CPanel that your hosting

provider probably has setup for you if you are using a standard Linux hosting

service.

Step 1: Login to your CPanel by typing www.yourdomain.com/cpanel into

your address field in your browser. Type in your login information. Step 2:

Click on the Apache Handlers icon or link option. Your should see a screen like

this one.

Step 3: Enter in the file extension you want to add like .html into the small

field and application/x-httpd-php in the larger field for the PHP program. Then

click the Add button. If you want to delete one, select it from the drop-down

menu and click the Delete button. The other programs that you might want to

have it run thought are below.

application/x-httpd-cgi - for CGI (Common Gateway Interface)

application/x-httpd-asp - for ASP (Active Server Pages)

application/x-httpd-asp-cgi - for ASP in CGI scripts

application/x-tar - for .tgz compressed files

application/zip - for .zip compressed files

.htaccess Method:

Since some of you have expressed interested in doing this without the use of

CPanel, I have decided to amend this article. Yes, it’s possible to tell Apache

web server to do the same thing without using CPanel to do it.


Page 26 of 31

Here is the procedure. You need to turn on the ability to see hidden files on

the ftp program you use. Then ftp into your site and look for the .htaccess file

in the root level of your site. The one that holds your homepage. If one does

not exist, then you can create a plan text file that is named “.htaccess”.

Download the file to your hard drive and open it in a text editor that supports

UNIX line breaks. On Windows you can use TextPad or on Mac you can use

BBEdit Lite or TextWrangler. There may or may not be anything in the file

when you open it. On a new line paste in the following.

AddHandler application/x-httpd-php .html

AddHandler application/x-httpd-php .htm

Save the file and then upload it back to your site. That’s it. Your files that end

in .html or .htm will now be processed by PHP so you can put PHP code in

them.

SECURITY AND AUTHENTICATION

WEB CRAWLERS:

A web crawler is a program that browses the web in an automated and

systematic manner. Crawlers can be configured to do various type of crawls.

The most significant is the collection of as much as possible from the web,

such as that used by the Internet Archive, and crawling specific parts of the

web, for example, a specific langage or domain such as .au. Most automatic

crawlers follow the robot.txt rules where web site owners can indicate which

pages can be crawled. A limitation of web crawlers is that they may not cover

deep web resources such as databases.


Page 27 of 31

You like that search engines find your web sites, and index them, and make it

easy for visitors to find you. But some of them are driving you nuts by visiting

too often, so you want to exclude them. Also, there are some directories or

pages on your site that you don't want indexed.

SOLUTION

Write a robots.txt file containing your restrictions, and place it in your root

web site directory.

Robotcop is an open source module for webservers which helps webmasters

prevent spiders from accessing parts of their sites they have marked off

limits.

Robotcop Features

• Spiders which read the robots.txt file are held to its rules. If a spider breaks a

law in that file, further requests from that spider are intercepted by Robotcop.

• The webmaster can create trap directories which are marked off limits in the

robots.txt file. If a spider acceses a trap directory in violation of the robots.txt

file, further requests from that spider are intercepted.

• Webmasters can respond to misbehaving spiders by trapping them, poisoning

their databases of harvested e-mail addresses, or simply block them.

• Robotcop is a webserver module written in C, not a CGI program, which

ensures that it does its job very fast and with minimal impact on the site.

• All requests to the site are checked by Robotcop to ensure that misbehaving

spiders are intercepted. Robotcop even protects requests for other modules

such as PHP.

• Robotcop has a configurable list of known evil spiders which are immediately

intercepted.

SEARCH ENGINE OPTIMIZATION(SEO):

The act of altering a web site so that it does well in the organic, crawler-

based listings of search engines. In the past, has also been used as a term for


Page 28 of 31

any type of search engine marketing activity, though now the term search

engine marketing itself has taken over for this. Also called SEO.

These are very popular because they drive roughly 3-10 times more traffic

and are extremely cost effective. On the negative side, there are no, and can

be no, guarantees for placement at a specific position - what position you get

is only partially up to the SEO - the search engine makes the rules. We are

just really good at understanding the rules and working with them.

SEO TOOLS:

Technically, you can do SEO with a text only browser and notepad. But we

prefer to spend our time helping our clients, rather than doing everything by

hand. It helps eliminate human error, and speeds up the SEO process. This is

a list of tools and websites that can help you do SEO related tasks.

Never trust a computer to actually do SEO for you, but feel free to have the

computer perform certain repetitive tasks so you can concentrate on the

bigger picture. This is a set of tools developed by MNI for our own use, but

you are welcome to use them, as well.

• Spam Report

• META Tag Generator

• SEO Browser

• Robots.txt Generator

• JavaScript Feed Code

• SEO Friendly Popup

• DMCA Notification Templates

FTP:

What is FTP?

File Transfer Protocol, better known as FTP, is a procedure used to upload and

download files to and from your web server. FTP is a special way to login to

another Internet site for the purposes of retrieving and/or sending files.

How to use FTP?


Page 29 of 31

In order to use FTP, you'll need to download and install a software program

on your computer. The most widely used FTP program is Smart FTP.

When you first launch the FTP program, a startup screen will appear. This

screen will enable you to add your website information and allow the program

to connect with your server. You simply fill in the information where indicated

with the following information:

Profile Name - This name will be added to the selection list of profile names.

Select your profile name according to your domain. For example, if your

domain name were smiths.com, your profile name might be Smiths.

Host Name/Address - Your domain name address.

Example - www.candidinfo.com

Host Type - The type of server in which your website is hosted. The standard

is Unix.But you can probably skip it.

User ID - Your hosting User ID. Example - candidinfo.

Password - Your hosting password.

Depending on which FTP client you use, the names may be slightly different.

Once the FTP program has connected with your server,you will see the files

on your computer in the left window and the files on your server will be

displayed in the right window.

Transferring Files

To maneuver through your folders, simply double click on them. To transfer

your files, either double click on the file or highlight it and then click on the

transfer files arrow.

Sometimes, you will have to upload your files to a special directory,

like WWW or Public_HTML, but most providers let`s you upload the files to

the current directory.

To select more than one file at a time, click on each file you'd like to transfer

while holding down the Ctrl key on your keyboard. Keep in mind, all of the

files you select must be uploaded in the same mode. In other words, you

could upload all of your HTML files at the same time, or all of your images.

If all of the files you'd like to upload are all together, you can click on the first

file while holding down your Shift key and use the down arrow on your

keyboard to highlight all of your files.


Page 30 of 31

Files such as text, HTML, and most scripts should be uploaded to your server

in ASCII mode. Any file that isn't ASCII text, such as programs (EXE, ZIP),

graphics, ebooks, sounds (WAV, MID) and movies should be uploaded to your

server in Binary mode.

FTP Advanced Commands

• File Permissions

When using scripts on your website, you will be required to set file

permissions in order for your scripts to run properly on a Unix server. The

most common setting for CGI/Perl scripts is 755. When working with scripts,

you may receive an Internal Server Error when you try to run it. Many times,

this error is caused by improperly set file permissions.

Permissions:

• Read - 4 - r

• Write - 2 - w

• Execute - 1 - x

• None - 0 - -

- Read permissions are enabled with the number 4 or the letter r.

- Write permissions are enabled with the number 2 or the letter w.

- Execute permissions are enabled with the number 1 or the letter x.

- No permissions are enabled with the number 0 or a dash.

Each of these permissions will be set for each of the following:

o Owner

o Group

o Other

To give you a better idea of how permissions are set, below is an example

of a script that requires the permissions to be set to 755 -- it breaks

down like this:

7 - Represents the permissions for the Owner (you). The owner has

been given Read, Write and Execute permissions. 4+2+1=7. This can also be

written like this: rwx

5 - Represents the permissions for the Group (individuals with access to

your server). The Group has been given Read and Execute permissions.

4+1=5. This can also be written like this: rx


Page 31 of 31

5 - Represents the permissions for the Others (website visitors). The

Others have been given Read and Execute permissions. 4+1=5. This can also

be written like this: rx 755 is equal to rwxrxrx

Changing File Permissions with Your FTP program:

If you would like to set your file permissions through your FTP program, you

can do so like this:

1. Log into your server and locate the directory that contains your

file.

2. Highlight the file that you would like to change permissions.

3. Place your mouse pointer over the file and right click to launch

a menu.

4. Click on "chmod (UNIX) to launch the "permissions" window.

5. Set your permissions and click on OK.

In addition to setting permissions with your FTP program, most web hosts will

enable you to set permissions through your web page management system.

FTP Software Download

If you're managing your own website, having a good FTP software program is

an absolute must. Not only will it provide you with some independence, but it

will also enable you to have complete control over your files.

Documents

Linux & Apache