0157-0159.html

来自「linux-unix130.linux.and.unix.ebooks130 l」· HTML 代码 · 共 366 行

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:Apache Server</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=09 //-->
<!-- PAGES=0153-0174 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="0153-0156.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0160-0162.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-157"><P>Page 157</P></A>


<TABLE WIDTH="360">

<TR><TD>
</TD><TD>
you specify correspond to the user and group you
want, and that they are preceded by the pound (#) symbol.
</TD><TD>



<TR><TD>
</TD><TD>
Here's how these directives would look if specified
by name:
</TD></TR>

<TR><TD>
</TD><TD>
<TT>User nobody</TT>
</TD></TR>

<TR><TD>
</TD><TD>
<TT>Group nogroup</TT>
</TD></TR>

<TR><TD>
</TD><TD>
Here's the same specification, but by UID and GID:
</TD></TR>


<TR><TD>
</TD><TD>
<TT>User #-1</TT>
</TD></TR>


<TR><TD>
</TD><TD>
<TT>Group #-1</TT>
</TD></TR>


<TR><TD>
ServerName
</TD><TD>
The ServerName directive sets the hostname the
server will return. Set it to a fully qualified domain
name (fqdn). If this value is not set, the server will try to
figure out the name by itself and set it to its canonical
name. However, you might want the server to return
a friendlier address such as www.your.domain.
Whatever you do, ServerName should be a real Domain
Name System (DNS) name for your network. If you
are administering your own DNS, remember to add a
CNAME alias for your host. If someone else manages the DNS
for you, ask that person to set this name for you.
</TD></TR>


<TR><TD>
</TD><TD>
Your ServerName entry should look like this:
</TD></TR>


<TR><TD>
</TD><TD>
ServerName www.your.domain
</TD></TR>
</TABLE>



<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
TIP
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
If you want to install a Web server for test purposes on a standalone machine, you can
do so by specifying a ServerName of localhost. You can then access the server as
<a href="http://www.localhost">http://www.localhost</A> from within the standalone machine. This approach can be useful for
trying new configurations or Internet Web servers.
</BLOCKQUOTE></TD></TR>
</TABLE>


<TABLE WIDTH="360">

<TR><TD>
ServerRoot
</TD><TD>
This directive sets the absolute path to your
server directory. This directive tells the server where to find
all the resources and configuration files. Many of
these resources are specified in the configuration files
relative to the ServerRoot directory.
</TD></TR>

<TR><TD>
</TD><TD>
Your ServerRoot directive should read:
</TD></TR>


<TR><TD>
</TD><TD>
ServerRoot /etc/httpd
</TD></TR>
</TABLE>

<A NAME="PAGENUM-158"><P>Page 158</P></A>




<H4><A NAME="ch09_ 6">


Editing srm.conf
</A></H4>




<P>The srm.conf file is the resource configuration file. It controls settings related to the
location of your Web document tree, the CGI program directories, and other resource
configuration issues that affect your Web site. I kept most of the defaults found on my
srm.conf file. The most important directives on this configuration file are as follow:
</P>


<TABLE WIDTH="360">

<TR><TD>
DocumentRoot
</TD><TD>
Set this directive to the absolute path of your
document tree. Your document tree is the top directory from
which Apache will serve files. By default, it is set to
/home/httpd/html.
</TD></TR>

<TR><TD>
UserDir
</TD><TD>
This directive defines the directory relative to a
local user's home directory where that user will put
public HTML documents. It's relative because each user
will have his or her own HTML directory. The
default setting for this directive is public_html, so each user
will be able to create a directory called
public_html under his or her home directory, and HTML documents placed
in that directory will be available as
<a href="http://servername/~username">http://servername/~username</A>, where username is the username of
the particular user.
</TD></TR>
</TABLE>




<P>Allowing individual users to put Web content on your server poses several important
security considerations. If you are operating a Web server on the Internet rather than on a private 
network, you should read the WWW Security FAQ by Lincoln Stein. You can find a copy
at <a href="http://www.genome.wi.mit.edu/www/faqs/www-security-faq.html">http://www.genome.wi.mit.edu/WWW/faqs/www-security-faq.html</A>
</P>




<P>A copy of the boilerplate conf/srm.conf file has been included at the end of this chapter
in Listing 9.2.
</P>




<H4><A NAME="ch09_ 7">


Editing access.conf
</A></H4>




<P>access.conf is the global access control file; it configures the type of access users have to
your site and the documents you make available, as well as security issues defining the extent to
which users can alter the security settings you might have defined. The default configuration
provides unrestricted access to documents in your
DocumentRoot. I kept all the defaults found in my
access.conf file.
</P>




<P>If you want to provide a more restrictive site, you might want to verify that all
&lt;Directory path&gt; sections match the directories they list in your installation. The
Directory sections specify a set of options, usually involving security issues, on a per-directory basis. In particular, you
might want to remove the Indexes option that follows the
Options directive on the section that looks like this:
</P>

<A NAME="PAGENUM-159"><P>Page 159</P></A>



<!-- CODE SNIP //-->
<PRE>
&lt;Directory /home/httpd/cgi-bin&gt;
Options Indexes FollowSymLinks
&lt;/Directory&gt;
</PRE>
<!-- END CODE SNIP //-->





<P>Actually, the example given here is a very bad one because it turns on two options for the 
cgi-bin directory that no decent system administrator would ever allow. The
Indexes option allows for server-generated directory listings. You probably don't want anyone peeking at
the contents of your cgi-bin directories. The
FollowSymLinks directive allows the Web server to follow symbolic links to other directories. This directive is a potential security problem
because it could allow the server to &quot;escape&quot; from the server directories and could potentially
allow users to access files that you do not want them to see.
</P>




<P>Options that you implement on your global configuration files can be overridden by the use
of an .htaccess file. .htaccess files allow you to set server directives on a per-directory basis.
This capability is particularly useful for user directories, where the user does not have access to
the main server configuration files. You can disable all
.htaccess overrides by setting the directive
AllowOverride to None, as follows. This directive is, by default, set to allow all
overrides.
</P>


<!-- CODE SNIP //-->
<PRE>
AllowOverride None
</PRE>
<!-- END CODE SNIP //-->





<H3><A NAME="ch09_ 8">
Configuring an inetd Server
</A></H3>




<P>Normally, Apache runs in standalone mode or daemon mode. How it is run by the
system depends on how it is configured by the
ServerType directive in conf/httpd.conf.
</P>




<P>A standalone server offers superior performance over
inetd-run servers because usually a server process is ready to serve a request. When run under
inetd (the Internet daemon), a new server is started every time a request is received on the HTTP port. A considerable amount of
overhead is involved in starting a new server process with each new request.
</P>




<P>The default setting for ServerType is standalone; unless you have an extremely light traffic
site, you should stick with this setting. inetd servers are good for information you want to
make available but for which you don't want to dedicate a computer.
</P>


<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
TIP
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
An inetd server is great for testing configuration settings because the server rereads all
its settings every time it receives a request. On a standalone server, you need to restart
the server manually before it sees any changes you made to the configuration files.
</BLOCKQUOTE></TD></TR>
</TABLE>


<P>To run a server from inetd, you need to modify
conf/httpd.conf once more and change the
ServerType directive from standalone to inetd, as follows:
</P>


<!-- CODE SNIP //-->
<PRE>
ServerType inetd
</PRE>
<!-- END CODE SNIP //-->


<P><CENTER>
<a href="0153-0156.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0160-0162.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>