The Apache web server is a versatile product with lots of options to configure and support a wide variety of web applications. It can act as a proxy server, directly run applications such as Perl and PHP, front-end a Java application server, or just serve up content.
This reminds me of the all inclusive resorts like Club Med. All the activities, food, and drink are available in one place. However, even these resorts modify their model to appeal to specific clientele. The resort locations and activities are designed to fit the groups they cater to. You can go to a resort that is setup for families, for couples, or for singles. While the overall experience is consistent with the resort's philosophy, the activities available at individual clubs can vary widely.
When you are configuring the web server to support applications are you setting the options to cater to your clientele? This can improve the overall security and performance of your site.
The Apache server includes a large number of modules in the core distribution, and vendors that distribute Apache add even more. If you are running a large site, then you probably have many instances of Apache running supporting different needs. This would include different environments, prod and test, different access points, Internet and Intranet, and different functions like proxy and application front-end.
Managing different configurations for each use case would be time consuming and error prone. Apache includes a core feature called IfDefine to mark conditional directives. This can be used to control which directives apply based on a runtime parameter. Using this option will allow you to maintain a single configuration supporting multiple uses while improving the security of the site. Here are some examples of using this capability.
Set a command line option, RUNPROXY, to control enabling proxy LoadModules if this instance is used as a proxy. This technique is typically used for loading the SSL module.
<IfDefine RUNPROXY>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
</IfDefine>
Set a command line option, TESTENV, to allow display of Apache server status if this is a test environment:
<IfDefine TESTENV>
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from .your_domain.com
</Location>
/IfDefine
Set a command line option, INTRANET, to enable a specific virtual host on the Intranet:
<IfDefine INTRANET>
<VirtualHost intranet.your_domain.com:80>
Port 80
DocumentRoot /intranet/docs
TransferLog /intanet/logs/access.log
ErrorLog /intranet/logs/error.log
</VirtualHost>
</IfDefine>
The command line options you use can be tailored to fit your environment and requirements. You can maintain a master configuration file and still support a custom setup that is appropriate for the clientele you serve.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment