| Preface | xi |
| 1. | Installation | 1 |
| 1.1 | Installing from Red Hat Linux's Packages | 2 |
| 1.2 | Installing Apache on Windows | 3 |
| 1.3 | Downloading the Apache Sources | 10 |
| 1.4 | Building Apache from the Sources | 11 |
| 1.5 | Installing with ApacheToolbox | 13 |
| 1.6 | Starting, Stopping, and Restarting Apache | 15 |
| 1.7 | Uninstalling Apache | 16 |
| 2. | Adding Common Modules | 19 |
| 2.1 | Installing a Generic Third-Party Module | 20 |
| 2.2 | Installing mod_dav on a Unixish System | 20 |
| 2.3 | Installing mod_dav on Windows | 23 |
| 2.4 | Installing mod_perl on a Unixish System | 25 |
| 2.5 | Installing mod_php on a Unixish System | 27 |
| 2.6 | Installing mod_php on Windows | 28 |
| 2.7 | Installing the mod_snake Python Module | 29 |
| 2.8 | Installing mod_ssl | 30 |
| 3. | Logging | 32 |
| 3.1 | Getting More Details in Your Log Entries | 35 |
| 3.2 | Getting More Detailed Errors | 36 |
| 3.3 | Logging POST Contents | 38 |
| 3.4 | Logging a Proxied Client's IP Address | 39 |
| 3.5 | Logging Client MAC Addresses | 39 |
| 3.6 | Logging Cookies | 40 |
| 3.7 | Not Logging Image Requests from Local Pages | 42 |
| 3.8 | Logging Requests by Day or Hour | 43 |
| 3.9 | Rotating Logs on the First of the Month | 44 |
| 3.10 | Logging Hostnames Instead of IP Addresses | 45 |
| 3.11 | Maintaining Separate Logs for Each Virtual Host | 46 |
| 3.12 | Logging Proxy Requests | 47 |
| 3.13 | Logging Errors for Virtual Hosts to Multiple Files | 48 |
| 3.14 | Logging Server IP Addresses | 49 |
| 3.15 | Logging the Referring Page | 50 |
| 3.16 | Logging the Name of the Browser Software | 51 |
| 3.17 | Logging Arbitrary Request Header Fields | 51 |
| 3.18 | Logging Arbitrary Response Header Fields | 52 |
| 3.19 | Logging Activity to a MySQL Database | 53 |
| 3.20 | Logging to syslog | 54 |
| 3.21 | Logging User Directories | 55 |
| 4. | Virtual Hosts | 58 |
| 4.1 | Setting Up Name-Based Virtual Hosts | 59 |
| 4.2 | Designating One Name-Based Virtual Host as the Default | 61 |
| 4.3 | Setting Up Address-Based Virtual Hosts | 62 |
| 4.4 | Creating a Default Address-Based Virtual Host | 62 |
| 4.5 | Mixing Address-Based and Name-Based Virtual Hosts | 63 |
| 4.6 | Mass Virtual Hosting with mod_vhost_alias | 64 |
| 4.7 | Mass Virtual Hosting Using Rewrite Rules | 66 |
| 4.8 | SSL and Name-Based Virtual Hosts | 67 |
| 4.9 | Logging for Each Virtual Host | 68 |
| 4.10 | Splitting Up a LogFile | 69 |
| 4.11 | Port-Based Virtual Hosts | 70 |
| 4.12 | Displaying the Same Content on Several Addresses | 71 |
| 5. | Aliases, Redirecting, and Rewriting | 72 |
| 5.1 | Showing Highlighted PHP Source Without Symlinking | 72 |
| 5.2 | Mapping a URL to a Directory | 74 |
| 5.3 | Creating a New URL for Existing Content | 75 |
| 5.4 | Giving Users Their Own URL | 76 |
| 5.5 | Aliasing Several URLs with a Single Directive | 79 |
| 5.6 | Mapping Several URLs to the Same CGI Directory | 79 |
| 5.7 | Creating a CGI Directory for Each User | 80 |
| 5.8 | Redirecting to Another Location | 81 |
| 5.9 | Redirecting Several URLs to the Same Destination | 83 |
| 5.10 | Permitting Case-Insensitive URLs | 83 |
| 5.11 | Replacing Text in Requested URLs | 84 |
| 5.12 | Rewriting Path Information to CGI Arguments | 85 |
| 5.13 | Denying Access to Unreferred Requests | 86 |
| 5.14 | Rewriting Based on the Query String | 87 |
| 5.15 | Redirecting All--or Part--of Your Server to SSL | 87 |
| 5.16 | Turning Directories into Hostnames | 88 |
| 5.17 | Redirecting All Requests to a Single Host | 89 |
| 5.18 | Turning Document Names into Arguments | 90 |
| 6. | Security | 91 |
| 6.1 | Using System Account Information for Web Authentication | 92 |
| 6.2 | Setting Up Single-Use Passwords | 94 |
| 6.3 | Expiring Passwords | 95 |
| 6.4 | Limiting Upload Size | 97 |
| 6.5 | Restricting Images from Being Used Off-Site | 99 |
| 6.6 | Requiring Both Weak and Strong Authentication | 100 |
| 6.7 | Managing .htpasswd Files | 101 |
| 6.8 | Making Password Files for Digest Authentication | 103 |
| 6.9 | Relaxing Security in a Subdirectory | 104 |
| 6.10 | Lifting Restrictions Selectively | 106 |
| 6.11 | Authorizing Using File Ownership | 107 |
| 6.12 | Storing User Credentials in a MySQL Database | 108 |
| 6.13 | Accessing the Authenticated Username | 110 |
| 6.14 | Obtaining the Password Used to Authenticate | 110 |
| 6.15 | Preventing Brute-Force Password Attacks | 111 |
| 6.16 | Using Digest Versus Basic Authentication | 112 |
| 6.17 | Accessing Credentials Embedded in URLs | 113 |
| 6.18 | Securing WebDAV | 114 |
| 6.19 | Enabling WebDAV Without Making Files Writable by the Web User | 115 |
| 6.20 | Restricting Proxy Access to Certain URLs | 116 |
| 6.21 | Protecting Files with a Wrapper | 117 |
| 6.22 | Protecting All Files Except a Subset | 119 |
| 6.23 | Protecting Server Files from Malicious Scripts | 120 |
| 6.24 | Setting Correct File Permissions | 121 |
| 6.25 | Running a Minimal Module Set | 123 |
| 6.26 | Restricting Access to Files Outside Your Web Root | 125 |
| 6.27 | Limiting Methods by User | 126 |
| 6.28 | Restricting Range Requests | 127 |
| 7. | SSL | 130 |
| 7.1 | Installing SSL | 130 |
| 7.2 | Generating SSL Certificates | 132 |
| 7.3 | Generating a Trusted CA | 135 |
| 7.4 | Serving a Portion of Your Site via SSL | 136 |
| 7.5 | Authenticating with Client Certificates | 138 |
| 8. | Dynamic Content | 140 |
| 8.1 | Enabling a CGI Directory | 140 |
| 8.2 | Enabling CGI Scripts in Non-ScriptAliased Directories | 141 |
| 8.3 | Using Windows File Extensions to Launch CGI Programs | 142 |
| 8.4 | Using Extensions to Identify CGI Scripts | 143 |
| 8.5 | Testing That CGI Is Set Up Correctly | 144 |
| 8.6 | Reading Form Parameters | 147 |
| 8.7 | Invoking a CGI Program for Certain Content Types | 149 |
| 8.8 | Getting SSIs to Work | 151 |
| 8.9 | Displaying Last Modified Date | 152 |
| 8.10 | Including a Standard Header | 153 |
| 8.11 | Including the Output of a CGI Program | 154 |
| 8.12 | Running CGI Scripts as a Different User with suexec | 155 |
| 8.13 | Installing a mod_perl Handler from CPAN | 157 |
| 8.14 | Writing a mod_perl Handler | 158 |
| 8.15 | Enabling PHP Script Handling | 159 |
| 8.16 | Verifying PHP Installation | 160 |
| 9. | Error Handling | 162 |
| 9.1 | Handling a Missing Host Field | 162 |
| 9.2 | Changing the Response Status for CGI Scripts | 163 |
| 9.3 | Customized Error Messages | 164 |
| 9.4 | Providing Error Documents in Multiple Languages | 165 |
| 9.5 | Redirecting Invalid URLs to Some Other Page | 166 |
| 9.6 | Making Internet Explorer Display Your Error Page | 167 |
| 9.7 | Notification on Error Conditions | 168 |
| 10. | Proxies | 170 |
| 10.1 | Securing Your Proxy Server | 170 |
| 10.2 | Preventing Your Proxy Server from Being Used as an Open Mail Relay | 172 |
| 10.3 | Forwarding Requests to Another Server | 173 |
| 10.4 | Blocking Proxied Requests to Certain Places | 174 |
| 10.5 | Proxying mod_perl Content to Another Server | 174 |
| 10.6 | Configuring a Caching Proxy Server | 175 |
| 10.7 | Filtering Proxied Content | 176 |
| 10.8 | Requiring Authentication for a Proxied Server | 177 |
| 11. | Performance | 178 |
| 11.1 | Determining How Much Memory You Need | 179 |
| 11.2 | Benchmarking Apache with ab | 180 |
| 11.3 | Tuning Keepalive Settings | 181 |
| 11.4 | Getting a Snapshot of Your Site's Activity | 183 |
| 11.5 | Avoiding DNS Lookups | 184 |
| 11.6 | Optimizing Symbolic Links | 185 |
| 11.7 | Minimizing the Performance Impact of .htaccess Files | 186 |
| 11.8 | Disabling Content Negotiation | 188 |
| 11.9 | Optimizing Process Creation | 190 |
| 11.10 | Tuning Thread Creation | 191 |
| 11.11 | Caching Frequently Viewed Files | 193 |
| 11.12 | Sharing Load Between Servers Using mod_proxy | 194 |
| 11.13 | Distributing Load Evenly Between Several Servers | 195 |
| 11.14 | Caching Directory Listings | 196 |
| 11.15 | Speeding Up Perl CGI Programs with mod_perl | 197 |
| 12. | Miscellaneous Topics | 200 |
| 12.1 | Placing Directives Properly | 200 |
| 12.2 | Renaming .htaccess Files | 202 |
| 12.3 | Generating Directory/Folder Listings | 203 |
| 12.4 | Solving the "Trailing Slash" Problem | 205 |
| 12.5 | Setting the Content-Type According to Browser Capability | 206 |
| 12.6 | Handling Missing Host: Header Fields | 207 |
| 12.7 | Alternate Default Document | 207 |
| 12.8 | Setting Up a Default "Favicon" | 208 |
| A. | Using Regular Expressions in Apache | 211 |
| B. | Troubleshooting | 215 |
| Index | 225 |
