Publisher: McGraw-Hill Professional
As you can see from the title, the topic of today's review is a complete reference of the 2.0 version of the popular Apache HTTP server. As a suitable introduction to the book I'll use a quote from Brian Behlendorf, one of the co-founders of Apache - "Ryan Bloom (the book's author) knows the internals of the 2.0 HTTP server at least as well as Linus Torvalds knows his way around the Linux kernel".
About the author
Ryan Bloom is the Core Services Manager at Covalent Technologies, developer for Apache 2.0 and a key member of the Apache Software Foundation. He is also a prominent Apache conference speaker and has been a columnist for c|net and ApacheToday.com
Inside the book
The book starts with an introduction of the Apache web server, which will be quite interesting to the Apache users who aren't familiar with the Apache project history. Almost ten years ago, a number of experienced web masters started patching and upgrading the popular National Center for Supercomputing Applications (NCSA) web server. A small group of administrators, including the admins from MIT, HotWired and the International Movie Database (IMDB), set their own mailing list, through which they communicated and planned the new web server. In 1995, after some heavy testing, the first legendary release of Apache web server was released. After this version, tagged 0.6.2, Apache started becoming stronger and stronger and for some time now, holds the number one position between the web servers.
If you are still using one of the 1.3 versions of the Apache web server, you probably read a number of documents or news items covering the similarities and differences between 1.3 and 2.0 versions. As expected, the author also guides us through the difference factor. He quite nicely uses the same subsections for both Apache versions, pointing out the changes. Subtopics include: supported platforms, performance, reliability, modularity, configuration and security. While talking about the security perspective, the Apache 2.0 offers the already seen text-file based authentication, as well as a much faster DBM-based solution. By using mod_perl, there is a possibility of using external authentication validation databases, such as LDAP and SQL RDBMS. Because of the legal limitations, 1.3 versions used third party SSL/HTTPS components, but the standard 2.0 releases now include the mod_ssl module.
The second part of the book focuses on configuration and installation procedures. This section doesn't offer anything revolutionary, but provides a nice overview of the configuration options, especially related to modules. The installation guides cover both Unix and Windows platforms, but the author notes some system specifics related to Linux, MacOS X, Solaris and FreeBSD.
Regardless of operating system, Apache modules provide all the nice stuff that should please your customization needs. The core Apache server has the possibility of finding the static files on the system and serving them to the remote visitors. Everything else, including all the magic Apache can produce, is implemented by using the modules. The author covers all three major kinds of modules - standard, multi-processing and protocol modules. All of these module types are decently covered.
After leading the readers from the introduction starting point, over installation, configuration and modules, the fourth part focuses on setting up a working HTTP server. This part is entitled "Apache modules", as it provides information on several Apache usage topics and shows the users how the Apache functions are "caused" by the modules. This is a refreshing look, as the author goes further then obviously browsing through the topics, but rather goes "backstage" behind the functionality, showing us the real power of Apache modules. Besides quite interesting chapters dealing with common mistakes and Apache's new filtering possibilities, author provides a collection of useful tips helping the administrators in the time when their web sites start to grow. One of the chapters deals with httpd-test, a recently developed tool for testing the performance of newly installed Apache web servers. As an addition, the author also takes a closer look on disk management and performance tuning, topics that should be of interest to the fully pledged Apache administrators.
While talking about experienced Apache administrators, the seventh part of the book is intended just for them. Although this is a relatively short part, spreading over just 40 pages, several interesting topics received their spot - methods of splitting the configuration tasks and adding third party modules. Three modules receive the most exposure - mod_perl, mod_php and mod_snake (powerful Python extension). Besides these three modules, there is a brief overview of about 300 other third party modules. The last, pre-appendix, part of the book covers Apache 2.0 security. Don't expect to much inside information from this chapter, as it mainly just deals with Secure Sockets Layer (usage, installation and configuration) and proxies (types and usage).
Mr. Bloom once again proves that appendixes tend to be a valuable addition to the book publications. Appendix A lists all log messages your Apache web server can produce. This extensive list is categorized through several types of error messages, from the horrible EMERG ones, to the useful DEBUG errors. While hoping you'll never see most of these messages, it is quite useful to inform yourself about what can go wrong with the Apache web server.
When a phrase "complete reference" is used within the book's title, I expect the publication to be as thorough and informative as possible. After reading the previously mentioned powerful quote by one of the Apache's co-founders and knowing about the great job Covalent Technologies does in the Apache field, I realized that my expectations of this title will surely be met.
I'm actively working with the Apache web server for several years now, and from my perspective it provides terrific production possibilities. I didn't even consider upgrading from 1.3 to 2.0, but after reading this book, I've got all the sympathies for switching to 2.0. The author covers most of the Apache Server 2.0 aspects in a way interesting to both 2.0 users wanting to summarize their knowledge of the server, as well 1.3 users interested in upgrading. This book is highly recommended book-shelf material.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.