Contents

Foreword

Preface

Acknowledgments

About the Author

Chapter 1 Applications Development with Apache

1.1 A Brief History of the Apache Web Server

1.1.1 Apache 1

1.1.2 Apache 2

1.2 The Apache Software Foundation

1.2.1 Meritocracy

1.2.2 Roles

1.2.3 Philosophy

1.3 The Apache Development Process

1.3.1 The Apache Codebase

1.3.2 Development Forums

1.3.3 Developers

1.3.4 Participation

1.4 Apache and Intellectual Property

1.4.1 The Apache License

1.4.2 Third-Party Intellectual Property

1.5 Further Reading

1.5.1 Interactive Online Forums

1.5.2 Conferences

1.5.3 Websites

1.6 Summary

Chapter 2 The Apache Platform and Architecture

2.1 Overview

2.2 Two-Phase Operation

2.2.1 Start-up Phase

2.2.2 Operational Phase

2.2.3 Shutdown

2.3 Multi-Processing Modules

2.3.1 Why MPMs?

2.3.2 The UNIX-Family MPMs

2.3.3 Working with MPMs and Operating Systems

2.4 Basic Concepts and Structures

2.4.1 request_rec

2.4.2 server_rec

2.4.3 conn_rec

2.4.4 process_rec

2.5 Other Key API Components

2.6 Apache Configuration Basics

2.7 Request Processing in Apache

2.7.1 Content Generation

2.7.2 Request Processing Phases

2.7.3 Processing Hooks

2.7.4 The Data Axis and Filters

2.7.5 Order of Processing

2.7.6 Processing Hooks

2.8 Summary

Chapter 3 The Apache Portable Runtime

3.1 APR

3.2 APR-UTIL

3.3 Basic Conventions

3.3.1 Reference Manual: API Documentation and Doxygen

3.3.2 Namespacing

3.3.3 Declaration Macros

3.3.4 apr_status_t and Return Values

3.3.5 Conditional Compilation

3.4 Resource Management: APR Pools

3.4.1 The Problem of Resource Management

3.4.2 APR Pools

3.4.3 Resource Lifetime

3.4.4 Limitations of Pools

3.5 Selected APR Topics

3.5.1 Strings and Formats

3.5.2 Internationalization

3.5.3 Time and Date

3.5.4 Data Structs

3.5.5 Buckets and Brigades

3.5.6 Filesystem

3.5.7 Network

3.5.8 Encoding and Cryptography

3.5.9 URI Handling

3.5.10 Processes and Threads

3.5.11 Resource Pooling

3.5.12 API Extensions

3.6 Databases in APR/Apache

3.6.1 DBMs and apr_dbm

3.6.2 SQL Databases and apr_dbd

3.7 Summary

Chapter 4 Programming Techniques and Caveats

4.1 Apache Coding Conventions

4.1.1 Lines

4.1.2 Functions

4.1.3 Blocks

4.1.4 Flow Control

4.1.5 Declarations

4.1.6 Comments

4.2 Managing Module Data

4.2.1 Configuration Vectors

4.2.2 Lifetime Scopes

4.3 Communicating Between Modules

4.4 Thread-Safe Programming Issues

4.5 Managing Persistent Data

4.5.1 Thread Safety

4.5.2 Memory/Resource Management

4.6 Cross-Platform Programming Issues

4.6.1 Example: Creating a Temporary File

4.7 Cross-MPM Programming Issues

4.7.1 Process and Global Locks

4.7.2 Shared Memory

4.8 Secure Programming Issues

4.8.1 The Precautionary Principle: Trust Nothing

4.8.2 Denial of Service: Limit the Damage

4.8.3 Help the Operating System to Help You

4.9 External Dependencies and Libraries

4.9.1 Third-Part Libraries

4.9.2 Library Good Practice

4.9.3 Building Modules with Libraries

4.10 Modules Written and Compiled in Other Languages

4.11 Summary

Chapter 5 Writing a Content Generator

5.1 The HelloWorld Module

5.1.1 The Module Skeleton

5.1.2 Return Values

5.1.3 The Handler Field

5.1.4 The Complete Module

5.1.5 Using the request_rec Object

5.2 The Request, the Response, and the Environment

5.2.1 Module I/O

5.2.2 Reading Form Data

5.3 The Default Handler

5.4 Summary

Chapter 6 Request Processing Cycle and Metadata Handlers

6.1 HTTP

6.1.1 The HTTP Protocol

6.1.2 Anatomy of an HTTP Request

6.2 Request Processing in Apache

6.2.1 Mapping to the Filesystem

6.2.2 Content Negotiation

6.2.3 Security

6.2.4 Caching

6.2.5 Private Metadata

6.2.6 Logging

6.3 Diverting a Request: The Internal Redirect

6.3.1 Error Documents

6.3.2 Dealing with Malformed and Malicious Requests

6.4 Gathering Information: Subrequests

6.4.1 Example

6.5 Developing a Module

6.5.1 Selecting Different Variants of a Document

6.5.2 Error Handling and Reusability

6.6 Summary

Chapter 7 AAA: Access, Authentication, and Authorization

7.1 Security

7.1.1 Authentication: Levels of Security

7.1.2 Login on the Web

7.2 An Overview of AAA

7.3 AAA in Apache 1.x and 2.0

7.4 AAA in Apache 2.1/2.2

7.4.1 Host-Based Access Control

7.4.2 Authentication: check_user_id

7.4.3 Password Lookup

7.4.4 Authorization

7.5 AAA Logic

7.5.1 Authentication and Require

7.5.2 Denying Access

7.5.3 Authentication Methods

7.6 Writing AAA Modules

7.6.1 A Basic Authentication Provider

7.6.2 An Authorization Function

7.6.3 Configuration

7.6.4 Basic and Digest Authentication Providers

7.7 Implementing a Custom Login Scheme

7.7.1 Session Management with SQL

7.7.2 Working Without Browser Authentication Dialogs

7.8 Summary

Chapter 8 Filter Modules

8.1 Input and Output Filters

8.2 Content, Protocol, and Connection Filters

8.3 Anatomy of a Filter

8.3.1 Callback Function

8.3.2 Pipelining

8.4 The Filter API and Objects

8.4.1 Output Filters

8.4.2 Input Filters

8.5 Filter Objects

8.6 Filter I/O

8.7 Smart Filtering in Apache 2.2

8.7.1 Preprocessing and Postprocessing

8.7.2 mod_filter

8.7.3 Filter Self-configuration

8.7.4 Protocol Handling

8.8 Example: Filtering Text by Direct Manipulation of Buckets

8.8.1 Bucket Functions

8.8.2 The Filter

8.9 Complex Parsing

8.10 Filtering Through an Existing Parser

8.11 stdio-Like Filter I/O

8.12 Input Filters and the Pull API

8.12.1 Mode

8.12.2 Block

8.12.3 readbytes

8.12.4 Input Filter Example

8.13 Summary

Chapter 9 Configuration for Modules

9.1 Configuration Basics

9.2 Configuration Data Structs

9.3 Managing a Module Configuration

9.3.1 Module Configuration

9.3.2 Server and Directory Configuration

9.4 Implementing Configuration Directives

9.4.1 Configuration Functions

9.4.2 Example

9.4.3 User Data in Configuration Functions

9.4.4 Prepackaged Configuration Functions

9.4.5 Scope of Configuration

9.4.6 Configuration Function Types

9.5 The Configuration Hierarchy

9.6 Context in Configuration Functions

9.6.1 Context Checking

9.6.2 Method and <Limit>

9.7 Custom Configuration Containers

9.8 Alternative Configuration Methods

9.9 Summary

Chapter 10 Extending the API

10.1 Implementing New Functions in Apache

10.1.1 Exporting Functions

10.1.2 Optional Functions

10.2 Hooks and Optional Hooks

10.2.1 A Closer Look at Hooks

10.2.2 Order of Execution

10.2.3 Optional Hooks Example: mod_authz_dbd

10.3 The Provider API

10.3.1 Implementation

10.3.2 Implementing a Provider

10.4 Providing a Service

10.4.1 Example: mod_dbd

10.4.2 Implementing the reslist

10.5 Cross-Platform API Builds

10.5.1 Using Preprocessor Directives

10.5.2 Declaring the Module API

10.6 Summary

Chapter 11 The Apache Database Framework

11.1 The Need for a New Framework

11.1.1 Apache 1.x/2.0 Versus Apache 2.2

11.1.2 Connection Pooling

11.2 The DBD Architecture

11.3 The apr_dbd API

11.3.1 Database Operations

11.3.2 API Functions

11.4 The ap_dbd API

11.5 An Example Application Module: mod_authn_dbd

11.6 Developing a New DBD Driver

11.6.1 The apr_dbd_internal.h Header File

11.6.2 Exporting a Driver

11.6.3 The Driver Functions

11.7 Summary

Chapter 12 Module Debugging

12.1 Logging for Debugging

12.1.1 The Error Log

12.1.2 Debugging

12.2 Running Apache Under a Debugger

12.2.1 Server Start-up and Debugging

12.2.2 Debugging and MPMs

12.2.3 Tracing a Crash

12.2.4 Debugging a Core Dump

12.3 Special-Purpose Hooks and Modules

12.3.1 Standard Modules

12.3.2 Fatal Exception Modules

12.3.3 Modules to Deal with Abnormal Running

12.4 Filter Debugging

12.4.1 mod_diagnostics

12.5 Summary

Appendix A    Apache License

Appendix B    Contributor License Agreements

Individual CLA

Corporate CLA

Appendix C    Hypertext Transfer Protocol: HTTP/1.1

Status of This Memo

Copyright Notice

Abstract

1 Introduction

1.1 Purpose

1.2 Requirements

1.3 Terminology

1.4 Overall Operation

2 Notational Conventions and Generic Grammar

2.1 Augmented BNF

2.2 Basic Rules

3 Protocol Parameters

3.1 HTTP Version

3.2 Uniform Resource Identifiers

3.3 Date/Time Formats

3.4 Character Sets

3.5 Content Codings

3.6 Transfer Codings

3.7 Media Types

3.8 Product Tokens

3.9 Quality Values

3.10 Language Tags

3.11 Entity Tags

3.12 Range Units

4 HTTP Message

4.1 Message Types

4.2 Message Headers

4.3 Message Body

4.4 Message Length

4.5 General Header Fields

5 Request

5.1 Request-Line

5.2 The Resource Identified by a Request

5.3 Request Header Fields

6 Response

6.1 Status-Line

6.2 Response Header Fields

7 Entity

7.1 Entity Header Fields

7.2 Entity Body

8 Connections

8.1 Persistent Connections

8.2 Message Transmission Requirements

9 Method Definitions

9.1 Safe and Idempotent Methods

9.2 OPTIONS

9.3 GET

9.4 HEAD

9.5 POST

9.6 PUT

9.7 DELETE

9.8 TRACE

9.9 CONNECT

10 Status Code Definitions

10.1 Informational 1xx

10.2 Successful 2xx

10.3 Redirection 3xx

10.4 Client Error 4xx

10.5 Server Error 5xx

11 Access Authentication

12 Content Negotiation

12.1 Server-Driven Negotiation

12.2 Agent-Driven Negotiation

12.3 Transparent Negotiation

13 Caching in HTTP

13.2 Expiration Model

13.3 Validation Model

13.4 Response Cacheability

13.5 Constructing Responses from Caches

13.6 Caching Negotiated Responses

13.7 Shared and Non-shared Caches

13.8 Errors or Incomplete Response Cache Behavior

13.9 Side Effects of GET and HEAD

13.10 Invalidation After Updates or Deletions

13.11 Write-Through Mandatory

13.12 Cache Replacement

13.13 History Lists

14 Header Field Definitions

14.1 Accept

14.2 Accept-Charset

14.3 Accept-Encoding

14.4 Accept-Language

14.5 Accept-Ranges

14.6 Age

14.7 Allow

14.8 Authorization

14.9 Cache-Control

14.10 Connection

14.11 Content-Encoding

14.12 Content-Language

14.13 Content-Length

14.14 Content-Location

14.15 Content-MD5

14.16 Content-Range

14.17 Content-Type

14.18 Date

14.19 ETag

14.20 Expect

14.21 Expires

14.22 From

14.23 Host

14.24 If-Match

14.25 If-Modified-Since

14.26 If-None-Match

14.27 If-Range

14.28 If-Unmodified-Since

14.29 Last-Modified

14.30 Location

14.31 Max-Forwards

14.32 Pragma

14.33 Proxy-Authenticate

14.34 Proxy-Authorization

14.35 Range

14.36 Referer

14.37 Retry-After

14.38 Server

14.39 TE

14.40 Trailer

14.41 Transfer-Encoding

14.42 Upgrade

14.43 User-Agent

14.44 Vary

14.45 Via

14.46 Warning

14.47 WWW-Authenticate

15 Security Considerations

15.1 Personal Information

15.2 Attacks Based on File and Path Names

15.3 DNS Spoofing

15.4 Location Headers and Spoofing

15.5 Content-Disposition Issues

15.6 Authentication Credentials and Idle Clients

15.7 Proxies and Caching

16 Acknowledgments

17 References

18 Authors’ Addresses

19 Appendices

19.1 Internet Media Type message/http and application/http

19.2 Internet Media Type multipart/byteranges

19.3 Tolerant Applications

19.4 Differences Between HTTP Entities and RFC 2045 Entities

19.5 Additional Features

19.6 Compatibility with Previous Versions

20 Index

21 Full Copyright Statement

Acknowledgment

Index

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.32.222