While debugging Apache this week, I wanted to get verbose output from libtool. After digging around on the web, I found that setting LTFLAGS to “–debug” will cause libtool to display numerous useful pieces of information:
$ export LTFLAGS=”–debug”
$ apxs -c mod_dtrace.c
Link command: /tmp/apache/build/libtool –debug –mode=link gcc -o mod_dtrace.la -rpath /tmp/apache/modules -module -avoid-version mod_dtrace.lo
/tmp/apache/build/libtool –debug –mode=compile gcc -prefer-pic -DAP_HAVE_DESIGNATED_INITIALIZER -DSOLARIS2=10 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -I/tmp/apache/include -I/tmp/apache/include -I/tmp/apache/include -c -o mod_dtrace.lo mod_dtrace.c && touch mod_dtrace.slo
libtool: enabling shell trace mode
+ preserve_args=’ –debug’
+ test 16 -gt 0
+ case $arg in
++ echo X–mode=compile
++ /bin/sed -e ‘1s/^X//’ -e ‘s/[-_a-zA-Z0-9]*=//’
[ … ]
If you are trying to figure out how things are built with libtool, this will definitely helpful!
I came across a cool article that shows the bandwidth savings that can be achieved by using Apache’s mod_deflate module. Since people are still using 56k modems to connect to the Internet, compressing content can decrease the time it takes to render pages on dial-up connections.
If you have visited a website and been greeted with a list of files instead of a webpage, the web server is configured to use directory indexes. Directory indexes can be helpful for users who need to locate unknown files, but pose a considerable security threat, and are often used by unscrupulous individuals to locate sensitive data (e.g., passwords, quicken files, product designs, etc.).
Due to the security issues associated with directory indexes, I prefer to disable them on the Apache web servers I support. This is easily accomplished by negating the “Indexes” option in the httpd.conf Directory and Location stanzas, or by overriding the Indexes option in an .htaccess file:
$ cat .htaccess
If an .htaccess file is used to override the web server directory indexing default configuration, the web server will need to be configured to allow overrides. There is also a performance penalty associated with .htaccess files, since the web server needs to check for the existance of an .htaccess file in each directory it processes.
Name-based virtual hosts allow a web server to host multiple domain names (www.daemons.net, mail.daemons.net, blatch.daemons.net) from one IP address. This allows a web hosting infrastructure to conserve IP address space, and simplify namespace management.
Apache name-based virtual hosts are configured with the “NameVirtualHost” and “VirtualHost” directives, and rely on the HTTP “Host:” header attribute. This attribute is required in HTTP 1.1, and should be present with every request. The following example grabs /index.html using the HTTP/1.1 protocol:
$ telnet www.daemons.net 80
Connected to www.daemons.net.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 200 OK
Date: Thu, 24 Feb 2005 16:33:23 GMT
Last-Modified: Sun, 20 Jun 2004 14:39:21 GMT
[ ... ]
Based on this output, it looks like my friend Clay needs to obscure his “Server:” header. Server identification is controlled with the “ServerTokens” directives.
The Apache web server provides a flexible and customizable web hosting environment, and contains a plethora of features. One nice feature is the ability to redirect clients to different areas of a site based on URL location, or the port they are connecting to. Redirection is accomplished with the “Redirect” and “RedirectMatch” directives, which are part of the mod_alias module. To redirect all HTTP:// connections to HTTPS://, you can setup a VirtualHost, and use the Redirect directive to forward all requests for /* to a secure URL:
Redirect permanent / https://www.daemons.net/something/blah.jsp
This assumes that non-secure connections are terminated on TCP port 80, and secure connections are terminated on TCP port 443.