Archive
Posts in Web
Using StartTLS with HTTP connections
While catching up with some news groups today, I came across RFC 2817. This RFC describes HTTP protocol extensions to allow a client and server to initiate a TLS session over an existing connection. This has numerous benefits, and could definitely speed up web-based commerce (e.g., a dedicated secure connection is not required, slow start is avoided, etc.) . Now if only the browser developers would implement this…
$ read more →Unmangling apxs and mod_deflate
I had a boat load of fun today debugging apxs and apr-config. The issue I was debugging came about when I decided to use mod_deflate to compress text, xml and style sheets on my web server. Since mod_deflate wasn't built when I had originally configured Apache, I thought I would fire up apxs to build the Apache module: W00t! The module built, so I installed it and tried to fire up Apache: Ack…
$ read more →Profiling Apache modules with DTrace
While poking around the Apache source code this weekend, I started to wonder which Apache modules consumed the most CPU time servicing HTTP requests. Since I had Apache installed on a Solaris 10 box, I threw together a D script named apachemoduleprof to answer this question: After running this a few times, I noticed that the httpd core along with a few other modules consumed most of the CPU time. To see which functions were the busiest in each module, I threw together the apachemodulefunctime D script: This example shows each function that is called in the mod_log_config Apache module, and provides a timestamp from the function entry to the function exit. This was super useful information, but I also wanted to see which functions were called from mod_log_config…
$ read more →Debugging Apache
If you ever find the need to debug Apache and want stop httpd from forking and detaching from the controlling terminal, you can start httpd with the ONE_PROCESS and NO_DETACH options: Once you are done debugging, you can hit control-c and the process will exit. Giddie up!
$ read more →Apache mod_log_forensic
While looking around the Apache module directory yesterday I came across the mod_log_forensic module. This module will log the request headers from each connection, which can be useful for investigating problematic connections and security incidents. To enable mod_log_forensic during the Apache configuration process, the "--enable-log_forensic=shared" option can be passed as an argument to the configure script: To enable mod_log_forensic, the ForensicLog command needs to be added to indicate the location to log the request headers: Once the forensic module is setup, each request to the server will generate a log entry similar to the following: The funny looking string of characters (the forensic id) is written before and after each request, and the headers are printed between the identifiers. This is nifty stuff!
$ read more →