Apache DevCenter
oreilly.comSafari Books Online.Conferences.

advertisement


O'Reilly Book Excerpts: Apache: The Definitive Guide, 2nd Edition

Setting Up a Win32 Server

Related Reading

Apache: The Definitive Guide
Vital Information for Apache Programmers and Administrators
By Ben Laurie, Peter Laurie

by Ben Laurie and Peter Laurie

An excerpt from Chapter 2, "Our First Web Site," of Apache: The Definitive Guide, 2nd Edition. Starting, stopping, and basic configuration of Apache under Win32.

There is no point trying to run Apache unless TCP/IP is set up and running on your machine. In our experience, if it isn't, Apache will crash Windows 95. A quick test is to ping some IP--and if you can't think of a real one, ping yourself:

>ping 127.0.0.1

If TCP/IP is working, you should see some collaborative message like:

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<10ms TTL=32
....

If you don't see something along these lines, defer further operations until TCP/IP is working.

It is important to remember that internally, Windows Apache is essentially the same as the Unix version and that it uses Unix-style forward slashes ("/") rather than MS-DOS- and Windows-style backslashes ("\") in its file and directory names as specified in various files.

There are several ways of running Apache under Win32. Under NT, you can run it as a service, operating in the background. First you have to install it as a service by running the "Install Apache as a Service" option from the Start menu. Alternatively, click on the MS-DOS prompt to get a DOS session window. Go to the /Program Files/Apache directory (or wherever else you installed Apache) with:

>cd "\Program Files\apache"

Apache can be installed as an NT service with:

>apache -i

and uninstalled with:

>apache -u

Once this is done, you can open the Services window in the Control Panel, select Apache, and click on Start. Apache then runs in the background until you click on Stop. Alternatively, you can open a console window and type:

>net start apache
>net stop apache

To run Apache from a console window, select the Apache server option from the Start menu.

Alternatively--and under Win95, this is all you can do--click on the MS-DOS prompt to get a DOS session window. Go to the /Program Files/Apache directory with:

>cd "\Program Files\apache"

The Apache executable, apache.exe, is sitting here, and we can start it running, to see what happens, with:

>apache -s

You might want to automate your Apache startup by putting the necessary line into a file called go.bat. You then only need to type:

go[RETURN]

Since this is the same as for the Unix version, we will simply say "type go" throughout the book when Apache is to be started, and thus save lengthy explanations.

When we ran Apache, we received the following lines:

Apache/<version number>
Syntax error on line 44 of /apache/conf/httpd.conf
ServerRoot must be a valid directory

To deal with the first complaint, we looked at the file \Program Files\apache\conf \httpd.conf. This turned out to be a formidable document that, in effect, compresses all the information we try to convey in the rest of this book into a few pages. We could edit it down to something more lucid, but a sounder and more educational approach is to start from nothing and see what Apache asks for. The trouble with simply editing the configuration files as they are distributed is that the process obscures a lot of default settings. If and when someone new has to wrestle with it he or she may make fearful blunders because it isn't clear what has been changed from the defaults. Rename this file if you want to look at it:

>ren httpd.conf *.cnk

Otherwise, delete it, and delete srm.conf and access.conf :

>del srm.conf
>del access.conf

When you run Apache now, you see:

Apache/<version number>
fopen: No such file or directory
httpd: could not open document config file apache/conf/httpd.conf

And we can hardly blame it. Open edit :[1]

>edit httpd.conf

and insert the line:

# new config file

The "#" makes this a comment without effect, but it gives the editor something to save. Run Apache again. We now see something sensible:

...
httpd: cannot determine local host name
use ServerName to set it manually

What Apache means is that you should put a line in the httpd.conf file:

ServerName your_host_name

Now when you run Apache you see:

>apache -s
Apache/<version number>
_

The "_" here is meant to represent a blinking cursor, showing that Apache is happily running. Unlike other programs in an MS-DOS window, Apache keeps on going even after the screen saver has kicked in.

You will notice that throughout this book, the Config files always have the following lines:

...
User webuser
Group webgroup
...

These are necessary for Unix security and, happily, are ignored by the Win32 version of Apache, so we have avoided tedious explanations by leaving them in throughout. Win32 users can include them or not as they please.

You can now get out of the MS-DOS window and go back to the desktop, fire up your favorite browser, and access http://yourmachinename/. You should see a cheerful screen entitled "It Worked!," which is actually \apache\htdocs\index.html.

When you have had enough, hit CTRL-C in the Apache window.

Alternatively, under Win95 and from Apache Version 1.3.3 on, you can open another DOS session window and type:

apache -k shutdown

This does a graceful shutdown, in which Apache allows any transactions currently in process to continue to completion before it exits. In addition, using:

apache -k restart

performs a graceful restart, in which Apache rereads the configuration files while allowing transactions in progress to complete.

Security Under Win32

Although NT has an extensive and complex security infrastructure, it is poorly documented and understood. Consequently, there is currently little code in the Windows version of Apache to interface with it. Besides, NT seems to suffer from a variety of more mundane problems: the README file that comes with Apache v1.3.1 says, in part:

Versions of Apache on Win32 prior to version 1.3.1 are vulnerable to a number of security holes common to several Win32 servers. The problems that impact Apache include:

- trailing "."s are ignored by the file system. This allowed certain types of access restrictions to be bypassed.

- directory names of three or more dots (eg. "...") are considered to be valid similar to "..". This allowed people to gain access to files outside of the configured document trees.

There have been at least four other similar instances of the same basic problem: on Win32, there is more than one name for a file. Some of these names are poorly documented or undocumented, and even Microsoft's own IIS has been vulnerable to many of these problems. This behavior of the Win32 file system and API makes it very difficult to ensure future security; problems of this type have been known about for years, however each specific instance has been discovered individually. It is unknown if there are other, yet unpublicized, filename variants. As a result, we recommend that you use extreme caution when dealing with access restrictions on all Win32 web servers.

In plain English, this means, once again, that Win32 is not an adequate platform for running a web server that has any need for security.


1. Paradoxically, you have to use what looks like an MS-DOS line editor, edit, which you might think limited to the old MS-DOS 8.3 filename format, to generate a file with the four-letter extension .conf. The Windows editors, such as Notepad and WordPad, insist on adding .txt at the end of the filename.





Sponsored by: