diff options
Diffstat (limited to 'docs/manual/misc')
24 files changed, 7825 insertions, 0 deletions
diff --git a/docs/manual/misc/index.html b/docs/manual/misc/index.html new file mode 100644 index 0000000..5839c12 --- /dev/null +++ b/docs/manual/misc/index.html @@ -0,0 +1,25 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: index.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 + +URI: index.html.es +Content-Language: es +Content-type: text/html; charset=ISO-8859-1 + +URI: index.html.fr.utf8 +Content-Language: fr +Content-type: text/html; charset=UTF-8 + +URI: index.html.ko.euc-kr +Content-Language: ko +Content-type: text/html; charset=EUC-KR + +URI: index.html.tr.utf8 +Content-Language: tr +Content-type: text/html; charset=UTF-8 + +URI: index.html.zh-cn.utf8 +Content-Language: zh-cn +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/misc/index.html.en b/docs/manual/misc/index.html.en new file mode 100644 index 0000000..44c1802 --- /dev/null +++ b/docs/manual/misc/index.html.en @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Apache Miscellaneous Documentation - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page" class="no-sidebar"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Apache Miscellaneous Documentation</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/misc/" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Espaol"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Trke"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div> + + + <p>Below is a list of additional documentation pages that apply + to the Apache web server development project.</p> + + <div class="warning"><h3>Warning</h3> + <p>The documents below have not been fully updated + to take into account changes made in the 2.1 version of the + Apache HTTP Server. Some of the information may still be + relevant, but please use it with care.</p> + </div> + + <dl> + <dt><a href="perf-tuning.html">Performance Notes - Apache + Tuning</a></dt> + + <dd> + <p>Notes about how to (run-time and compile-time) configure + Apache for highest performance. Notes explaining why Apache + does some things, and why it doesn't do other things (which + make it slower/faster).</p> + </dd> + + <dt><a href="security_tips.html">Security Tips</a></dt> + + <dd> + <p>Some "do"s - and "don't"s - for keeping your Apache web + site secure.</p> + </dd> + + <dt><a href="relevant_standards.html">Relevant Standards</a></dt> + + <dd> + <p>This document acts as a reference page for most of the relevant + standards that Apache follows.</p> + </dd> + + <dt><a href="password_encryptions.html">Password Encryption Formats</a></dt> + + <dd> + <p>Discussion of the various ciphers supported by Apache for + authentication purposes.</p> + </dd> + </dl> + + </div> +</div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/misc/" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Espaol"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Trke"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/index.html.es b/docs/manual/misc/index.html.es new file mode 100644 index 0000000..544a913 --- /dev/null +++ b/docs/manual/misc/index.html.es @@ -0,0 +1,100 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="es" xml:lang="es"><head> +<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Documentacin Variada de Apache - Servidor HTTP Apache Versin 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page" class="no-sidebar"><div id="page-header"> +<p class="menu"><a href="../mod/">Mdulos</a> | <a href="../mod/directives.html">Directivas</a> | <a href="http://wiki.apache.org/httpd/FAQ">Preguntas Frecuentes</a> | <a href="../glossary.html">Glosario</a> | <a href="../sitemap.html">Mapa del sitio web</a></p> +<p class="apache">Versin 2.4 del Servidor HTTP Apache</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Servidor HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentacin</a> > <a href="../">Versin 2.4</a></div><div id="page-content"><div id="preamble"><h1>Documentacin Variada de Apache</h1> +<div class="toplang"> +<p><span>Idiomas disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" title="Espaol"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Trke"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div> + + + <p>A continuacin ver una lista de pginas adicionales de documentacin que + aplican al proyecto de desarrollo del servidor web Apache.</p> + + <div class="warning"><h3>Atencin</h3> + <p>Los documentos no han sido completamente actualizados para tener en cuenta + los cambios realizados en la versin 2.1 del Servidor Apache HTTP. Alguna + informacin todava puede ser relevante, por favor revsela con cuidado.</p> + </div> + + <dl> + <dt><a href="perf-tuning.html">Notas de Rendimiento - Mejorando Apache</a> + </dt> + + <dd> + <p>Notas sobre como configurar (en tiempo real y tiempo de compilacin) + Apache para el mejor rendimiento. Notas explicando por qu Apache hace + ciertas cosas y por qu no hace otras (que le hacen ser ms lento/rpido). + </p> + </dd> + + <dt><a href="perf-scaling.html">Escalado de Rendimiento</a></dt> + + <dd> + <p>Alguna configuracin de fcil acceso y opciones de mejora para Apache + httpd 2.2 y 2.4 as como herramientas de motorizacin.</p> + </dd> + + <dt><a href="security_tips.html">Consejos de Seguridad</a></dt> + + <dd> + <p>Algunas de las cosas que se deben y no deben hacer para mantener seguro + su sitio web Apache.</p> + </dd> + + <dt><a href="relevant_standards.html">Estndares Relevantes</a></dt> + + <dd> + <p>Este documento acta como una pgina de referencia para la mayor parte + de estndares relevantes que Apache sigue.</p> + </dd> + + <dt><a href="password_encryptions.html">Formatos de Cifrado de Contraseas</a></dt> + + <dd> + <p>Discusin de los distintos cifrados soportados por Apache para el proceso + de autenticacin.</p> + </dd> + </dl> + + </div> +</div> +<div class="bottomlang"> +<p><span>Idiomas disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" title="Espaol"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Trke"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licencia bajo los trminos de la <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Mdulos</a> | <a href="../mod/directives.html">Directivas</a> | <a href="http://wiki.apache.org/httpd/FAQ">Preguntas Frecuentes</a> | <a href="../glossary.html">Glosario</a> | <a href="../sitemap.html">Mapa del sitio web</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/index.html.fr.utf8 b/docs/manual/misc/index.html.fr.utf8 new file mode 100644 index 0000000..88a1ed7 --- /dev/null +++ b/docs/manual/misc/index.html.fr.utf8 @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Documentations diverses sur Apache - Serveur HTTP Apache Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page" class="no-sidebar"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="apache">Serveur HTTP Apache Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Documentations diverses sur Apache</h1> +<div class="toplang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" title="Français"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div> + + + <p>Vous trouverez plus loin une liste de pages de documentation + additionnelles concernant le projet de développement du serveur web + Apache.</p> + + <div class="warning"><h3>Avertissement</h3> + <p>La mise à jour des documents ci-dessous permettant de prendre en + compte les modifications apportées par la version 2.1 du serveur + HTTP Apache n'a pas été entièrement menée à bien. Certaines + informations sont probablement encore pertinentes, mais utilisez-les tout de même avec + précautions.</p> + </div> + + <dl> + <dt><a href="perf-tuning.html">Notes à propos des performances - + Réglages fins d'Apache</a></dt> + + <dd> + <p>Notes à propos de la configuration d'Apache pour de plus + hautes performances (à l'exécution et à la compilation). Notes + expliquant pourquoi Apache accomplit certaines choses et + n'en accomplit pas certaines autres (les premières l'accélérant + et les deuxièmes le ralentissant).</p> + </dd> + + <dt><a href="security_tips.html">Conseils concernant la + sécurité</a></dt> + + <dd> + <p>Quelques conseils de type "faites" ou "ne faites pas" pour + que votre site web Apache reste sécurisé.</p> + </dd> + + <dt><a href="relevant_standards.html">Standards concernés</a></dt> + + <dd> + <p>Ce document constitue une page de référence pour la plupart + des standards concernés par Apache.</p> + </dd> + + <dt><a href="password_encryptions.html">Formats de chiffrement des + mots de passe</a></dt> + + <dd> + <p>Discussion à propos des divers algorithmes de chiffrement + supportés par Apache à des fins d'authentification.</p> + </dd> + </dl> + + </div> +</div> +<div class="bottomlang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" title="Français"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/index.html.ko.euc-kr b/docs/manual/misc/index.html.ko.euc-kr new file mode 100644 index 0000000..8a26134 --- /dev/null +++ b/docs/manual/misc/index.html.ko.euc-kr @@ -0,0 +1,95 @@ +<?xml version="1.0" encoding="EUC-KR"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head> +<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Ÿ ġ - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page" class="no-sidebar"><div id="page-header"> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a></div><div id="page-content"><div id="preamble"><h1>Ÿ ġ </h1> +<div class="toplang"> +<p><span> : </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div> +<div class="outofdate"> ֽ ƴմϴ. + ֱٿ ϼ.</div> + + + <p>Ʒ ġ Ʈ ߰ + ̴.</p> + + <div class="warning"><h3></h3> + <p> Ʒ ġ 2.1 + ʴ. ȿ , ؼ + ϱ ٶ.</p> + </div> + + <dl> + <dt><a href="perf-tuning.html">ġ </a></dt> + + <dd> + <p>ְ ġ (, Ͻ) + ϴ ٷ. ġ ۾ ϰ + (ġ ų ) ۾ ʴ + Ѵ.</p> + </dd> + + <dt><a href="security_tips.html"> </a></dt> + + <dd> + <p>ġ ϰ ϱ " " " + ƾ ".</p> + </dd> + + <dt><a href="rewriteguide.html">URL ۼ ħ</a></dt> + + <dd> + <p> <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> <a href="../mod/mod_rewrite.html"> </a> Ѵ. + ڰ ۾ εġԵǴ + URL ذϱؼ ġ + <code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code> ϴ Ѵ.</p> + </dd> + + <dt><a href="relevant_standards.html"> ǥ</a></dt> + + <dd> + <p> ġ ǥص Ѵ.</p> + </dd> + </dl> + + </div> +</div> +<div class="bottomlang"> +<p><span> : </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/index.html.tr.utf8 b/docs/manual/misc/index.html.tr.utf8 new file mode 100644 index 0000000..ab66b1f --- /dev/null +++ b/docs/manual/misc/index.html.tr.utf8 @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Çeşitli Belgeler - Apache HTTP Sunucusu Sürüm 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page" class="no-sidebar"><div id="page-header"> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p> +<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Sunucusu</a> > <a href="http://httpd.apache.org/docs/">Belgeleme</a> > <a href="../">Sürüm 2.4</a></div><div id="page-content"><div id="preamble"><h1>Çeşitli Belgeler</h1> +<div class="toplang"> +<p><span>Mevcut Diller: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div> + + + <p>Aşağıda listelenen belgeler de Apache HTTP sunucusu geliştirme projesi + kapsamındadır.</p> + + <div class="warning"><h3>Uyarı</h3> + <p>Aşağıdaki belgeler, Apache HTTP Sunucusunun 2.1 sürümünde yapılmış + değişikliklere göre tam olarak güncellenmemiştir. Hala güncel kalmış + bazı bilgiler olabilir, fakat siz yine de bu belgeleri kullanırken + dikkatli olun.</p> + </div> + + <dl> + <dt><a href="perf-tuning.html">Başarım Arttırma İpuçları - Apache’ye + İnce Ayar Çekilmesi</a></dt> + + <dd> + <p>Yüksek başarım elde etmek için Apache yapılandırmasında (çalışma + anında ve derleme sırasında) yapılacaklar ile ilgili bazı bilgiler + yanında Apache’de bazı şeylerin (bir şeyleri hızlandıran ve + yavaşlatan şeylerin) yapılma ve yapılmama sebepleri + açıklanmıştır.</p> + </dd> + + <dt><a href="security_tips.html">Güvenlik İpuçları</a></dt> + + <dd> + <p>Apache HTTP sitenizi güvenli kılmak için yapılacaklar ve + yapılmayacaklar.</p> + </dd> + + <dt><a href="relevant_standards.html">İlgili Standartlar</a></dt> + + <dd> + <p>Bu belge Apache’nin uyacağı standartların bir çoğuna atıfta + bulunmak amacıyla hazırlanmıştır.</p> + </dd> + + <dt><a href="password_encryptions.html">Parola Şifreleme Biçimleri</a> + </dt> + + <dd> + <p>Belgede, kimlik doğrulama amacıyla Apache tarafından desteklenen + çeşitli şifreleme tekniklerinden bahsedilmiştir.</p> + </dd> + </dl> + + </div> +</div> +<div class="bottomlang"> +<p><span>Mevcut Diller: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" hreflang="zh-cn" rel="alternate" title="Simplified Chinese"> zh-cn </a></p> +</div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/index.html.zh-cn.utf8 b/docs/manual/misc/index.html.zh-cn.utf8 new file mode 100644 index 0000000..f0f9141 --- /dev/null +++ b/docs/manual/misc/index.html.zh-cn.utf8 @@ -0,0 +1,85 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="zh-cn" xml:lang="zh-cn"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Apache 杂项文档 - Apache HTTP 服务器 版本 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page" class="no-sidebar"><div id="page-header"> +<p class="menu"><a href="../mod/">模块</a> | <a href="../mod/directives.html">指令</a> | <a href="http://wiki.apache.org/httpd/FAQ">常见问题</a> | <a href="../glossary.html">术语</a> | <a href="../sitemap.html">网站导航</a></p> +<p class="apache">Apache HTTP 服务器版本 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="../"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP 服务器</a> > <a href="http://httpd.apache.org/docs/">文档</a> > <a href="../">版本 2.4</a></div><div id="page-content"><div id="preamble"><h1>Apache 杂项文档</h1> +<div class="toplang"> +<p><span>可用语言: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" title="Simplified Chinese"> zh-cn </a></p> +</div> + + + <p>下面是适用于 Apache 服务器开发项目的附加文档。</p> + + <div class="warning"><h3>警告</h3> + <p>下面的文档尚未完全更新,以反映自 Apache HTTP 服务器版本 2.1 + 之后的修改。某些信息可能仍旧适用,但请小心使用它。</p> + </div> + + <dl> + <dt><a href="perf-tuning.html">Apache 性能调谐</a></dt> + + <dd> + <p>对如何在编译或运行时,配置 Apache,以便性能更高的说明。 + 解释了为什么 Apache 这样做,而不那样做 (这会让它更慢或更快)。</p> + </dd> + + <dt><a href="security_tips.html">安全技巧</a></dt> + + <dd> + <p>做和不做 - 如何让你的 Apache 站点保持安全。</p> + </dd> + + <dt><a href="relevant_standards.html">相关标准</a></dt> + + <dd> + <p>这篇文档是 Apache 遵循的相关标准的参考页面。</p> + </dd> + + <dt><a href="password_encryptions.html">密码加密格式</a></dt> + + <dd> + <p>对 Apache 身份认证支持的各种密码加密格式的讨论。</p> + </dd> + </dl> + + </div> +</div> +<div class="bottomlang"> +<p><span>可用语言: </span><a href="../en/misc/" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../es/misc/" hreflang="es" rel="alternate" title="Español"> es </a> | +<a href="../fr/misc/" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/" hreflang="tr" rel="alternate" title="Türkçe"> tr </a> | +<a href="../zh-cn/misc/" title="Simplified Chinese"> zh-cn </a></p> +</div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />基于 <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> 许可证.</p> +<p class="menu"><a href="../mod/">模块</a> | <a href="../mod/directives.html">指令</a> | <a href="http://wiki.apache.org/httpd/FAQ">常见问题</a> | <a href="../glossary.html">术语</a> | <a href="../sitemap.html">网站导航</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/password_encryptions.html b/docs/manual/misc/password_encryptions.html new file mode 100644 index 0000000..ef55165 --- /dev/null +++ b/docs/manual/misc/password_encryptions.html @@ -0,0 +1,9 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: password_encryptions.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 + +URI: password_encryptions.html.fr.utf8 +Content-Language: fr +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/misc/password_encryptions.html.en b/docs/manual/misc/password_encryptions.html.en new file mode 100644 index 0000000..9f7e806 --- /dev/null +++ b/docs/manual/misc/password_encryptions.html.en @@ -0,0 +1,259 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Password Formats - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Password Formats</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/misc/password_encryptions.html" title="English"> en </a> | +<a href="../fr/misc/password_encryptions.html" hreflang="fr" rel="alternate" title="Franais"> fr </a></p> +</div> + + <p>Notes about the password encryption formats generated and understood by + Apache.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#basic">Basic Authentication</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#digest">Digest Authentication</a></li> +</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="basic" id="basic">Basic Authentication</a></h2> + + <p>There are five formats that Apache recognizes for basic-authentication + passwords. Note that not all formats work on every platform:</p> + + <dl> + <dt>bcrypt</dt> + <dd>"$2y$" + the result of the crypt_blowfish algorithm. + See the APR source file + <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?view=markup">crypt_blowfish.c</a> + for the details of the algorithm.</dd> + + <dt>MD5</dt> + <dd>"$apr1$" + the result of an Apache-specific algorithm using an + iterated (1,000 times) MD5 digest of various combinations of a + random 32-bit salt and the password. See the APR source file + <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?view=markup">apr_md5.c</a> + for the details of the algorithm.</dd> + + <dt>SHA1</dt> + <dd>"{SHA}" + Base64-encoded SHA-1 digest of the password. Insecure.</dd> + + <dt>CRYPT</dt> + <dd>Unix only. Uses the traditional Unix <code>crypt(3)</code> function + with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 + characters of the password. Insecure.</dd> + + <dt>PLAIN TEXT (i.e. <em>unencrypted</em>)</dt> + <dd>Windows & Netware only. Insecure.</dd> + </dl> + + <h3>Generating values with htpasswd</h3> + + <div class="example"><h3>bcrypt</h3><p><code> + $ htpasswd -nbB myName myPassword<br /> + myName:$2y$05$c4WoMPo3SXsafkva.HHa6uXQZWr7oboPiC2bT/r7q1BB8I2s0BRqC + </code></p></div> + + <div class="example"><h3>MD5</h3><p><code> + $ htpasswd -nbm myName myPassword<br /> + myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ + </code></p></div> + + <div class="example"><h3>SHA1</h3><p><code> + $ htpasswd -nbs myName myPassword<br /> + myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= + </code></p></div> + + <div class="example"><h3>CRYPT</h3><p><code> + $ htpasswd -nbd myName myPassword<br /> + myName:rqXexS6ZhobKA + </code></p></div> + + + + <h3>Generating CRYPT and MD5 values with the OpenSSL + command-line program</h3> + + + <p>OpenSSL knows the Apache-specific MD5 algorithm.</p> + + <div class="example"><h3>MD5</h3><p><code> + $ openssl passwd -apr1 myPassword<br /> + $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0 + </code></p></div> + + <div class="example"><h3>CRYPT</h3><p><code> + openssl passwd -crypt myPassword<br /> + qQ5vTYO3c8dsU + </code></p></div> + + + <h3>Validating CRYPT or MD5 passwords with the OpenSSL command + line program</h3> + + <p>The salt for a CRYPT password is the first two characters (converted to + a binary value). To validate <code>myPassword</code> against + <code>rqXexS6ZhobKA</code></p> + + <div class="example"><h3>CRYPT</h3><p><code> + $ openssl passwd -crypt -salt rq myPassword<br /> + Warning: truncating password to 8 characters<br /> + rqXexS6ZhobKA + </code></p></div> + + <p>Note that using <code>myPasswo</code> instead of + <code>myPassword</code> will produce the same result because only the + first 8 characters of CRYPT passwords are considered.</p> + + <p>The salt for an MD5 password is between <code>$apr1$</code> and the + following <code>$</code> (as a Base64-encoded binary value - max 8 chars). + To validate <code>myPassword</code> against + <code>$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/</code></p> + + <div class="example"><h3>MD5</h3><p><code> + $ openssl passwd -apr1 -salt r31..... myPassword<br /> + $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ + </code></p></div> + + + <h3>Database password fields for mod_dbd</h3> + <p>The SHA1 variant is probably the most useful format for DBD + authentication. Since the SHA1 and Base64 functions are commonly + available, other software can populate a database with encrypted passwords + that are usable by Apache basic authentication.</p> + + <p>To create Apache SHA1-variant basic-authentication passwords in various + languages:</p> + + <div class="example"><h3>PHP</h3><p><code> + '{SHA}' . base64_encode(sha1($password, TRUE)) + </code></p></div> + + <div class="example"><h3>Java</h3><p><code> + "{SHA}" + new sun.misc.BASE64Encoder().encode(java.security.MessageDigest.getInstance("SHA1").digest(password.getBytes())) + </code></p></div> + + <div class="example"><h3>ColdFusion</h3><p><code> + "{SHA}" & ToBase64(BinaryDecode(Hash(password, "SHA1"), "Hex")) + </code></p></div> + + <div class="example"><h3>Ruby</h3><p><code> + require 'digest/sha1'<br /> + require 'base64'<br /> + '{SHA}' + Base64.encode64(Digest::SHA1.digest(password)) + </code></p></div> + + <div class="example"><h3>C or C++</h3><p><code> + Use the APR function: apr_sha1_base64 + </code></p></div> + + <div class="example"><h3>Python</h3><p><code> + import base64<br /> + import hashlib<br /> + "{SHA}" + format(base64.b64encode(hashlib.sha1(password).digest())) + </code></p></div> + + <div class="example"><h3>PostgreSQL (with the contrib/pgcrypto functions + installed)</h3><p><code> + + '{SHA}'||encode(digest(password,'sha1'),'base64') + </code></p></div> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="digest" id="digest">Digest Authentication</a></h2> + <p>Apache recognizes one format for + digest-authentication passwords - the MD5 hash of the string + <code>user:realm:password</code> as a 32-character string of hexadecimal + digits. <code>realm</code> is the Authorization Realm argument to the + <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code> directive in + httpd.conf.</p> + + <h3>Database password fields for mod_dbd</h3> + + <p>Since the MD5 function is commonly available, other software can + populate a database with encrypted passwords that are usable by Apache + digest authentication.</p> + + <p>To create Apache digest-authentication passwords in various + languages:</p> + + <div class="example"><h3>PHP</h3><p><code> + md5($user . ':' . $realm . ':' .$password) + </code></p></div> + + <div class="example"><h3>Java</h3><p><code> + byte b[] = java.security.MessageDigest.getInstance("MD5").digest( (user + ":" + realm + ":" + password ).getBytes());<br /> + java.math.BigInteger bi = new java.math.BigInteger(1, b);<br /> + String s = bi.toString(16);<br /> + while (s.length() < 32)<br /> + <span class="indent"> + s = "0" + s; + </span> + // String s is the encrypted password + </code></p></div> + + <div class="example"><h3>ColdFusion</h3><p><code> + LCase(Hash( (user & ":" & realm & ":" & password) , "MD5")) + </code></p></div> + + <div class="example"><h3>Ruby</h3><p><code> + require 'digest/md5'<br /> + Digest::MD5.hexdigest(user + ':' + realm + ':' + password) + </code></p></div> + + <div class="example"><h3>PostgreSQL (with the contrib/pgcrypto functions installed)</h3><p><code> + + encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex') + </code></p></div> + + + </div></div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/misc/password_encryptions.html" title="English"> en </a> | +<a href="../fr/misc/password_encryptions.html" hreflang="fr" rel="alternate" title="Franais"> fr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/password_encryptions.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/password_encryptions.html.fr.utf8 b/docs/manual/misc/password_encryptions.html.fr.utf8 new file mode 100644 index 0000000..7ee9eb7 --- /dev/null +++ b/docs/manual/misc/password_encryptions.html.fr.utf8 @@ -0,0 +1,273 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Formats de mots de passe - Serveur HTTP Apache Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="apache">Serveur HTTP Apache Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Formats de mots de passe</h1> +<div class="toplang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/password_encryptions.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/password_encryptions.html" title="Français"> fr </a></p> +</div> + + <p>Notes à propos des formats de chiffrement des mots de passe + générés et compris par Apache.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#basic">Authentification de base</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#digest">Authentification à base de condensés</a></li> +</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="basic" id="basic">Authentification de base</a></h2> + + <p>Voici les cinq formats de mots de passe qu'Apache reconnaît + pour l'authentification de base. Notez que tous les formats ne sont + pas supportés par toutes les plates-formes :</p> + + <dl> + + <dt>bcrypt</dt> + <dd>"$2y$" + the result of the crypt_blowfish algorithm. Dérivé + de l'algorythme de chiffrement crypt_blowfish. Voir le fichier + source APR <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/crypt_blowfish.c?view=markup">crypt_blowfish.c</a> + pour plus de détails à propos de cet algorithme.</dd> + + <dt>MD5</dt> + <dd>"$apr1$" + le résultat d'un algorithme spécifique à Apache + utilisant un condensé MD5 réitéré (1000 fois) de combinaisons + variées du mot de passe et d'une source d'entropie sur 32 bits. + Voir le fichier source APR <a href="http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_md5.c?view=markup">apr_md5.c</a> + pour les détails de l'algorithme.</dd> + + + <dt>SHA1</dt> + <dd>"{SHA}" + un condensé SHA-1 du mot de passe codé en + Base64. Non sûr.</dd> + + <dt>CRYPT</dt> + <dd>Unix seulement. Utilise la fonction Unix traditionnelle + <code>crypt(3)</code> avec une source d'entropie sur 32 bits + (seuls 12 bits sont utilisés), et seulement les 8 premiers + caractères du mot de passe. Non sûr.</dd> + + <dt>PLAIN TEXT (autrement dit <em>non chiffré</em>)</dt> + <dd>Windows & Netware seulement. Non sûr.</dd> + </dl> + <h3>Générer des mots de passe avec htpasswd</h3> + + <div class="example"><h3>bcrypt</h3><p><code> + $ htpasswd -nbB monNom monMot-de-passe<br /> + monNom:$2y$05$c4WoMPo3SXsafkva.HHa6uXQZWr7oboPiC2bT/r7q1BB8I2s0BRqC + </code></p></div> + + <div class="example"><h3>MD5</h3><p><code> + $ htpasswd -nbm monNom monMot-de-passe<br /> + monNom:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ + </code></p></div> + + <div class="example"><h3>SHA1</h3><p><code> + $ htpasswd -nbs monNom monMot-de-passe<br /> + monNom:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE= + </code></p></div> + + <div class="example"><h3>CRYPT</h3><p><code> + $ htpasswd -nbd monNom monMot-de-passe<br /> + monNom:rqXexS6ZhobKA + </code></p></div> + + + + <h3>Générer des mots de passe CRYPT and MD5 avec le programme + OpenSSL en ligne de commande</h3> + + + <p>OpenSSL connaît l'algorithme MD5 spécifique à Apache.</p> + + <div class="example"><h3>MD5</h3><p><code> + $ openssl passwd -apr1 monMot-de-passe<br /> + $apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0 + </code></p></div> + + <div class="example"><h3>CRYPT</h3><p><code> + openssl passwd -crypt monMot-de-passe<br /> + qQ5vTYO3c8dsU + </code></p></div> + + + <h3>Valider des mots de passe CRYPT and MD5 avec le programme + OpenSSL en ligne de commande</h3> + + <p>La source d'entropie pour un mot de passe CRYPT est constituée + des deux premiers caractères (convertis en valeur binaire). Pour + valider <code>monMot-de-passe</code> par rapport à + <code>rqXexS6ZhobKA</code></p> + + <div class="example"><h3>CRYPT</h3><p><code> + $ openssl passwd -crypt -salt rq monMot-de-passe<br /> + Warning: truncating password to 8 characters<br /> + rqXexS6ZhobKA + </code></p></div> + + <p>Notez que spécifier <code>monMot-d</code> au lieu de + <code>monMot-de-passe</code> produira le même résultat car seuls + les 8 premiers caractères des mots de passe CRYPT sont pris en + compte.</p> + + <p>La source d'entropie pour un mot de passe MD5 se situe entre + <code>$apr1$</code> et le caractère <code>$</code> suivant (sous + la forme d'une valeur binaire codée en Base64 - au maximum 8 + caractères). Pour valider <code>monMot-de-passe</code> par rapport + à <code>$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/</code></p> + + <div class="example"><h3>MD5</h3><p><code> + $ openssl passwd -apr1 -salt r31..... monMot-de-passe<br /> + $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/ + </code></p></div> + + + <h3>Champs mot de passe de base de données pour + mod_dbd</h3> + <p>La variante SHA1 constitue probablement le format le mieux + approprié pour l'authentification DBD. Comme les fonctions SHA1 et + Base64 sont en général disponibles, d'autres logiciels peuvent + renseigner une base de données avec des mots de passe chiffrés + utilisables par l'authentification basique d'Apache.</p> + + <p>Pour créer des mots de passe au format SHA1 pour + l'authentification de base d'Apache dans divers langages :</p> + + <div class="example"><h3>PHP</h3><p><code> + '{SHA}' . base64_encode(sha1($password, TRUE)) + </code></p></div> + + <div class="example"><h3>Java</h3><p><code> + "{SHA}" + new sun.misc.BASE64Encoder().encode(java.security.MessageDigest.getInstance("SHA1").digest(password.getBytes())) + </code></p></div> + + <div class="example"><h3>ColdFusion</h3><p><code> + "{SHA}" & ToBase64(BinaryDecode(Hash(password, "SHA1"), "Hex")) + </code></p></div> + + <div class="example"><h3>Ruby</h3><p><code> + require 'digest/sha1'<br /> + require 'base64'<br /> + '{SHA}' + Base64.encode64(Digest::SHA1.digest(password)) + </code></p></div> + + <div class="example"><h3>C ou C++</h3><p><code> + Utilisez la fonction APR : apr_sha1_base64 + </code></p></div> + + <div class="example"><h3>Python</h3><p><code> + import base64<br /> + import hashlib<br /> + "{SHA}" + format(base64.b64encode(hashlib.sha1(password).digest())) + </code></p></div> + + <div class="example"><h3>PostgreSQL (avec les fonctions contrib/pgcrypto + installées)</h3><p><code> + + '{SHA}'||encode(digest(password,'sha1'),'base64') + </code></p></div> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="digest" id="digest">Authentification à base de condensés</a></h2> + <p>Apache ne reconnaît qu'un format pour les mots de passe + d'authentification à base de condensés - le condensé MD5 de la + chaîne <code>utilisateur:domaine-de-protection:mot-de-passe</code> + sous la forme d'une chaîne de 32 caractères au format hexadécimal. + <code>domaine-de-protection</code> est l'identifiant du domaine de + protection de l'autorisation passé en argument à la directive + <code class="directive"><a href="../mod/mod_authn_core.html#authname">AuthName</a></code> dans + httpd.conf.</p> + + <h3>Champs de mot de passe de base de données pour + mod_dbd</h3> + + <p>Comme la fonction MD5 est en général disponible, d'autres + logiciels peuvent renseigner une base de données avec des mots de + passe chiffrés utilisables par l'authentification à base de + condensés d'Apache.</p> + + <p>Pour créer des mots de passe pour l'authentification à base de + condensés d'Apache dans divers langages :</p> + + <div class="example"><h3>PHP</h3><p><code> + md5($user . ':' . $realm . ':' .$password) + </code></p></div> + + <div class="example"><h3>Java</h3><p><code> + byte b[] = java.security.MessageDigest.getInstance("MD5").digest( (user + ":" + realm + ":" + password ).getBytes());<br /> + java.math.BigInteger bi = new java.math.BigInteger(1, b);<br /> + String s = bi.toString(16);<br /> + while (s.length() < 32)<br /> + <span class="indent"> + s = "0" + s; + </span> + // La chaîne s contient le mot de passe chiffré + </code></p></div> + + <div class="example"><h3>ColdFusion</h3><p><code> + LCase(Hash( (user & ":" & realm & ":" & password) , "MD5")) + </code></p></div> + + <div class="example"><h3>Ruby</h3><p><code> + require 'digest/md5'<br /> + Digest::MD5.hexdigest(user + ':' + realm + ':' + password) + </code></p></div> + + <div class="example"><h3>PostgreSQL (avec les fonctions contrib/pgcrypto + installées)</h3><p><code> + + encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex') + </code></p></div> + + + </div></div> +<div class="bottomlang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/password_encryptions.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/password_encryptions.html" title="Français"> fr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/password_encryptions.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/perf-tuning.html b/docs/manual/misc/perf-tuning.html new file mode 100644 index 0000000..38788a4 --- /dev/null +++ b/docs/manual/misc/perf-tuning.html @@ -0,0 +1,17 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: perf-tuning.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 + +URI: perf-tuning.html.fr.utf8 +Content-Language: fr +Content-type: text/html; charset=UTF-8 + +URI: perf-tuning.html.ko.euc-kr +Content-Language: ko +Content-type: text/html; charset=EUC-KR + +URI: perf-tuning.html.tr.utf8 +Content-Language: tr +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/misc/perf-tuning.html.en b/docs/manual/misc/perf-tuning.html.en new file mode 100644 index 0000000..a2b3fdc --- /dev/null +++ b/docs/manual/misc/perf-tuning.html.en @@ -0,0 +1,986 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Apache Performance Tuning - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Apache Performance Tuning</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/misc/perf-tuning.html" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Trke"> tr </a></p> +</div> + + + <p>Apache 2.x is a general-purpose webserver, designed to + provide a balance of flexibility, portability, and performance. + Although it has not been designed specifically to set benchmark + records, Apache 2.x is capable of high performance in many + real-world situations.</p> + + <p>Compared to Apache 1.3, release 2.x contains many additional + optimizations to increase throughput and scalability. Most of + these improvements are enabled by default. However, there are + compile-time and run-time configuration choices that can + significantly affect performance. This document describes the + options that a server administrator can configure to tune the + performance of an Apache 2.x installation. Some of these + configuration options enable the httpd to better take advantage + of the capabilities of the hardware and OS, while others allow + the administrator to trade functionality for speed.</p> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Hardware and Operating System Issues</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#runtime">Run-Time Configuration Issues</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Compile-Time Configuration Issues</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#trace">Appendix: Detailed Analysis of a Trace</a></li> +</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="hardware" id="hardware">Hardware and Operating System Issues</a></h2> + + + + <p>The single biggest hardware issue affecting webserver + performance is RAM. A webserver should never ever have to swap, + as swapping increases the latency of each request beyond a point + that users consider "fast enough". This causes users to hit + stop and reload, further increasing the load. You can, and + should, control the <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> setting so that your server + does not spawn so many children that it starts swapping. The procedure + for doing this is simple: determine the size of your average Apache + process, by looking at your process list via a tool such as + <code>top</code>, and divide this into your total available memory, + leaving some room for other processes.</p> + + <p>Beyond that the rest is mundane: get a fast enough CPU, a + fast enough network card, and fast enough disks, where "fast + enough" is something that needs to be determined by + experimentation.</p> + + <p>Operating system choice is largely a matter of local + concerns. But some guidelines that have proven generally + useful are:</p> + + <ul> + <li> + <p>Run the latest stable release and patch level of the + operating system that you choose. Many OS suppliers have + introduced significant performance improvements to their + TCP stacks and thread libraries in recent years.</p> + </li> + + <li> + <p>If your OS supports a <code>sendfile(2)</code> system + call, make sure you install the release and/or patches + needed to enable it. (With Linux, for example, this means + using Linux 2.4 or later. For early releases of Solaris 8, + you may need to apply a patch.) On systems where it is + available, <code>sendfile</code> enables Apache 2 to deliver + static content faster and with lower CPU utilization.</p> + </li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="runtime" id="runtime">Run-Time Configuration Issues</a></h2> + + + + <table class="related"><tr><th>Related Modules</th><th>Related Directives</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table> + + <h3><a name="dns" id="dns">HostnameLookups and other DNS considerations</a></h3> + + + + <p>Prior to Apache 1.3, <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> defaulted to <code>On</code>. + This adds latency to every request because it requires a + DNS lookup to complete before the request is finished. In + Apache 1.3 this setting defaults to <code>Off</code>. If you need + to have addresses in your log files resolved to hostnames, use the + <code class="program"><a href="../programs/logresolve.html">logresolve</a></code> + program that comes with Apache, or one of the numerous log + reporting packages which are available.</p> + + <p>It is recommended that you do this sort of postprocessing of + your log files on some machine other than the production web + server machine, in order that this activity not adversely affect + server performance.</p> + + <p>If you use any <code><code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code> from domain</code> or <code><code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> from domain</code> + directives (i.e., using a hostname, or a domain name, rather than + an IP address) then you will pay for + two DNS lookups (a reverse, followed by a forward lookup + to make sure that the reverse is not being spoofed). For best + performance, therefore, use IP addresses, rather than names, when + using these directives, if possible.</p> + + <p>Note that it's possible to scope the directives, such as + within a <code><Location "/server-status"></code> section. + In this case the DNS lookups are only performed on requests + matching the criteria. Here's an example which disables lookups + except for <code>.html</code> and <code>.cgi</code> files:</p> + + <pre class="prettyprint lang-config">HostnameLookups off +<Files ~ "\.(html|cgi)$"> + HostnameLookups on +</Files></pre> + + + <p>But even still, if you just need DNS names in some CGIs you + could consider doing the <code>gethostbyname</code> call in the + specific CGIs that need it.</p> + + + + <h3><a name="symlinks" id="symlinks">FollowSymLinks and SymLinksIfOwnerMatch</a></h3> + + + + <p>Wherever in your URL-space you do not have an <code>Options + FollowSymLinks</code>, or you do have an <code>Options + SymLinksIfOwnerMatch</code>, Apache will need to issue extra + system calls to check up on symlinks. (One extra call per + filename component.) For example, if you had:</p> + + <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs" +<Directory "/"> + Options SymLinksIfOwnerMatch +</Directory></pre> + + + <p>and a request is made for the URI <code>/index.html</code>, + then Apache will perform <code>lstat(2)</code> on + <code>/www</code>, <code>/www/htdocs</code>, and + <code>/www/htdocs/index.html</code>. The results of these + <code>lstats</code> are never cached, so they will occur on + every single request. If you really desire the symlinks + security checking, you can do something like this:</p> + + <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs" +<Directory "/"> + Options FollowSymLinks +</Directory> + +<Directory "/www/htdocs"> + Options -FollowSymLinks +SymLinksIfOwnerMatch +</Directory></pre> + + + <p>This at least avoids the extra checks for the + <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> path. + Note that you'll need to add similar sections if you + have any <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> or + <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> paths + outside of your document root. For highest performance, + and no symlink protection, set <code>FollowSymLinks</code> + everywhere, and never set <code>SymLinksIfOwnerMatch</code>.</p> + + + + <h3><a name="htaccess" id="htaccess">AllowOverride</a></h3> + + + + <p>Wherever in your URL-space you allow overrides (typically + <code>.htaccess</code> files), Apache will attempt to open + <code>.htaccess</code> for each filename component. For + example,</p> + + <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs" +<Directory "/"> + AllowOverride all +</Directory></pre> + + + <p>and a request is made for the URI <code>/index.html</code>. + Then Apache will attempt to open <code>/.htaccess</code>, + <code>/www/.htaccess</code>, and + <code>/www/htdocs/.htaccess</code>. The solutions are similar + to the previous case of <code>Options FollowSymLinks</code>. + For highest performance use <code>AllowOverride None</code> + everywhere in your filesystem.</p> + + + + <h3><a name="negotiation" id="negotiation">Negotiation</a></h3> + + + + <p>If at all possible, avoid content negotiation if you're + really interested in every last ounce of performance. In + practice the benefits of negotiation outweigh the performance + penalties. There's one case where you can speed up the server. + Instead of using a wildcard such as:</p> + + <pre class="prettyprint lang-config">DirectoryIndex index</pre> + + + <p>Use a complete list of options:</p> + + <pre class="prettyprint lang-config">DirectoryIndex index.cgi index.pl index.shtml index.html</pre> + + + <p>where you list the most common choice first.</p> + + <p>Also note that explicitly creating a <code>type-map</code> + file provides better performance than using + <code>MultiViews</code>, as the necessary information can be + determined by reading this single file, rather than having to + scan the directory for files.</p> + + <p>If your site needs content negotiation, consider using + <code>type-map</code> files, rather than the <code>Options + MultiViews</code> directive to accomplish the negotiation. See the + <a href="../content-negotiation.html">Content Negotiation</a> + documentation for a full discussion of the methods of negotiation, + and instructions for creating <code>type-map</code> files.</p> + + + + <h3>Memory-mapping</h3> + + + + <p>In situations where Apache 2.x needs to look at the contents + of a file being delivered--for example, when doing server-side-include + processing--it normally memory-maps the file if the OS supports + some form of <code>mmap(2)</code>.</p> + + <p>On some platforms, this memory-mapping improves performance. + However, there are cases where memory-mapping can hurt the performance + or even the stability of the httpd:</p> + + <ul> + <li> + <p>On some operating systems, <code>mmap</code> does not scale + as well as <code>read(2)</code> when the number of CPUs increases. + On multiprocessor Solaris servers, for example, Apache 2.x sometimes + delivers server-parsed files faster when <code>mmap</code> is disabled.</p> + </li> + + <li> + <p>If you memory-map a file located on an NFS-mounted filesystem + and a process on another NFS client machine deletes or truncates + the file, your process may get a bus error the next time it tries + to access the mapped file content.</p> + </li> + </ul> + + <p>For installations where either of these factors applies, you + should use <code>EnableMMAP off</code> to disable the memory-mapping + of delivered files. (Note: This directive can be overridden on + a per-directory basis.)</p> + + + + <h3>Sendfile</h3> + + + + <p>In situations where Apache 2.x can ignore the contents of the file + to be delivered -- for example, when serving static file content -- + it normally uses the kernel sendfile support for the file if the OS + supports the <code>sendfile(2)</code> operation.</p> + + <p>On most platforms, using sendfile improves performance by eliminating + separate read and send mechanics. However, there are cases where using + sendfile can harm the stability of the httpd:</p> + + <ul> + <li> + <p>Some platforms may have broken sendfile support that the build + system did not detect, especially if the binaries were built on + another box and moved to such a machine with broken sendfile support.</p> + </li> + <li> + <p>With an NFS-mounted filesystem, the kernel may be unable + to reliably serve the network file through its own cache.</p> + </li> + </ul> + + <p>For installations where either of these factors applies, you + should use <code>EnableSendfile off</code> to disable sendfile + delivery of file contents. (Note: This directive can be overridden + on a per-directory basis.)</p> + + + + <h3><a name="process" id="process">Process Creation</a></h3> + + + + <p>Prior to Apache 1.3 the <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, and <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> settings all had drastic effects on + benchmark results. In particular, Apache required a "ramp-up" + period in order to reach a number of children sufficient to serve + the load being applied. After the initial spawning of + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> children, + only one child per second would be created to satisfy the + <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> + setting. So a server being accessed by 100 simultaneous + clients, using the default <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> of <code>5</code> would take on + the order of 95 seconds to spawn enough children to handle + the load. This works fine in practice on real-life servers + because they aren't restarted frequently. But it does really + poorly on benchmarks which might only run for ten minutes.</p> + + <p>The one-per-second rule was implemented in an effort to + avoid swamping the machine with the startup of new children. If + the machine is busy spawning children, it can't service + requests. But it has such a drastic effect on the perceived + performance of Apache that it had to be replaced. As of Apache + 1.3, the code will relax the one-per-second rule. It will spawn + one, wait a second, then spawn two, wait a second, then spawn + four, and it will continue exponentially until it is spawning + 32 children per second. It will stop whenever it satisfies the + <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> + setting.</p> + + <p>This appears to be responsive enough that it's almost + unnecessary to twiddle the <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> and <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> knobs. When more than 4 children are + spawned per second, a message will be emitted to the + <code class="directive"><a href="../mod/core.html#errorlog">ErrorLog</a></code>. If you + see a lot of these errors, then consider tuning these settings. + Use the <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> output as a guide.</p> + + <p>Related to process creation is process death induced by the + <code class="directive"><a href="../mod/mpm_common.html#maxconnectionsperchild">MaxConnectionsPerChild</a></code> + setting. By default this is <code>0</code>, + which means that there is no limit to the number of connections + handled per child. If your configuration currently has this set + to some very low number, such as <code>30</code>, you may want to bump this + up significantly. If you are running SunOS or an old version of + Solaris, limit this to <code>10000</code> or so because of memory leaks.</p> + + <p>When keep-alives are in use, children will be kept busy + doing nothing waiting for more requests on the already open + connection. The default <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> of <code>5</code> + seconds attempts to minimize this effect. The tradeoff here is + between network bandwidth and server resources. In no event + should you raise this above about <code>60</code> seconds, as <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html"> + most of the benefits are lost</a>.</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="compiletime" id="compiletime">Compile-Time Configuration Issues</a></h2> + + + + <h3>Choosing an MPM</h3> + + + + <p>Apache 2.x supports pluggable concurrency models, called + <a href="../mpm.html">Multi-Processing Modules</a> (MPMs). + When building Apache, you must choose an MPM to use. There + are platform-specific MPMs for some platforms: + <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, + <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code>, and <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>. For + general Unix-type systems, there are several MPMs from which + to choose. The choice of MPM can affect the speed and scalability + of the httpd:</p> + + <ul> + + <li>The <code class="module"><a href="../mod/worker.html">worker</a></code> MPM uses multiple child + processes with many threads each. Each thread handles + one connection at a time. Worker generally is a good + choice for high-traffic servers because it has a smaller + memory footprint than the prefork MPM.</li> + + <li>The <code class="module"><a href="../mod/event.html">event</a></code> MPM is threaded like the + Worker MPM, but is designed to allow more requests to be + served simultaneously by passing off some processing work + to supporting threads, freeing up the main threads to work + on new requests.</li> + + <li>The <code class="module"><a href="../mod/prefork.html">prefork</a></code> MPM uses multiple child + processes with one thread each. Each process handles + one connection at a time. On many systems, prefork is + comparable in speed to worker, but it uses more memory. + Prefork's threadless design has advantages over worker + in some situations: it can be used with non-thread-safe + third-party modules, and it is easier to debug on platforms + with poor thread debugging support.</li> + + </ul> + + <p>For more information on these and other MPMs, please + see the MPM <a href="../mpm.html">documentation</a>.</p> + + + + <h3><a name="modules" id="modules">Modules</a></h3> + + + + <p>Since memory usage is such an important consideration in + performance, you should attempt to eliminate modules that you are + not actually using. If you have built the modules as <a href="../dso.html">DSOs</a>, eliminating modules is a simple + matter of commenting out the associated <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> directive for that module. + This allows you to experiment with removing modules and seeing + if your site still functions in their absence.</p> + + <p>If, on the other hand, you have modules statically linked + into your Apache binary, you will need to recompile Apache in + order to remove unwanted modules.</p> + + <p>An associated question that arises here is, of course, what + modules you need, and which ones you don't. The answer here + will, of course, vary from one web site to another. However, the + <em>minimal</em> list of modules which you can get by with tends + to include <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>, <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code>, + and <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>. <code>mod_log_config</code> is, + of course, optional, as you can run a web site without log + files. This is, however, not recommended.</p> + + + + <h3>Atomic Operations</h3> + + + + <p>Some modules, such as <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> and + recent development builds of the worker MPM, use APR's + atomic API. This API provides atomic operations that can + be used for lightweight thread synchronization.</p> + + <p>By default, APR implements these operations using the + most efficient mechanism available on each target + OS/CPU platform. Many modern CPUs, for example, have + an instruction that does an atomic compare-and-swap (CAS) + operation in hardware. On some platforms, however, APR + defaults to a slower, mutex-based implementation of the + atomic API in order to ensure compatibility with older + CPU models that lack such instructions. If you are + building Apache for one of these platforms, and you plan + to run only on newer CPUs, you can select a faster atomic + implementation at build time by configuring Apache with + the <code>--enable-nonportable-atomics</code> option:</p> + + <div class="example"><p><code> + ./buildconf<br /> + ./configure --with-mpm=worker --enable-nonportable-atomics=yes + </code></p></div> + + <p>The <code>--enable-nonportable-atomics</code> option is + relevant for the following platforms:</p> + + <ul> + + <li>Solaris on SPARC<br /> + By default, APR uses mutex-based atomics on Solaris/SPARC. + If you configure with <code>--enable-nonportable-atomics</code>, + however, APR generates code that uses a SPARC v8plus opcode for + fast hardware compare-and-swap. If you configure Apache with + this option, the atomic operations will be more efficient + (allowing for lower CPU utilization and higher concurrency), + but the resulting executable will run only on UltraSPARC + chips. + </li> + + <li>Linux on x86<br /> + By default, APR uses mutex-based atomics on Linux. If you + configure with <code>--enable-nonportable-atomics</code>, + however, APR generates code that uses a 486 opcode for fast + hardware compare-and-swap. This will result in more efficient + atomic operations, but the resulting executable will run only + on 486 and later chips (and not on 386). + </li> + + </ul> + + + + <h3>mod_status and ExtendedStatus On</h3> + + + + <p>If you include <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> and you also set + <code>ExtendedStatus On</code> when building and running + Apache, then on every request Apache will perform two calls to + <code>gettimeofday(2)</code> (or <code>times(2)</code> + depending on your operating system), and (pre-1.3) several + extra calls to <code>time(2)</code>. This is all done so that + the status report contains timing indications. For highest + performance, set <code>ExtendedStatus off</code> (which is the + default).</p> + + + + <h3>accept Serialization - Multiple Sockets</h3> + + + + <div class="warning"><h3>Warning:</h3> + <p>This section has not been fully updated + to take into account changes made in the 2.x version of the + Apache HTTP Server. Some of the information may still be + relevant, but please use it with care.</p> + </div> + + <p>This discusses a shortcoming in the Unix socket API. Suppose + your web server uses multiple <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> statements to listen on either multiple + ports or multiple addresses. In order to test each socket + to see if a connection is ready, Apache uses + <code>select(2)</code>. <code>select(2)</code> indicates that a + socket has <em>zero</em> or <em>at least one</em> connection + waiting on it. Apache's model includes multiple children, and + all the idle ones test for new connections at the same time. A + naive implementation looks something like this (these examples + do not match the code, they're contrived for pedagogical + purposes):</p> + + <pre class="prettyprint lang-c"> for (;;) { + for (;;) { + fd_set accept_fds; + + FD_ZERO (&accept_fds); + for (i = first_socket; i <= last_socket; ++i) { + FD_SET (i, &accept_fds); + } + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + if (rc < 1) continue; + new_connection = -1; + for (i = first_socket; i <= last_socket; ++i) { + if (FD_ISSET (i, &accept_fds)) { + new_connection = accept (i, NULL, NULL); + if (new_connection != -1) break; + } + } + if (new_connection != -1) break; + } + process_the(new_connection); + }</pre> + + + <p>But this naive implementation has a serious starvation problem. + Recall that multiple children execute this loop at the same + time, and so multiple children will block at + <code>select</code> when they are in between requests. All + those blocked children will awaken and return from + <code>select</code> when a single request appears on any socket. + (The number of children which awaken varies depending on the + operating system and timing issues.) They will all then fall + down into the loop and try to <code>accept</code> the + connection. But only one will succeed (assuming there's still + only one connection ready). The rest will be <em>blocked</em> + in <code>accept</code>. This effectively locks those children + into serving requests from that one socket and no other + sockets, and they'll be stuck there until enough new requests + appear on that socket to wake them all up. This starvation + problem was first documented in <a href="http://bugs.apache.org/index/full/467">PR#467</a>. There + are at least two solutions.</p> + + <p>One solution is to make the sockets non-blocking. In this + case the <code>accept</code> won't block the children, and they + will be allowed to continue immediately. But this wastes CPU + time. Suppose you have ten idle children in + <code>select</code>, and one connection arrives. Then nine of + those children will wake up, try to <code>accept</code> the + connection, fail, and loop back into <code>select</code>, + accomplishing nothing. Meanwhile none of those children are + servicing requests that occurred on other sockets until they + get back up to the <code>select</code> again. Overall this + solution does not seem very fruitful unless you have as many + idle CPUs (in a multiprocessor box) as you have idle children + (not a very likely situation).</p> + + <p>Another solution, the one used by Apache, is to serialize + entry into the inner loop. The loop looks like this + (differences highlighted):</p> + + <pre class="prettyprint lang-c"> for (;;) { + <strong>accept_mutex_on ();</strong> + for (;;) { + fd_set accept_fds; + + FD_ZERO (&accept_fds); + for (i = first_socket; i <= last_socket; ++i) { + FD_SET (i, &accept_fds); + } + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + if (rc < 1) continue; + new_connection = -1; + for (i = first_socket; i <= last_socket; ++i) { + if (FD_ISSET (i, &accept_fds)) { + new_connection = accept (i, NULL, NULL); + if (new_connection != -1) break; + } + } + if (new_connection != -1) break; + } + <strong>accept_mutex_off ();</strong> + process the new_connection; + }</pre> + + + <p><a id="serialize" name="serialize">The functions</a> + <code>accept_mutex_on</code> and <code>accept_mutex_off</code> + implement a mutual exclusion semaphore. Only one child can have + the mutex at any time. There are several choices for + implementing these mutexes. The choice is defined in + <code>src/conf.h</code> (pre-1.3) or + <code>src/include/ap_config.h</code> (1.3 or later). Some + architectures do not have any locking choice made, on these + architectures it is unsafe to use multiple + <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> + directives.</p> + + <p>The <code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> directive can + be used to change the mutex implementation of the + <code>mpm-accept</code> mutex at run-time. Special considerations + for different mutex implementations are documented with that + directive.</p> + + <p>Another solution that has been considered but never + implemented is to partially serialize the loop -- that is, let + in a certain number of processes. This would only be of + interest on multiprocessor boxes where it's possible that multiple + children could run simultaneously, and the serialization + actually doesn't take advantage of the full bandwidth. This is + a possible area of future investigation, but priority remains + low because highly parallel web servers are not the norm.</p> + + <p>Ideally you should run servers without multiple + <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> + statements if you want the highest performance. + But read on.</p> + + + + <h3>accept Serialization - Single Socket</h3> + + + + <p>The above is fine and dandy for multiple socket servers, but + what about single socket servers? In theory they shouldn't + experience any of these same problems because all the children + can just block in <code>accept(2)</code> until a connection + arrives, and no starvation results. In practice this hides + almost the same "spinning" behavior discussed above in the + non-blocking solution. The way that most TCP stacks are + implemented, the kernel actually wakes up all processes blocked + in <code>accept</code> when a single connection arrives. One of + those processes gets the connection and returns to user-space. + The rest spin in the kernel and go back to sleep when they + discover there's no connection for them. This spinning is + hidden from the user-land code, but it's there nonetheless. + This can result in the same load-spiking wasteful behavior + that a non-blocking solution to the multiple sockets case + can.</p> + + <p>For this reason we have found that many architectures behave + more "nicely" if we serialize even the single socket case. So + this is actually the default in almost all cases. Crude + experiments under Linux (2.0.30 on a dual Pentium pro 166 + w/128Mb RAM) have shown that the serialization of the single + socket case causes less than a 3% decrease in requests per + second over unserialized single-socket. But unserialized + single-socket showed an extra 100ms latency on each request. + This latency is probably a wash on long haul lines, and only an + issue on LANs. If you want to override the single socket + serialization, you can define + <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code>, and then + single-socket servers will not serialize at all.</p> + + + + <h3>Lingering Close</h3> + + + + <p>As discussed in <a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt"> + draft-ietf-http-connection-00.txt</a> section 8, in order for + an HTTP server to <strong>reliably</strong> implement the + protocol, it needs to shut down each direction of the + communication independently. (Recall that a TCP connection is + bi-directional. Each half is independent of the other.)</p> + + <p>When this feature was added to Apache, it caused a flurry of + problems on various versions of Unix because of shortsightedness. + The TCP specification does not state that the <code>FIN_WAIT_2</code> + state has a timeout, but it doesn't prohibit it. + On systems without the timeout, Apache 1.2 induces many sockets + stuck forever in the <code>FIN_WAIT_2</code> state. In many cases this + can be avoided by simply upgrading to the latest TCP/IP patches + supplied by the vendor. In cases where the vendor has never + released patches (<em>i.e.</em>, SunOS4 -- although folks with + a source license can patch it themselves), we have decided to + disable this feature.</p> + + <p>There are two ways to accomplish this. One is the socket + option <code>SO_LINGER</code>. But as fate would have it, this + has never been implemented properly in most TCP/IP stacks. Even + on those stacks with a proper implementation (<em>i.e.</em>, + Linux 2.0.31), this method proves to be more expensive (cputime) + than the next solution.</p> + + <p>For the most part, Apache implements this in a function + called <code>lingering_close</code> (in + <code>http_main.c</code>). The function looks roughly like + this:</p> + + <pre class="prettyprint lang-c"> void lingering_close (int s) + { + char junk_buffer[2048]; + + /* shutdown the sending side */ + shutdown (s, 1); + + signal (SIGALRM, lingering_death); + alarm (30); + + for (;;) { + select (s for reading, 2 second timeout); + if (error) break; + if (s is ready for reading) { + if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) { + break; + } + /* just toss away whatever is here */ + } + } + + close (s); + }</pre> + + + <p>This naturally adds some expense at the end of a connection, + but it is required for a reliable implementation. As HTTP/1.1 + becomes more prevalent, and all connections are persistent, + this expense will be amortized over more requests. If you want + to play with fire and disable this feature, you can define + <code>NO_LINGCLOSE</code>, but this is not recommended at all. + In particular, as HTTP/1.1 pipelined persistent connections + come into use, <code>lingering_close</code> is an absolute + necessity (and <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html"> + pipelined connections are faster</a>, so you want to support + them).</p> + + + + <h3>Scoreboard File</h3> + + + + <p>Apache's parent and children communicate with each other + through something called the scoreboard. Ideally this should be + implemented in shared memory. For those operating systems that + we either have access to, or have been given detailed ports + for, it typically is implemented using shared memory. The rest + default to using an on-disk file. The on-disk file is not only + slow, but it is unreliable (and less featured). Peruse the + <code>src/main/conf.h</code> file for your architecture, and + look for either <code>USE_MMAP_SCOREBOARD</code> or + <code>USE_SHMGET_SCOREBOARD</code>. Defining one of those two + (as well as their companions <code>HAVE_MMAP</code> and + <code>HAVE_SHMGET</code> respectively) enables the supplied + shared memory code. If your system has another type of shared + memory, edit the file <code>src/main/http_main.c</code> and add + the hooks necessary to use it in Apache. (Send us back a patch + too, please.)</p> + + <div class="note">Historical note: The Linux port of Apache didn't start to + use shared memory until version 1.2 of Apache. This oversight + resulted in really poor and unreliable behavior of earlier + versions of Apache on Linux.</div> + + + + <h3>DYNAMIC_MODULE_LIMIT</h3> + + + + <p>If you have no intention of using dynamically loaded modules + (you probably don't if you're reading this and tuning your + server for every last ounce of performance), then you should add + <code>-DDYNAMIC_MODULE_LIMIT=0</code> when building your + server. This will save RAM that's allocated only for supporting + dynamically loaded modules.</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="trace" id="trace">Appendix: Detailed Analysis of a Trace</a></h2> + + + + <p>Here is a system call trace of Apache 2.0.38 with the worker MPM + on Solaris 8. This trace was collected using:</p> + + <div class="example"><p><code> + truss -l -p <var>httpd_child_pid</var>. + </code></p></div> + + <p>The <code>-l</code> option tells truss to log the ID of the + LWP (lightweight process--Solaris' form of kernel-level thread) + that invokes each system call.</p> + + <p>Other systems may have different system call tracing utilities + such as <code>strace</code>, <code>ktrace</code>, or <code>par</code>. + They all produce similar output.</p> + + <p>In this trace, a client has requested a 10KB static file + from the httpd. Traces of non-static requests or requests + with content negotiation look wildly different (and quite ugly + in some cases).</p> + + <div class="example"><pre>/67: accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...) +/67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9</pre></div> + + <p>In this trace, the listener thread is running within LWP #67.</p> + + <div class="note">Note the lack of <code>accept(2)</code> serialization. On this + particular platform, the worker MPM uses an unserialized accept by + default unless it is listening on multiple ports.</div> + + <div class="example"><pre>/65: lwp_park(0x00000000, 0) = 0 +/67: lwp_unpark(65, 1) = 0</pre></div> + + <p>Upon accepting the connection, the listener thread wakes up + a worker thread to do the request processing. In this trace, + the worker thread that handles the request is mapped to LWP #65.</p> + + <div class="example"><pre>/65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0</pre></div> + + <p>In order to implement virtual hosts, Apache needs to know + the local socket address used to accept the connection. It + is possible to eliminate this call in many situations (such + as when there are no virtual hosts, or when + <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> directives + are used which do not have wildcard addresses). But + no effort has yet been made to do these optimizations. </p> + + <div class="example"><pre>/65: brk(0x002170E8) = 0 +/65: brk(0x002190E8) = 0</pre></div> + + <p>The <code>brk(2)</code> calls allocate memory from the heap. + It is rare to see these in a system call trace, because the httpd + uses custom memory allocators (<code>apr_pool</code> and + <code>apr_bucket_alloc</code>) for most request processing. + In this trace, the httpd has just been started, so it must + call <code>malloc(3)</code> to get the blocks of raw memory + with which to create the custom memory allocators.</p> + + <div class="example"><pre>/65: fcntl(9, F_GETFL, 0x00000000) = 2 +/65: fstat64(9, 0xFAF7B818) = 0 +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0 +/65: fstat64(9, 0xFAF7B818) = 0 +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0 +/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0 +/65: fcntl(9, F_SETFL, 0x00000082) = 0</pre></div> + + <p>Next, the worker thread puts the connection to the client (file + descriptor 9) in non-blocking mode. The <code>setsockopt(2)</code> + and <code>getsockopt(2)</code> calls are a side-effect of how + Solaris' libc handles <code>fcntl(2)</code> on sockets.</p> + + <div class="example"><pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre></div> + + <p>The worker thread reads the request from the client.</p> + + <div class="example"><pre>/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0 +/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10</pre></div> + + <p>This httpd has been configured with <code>Options FollowSymLinks</code> + and <code>AllowOverride None</code>. Thus it doesn't need to + <code>lstat(2)</code> each directory in the path leading up to the + requested file, nor check for <code>.htaccess</code> files. + It simply calls <code>stat(2)</code> to verify that the file: + 1) exists, and 2) is a regular file, not a directory.</p> + + <div class="example"><pre>/65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269</pre></div> + + <p>In this example, the httpd is able to send the HTTP response + header and the requested file with a single <code>sendfilev(2)</code> + system call. Sendfile semantics vary among operating systems. On some other + systems, it is necessary to do a <code>write(2)</code> or + <code>writev(2)</code> call to send the headers before calling + <code>sendfile(2)</code>.</p> + + <div class="example"><pre>/65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78</pre></div> + + <p>This <code>write(2)</code> call records the request in the + access log. Note that one thing missing from this trace is a + <code>time(2)</code> call. Unlike Apache 1.3, Apache 2.x uses + <code>gettimeofday(3)</code> to look up the time. On some operating + systems, like Linux or Solaris, <code>gettimeofday</code> has an + optimized implementation that doesn't require as much overhead + as a typical system call.</p> + + <div class="example"><pre>/65: shutdown(9, 1, 1) = 0 +/65: poll(0xFAF7B980, 1, 2000) = 1 +/65: read(9, 0xFAF7BC20, 512) = 0 +/65: close(9) = 0</pre></div> + + <p>The worker thread does a lingering close of the connection.</p> + + <div class="example"><pre>/65: close(10) = 0 +/65: lwp_park(0x00000000, 0) (sleeping...)</pre></div> + + <p>Finally the worker thread closes the file that it has just delivered + and blocks until the listener assigns it another connection.</p> + + <div class="example"><pre>/67: accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre></div> + + <p>Meanwhile, the listener thread is able to accept another connection + as soon as it has dispatched this connection to a worker thread (subject + to some flow-control logic in the worker MPM that throttles the listener + if all the available workers are busy). Though it isn't apparent from + this trace, the next <code>accept(2)</code> can (and usually does, under + high load conditions) occur in parallel with the worker thread's handling + of the just-accepted connection.</p> + + </div></div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/misc/perf-tuning.html" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Trke"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/perf-tuning.html.fr.utf8 b/docs/manual/misc/perf-tuning.html.fr.utf8 new file mode 100644 index 0000000..beceb14 --- /dev/null +++ b/docs/manual/misc/perf-tuning.html.fr.utf8 @@ -0,0 +1,1058 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Optimisation des performances d'Apache - Serveur HTTP Apache Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="apache">Serveur HTTP Apache Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Optimisation des performances d'Apache</h1> +<div class="toplang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" title="Français"> fr </a> | +<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> + + + <p>Apache 2.x est un serveur web à usage général, conçu dans un but + d'équilibre entre souplesse, portabilité et performances. Bien que non + conçu dans le seul but d'établir une référence en la matière, + Apache 2.x est capable de hautes performances dans de nombreuses situations + du monde réel.</p> + + <p>Comparée à Apache 1.3, la version 2.x comporte de nombreuses + optimisations supplémentaires permettant d'améliorer le débit du serveur + et sa personnalisation. La plupart de ces améliorations sont activées par + défaut. Cependant, certains choix de configuration à la compilation et à + l'exécution peuvent affecter les performances de manière significative. Ce + document décrit les options qu'un administrateur de serveur peut configurer + pour améliorer les performances d'une installation d'Apache 2.x. Certaines + de ces options de configuration permettent au démon httpd de mieux tirer + parti des possibilités du matériel et du système d'exploitation, tandis + que d'autres permettent à l'administrateur de privilégier la vitesse + par rapport aux fonctionnalités.</p> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Problèmes matériels et relatifs au système d'exploitation</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#runtime">Optimisation de la configuration à l'exécution</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Optimisation de la configuration à la compilation</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#trace">Appendice : Analyse détaillée d'une trace</a></li> +</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="hardware" id="hardware">Problèmes matériels et relatifs au système d'exploitation</a></h2> + + + + <p>Le principal problème matériel qui affecte les performances du serveur + web est la mémoire vive (RAM). Un serveur web ne devrait jamais avoir à + utiliser le swap, car le swapping augmente le temps de réponse de chaque + requête au delà du point que les utilisateurs considèrent comme + "trop lent". Ceci incite les utilisateurs à cliquer sur "Stop", puis + "Charger à nouveau", ce qui a pour effet d'augmenter encore la charge + du serveur. Vous pouvez, et même devez définir la valeur de la directive + <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> de façon à ce que + votre serveur ne lance pas un nombre de processus enfants tel qu'il + commence à faire du swapping. La méthode pour y parvenir est + simple : déterminez la taille de votre processus Apache standard en + consultant votre liste de processus à l'aide d'un outil tel que + <code>top</code>, et divisez votre quantité totale de mémoire disponible + par cette taille, tout en gardant un espace suffisant + pour les autres processus.</p> + + <p>Hormis ce réglage relatif à la mémoire, le reste est trivial : le + processeur, la carte réseau et les disques doivent être suffisamment + rapides, où "suffisamment rapide" doit être déterminé par + l'expérience.</p> + + <p>Le choix du système d'exploitation dépend principalement du + contexte local. Voici cependant quelques conseils qui se sont + généralement avérés utiles :</p> + + <ul> + <li> + <p>Exécutez la dernière version stable et le niveau de patches le + plus haut du système d'exploitation que vous avez choisi. De nombreux + éditeurs de systèmes d'exploitation ont amélioré de manière + significative les performances de leurs piles TCP et de leurs + bibliothèques de thread ces dernières années.</p> + </li> + + <li> + <p>Si votre système d'exploitation possède un appel système + <code>sendfile(2)</code>, assurez-vous d'avoir installé la version + et/ou les patches nécessaires à son activation. (Pour Linux, par + exemple, cela se traduit par Linux 2.4 ou plus. Pour les versions + anciennes de Solaris 8, vous pouvez être amené à appliquer un patch.) + Sur les systèmes où il est disponible, <code>sendfile</code> permet + à Apache 2 de servir les contenus statiques plus rapidement, tout en + induisant une charge CPU inférieure.</p> + </li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="runtime" id="runtime">Optimisation de la configuration à l'exécution</a></h2> + + + + <table class="related"><tr><th>Modules Apparentés</th><th>Directives Apparentées</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table> + + <h3><a name="dns" id="dns">HostnameLookups et autres considérations à propos du DNS</a></h3> + + + + <p>Avant Apache 1.3, la directive + <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> était positionnée + par défaut à <code>On</code>. Ce réglage augmente le temps de réponse de + chaque requête car il entraîne une recherche DNS et le traitement de la + requête ne pourra pas être achevé tant que cette recherche ne sera + pas terminée. Avec Apache 1.3, ce réglage est défini par défaut à + <code>Off</code>. Si vous souhaitez que les adresses dans vos fichiers + journaux soient résolues en noms d'hôtes, utilisez le programme + <code class="program"><a href="../programs/logresolve.html">logresolve</a></code> fourni avec Apache, ou un des nombreux + paquets générateurs de rapports sur les journaux disponibles.</p> + + <p>Il est recommandé d'effectuer ce genre de traitement a posteriori + de vos fichiers journaux sur une autre machine que celle qui héberge le + serveur web en production, afin que cette activité n'affecte pas les + performances du serveur.</p> + + <p>Si vous utilisez une directive + <code><code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code>from domain</code> + ou + <code><code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> from domain</code> + (ce qui signifie que vous utilisez un nom d'hôte ou un nom de domaine à + la place d'une adresse IP), vous devrez compter avec deux recherches + DNS (une recherche inverse suivie d'une recherche directe pour + s'assurer que l'adresse IP n'a pas été usurpée). C'est pourquoi il est + préférable, pour améliorer les performances, d'utiliser des adresses IP + plutôt que des noms lorsqu'on utilise ces directives, du moins chaque + fois que c'est possible.</p> + + <p>Notez qu'il est possible de modifier la portée des directives, en les + plaçant par exemple à l'intérieur d'une section + <code><Location "/server-status"></code>. Les recherches DNS ne + seront alors effectuées que pour les requêtes qui satisfont aux critères. + Voici un exemple qui désactive les recherches DNS sauf pour les fichiers + <code>.html</code> et <code>.cgi</code> :</p> + + <pre class="prettyprint lang-config">HostnameLookups off +<Files ~ "\.(html|cgi)$"> + HostnameLookups on +</Files></pre> + + + <p>Mais même dans ce cas, si vous n'avez besoin de noms DNS que dans + certains CGIs, vous pouvez effectuer l'appel à <code>gethostbyname</code> + dans les CGIs spécifiques qui en ont besoin.</p> + + + + <h3><a name="symlinks" id="symlinks">FollowSymLinks et SymLinksIfOwnerMatch</a></h3> + + + + <p>Chaque fois que la ligne <code>Options FollowSymLinks</code> sera + absente, ou que la ligne <code>Options SymLinksIfOwnerMatch</code> sera + présente dans votre espace d'adressage, Apache devra effectuer des + appels système supplémentaires pour vérifier la présence de liens + symboliques. Un appel supplémentaire par élément du chemin du fichier. + Par exemple, si vous avez :</p> + + <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs" +<Directory "/"> + Options SymLinksIfOwnerMatch +</Directory></pre> + + + <p>et si une requête demande l'URI <code>/index.html</code>, Apache + effectuera un appel à <code>lstat(2)</code> pour + <code>/www</code>, <code>/www/htdocs</code>, et + <code>/www/htdocs/index.html</code>. Les résultats de ces appels à + <code>lstat</code> ne sont jamais mis en cache, ils devront donc être + générés à nouveau pour chaque nouvelle requête. Si vous voulez absolument + vérifier la sécurité des liens symboliques, vous pouvez utiliser une + configuration du style :</p> + + <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs" +<Directory "/"> + Options FollowSymLinks +</Directory> + +<Directory "/www/htdocs"> + Options -FollowSymLinks +SymLinksIfOwnerMatch +</Directory></pre> + + + <p>Ceci évite au moins les vérifications supplémentaires pour le chemin + défini par <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code>. Notez que + vous devrez ajouter des sections similaires si vous avez des chemins + définis par les directives + <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> ou + <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> en dehors de + la racine de vos documents. Pour améliorer les performances, et supprimer + toute protection des liens symboliques, ajoutez l'option + <code>FollowSymLinks</code> partout, et n'utilisez jamais l'option + <code>SymLinksIfOwnerMatch</code>.</p> + + + + <h3><a name="htaccess" id="htaccess">AllowOverride</a></h3> + + + + <p>Dans toute partie de votre espace d'adressage où vous autoriserez + la surcharge de la configuration (en général à l'aide de fichiers + <code>.htaccess</code>), Apache va tenter d'ouvrir <code>.htaccess</code> + pour chaque élément du chemin du fichier demandé. Par exemple, si vous + avez : </p> + + <pre class="prettyprint lang-config">DocumentRoot "/www/htdocs" +<Directory "/"> + AllowOverride all +</Directory></pre> + + + <p>et qu'une requête demande l'URI <code>/index.html</code>, Apache + tentera d'ouvrir <code>/.htaccess</code>, <code>/www/.htaccess</code>, + et <code>/www/htdocs/.htaccess</code>. Les solutions sont similaires à + celles évoquées précédemment pour <code>Options FollowSymLinks</code>. + Pour améliorer les performances, utilisez <code>AllowOverride None</code> + pour tous les niveaux de votre espace d'adressage.</p> + + + + <h3><a name="negotiation" id="negotiation">Négociation</a></h3> + + + + <p>Dans la mesure du possible, évitez toute négociation de contenu si + vous tenez au moindre gain en performances. En pratique toutefois, + les bénéfices de la négociation l'emportent souvent sur la diminution + des performances. + Il y a cependant un cas dans lequel vous pouvez accélérer le serveur. + Au lieu d'utiliser une directive générique comme :</p> + + <pre class="prettyprint lang-config">DirectoryIndex index</pre> + + + <p>utilisez une liste explicite d'options :</p> + + <pre class="prettyprint lang-config">DirectoryIndex index.cgi index.pl index.shtml index.html</pre> + + + <p>où vous placez le choix courant en première position.</p> + + <p>Notez aussi que créer explicitement un fichier de + <code>correspondances de type</code> fournit de meilleures performances + que l'utilisation des <code>MultiViews</code>, car les informations + nécessaires peuvent être simplement obtenues en lisant ce fichier, sans + avoir à parcourir le répertoire à la recherche de types de fichiers.</p> + + <p>Par conséquent, si la négociation de contenu est nécessaire pour votre + site, préférez les fichiers de <code>correspondances de type</code> aux + directives <code>Options MultiViews</code> pour mener à bien cette + négociation. Se référer au document sur la + <a href="../content-negotiation.html">Négociation de contenu</a> pour une + description complète des méthodes de négociation, et les instructions + permettant de créer des fichiers de <code>correspondances de type</code>.</p> + + + + <h3>Transfert en mémoire</h3> + + + + <p>Dans les situations où Apache 2.x doit consulter le contenu d'un + fichier en train d'être servi - par exemple à l'occasion du traitement + d'une inclusion côté serveur - il transfère en général le fichier en + mémoire si le système d'exploitation supporte une forme quelconque + de <code>mmap(2)</code>.</p> + + <p>Sur certains systèmes, ce transfert en mémoire améliore les + performances. Dans certains cas, ce transfert peut toutefois les dégrader + et même diminuer la stabilité du démon httpd :</p> + + <ul> + <li> + <p>Dans certains systèmes d'exploitation, <code>mmap</code> devient + moins efficace que <code>read(2)</code> quand le nombre de + processeurs augmente. Sur les serveurs multiprocesseurs sous Solaris, + par exemple, Apache 2.x sert parfois les fichiers consultés par le + serveur plus rapidement quand <code>mmap</code> est désactivé.</p> + </li> + + <li> + <p>Si vous transférez en mémoire un fichier localisé dans un système + de fichiers monté par NFS, et si un processus sur + une autre machine cliente NFS supprime ou tronque le fichier, votre + processus peut rencontrer une erreur de bus la prochaine fois qu'il + essaiera d'accéder au contenu du fichier en mémoire.</p> + </li> + </ul> + + <p>Pour les installations où une de ces situations peut se produire, + vous devez utiliser <code>EnableMMAP off</code> afin de désactiver le + transfert en mémoire des fichiers servis. (Note : il est possible de + passer outre cette directive au niveau de chaque répertoire.)</p> + + + + <h3>Sendfile</h3> + + + + <p>Dans les cas où Apache peut se permettre d'ignorer le contenu du + fichier à servir - par exemple, lorsqu'il sert un contenu de fichier + statique - il utilise en général le support sendfile du noyau si le + système d'exploitation supporte l'opération <code>sendfile(2)</code>.</p> + + <p>Sur la plupart des plateformes, l'utilisation de sendfile améliore + les performances en éliminant les mécanismes de lecture et envoi séparés. + Dans certains cas cependant, l'utilisation de sendfile peut nuire à la + stabilité du démon httpd :</p> + + <ul> + <li> + <p>Certaines plateformes peuvent présenter un support de sendfile + défaillant que la construction du système n'a pas détecté, en + particulier si les binaires ont été construits sur une autre machine + et transférés sur la machine où le support de sendfile est + défaillant.</p> + </li> + <li> + <p>Dans le cas d'un système de fichiers monté + sous NFS, le noyau peut s'avérer incapable de servir + les fichiers réseau de manière fiable depuis + son propre cache.</p> + </li> + </ul> + + <p>Pour les installations où une de ces situations peut se produire, + vous devez utiliser <code>EnableSendfile off</code> afin de désactiver + la mise à disposition de contenus de fichiers par sendfile. (Note : il + est possible de passer outre cette directive au niveau de chaque + répertoire.)</p> + + + + <h3><a name="process" id="process">Process Creation</a></h3> + + + + <p>Avant Apache 1.3, les directives + <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, + <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, et + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> avaient des + effets drastiques sur les performances de référence. En particulier, + Apache avait besoin d'un délai de "montée en puissance" afin d'atteindre + un nombre de processus enfants suffisant pour supporter la charge qui lui + était appliquée. Après le lancement initial des processus enfants par + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>, seulement un + processus enfant par seconde était créé afin d'atteindre la valeur de la + directive <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>. Ainsi, + un serveur accédé par 100 clients simultanés et utilisant la valeur par + défaut de <code>5</code> pour la directive + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>, nécessitait + environ 95 secondes pour lancer suffisamment de processus enfants + permettant de faire face à la charge. Ceci fonctionne en pratique pour + les serveurs en production, car ils sont rarement redémarrés. Ce n'est + cependant pas le cas pour les tests de référence (benchmarks) où le + serveur ne fonctionne que 10 minutes.</p> + + <p>La règle "un processus par seconde" avait été implémentée afin + d'éviter l'enlisement de la machine dans le démarrage de nouveaux + processus enfants. Pendant que la machine est occupée à lancer des + processus enfants, elle ne peut pas traiter les requêtes. Mais cette + règle impactait tellement la perception des performances d'Apache qu'elle + a dû être remplacée. A partir d'Apache 1.3, le code a assoupli la règle + "un processus par seconde". Il va en lancer un, attendre une seconde, + puis en lancer deux, attendre une seconde, puis en lancer quatre et + ainsi de suite jusqu'à lancer 32 processus. Il s'arrêtera lorsque le + nombre de processus aura atteint la valeur définie par la directive + <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>.</p> + + <p>Ceci s'avère suffisamment réactif pour pouvoir en général se passer + de manipuler les valeurs des directives + <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, + <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> et + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code>. Lorsque plus de + 4 processus enfants sont lancés par seconde, un message est émis vers + le journal des erreurs. Si vous voyez apparaître souvent ce genre de + message, vous devez vous pencher sur ces réglages. Pour vous guider, + utilisez les informations délivrées par le module + <code class="module"><a href="../mod/mod_status.html">mod_status</a></code>.</p> + + <p>À mettre en relation avec la création de processus, leur destruction + est définie par la valeur de la directive + <code class="directive"><a href="../mod/mpm_common.html#maxconnectionsperchild">MaxConnectionsPerChild</a></code>. Sa valeur + par défaut est <code>0</code>, ce qui signifie qu'il n'y a pas de limite + au nombre de connexions qu'un processus enfant peut traiter. Si votre + configuration actuelle a cette directive réglée à une valeur très basse, + de l'ordre de <code>30</code>, il est conseillé de l'augmenter de manière + significative. Si vous utilisez SunOs ou une ancienne version de Solaris, + utilisez une valeur de l'ordre de <code>10000</code> à cause des fuites + de mémoire.</p> + + <p>Lorsqu'ils sont en mode "keep-alive", les processus enfants sont + maintenus et ne font rien sinon attendre la prochaine requête sur la + connexion déjà ouverte. La valeur par défaut de <code>5</code> de la + directive <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> tend à + minimiser cet effet. Il faut trouver le bon compromis entre la bande + passante réseau et les ressources du serveur. En aucun cas vous ne devez + choisir une valeur supérieure à <code>60</code> seconds, car + <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html"> + la plupart des bénéfices sont alors perdus</a>.</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="compiletime" id="compiletime">Optimisation de la configuration à la compilation</a></h2> + + + + <h3>Choisir un Module Multi-Processus (MPM)</h3> + + + + <p>Apache 2.x supporte les modèles simultanés enfichables, appelés + <a href="../mpm.html">Modules Multi-Processus</a> (MPMs). Vous devez + choisir un MPM au moment de la construction d'Apache. Certaines + plateformes ont des modules MPM spécifiques : + <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code> et + <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>. Sur les systèmes de type Unix, vous avez le + choix entre un grand nombre de modules MPM. Le choix du MPM peut affecter + la vitesse et l'évolutivité du démon httpd :</p> + + <ul> + + <li>Le MPM <code class="module"><a href="../mod/worker.html">worker</a></code> utilise plusieurs processus + enfants possédant chacun de nombreux threads. Chaque thread gère une + seule connexion à la fois. Worker est en général un bon choix pour les + serveurs présentant un traffic important car il possède une empreinte + mémoire plus petite que le MPM prefork.</li> + + <li>Comme le MPM Worker, le MPM <code class="module"><a href="../mod/event.html">event</a></code> utilise + les threads, mais il a été conçu pour traiter davantage de + requêtes simultanément en confiant une partie du travail à des + threads de support, ce qui permet aux threads principaux de + traiter de nouvelles requêtes.</li> + + <li>Le MPM <code class="module"><a href="../mod/prefork.html">prefork</a></code> utilise plusieurs processus enfants + possédant chacun un seul thread. Chaque processus gère une seule + connexion à la fois. Sur de nombreux systèmes, prefork est comparable + en matière de vitesse à worker, mais il utilise plus de mémoire. De par + sa conception sans thread, prefork présente des avantages par rapport à + worker dans certaines situations : il peut être utilisé avec les + modules tiers qui ne supportent pas le threading, et son débogage est plus + aisé sur les platesformes présentant un support du débogage des threads + rudimentaire.</li> + + </ul> + + <p>Pour plus d'informations sur ces deux MPMs et les autres, veuillez + vous référer à la <a href="../mpm.html">documentation sur les + MPM</a>.</p> + + + + <h3><a name="modules" id="modules">Modules</a></h3> + + + + <p>Comme le contrôle de l'utilisation de la mémoire est très important + en matière de performance, il est conseillé d'éliminer les modules que + vous n'utilisez pas vraiment. Si vous avez construit ces modules en + tant que <a href="../dso.html">DSOs</a>, leur élimination consiste + simplement à commenter la directive + <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> associée à ce + module. Ceci vous permet de vérifier si votre site fonctionne toujours + après la suppression de tel ou tel module.</p> + + <p>Par contre, si les modules que vous voulez supprimer sont liés + statiquement à votre binaire Apache, vous devrez recompiler ce dernier + afin de pouvoir les éliminer.</p> + + <p>La question qui découle de ce qui précède est évidemment de + savoir de quels modules vous avez besoin et desquels vous pouvez vous + passer. La réponse sera bien entendu différente d'un site web à + l'autre. Cependant, la liste <em>minimale</em> de modules nécessaire à + la survie de votre site contiendra certainement + <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>, <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code> et + <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code>. <code>mod_log_config</code> est bien + entendu optionnel puisque vous pouvez faire fonctionner un site web + en se passant de fichiers journaux ; ceci est cependant + déconseillé.</p> + + + + <h3>Opérations atomiques</h3> + + + + <p>Certains modules, à l'instar de <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> et des + versions de développement récentes du MPM worker, utilisent l'API + atomique d'APR. Cette API propose des opérations atomiques que l'on + peut utiliser pour alléger la synchronisation des threads.</p> + + <p>Par défaut, APR implémente ces opérations en utilisant les + mécanismes les plus efficaces disponibles sur chaque plateforme cible + (Système d'exploitation et processeur). De nombreux processeurs modernes, + par exemple, possèdent une instruction qui effectue une opération + atomique de type comparaison et échange ou compare-and-swap (CAS) au + niveau matériel. Sur certaines platesformes cependant, APR utilise par + défaut une implémentation de l'API atomique plus lente, basée sur les + mutex, afin d'assurer la compatibilité avec les anciens modèles de + processeurs qui ne possèdent pas ce genre d'instruction. Si vous + construisez Apache pour une de ces platesformes, et ne prévoyez de + l'exécuter que sur des processeurs récents, vous pouvez sélectionner une + implémentation atomique plus rapide à la compilation en utilisant + l'option <code>--enable-nonportable-atomics</code> du + script configure :</p> + + <div class="example"><p><code> + ./buildconf<br /> + ./configure --with-mpm=worker --enable-nonportable-atomics=yes + </code></p></div> + + <p>L'option <code>--enable-nonportable-atomics</code> concerne les + platesformes suivantes :</p> + + <ul> + + <li>Solaris sur SPARC<br /> + Sur Solaris/SPARC, APR utilise par défaut les opérations + atomiques basées sur les mutex. Cependant, si vous ajoutez l'option + <code>--enable-nonportable-atomics</code> au script configure, APR + génère un code qui utilise le code opération SPARC v8plus pour des + opérations de compare-and-swap matériel plus rapides. Si vous + utilisez cette option de configure avec Apache, les opérations + atomiques seront plus efficaces (permettant d'alléger la charge du + processeur et un plus haut niveau de simultanéité), mais + l'exécutable produit ne fonctionnera que sur les processeurs + UltraSPARC. + </li> + + <li>Linux sur x86<br /> + Sous Linux, APR utilise par défaut les opérations atomiques basées + sur les mutex. Cependant, si vous ajoutez l'option + <code>--enable-nonportable-atomics</code> au script configure, + APR générera un code qui utilise un code d'opération du 486 + pour des opérations de compare-and-swap matériel plus rapides. Le + code résultant est plus efficace en matière d'opérations atomiques, + mais l'exécutable produit ne fonctionnera que sur des processeurs + 486 et supérieurs (et non sur des 386). + </li> + + </ul> + + + + <h3>Module mod_status et ExtendedStatus On</h3> + + + + <p>Si vous incluez le module <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> à la + construction d'Apache et ajoutez <code>ExtendedStatus On</code> à sa + configuration, Apache va effectuer pour chaque requête deux appels à + <code>gettimeofday(2)</code> (ou <code>times(2)</code> selon votre + système d'exploitation), et (pour les versions antérieures à 1.3) de + nombreux appels supplémentaires à <code>time(2)</code>. Tous ces + appels sont effectués afin que le rapport de statut puisse contenir + des indications temporelles. Pour améliorer les performances, utilisez + <code>ExtendedStatus off</code> (qui est le réglage par défaut).</p> + + + + <h3>accept Serialization - points de connexion à un programme (sockets) multiples</h3> + + + + <div class="warning"><h3>Mise en garde :</h3> + <p>Cette section n'a pas été totalement mise à jour car elle ne tient pas + compte des changements intervenus dans la version 2.x du Serveur HTTP + Apache. Certaines informations sont encore pertinentes, il vous est + cependant conseillé de les utiliser avec prudence.</p> + </div> + + <p>Ce qui suit est une brève discussion à propos de l'API des sockets + Unix. Supposons que votre serveur web utilise plusieurs directives + <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> afin d'écouter + plusieurs ports ou de multiples adresses. Afin de tester chaque socket + pour voir s'il a une connexion en attente, Apache utilise + <code>select(2)</code>. <code>select(2)</code> indique si un socket a + <em>zéro</em> ou <em>au moins une</em> connexion en attente. Le modèle + d'Apache comporte plusieurs processus enfants, et tous ceux qui sont + inactifs testent la présence de nouvelles connexions au même moment. + Une implémentation rudimentaire de ceci pourrait ressembler à + l'exemple suivant + (ces exemples ne sont pas extraits du code d'Apache, ils ne sont + proposés qu'à des fins pédagogiques) :</p> + + <pre class="prettyprint lang-c"> for (;;) { + for (;;) { + fd_set accept_fds; + + FD_ZERO (&accept_fds); + for (i = first_socket; i <= last_socket; ++i) { + FD_SET (i, &accept_fds); + } + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + if (rc < 1) continue; + new_connection = -1; + for (i = first_socket; i <= last_socket; ++i) { + if (FD_ISSET (i, &accept_fds)) { + new_connection = accept (i, NULL, NULL); + if (new_connection != -1) break; + } + } + if (new_connection != -1) break; + } + process_the(new_connection); + }</pre> + + + <p>Mais cette implémentation rudimentaire présente une sérieuse lacune. + Rappelez-vous que les processus enfants exécutent cette boucle au même + moment ; ils vont ainsi bloquer sur <code>select</code> s'ils se trouvent + entre deux requêtes. Tous ces processus bloqués vont se réactiver et + sortir de <code>select</code> quand une requête va apparaître sur un des + sockets (le nombre de processus enfants qui se réactivent varie en + fonction du système d'exploitation et des réglages de synchronisation). + Ils vont alors tous entrer dans la boucle et tenter un + <code>"accept"</code> de la connexion. Mais seulement un d'entre eux y + parviendra (en supposant qu'il ne reste q'une seule connexion en + attente), les autres vont se bloquer au niveau de <code>accept</code>. + Ceci verrouille vraiment ces processus de telle sorte qu'ils ne peuvent + plus servir de requêtes que par cet unique socket, et il en sera ainsi + jusqu'à ce que suffisamment de nouvelles requêtes apparaissent sur ce + socket pour les réactiver tous. Cette lacune a été documentée pour la + première fois dans + <a href="http://bugs.apache.org/index/full/467">PR#467</a>. Il existe + au moins deux solutions.</p> + + <p>La première consiste à rendre les sockets non blocants. Dans ce cas, + <code>accept</code> ne bloquera pas les processus enfants, et ils + pourront continuer à s'exécuter immédiatement. Mais ceci consomme des + ressources processeur. Supposons que vous ayez dix processus enfants + inactifs dans <code>select</code>, et qu'une connexion arrive. + Neuf des dix processus vont se réactiver, tenter un <code>accept</code> + de la connexion, échouer, et boucler dans <code>select</code>, tout en + n'ayant finalement rien accompli. Pendant ce temps, aucun de ces processus + ne traite les requêtes qui arrivent sur d'autres sockets jusqu'à ce + qu'ils retournent dans <code>select</code>. Finalement, cette solution + ne semble pas très efficace, à moins que vous ne disposiez d'autant de + processeurs inactifs (dans un serveur multiprocesseur) que de processus + enfants inactifs, ce qui n'est pas une situation très courante.</p> + + <p>Une autre solution, celle qu'utilise Apache, consiste à sérialiser les + entrées dans la boucle interne. La boucle ressemble à ceci (les + différences sont mises en surbrillance) :</p> + + <pre class="prettyprint lang-c"> for (;;) { + <strong>accept_mutex_on ();</strong> + for (;;) { + fd_set accept_fds; + + FD_ZERO (&accept_fds); + for (i = first_socket; i <= last_socket; ++i) { + FD_SET (i, &accept_fds); + } + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + if (rc < 1) continue; + new_connection = -1; + for (i = first_socket; i <= last_socket; ++i) { + if (FD_ISSET (i, &accept_fds)) { + new_connection = accept (i, NULL, NULL); + if (new_connection != -1) break; + } + } + if (new_connection != -1) break; + } + <strong>accept_mutex_off ();</strong> + process the new_connection; + }</pre> + + + <p><a id="serialize" name="serialize">Les fonctions</a> + <code>accept_mutex_on</code> et <code>accept_mutex_off</code> + implémentent un sémaphore permettant une exclusion mutuelle. Un seul + processus enfant à la fois peut posséder le mutex. Plusieurs choix se + présentent pour implémenter ces mutex. Ce choix est défini dans + <code>src/conf.h</code> (versions antérieures à 1.3) ou + <code>src/include/ap_config.h</code> (versions 1.3 ou supérieures). + Certaines architectures ne font pas ce choix du mode de verrouillage ; + l'utilisation de directives + <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> multiples sur ces + architectures est donc peu sûr.</p> + + <p>La directive <code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> permet + de modifier l'implémentation du mutex <code>mpm-accept</code> à + l'exécution. Des considérations spécifiques aux différentes + implémentations de mutex sont documentées avec cette directive.</p> + + <p>Une autre solution qui a été imaginée mais jamais implémentée, consiste + à sérialiser partiellement la boucle -- c'est à dire y faire entrer un + certain nombre de processus. Ceci ne présenterait un intérêt que sur les + machines multiprocesseurs où plusieurs processus enfants peuvent + s'exécuter simultanément, et encore, la sérialisation ne tire pas + vraiment parti de toute la bande passante. C'est une possibilité + d'investigation future, mais demeure de priorité basse car les serveurs + web à architecture hautement parallèle ne sont pas la norme.</p> + + <p>Pour bien faire, vous devriez faire fonctionner votre serveur sans + directives <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> multiples + si vous visez les performances les plus élevées. + Mais lisez ce qui suit.</p> + + + + <h3>accept Serialization - point de connexion à un programme (sockets) unique</h3> + + + + <p>Ce qui précède convient pour les serveurs à sockets multiples, mais + qu'en est-il des serveurs à socket unique ? En théorie, ils ne + devraient pas rencontrer les mêmes problèmes car tous les processus + enfants peuvent se bloquer dans <code>accept(2)</code> jusqu'à ce qu'une + connexion arrive, et ils ne sont pas utilisés à ne rien faire. En + pratique, ceci dissimule un même comportement de bouclage + discuté plus haut dans la solution non-blocante. De la manière dont + sont implémentées les piles TCP, le noyau réactive véritablement tous les + processus bloqués dans <code>accept</code> quand une seule connexion + arrive. Un de ces processus prend la connexion en compte et retourne + dans l'espace utilisateur, les autres bouclant dans l'espace du + noyau et se désactivant quand ils s'aperçoivent qu'il n'y a pas de + connexion pour eux. Ce bouclage est invisible depuis le code de l'espace + utilisateur, mais il est quand-même présent. Ceci peut conduire à la + même augmentation de charge à perte que la solution non blocante au cas + des sockets multiples peut induire.</p> + + <p>Pour cette raison, il apparaît que de nombreuses architectures se + comportent plus "proprement" si on sérialise même dans le cas d'une socket + unique. Il s'agit en fait du comportement par défaut dans la plupart des + cas. Des expériences poussées sous Linux (noyau 2.0.30 sur un + biprocesseur Pentium pro 166 avec 128 Mo de RAM) ont montré que la + sérialisation d'une socket unique provoque une diminution inférieure à 3% + du nombre de requêtes par secondes par rapport au traitement non + sérialisé. Mais le traitement non sérialisé des sockets uniques induit + un temps de réponse supplémentaire de 100 ms pour chaque requête. Ce + temps de réponse est probablement provoqué par une limitation sur les + lignes à haute charge, et ne constitue un problème que sur les réseaux + locaux. Si vous voulez vous passer de la sérialisation des sockets + uniques, vous pouvez définir + <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> et les + serveurs à socket unique ne pratiqueront plus du tout la + sérialisation.</p> + + + + <h3>Fermeture en prenant son temps (Lingering close)</h3> + + + + <p>Comme discuté dans <a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt"> + draft-ietf-http-connection-00.txt</a> section 8, pour implémenter de + manière <strong>fiable</strong> le protocole, un serveur HTTP doit fermer + les deux directions d'une communication indépendamment (rappelez-vous + qu'une connexion TCP est bidirectionnelle, chaque direction étant + indépendante de l'autre).</p> + + <p>Quand cette fonctionnalité fut ajoutée à Apache, elle causa une + avalanche de problèmes sur plusieurs versions d'Unix à cause d'une + implémentation à courte vue. La spécification TCP ne précise pas que + l'état <code>FIN_WAIT_2</code> possède un temps de réponse mais elle ne + l'exclut pas. Sur les systèmes qui n'introduisent pas ce temps de + réponse, Apache 1.2 induit de nombreux blocages définitifs de socket + dans l'état <code>FIN_WAIT_2</code>. On peut eviter ceci dans de nombreux + cas tout simplement en mettant à jour TCP/IP avec le dernier patch mis à + disposition par le fournisseur. Dans les cas où le fournisseur n'a + jamais fourni de patch (par exemple, SunOS4 -- bien que les utilisateurs + possédant une license source puissent le patcher eux-mêmes), nous avons + décidé de désactiver cette fonctionnalité.</p> + + <p>Il y a deux méthodes pour arriver à ce résultat. La première est + l'option de socket <code>SO_LINGER</code>. Mais le sort a voulu que cette + solution ne soit jamais implémentée correctement dans la plupart des + piles TCP/IP. Et même dans les rares cas où cette solution a été + implémentée correctement (par exemple Linux 2.0.31), elle se + montre beaucoup plus gourmande (en temps processeur) que la solution + suivante.</p> + + <p>Pour la plus grande partie, Apache implémente cette solution à l'aide + d'une fonction appelée <code>lingering_close</code> (définie dans + <code>http_main.c</code>). La fonction ressemble approximativement à + ceci :</p> + + <pre class="prettyprint lang-c"> void lingering_close (int s) + { + char junk_buffer[2048]; + + /* shutdown the sending side */ + shutdown (s, 1); + + signal (SIGALRM, lingering_death); + alarm (30); + + for (;;) { + select (s for reading, 2 second timeout); + if (error) break; + if (s is ready for reading) { + if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) { + break; + } + /* just toss away whatever is here */ + } + } + + close (s); + }</pre> + + + <p>Ceci ajoute naturellement un peu de charge à la fin d'une connexion, + mais s'avère nécessaire pour une implémentation fiable. Comme HTTP/1.1 + est de plus en plus présent et que toutes les connexions sont + persistentes, la charge sera amortie par la multiplicité des requêtes. + Si vous voulez jouer avec le feu en désactivant cette fonctionnalité, + vous pouvez définir <code>NO_LINGCLOSE</code>, mais c'est fortement + déconseillé. En particulier, comme les connexions persistantes en + pipeline de HTTP/1.1 commencent à être utilisées, + <code>lingering_close</code> devient une absolue nécessité (et les + <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html"> + connexions en pipeline sont plus rapides</a> ; vous avez donc tout + intérêt à les supporter).</p> + + + + <h3>Fichier tableau de bord (Scoreboard file)</h3> + + + + <p>Les processus parent et enfants d'Apache communiquent entre eux à + l'aide d'un objet appelé "Tableau de bord" (Scoreboard). Idéalement, cet + échange devrait s'effectuer en mémoire partagée. Pour les systèmes + d'exploitation auxquels nous avons eu accès, ou pour lesquels nous avons + obtenu des informations suffisamment détaillées pour effectuer un + portage, cet échange est en général implémenté en utilisant la mémoire + partagée. Pour les autres, on utilise par défaut un fichier d'échange sur + disque. Le fichier d'échange sur disque est non seulement lent, mais + aussi peu fiable (et propose moins de fonctionnalités). Recherchez dans + le fichier <code>src/main/conf.h</code> correspondant à votre + architecture soit <code>USE_MMAP_SCOREBOARD</code>, soit + <code>USE_SHMGET_SCOREBOARD</code>. La définition de l'un des deux + (ainsi que leurs compagnons respectifs <code>HAVE_MMAP</code> et + <code>HAVE_SHMGET</code>), active le code fourni pour la mémoire + partagée. Si votre système propose une autre solution pour la gestion de + la mémoire partagée, éditez le fichier <code>src/main/http_main.c</code> + et ajoutez la portion de code nécessaire pour pouvoir l'utiliser dans + Apache (Merci de nous envoyer aussi le patch correspondant).</p> + + <div class="note">Note à caractère historique : le portage d'Apache sous Linux + n'utilisait pas la mémoire partagée avant la version 1.2. Ceci entraînait + un comportement très rudimentaire et peu fiable des versions antérieures + d'Apache sous Linux.</div> + + + + <h3>DYNAMIC_MODULE_LIMIT</h3> + + + + <p>Si vous n'avez pas l'intention d'utiliser les modules chargés + dynamiquement (ce qui est probablement le cas si vous êtes en train de + lire ce document afin de personnaliser votre serveur en recherchant le + moindre des gains en performances), vous pouvez ajouter la définition + <code>-DDYNAMIC_MODULE_LIMIT=0</code> à la construction de votre serveur. + Ceci aura pour effet de libérer la mémoire RAM allouée pour le + chargement dynamique des modules.</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="trace" id="trace">Appendice : Analyse détaillée d'une trace</a></h2> + + + + <p>Voici la trace d'un appel système d'Apache 2.0.38 avec le MPM worker + sous Solaris 8. Cette trace a été collectée à l'aide de la commande :</p> + + <div class="example"><p><code> + truss -l -p <var>httpd_child_pid</var>. + </code></p></div> + + <p>L'option <code>-l</code> demande à truss de tracer l'ID du LWP + (lightweight process--la version de Solaris des threads niveau noyau) qui + invoque chaque appel système.</p> + + <p>Les autres systèmes peuvent proposer des utilitaires de traçage + des appels système différents comme <code>strace</code>, + <code>ktrace</code>, ou <code>par</code>. Ils produisent cependant tous une + trace similaire.</p> + + <p>Dans cette trace, un client a demandé un fichier statique de 10 ko au + démon httpd. Le traçage des requêtes pour des contenus non statiques + ou comportant une négociation de contenu a une présentation + différente (et même assez laide dans certains cas).</p> + + <div class="example"><pre>/67: accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...) +/67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9</pre></div> + + <p>Dans cette trace, le thread à l'écoute s'exécute à l'intérieur de + LWP #67.</p> + + <div class="note">Notez l'absence de la sérialisation d'<code>accept(2)</code>. Sur + cette plateforme spécifique, le MPM worker utilise un accept non sérialisé + par défaut sauf s'il est en écoute sur des ports multiples.</div> + + <div class="example"><pre>/65: lwp_park(0x00000000, 0) = 0 +/67: lwp_unpark(65, 1) = 0</pre></div> + + <p>Après avoir accepté la connexion, le thread à l'écoute réactive un + thread du worker pour effectuer le traitement de la requête. Dans cette + trace, le thread du worker qui traite la requête est associé à + LWP #65.</p> + + <div class="example"><pre>/65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0</pre></div> + + <p>Afin de pouvoir implémenter les hôtes virtuels, Apache doit connaître + l'adresse du socket local utilisé pour accepter la connexion. On pourrait + supprimer cet appel dans de nombreuses situations (par exemple dans le cas + où il n'y a pas d'hôte virtuel ou dans le cas où les directives + <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> contiennent des adresses + sans caractères de substitution). Mais aucun effort n'a été accompli à ce + jour pour effectuer ces optimisations.</p> + + <div class="example"><pre>/65: brk(0x002170E8) = 0 +/65: brk(0x002190E8) = 0</pre></div> + + <p>L'appel <code>brk(2)</code> alloue de la mémoire dans le tas. Ceci est + rarement visible dans une trace d'appel système, car le démon httpd + utilise des allocateurs mémoire de son cru (<code>apr_pool</code> et + <code>apr_bucket_alloc</code>) pour la plupart des traitements de requêtes. + Dans cette trace, le démon httpd vient juste de démarrer, et il doit + appeler <code>malloc(3)</code> pour réserver les blocs de mémoire + nécessaires à la création de ses propres allocateurs de mémoire.</p> + + <div class="example"><pre>/65: fcntl(9, F_GETFL, 0x00000000) = 2 +/65: fstat64(9, 0xFAF7B818) = 0 +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0 +/65: fstat64(9, 0xFAF7B818) = 0 +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0 +/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0 +/65: fcntl(9, F_SETFL, 0x00000082) = 0</pre></div> + + <p>Ensuite, le thread de worker passe la connexion du client (descripteur + de fichier 9) en mode non blocant. Les appels <code>setsockopt(2)</code> + et <code>getsockopt(2)</code> constituent un effet de bord de la manière + dont la libc de Solaris utilise <code>fcntl(2)</code> pour les sockets.</p> + + <div class="example"><pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre></div> + + <p>Le thread de worker lit la requête du client.</p> + + <div class="example"><pre>/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0 +/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10</pre></div> + + <p>Ce démon httpd a été configuré avec les options + <code>Options FollowSymLinks</code> et <code>AllowOverride None</code>. Il + n'a donc ni besoin d'appeler <code>lstat(2)</code> pour chaque répertoire + du chemin du fichier demandé, ni besoin de vérifier la présence de fichiers + <code>.htaccess</code>. Il appelle simplement <code>stat(2)</code> pour + vérifier d'une part que le fichier existe, et d'autre part que c'est un + fichier régulier, et non un répertoire.</p> + + <div class="example"><pre>/65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269</pre></div> + + <p>Dans cet exemple, le démon httpd peut envoyer l'en-tête de la réponse + HTTP et le fichier demandé à l'aide d'un seul appel système + <code>sendfilev(2)</code>. La sémantique de sendfile varie en fonction des + systèmes d'exploitation. Sur certains autres systèmes, il faut faire un + appel à <code>write(2)</code> ou <code>writev(2)</code> pour envoyer les + en-têtes avant d'appeler <code>sendfile(2)</code>.</p> + + <div class="example"><pre>/65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78</pre></div> + + <p>Cet appel à <code>write(2)</code> enregistre la requête dans le journal + des accès. Notez qu'une des choses manquant à cette trace est un appel à + <code>time(2)</code>. A la différence d'Apache 1.3, Apache 2.x utilise + <code>gettimeofday(3)</code> pour consulter l'heure. Sur certains systèmes + d'exploitation, comme Linux ou Solaris, <code>gettimeofday</code> est + implémenté de manière optimisée de telle sorte qu'il consomme moins de + ressources qu'un appel système habituel.</p> + + <div class="example"><pre>/65: shutdown(9, 1, 1) = 0 +/65: poll(0xFAF7B980, 1, 2000) = 1 +/65: read(9, 0xFAF7BC20, 512) = 0 +/65: close(9) = 0</pre></div> + + <p>Le thread de worker effectue une fermeture "en prenant son temps" + (lingering close) de la connexion.</p> + + <div class="example"><pre>/65: close(10) = 0 +/65: lwp_park(0x00000000, 0) (sleeping...)</pre></div> + + <p>Enfin, le thread de worker ferme le fichier qu'il vient de délivrer et + se bloque jusqu'à ce que le thread en écoute lui assigne une autre + connexion.</p> + + <div class="example"><pre>/67: accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre></div> + + <p>Pendant ce temps, le thread à l'écoute peut accepter une autre connexion + à partir du moment où il a assigné la connexion présente à un thread de + worker (selon une certaine logique de contrôle de flux dans le MPM worker + qui impose des limites au thread à l'écoute si tous les threads de worker + sont occupés). Bien que cela n'apparaisse pas dans cette trace, + l'<code>accept(2)</code> suivant peut (et le fait en général, en situation + de charge élevée) s'exécuter en parallèle avec le traitement de la + connexion qui vient d'être acceptée par le thread de worker.</p> + + </div></div> +<div class="bottomlang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" title="Français"> fr </a> | +<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/perf-tuning.html.ko.euc-kr b/docs/manual/misc/perf-tuning.html.ko.euc-kr new file mode 100644 index 0000000..eb8c9e7 --- /dev/null +++ b/docs/manual/misc/perf-tuning.html.ko.euc-kr @@ -0,0 +1,1006 @@ +<?xml version="1.0" encoding="EUC-KR"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head> +<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>ġ - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>ġ </h1> +<div class="toplang"> +<p><span> : </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/perf-tuning.html" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> +<div class="outofdate"> ֽ ƴմϴ. + ֱٿ ϼ.</div> + + + <p>ġ 2.0 ɰ ðɼ µ + ̴. ġũ + ʾ ġ 2.0 .</p> + + <p>ġ 1.3 ؼ 2.0 ó Ȯ强(scalability) + ̱ ȭ ߴ. ⺻ κ ȭ + Ѵ. Ͻ Ȥ ɿ + ū ִ. ġ 2.0 ϱ + ڰ ִ ɼ Ѵ. + ɼ ϵ ü Ȱϵ + ϴ ݸ, ɼ ӵ Ѵ.</p> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">ϵ ü ؼ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#runtime"> ؼ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Ͻ ؼ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#trace">η: ýȣ ڼ мϱ</a></li> +</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="hardware" id="hardware">ϵ ü ؼ</a></h2> + + + + <p> ɿ ū ִ . + û ð ڰ " ٰ" ϰ + ø ϸ ȵȴ. ڴ + ϰ ٽ Ͽ ϰ Ѵ. <code class="directive"><a href="../mod/mpm_common.html#maxclients">MaxClients</a></code> þ Ͽ + ڽ ʵ ؾ + Ѵ. ϴ: <code>top</code> + μ ġ μ 뷮 + ˾Ƴ, ü 밡 ٸ μ + .</p> + + <p> ϴ: CPU, Ʈī, + ũ, ⼭ " " ؼ ؾ + Ѵ.</p> + + <p>ü ˾Ƽ ̴. Ϲ + ϴٰ Ǹ ħ ִ:</p> + + <ul> + <li> + <p> ü ֽ ġ Ѵ. + ü ۻ ֱ TCP ð ̺귯 + ӵ ߴ.</p> + </li> + + <li> + <p>ü <code>sendfile(2)</code> ýȣ + Ѵٸ, ̸ ϱ ̳ ġ ġϿ + ȮѴ. ( , 2.4 ̻ Ѵ. + Solaris 8 ʱ ġ ʿϴ.) ϴ ý̶ + ġ 2 <code>sendfile</code> Ͽ CPU + ϸ մ.</p> + </li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="runtime" id="runtime"> ؼ</a></h2> + + + + <table class="related"><tr><th>õ </th><th>õ þ</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table> + + <h3><a name="dns" id="dns">HostnameLookups DNS </a></h3> + + + + <p>ġ 1.3 <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> ⺻ + <code>On</code>̿. û ġ DNS ˻ + ϹǷ û . ġ 1.3 + ⺻ <code>Off</code> Ǿ. α ּҸ + ȣƮ ȯϷ αó α ϳ, + ġ Ե <a href="../programs/logresolve.html"><code>logresolve</code></a> + α ϶.</p> + + <p>αó ۾ ɿ ǿ ġǷ + ϴ ƴ ٸ ǻͿ α óϱ + ٶ.</p> + + <p><code><code class="directive"><a href="../mod/mod_access.html#allow">Allow</a></code> + from domain</code>̳ <code><code class="directive"><a href="../mod/mod_access.html#deny">Deny</a></code> from domain</code> + þ Ѵٸ (, IP ּҰ ƴ ȣƮ̳ θ + Ѵٸ) ε ߺ- DNS ˻ (˻ Ƿ + Ǿ Ȯϱ ٽ ˻) ؾ Ѵ. Ƿ + ̱ ̷ þ ϸ ̸ IP + ּҸ Ѵ.</p> + + <p><code><Location /server-status></code> + þ ϶. + ǿ ´ û DNS ȸ Ѵ. + <code>.html</code> <code>.cgi</code> ϸ DNS ˻ + ϴ :</p> + + <div class="example"><p><code> + HostnameLookups off<br /> + <Files ~ "\.(html|cgi)$"><br /> + <span class="indent"> + HostnameLookups on<br /> + </span> + </Files> + </code></p></div> + + <p> CGI DNS ʿ ̶, ʿ Ư + CGI <code>gethostbyname</code> ȣ ϵ غ + ִ.</p> + + + + <h3><a name="symlinks" id="symlinks">FollowSymLinks SymLinksIfOwnerMatch</a></h3> + + + + <p>URL <code>Options FollowSymLinks</code> + ʰ <code>Options SymLinksIfOwnerMatch</code> + ϸ ġ ɺũ ˻ϱ ýȣ + ѹ ؾ Ѵ. ϸ κи ѹ ȣ + Ѵ. , :</p> + + <div class="example"><p><code> + DocumentRoot /www/htdocs<br /> + <Directory /><br /> + <span class="indent"> + Options SymLinksIfOwnerMatch<br /> + </span> + </Directory> + </code></p></div> + + <p><code>/index.html</code> URI û ִٰ . + ġ <code>/www</code>, <code>/www/htdocs</code>, + <code>/www/htdocs/index.html</code> + <code>lstat(2)</code> ȣѴ. <code>lstats</code> + ij ʱ û Ź + ۾ Ѵ. ¥ ɺũ ˻縦 Ѵٸ + ִ:</p> + + <div class="example"><p><code> + DocumentRoot /www/htdocs<br /> + <Directory /><br /> + <span class="indent"> + Options FollowSymLinks<br /> + </span> + </Directory><br /> + <br /> + <Directory /www/htdocs><br /> + <span class="indent"> + Options -FollowSymLinks +SymLinksIfOwnerMatch<br /> + </span> + </Directory> + </code></p></div> + + <p> ּ <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> δ ˻ + ʴ´. DocumentRoot ۿ ִ η <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code> <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> + 쿡 ʿϴ. ɺũ + ʰ ְ , + <code>FollowSymLinks</code> ϰ, + <code>SymLinksIfOwnerMatch</code> ȵȴ.</p> + + + + <h3><a name="htaccess" id="htaccess">AllowOverride</a></h3> + + + + <p>URL overrides Ѵٸ ( + <code>.htaccess</code> ) ġ ϸ κи + <code>.htaccess</code> õѴ. ,</p> + + <div class="example"><p><code> + DocumentRoot /www/htdocs<br /> + <Directory /><br /> + <span class="indent"> + AllowOverride all<br /> + </span> + </Directory> + </code></p></div> + + <p><code>/index.html</code> URI û ִٰ . + ġ <code>/.htaccess</code>, <code>/www/.htaccess</code>, + <code>/www/htdocs/.htaccess</code> õѴ. + ذå <code>Options FollowSymLinks</code> + ϴ. ְ Ͻýۿ ؼ + <code>AllowOverride None</code> Ѵ.</p> + + + + <h3><a name="negotiation" id="negotiation"></a></h3> + + + + <p>ϰ ¥ ִٸ + ´. ̵ Ϻ ۴. + ִ. ϵī带 ϴ :</p> + + <div class="example"><p><code> + DirectoryIndex index + </code></p></div> + + <p> Ѵ:</p> + + <div class="example"><p><code> + DirectoryIndex index.cgi index.pl index.shtml index.html + </code></p></div> + + <p> տ д.</p> + + <p>, 丮 ϵ ã <code>MultiViews</code> + ٴ, ϸ ʿ ִ + <code>type-map</code> + ϶.</p> + + <p>Ʈ ʿϴٸ <code>Options + MultiViews</code> þ ϱ⺸ <code>type-map</code> + ϶. ڼ + <code>type-map</code> <a href="../content-negotiation.html"></a> ϶.</p> + + + + <h3> (memory-mapping)</h3> + + + + <p> , server-side-include óϴ ġ + 2.0 ü <code>mmap(2)</code> + Ѵٸ Ѵ.</p> + + <p> ÷ Ѵ. + Ʈ + ġ 찡 ִ:</p> + + <ul> + <li> + <p> ü <code>mmap</code> CPU + <code>read(2)</code> ŭ Ȯ强 ʴ. + , μ Solaris ġ 2.0 + <code>mmap</code> ó + Ѵ.</p> + </li> + + <li> + <p>NFS Ʈ Ͻýۿ ִ ϴ + ߿ ٸ NFS Ŭ̾Ʈ ִ μ + ų ũ⸦ ̸, μ + ϳ bus error + ִ.</p> + </li> + </ul> + + <p> ǿ شϸ ϴ + ʵ <code>EnableMMAP off</code> ؾ Ѵ. (: + þ 丮 ִ.)</p> + + + + <h3>Sendfile</h3> + + + + <p>ġ ü <code>sendfile(2)</code> ϸ + Ŀ sendfile Ͽ -- , Ҷ + -- ִ.</p> + + <p> ÷ sendfile ϸ read send + ʿ䰡 . sendfile ϸ + ġԵǴ 찡 ִ:</p> + + <ul> + <li> + <p>sendfile ߸Ǿ ý + ߰ ϴ ÷ ִ. Ư ٸ ǻͿ + Ͽ sendfile ߸ ǻͷ + 쿡 ϴ.</p> + </li> + <li> + <p>Ŀ ڽ ij Ͽ NFS Ʈ + 찡 ִ.</p> + </li> + </ul> + + <p> ǿ شϸ sendfile ʵ + <code>EnableSendfile off</code> ؾ Ѵ. (: + þ 丮 ִ.)</p> + + + + <h3><a name="process" id="process">μ </a></h3> + + + + <p>ġ 1.3 <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> + ġũ ū ƴ. Ư ġ ۾ + ϱ ڽļ ٴٸ "" Ⱓ + ʿߴ. ó <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ڽ + , <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> + ʴ ڽ ϳ . <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ⺻ + <code>5</code> Ŭ̾Ʈ 100 ÿ ϸ + ϸ óϱ ڽ 95ʰ ɷȴ. + ʴ , 10а + ϴ ġũ ſ ڰ ´.</p> + + <p>ʴ Ѱ Ģ ڽ ϸ鼭 + ߴ. ǻͰ ڽ ϴ ٻڸ + û . Ģ ġ ü + ɿ ǿ ־ Ͽ. ġ 1.3 ʴ Ѱ + Ģ ȭǾ. ڵ ڽ Ѱ , 1 , + ΰ , 1 , װ , ̷ ʴ + ڽ 32 鶧 Ѵ. ڽļ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> ٴٸ + ߴѴ.</p> + + <p> ӵ <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code>, <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ʿ䰡 . ʿ + ڽ 4 ̻ ϸ <code class="directive"><a href="../mod/core.html#errorlog">ErrorLog</a></code> Ѵ. ̷ + ̸ ϱ ٶ. + <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> ̴.</p> + + <p>μ Ͽ <code class="directive"><a href="../mod/mpm_common.html#maxrequestsperchild">MaxRequestsPerChild</a></code> + μ Ѵ. ⺻ ڽĴ ó û + ٴ <code>0</code>̴. <code>30</code> + ſ ִٸ, ʿ䰡 + ִ. SunOS Solaris Ѵٸ, + <code>10000</code> ϶.</p> + + <p>(keep-alive) Ѵٸ ڽĵ ̹ + ῡ ߰ û ٸ ƹ͵ ʱ + ٻڴ. <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> + ⺻ <code>15</code> ʴ ̷ ּȭѴ. Ʈ + 뿪 ڿ ° Ѵ. <a href="http://www.research.digital.com/wrl/techreports/abstracts/95.4.html"> + κ </a> 쿡 + <code>60</code> ̻ ø .</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="compiletime" id="compiletime">Ͻ ؼ</a></h2> + + + + <h3>MPM </h3> + + + + <p>ġ 2.x <a href="../mpm.html">ó</a> + (MPMs)̶ ü ִ ȭ Ѵ. ġ + Ҷ MPM ؾ Ѵ. <code class="module"><a href="../mod/beos.html">beos</a></code>, + <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code>, + <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code> Ư ÷ + ִ MPM ִ. Ϲ н ý MPM + ߿ ϳ ִ. ӵ + Ȯ强(scalability) MPM ߳Ŀ ȴ:</p> + + <ul> + + <li><code class="module"><a href="../mod/worker.html">worker</a></code> MPM ڽ μ + 带 Ѵ. ѹ + Ѵ. Ϲ worker prefork MPM + ϹǷ ŷ ϴ.</li> + + <li><code class="module"><a href="../mod/prefork.html">prefork</a></code> MPM 尡 Ѱ ڽ + μ Ѵ. μ ѹ + Ѵ. ýۿ prefork ӵ worker + , Ѵ. Ȳ + 带 ʴ prefork worker + : 忡 (thread-safe) + ڰ ְ, + ÷ ִ.</li> + + </ul> + + <p> MPM ٸ MPM ڼ MPM <a href="../mpm.html"></a> ϱ ٶ.</p> + + + + <h3><a name="modules" id="modules"></a></h3> + + + + <p> 뷮 ɿ ߿ ̱ + ʴ غ. <a href="../dso.html">DSO</a> ߴٸ + <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> þ ּóϸ + ȴ. ϰ Ͽ Ʈ ̵ + ϴ 캼 ִ.</p> + + <p>ݴ ġ Ͽ ũִٸ + ʴ ϱ ġ ؾ + Ѵ.</p> + + <p>⼭ 翬 ϰ + ǹ . Ʈ ٸ. Ƹ + <em>ּ</em> <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>, + <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code>, <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code> + ̴. Ʈ α ʿٸ + <code>mod_log_config</code> ȴ. õ + ʴ´.</p> + + + + <h3>Atomic </h3> + + + + <p><code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> ֱ + worker MPM APR atomic API Ѵ. API 淮 + ȭ atomic Ѵ.</p> + + <p>⺻ APR ü/CPU ÷ ȿ + Ͽ Ѵ. , ֽ + CPU ϵ atomic compare-and-swap (CAS) + ϴ ɾ ִ. ÷ APR ̷ + ɾ CPU ȣȯ mutex + ⺻ Ѵ. ̷ ÷ ġ + Ҷ ġ ֽ CPU ȹ̶, + ġ Ҷ <code>--enable-nonportable-atomics</code> + ɼ Ͽ atomic ִ:</p> + + <div class="example"><p><code> + ./buildconf<br /> + ./configure --with-mpm=worker --enable-nonportable-atomics=yes + </code></p></div> + + <p><code>--enable-nonportable-atomics</code> ɼ + ÷ ִ:</p> + + <ul> + + <li>SPARC Solaris<br /> + ⺻ APR Solaris/SPARC mutex atomic + Ѵ. Ҷ + <code>--enable-nonportable-atomics</code> ϸ + APR ϵ compare-and-swap SPARC + v8plus ɾ Ѵ. ɼ ϸ atomic + ȿ (CPU ϰ + ȭ ϴ), UltraSPARC + Ĩ ִ. + </li> + + <li>Linux on x86<br /> + ⺻ APR mutex atomic + Ѵ. Ҷ + <code>--enable-nonportable-atomics</code> ϸ + APR ϵ compare-and-swap 486 + ɾ Ѵ. ȿ atomic , + 486 ̻ Ĩ (386 ȵȴ) + ִ. + </li> + + </ul> + + + + <h3>mod_status ExtendedStatus On</h3> + + + + <p>ġ Ҷ <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> ϰ + Ҷ <code>ExtendedStatus On</code> ϸ ġ + û <code>gettimeofday(2)</code>(Ȥ ü + <code>times(2)</code>) ι ȣϰ (1.3 ) + <code>time(2)</code> ߰ ȣѴ. + ۽ð ʿϱ ̴. ֻ + (⺻) <code>ExtendedStatus off</code> Ѵ.</p> + + + + <h3>accept ȭ - </h3> + + + + <div class="warning"><h3>:</h3> + <p> Ʒ ġ 2.0 + ʴ. ȿ , ؼ + ϱ ٶ.</p> + </div> + + <p>н API Ѵ. Ʈ + Ȥ ּҸ ٸ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> Ѵٰ . + ˻ϱ ġ + <code>select(2)</code> Ѵ. <code>select(2)</code> + Ͽ ٸ ִ <em></em> Ȥ <em>ּ + Ѱ</em> ִ ˷ش. ġ ڽ ְ, + ִ ڽ ÿ ο ˻Ѵ. + ϴ ( ڵ忡 ʾҴ. + ϱ 뵵 .):</p> + + <div class="example"><p><code> + for (;;) {<br /> + <span class="indent"> + for (;;) {<br /> + <span class="indent"> + fd_set accept_fds;<br /> + <br /> + FD_ZERO (&accept_fds);<br /> + for (i = first_socket; i <= last_socket; ++i) {<br /> + <span class="indent"> + FD_SET (i, &accept_fds);<br /> + </span> + }<br /> + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);<br /> + if (rc < 1) continue;<br /> + new_connection = -1;<br /> + for (i = first_socket; i <= last_socket; ++i) {<br /> + <span class="indent"> + if (FD_ISSET (i, &accept_fds)) {<br /> + <span class="indent"> + new_connection = accept (i, NULL, NULL);<br /> + if (new_connection != -1) break;<br /> + </span> + }<br /> + </span> + }<br /> + if (new_connection != -1) break;<br /> + </span> + }<br /> + process the new_connection;<br /> + </span> + } + </code></p></div> + + <p> ܼ ɰ (starvation) + ִ. ڽ ÿ ݺ ϸ, + û ٸ <code>select</code> . ̶ + Ͽ û ϳ ڽ + ( ڽ ü Ÿֿ̹ ٸ). + ̵ <code>accept</code>ϱ õѴ. + ( Ḹ ̶) ڽĸ ϰ, + <code>accept</code> <em>.</em> ڽĵ + û ϵ , ο + û ͼ ڽ ﶧ ִ. + ̷ <a href="http://bugs.apache.org/index/full/467">PR#467</a> + ó Ǿ. ּ ΰ ذå ִ.</p> + + <p>Ѱ ʵ (non-blocking) + ̴. ڽ <code>accept</code> ص + ʰ, ִ. CPU ð Ѵ. + <code>select</code> ڽ 10 ְ, + Ѱ Դٰ . ڽ 9 + <code>accept</code>ϱ õϰ ϸ ƹ + ϵ ʰ ٽ <code>select</code> ݺѴ. ٽ + <code>select</code> ƿ ڽĵ ٸ Ͽ + û ʴ´. (μ ǻͿ) + ڽ ŭ CPU ִ 幮 찡 ƴ϶ + ذå ƺ ʴ´.</p> + + <p>ٸ ġ ϴ ݺ + ڽĸ 鿩. ݺ (̸ + ):</p> + + <div class="example"><p><code> + for (;;) {<br /> + <span class="indent"> + <strong>accept_mutex_on ();</strong><br /> + for (;;) {<br /> + <span class="indent"> + fd_set accept_fds;<br /> + <br /> + FD_ZERO (&accept_fds);<br /> + for (i = first_socket; i <= last_socket; ++i) {<br /> + <span class="indent"> + FD_SET (i, &accept_fds);<br /> + </span> + }<br /> + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);<br /> + if (rc < 1) continue;<br /> + new_connection = -1;<br /> + for (i = first_socket; i <= last_socket; ++i) {<br /> + <span class="indent"> + if (FD_ISSET (i, &accept_fds)) {<br /> + <span class="indent"> + new_connection = accept (i, NULL, NULL);<br /> + if (new_connection != -1) break;<br /> + </span> + }<br /> + </span> + }<br /> + if (new_connection != -1) break;<br /> + </span> + }<br /> + <strong>accept_mutex_off ();</strong><br /> + process the new_connection;<br /> + </span> + } + </code></p></div> + + <p><code>accept_mutex_on</code> <code>accept_mutex_off</code> + <a id="serialize" name="serialize">Լ</a> mutex + Ѵ. ѹ ڽĸ mutex ִ. + mutex ϴ ̴. (1.3 + ) <code>src/conf.h</code> (1.3 ) + <code>src/include/ap_config.h</code> ǵִ. + ŰĴ (locking) ʱ, ̷ + ŰĿ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> þ ϸ + ϴ.</p> + + <p> <code class="directive"><a href="../mod/mpm_common.html#acceptmutex">AcceptMutex</a></code> þ Ͽ + mutex ִ.</p> + + <dl> + <dt><code>AcceptMutex flock</code></dt> + + <dd> + <p> ױ <code>flock(2)</code> + ýȣ Ѵ ( ġ <code class="directive"><a href="../mod/mpm_common.html#lockfile">LockFile</a></code> þ ).</p> + </dd> + + <dt><code>AcceptMutex fcntl</code></dt> + + <dd> + <p> ױ <code>fcntl(2)</code> + ýȣ Ѵ ( ġ <code class="directive"><a href="../mod/mpm_common.html#lockfile">LockFile</a></code> þ ).</p> + </dd> + + <dt><code>AcceptMutex sysvsem</code></dt> + + <dd> + <p>(1.3 ) SysV Ͽ + mutex Ѵ. SysV + ۿ ִ. ϳ ġ + ʰ ִ ̴ (<code>ipcs(8)</code> manpage + ). ٸ ϳ uid ϴ + CGI (<em>,</em> <code>suexec</code> + <code>cgiwrapper</code> ʴ CGI) + API Ͽ źΰ ִ + ̴. ̷ IRIX ŰĿ + ʴ´ (κ IRIX ǻͿ + ġ ̴).</p> + </dd> + + <dt><code>AcceptMutex pthread</code></dt> + + <dd> + <p>(1.3 ) POSIX mutex ϱ + POSIX Ծ ŰĶ + 밡, (2.5 ) Solaris װ͵ Ư + ϴ ϴ. õغٸ + 缭 ϴ Ѵ. + 븸 ϴ ϴ .</p> + </dd> + + <dt><code>AcceptMutex posixsem</code></dt> + + <dd> + <p>(2.0 ) POSIX Ѵ. + mutex μ 尡 ״´ٸ(segfault) + ȸ ʾƼ .</p> + </dd> + + </dl> + + <p>ýۿ Ͽ ȭ(serialization) + ִٸ ϴ ڵ带 APR ߰ ġ ִ.</p> + + <p> غ ٸ κ + ݺ ȭϴ ̴. , μ 鿩 + ̴. ڽ ÿ ־ + ȭ ü 뿪 Ȱ ϴ μ + ǻͿ ִ. 캼 κ, + ſ ȭ ʾƼ 켱 .</p> + + <p>ֻ ؼ <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> ʴ + ̴̻. Ѵ.</p> + + + + <h3>accept ȭ - Ѱ</h3> + + + + <p> , Ѱ + ? Ҷ ڽ + <code>accept(2)</code> ֱ ̷л + ʰ, . δ + տ ʴ (non-blocking) ϴ + "ȸ(spinning)" ߰ ִ. κ TCP + ϸ Ŀ <code>accept</code> ִ + ڽ 쵵 ִ. μ Ѱ + ڿ ư, Ŀο ȸϿ + ߰ϸ ٽ ܴ. ڿ ڵ忡 + ̷ ȸ , и Ѵ. + ʴ ϰ ϸ ̴ ʿ ൿ + Ͼ.</p> + + <p> 츮 ŰĿ Ѱ 쿡 + ȭϸ "" ߰ߴ. κ + ⺻ ȭ Ѵ. (Ŀ 2.0.30, + 128Mb Pentium pro) Ѱ + ȭϸ 쿡 ʴ û 3% ̸ + پ. ȭ û 100ms + ߴ. Ƹ LAN ϴ + ἱ ̴. Ѱ ȭ + <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> + Ѵ.</p> + + + + <h3>Close (lingering)</h3> + + + + <p><a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt"> + draft-ietf-http-connection-00.txt</a> 8 ϵ + <strong></strong> Ƿ, + ־ Ѵ (TCP ֹ̰, + ̴). ٸ + , ġ 1.2 Ȯ ؿԴ.</p> + + <p> ϰ ġ ߰ н + ߴ. TCP Ծ + <code>FIN_WAIT_2</code> ŸӾƿ ִٰ ʾ, + ʾҴ. ŸӾƿ ýۿ ġ 1.2 + <code>FIN_WAIT_2</code> · . + ۻ簡 ϴ ֽ TCP/IP ġ + Ͽ ذ ִ. ۻ簡 ġ ǥ + ʴ 찡 (<em>,</em> SunOS4 -- ҽ ̼ ִ + ġ ) ֱ + ʱ ߴ.</p> + + <p> ΰ. ϳ ɼ <code>SO_LINGER</code> + ϴ ̴. κ TCP/IP + ɼ ùٷ ʾҴ. ùٷ ÿ + (<em>,</em> 2.0.31) + cpu ƸԴ´.</p> + + <p>ġ (<code>http_main.c</code> ִ) + <code>lingering_close</code> Լ Ѵ. Լ + :</p> + + <div class="example"><p><code> + void lingering_close (int s)<br /> + {<br /> + <span class="indent"> + char junk_buffer[2048];<br /> + <br /> + /* shutdown the sending side */<br /> + shutdown (s, 1);<br /> + <br /> + signal (SIGALRM, lingering_death);<br /> + alarm (30);<br /> + <br /> + for (;;) {<br /> + <span class="indent"> + select (s for reading, 2 second timeout);<br /> + if (error) break;<br /> + if (s is ready for reading) {<br /> + <span class="indent"> + if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) {<br /> + <span class="indent"> + break;<br /> + </span> + }<br /> + /* just toss away whatever is here */<br /> + </span> + }<br /> + </span> + }<br /> + <br /> + close (s);<br /> + </span> + } + </code></p></div> + + <p> ڵ CPU , + ʿϴ. HTTP/1.1 θ + Ѵٸ(persistent), û + óϸ鼭 ̴. ϰԵ + <code>NO_LINGCLOSE</code> Ͽ + , ʴ´. Ư HTTP/1.1 + <span class="transnote">(<em>;</em> ¿ ٸ + ʰ û )</span> + <code>lingering_close</code> ʼ̴ ( <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html"> + </a> ϱ ٶ ̴).</p> + + + + <h3>Scoreboard </h3> + + + + <p>ġ θ ڽ scoreboard + Ѵ. ̻δ scoreboard ؾ + Ѵ. 츮 ڰ ش ü ְų + Ͽ Ѵ. + ũ ִ Ͽ Ѵ. ũ + ִ ŷڵ (ɵ ). + <code>src/main/conf.h</code> Ͽ ϴ Űĸ + ãƼ <code>USE_MMAP_SCOREBOARD</code> Ȥ + <code>USE_SHMGET_SCOREBOARD</code> ȮѴ. + ϳ ( Բ <code>HAVE_MMAP</code>̳ + <code>HAVE_SHMGET</code> ) ϸ ڵ带 + Ѵ. ý ٸ Ѵٸ + <code>src/main/http_main.c</code> Ͽ ġ + ֵ (hook) ߰϶. ( + ġ 츮 ֱ ٶ.)</p> + + <div class="note"> : ġ ġ 1.2 + ϱ ߴ. ʱ ġ + ŷڵ ̴.</div> + + + + <h3>DYNAMIC_MODULE_LIMIT</h3> + + + + <p> о ʴ´ٸ ( ̶ + ̱ д´ٸ Ƹ + о ̴), Ҷ + <code>-DDYNAMIC_MODULE_LIMIT=0</code> ߰Ѵ. + о̱ Ҵϴ Ѵ.</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="trace" id="trace">η: ýȣ ڼ мϱ</a></h2> + + + + <p> Solaris 8 worker MPM ġ 2.0.38 + ýȣ (trace)̴. Ʒ ɾ Ͽ + :</p> + + <div class="example"><p><code> + truss -l -p <var>httpd_child_pid</var>. + </code></p></div> + + <p><code>-l</code> ɼ ϸ truss ýȣ + ϴ LWP (lightweight process, 淮 μ--Solaris + Ŀμ ) ID Ѵ.</p> + + <p>ٸ ýۿ <code>strace</code>, <code>ktrace</code>, + <code>par</code> ýȣ ִ. + ϴ.</p> + + <p>Ŭ̾Ʈ ũⰡ 10KB ûѴ. + û ʰų ϴ û + ſ ٸ (δ ſ ˾ƺ ).</p> + + <div class="example"><pre>/67: accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...) +/67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9</pre></div> + + <p> (listener) 尡 LWP #67 + ִ.</p> + + <div class="note"><code>accept(2)</code> ȭ ָ϶. + Ʈ ٸʴ ÷ worker MPM + ⺻ ȭ accept Ѵ.</div> + + <div class="example"><pre>/65: lwp_park(0x00000000, 0) = 0 +/67: lwp_unpark(65, 1) = 0</pre></div> + + <p> Ƶ̰(accept) + worker 带 û óϰ Ѵ. Ʒ Ͽ + û óϴ worker 尡 LWP #65 ִ.</p> + + <div class="example"><pre>/65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0</pre></div> + + <p>ȣƮ ϱ ġ Ƶ + (local) ּҸ ˾ƾ Ѵ. (ȣƮ + ʰų <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> + þ ϵī ּҸ ) + ȣ ִ. ̷ ȭ ۾ + ȵִ. </p> + + <div class="example"><pre>/65: brk(0x002170E8) = 0 +/65: brk(0x002190E8) = 0</pre></div> + + <p><code>brk(2)</code> ȣ (heap) ҴѴ. + κ û ó ü + Ҵ(<code>apr_pool</code> <code>apr_bucket_alloc</code>) + ϱ ýȣ Ͽ ýȣ Ⱑ + 幰. Ͽ ڸ ü Ҵڰ + <code>malloc(3)</code> ȣѴ.</p> + + <div class="example"><pre>/65: fcntl(9, F_GETFL, 0x00000000) = 2 +/65: fstat64(9, 0xFAF7B818) = 0 +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0 +/65: fstat64(9, 0xFAF7B818) = 0 +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0 +/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0 +/65: fcntl(9, F_SETFL, 0x00000082) = 0</pre></div> + + <p> worker Ŭ̾Ʈ (ϱ 9) + (non-blocking) · ٲ۴. <code>setsockopt(2)</code> + <code>getsockopt(2)</code> ȣ Solaris libc Ͽ + <code>fcntl(2)</code> óϴ ش.</p> + + <div class="example"><pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre></div> + + <p>worker Ŭ̾Ʈ û д´.</p> + + <div class="example"><pre>/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0 +/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10</pre></div> + + <p> <code>Options FollowSymLinks</code> + <code>AllowOverride None</code>̴. û ϰ + 丮 <code>lstat(2)</code>ϰų + <code>.htaccess</code> ˻ ʿ䰡 . + ˻ϱ, 1) ִ, 2) 丮 ƴ Ϲ, + <code>stat(2)</code> ȣ⸸ ϸ ȴ.</p> + + <div class="example"><pre>/65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269</pre></div> + + <p> ѹ <code>sendfilev(2)</code> ýȣ + HTTP û ִ. Sendfile δ + ü ٸ. ٸ ý̶ <code>sendfile(2)</code> + ȣϱ <code>write(2)</code> + <code>writev(2)</code> ȣ Ѵ.</p> + + <div class="example"><pre>/65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78</pre></div> + + <p><code>write(2)</code> ȣ ٷα(access log) û + Ѵ. Ͽ <code>time(2)</code> ȣ ָ϶. + ġ 1.3 ġ 2.0 ð ˱ + <code>gettimeofday(3)</code> Ѵ. + <code>gettimeofday</code> ȭ Solaris + ü Ϲ ýȣ δ .</p> + + <div class="example"><pre>/65: shutdown(9, 1, 1) = 0 +/65: poll(0xFAF7B980, 1, 2000) = 1 +/65: read(9, 0xFAF7BC20, 512) = 0 +/65: close(9) = 0</pre></div> + + <p>worker ݱ(lingering close)Ѵ.</p> + + <div class="example"><pre>/65: close(10) = 0 +/65: lwp_park(0x00000000, 0) (sleeping...)</pre></div> + + <p> worker ݰ, + (listener) 尡 ٸ Ҵ + Ѵ.</p> + + <div class="example"><pre>/67: accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)</pre></div> + + <p> ( worker ۾̸ + 带 ߴ worker MPM 帧 ɿ ) + worker 忡 Ҵڸ ٸ Ƶ ִ. + Ͽ , worker 尡 + óϴ <code>accept(2)</code> (û ſ + ) Ͼ ִ.</p> + + </div></div> +<div class="bottomlang"> +<p><span> : </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/perf-tuning.html" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/perf-tuning.html.tr.utf8 b/docs/manual/misc/perf-tuning.html.tr.utf8 new file mode 100644 index 0000000..addc1cf --- /dev/null +++ b/docs/manual/misc/perf-tuning.html.tr.utf8 @@ -0,0 +1,1021 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Apache’de Başarımın Arttırılması - Apache HTTP Sunucusu Sürüm 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p> +<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Sunucusu</a> > <a href="http://httpd.apache.org/docs/">Belgeleme</a> > <a href="../">Sürüm 2.4</a> > <a href="./">Çeşitli Belgeler</a></div><div id="page-content"><div id="preamble"><h1>Apache’de Başarımın Arttırılması</h1> +<div class="toplang"> +<p><span>Mevcut Diller: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" title="Türkçe"> tr </a></p> +</div> + + + <p>Apache 2.x, esneklik, taşınabilirlik ve başarım arasında bir denge + sağlamak üzere tasarlanmış genel amaçlı bir HTTP sunucusudur. Başka + sunucularla kıyaslama denemelerinde öne geçmek üzere tasarlanmamış + olsa da Apache 2.x gerçek yaşamda karşılaşılan pek çok durumda oldukça + yüksek bir başarıma ulaşacak yetenektedir.</p> + + <p>Apache 1.3 ile karşılaştırıldığında 2.x sürümleri toplam veri hızını + ve ölçeklenebilirliği arttırmak için pek çok en iyileme seçeneği + içerir. Bu iyileştirmelerin pek çoğu zaten öntanımlı olarak etkin + olmakla birlikte derleme ve kullanım sırasında başarımı önemli ölçüde + etkileyebilen yapılandırma seçenekleri de mevcuttur. Bu belgede, bir + Apache 2.x kurulumunda sunucu yöneticisinin sunucunun başarımını + arttırmak amacıyla yapılandırma sırasında neler yapabileceğinden + bahsedilmiştir. Bu yapılandırma seçeneklerinden bazıları, httpd’nin + donanımın ve işletim sisteminin olanaklarından daha iyi + yararlanabilmesini sağlarken bir kısmı da daha hızlı bir sunum için + yöneticinin işlevsellikten ödün verebilmesini olanaklı kılar.</p> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#hardware">Donanım ve İşletim Sistemi ile İlgili Konular</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#runtime">Çalışma Anı Yapılandırması ile İlgili Konular</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#compiletime">Derleme Sırasında Yapılandırma ile İlgili Konular</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#trace">Ek: Bir çağrı izlemesinin ayrıntılı çözümlemesi</a></li> +</ul><h3>Ayrıca bakınız:</h3><ul class="seealso"><li><a href="#comments_section">Yorum</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="hardware" id="hardware">Donanım ve İşletim Sistemi ile İlgili Konular</a></h2> + + + + <p>HTTP sunucusunun başarımını etkileyen en önemli donanım bellektir + (RAM). Bir HTTP sunucusu asla takaslama yapmamalıdır. Çünkü takaslama, + kullanıcının "yeterince hız" umduğu noktada sunumun gecikmesine sebep + olur. Böyle bir durumda kullanıcılar yüklemeyi durdurup tekrar + başlatma eğilimindedirler; sonuçta yük daha da artar. <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> yönergesinin değerini + değiştirerek takaslamaya sebep olabilecek kadar çok çocuk süreç + oluşturulmasını engelleyebilirsiniz ve böyle bir durumda bunu mutlaka + yapmalısınız. Bunun için yapacağınız işlem basittir: <code>top</code> + benzeri bir araç üzerinden çalışan süreçlerinizin bir listesini alıp + Apache süreçlerinizin ortalama büyüklüğünü saptayıp, mevcut bellekten + bir kısmını diğer süreçler için ayırdıktan sonra kalan miktarı bu + değere bölerseniz yönergeye atayacağınız değeri bulmuş olursunuz.</p> + + <p>Donanımın diğer unsurları için kararı siz verin: Daha hızlı işlemci, + daha hızlı ağ kartı, daha hızlı disk; daha hızlının ne kadar hızlı + olacağını deneyimlerinize bağlı olarak tamamen sizin ihtiyaçlarınız + belirler.</p> + + <p>İşletim sistemi seçimi büyük oranda yerel ilgi konusudur. Fakat yine + de, genelde yararlılığı kanıtlanmış bazı kurallar bu seçimde size + yardımcı olabilir:</p> + + <ul> + <li> + <p>Seçtiğiniz işletim sisteminin (çekirdeğin) en son kararlı + sürümünü çalıştırın. Bir çok işletim sistemi, son yıllarda TCP + yığıtları ve evre kütüphaneleri ile ilgili belirgin iyileştirmeler + yapmışlar ve yapmaktadırlar.</p> + </li> + + <li> + <p>İşletim sisteminiz <code>sendfile</code>(2) sistem çağrısını + destekliyorsa bunun etkinleştirilebildiği sürümün kurulu olması + önemlidir. (Örneğin, Linux için bu, Linux 2.4 ve sonraki sürümler + anlamına gelirken, Solaris için Solaris 8’den önceki sürümlerin + yamanması gerektirdiği anlamına gelmektedir.) + <code>sendfile</code> işlevinin desteklendiği sistemlerde Apache 2 + duruk içeriği daha hızlı teslim etmek ve işlemci kullanımını + düşürmek amacıyla bu işlevselliği kullanacaktır.</p> + </li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="runtime" id="runtime">Çalışma Anı Yapılandırması ile İlgili Konular</a></h2> + + + + <table class="related"><tr><th>İlgili Modüller</th><th>İlgili Yönergeler</th></tr><tr><td><ul><li><code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code></li><li><code class="module"><a href="../mod/mpm_common.html">mpm_common</a></code></li><li><code class="module"><a href="../mod/mod_status.html">mod_status</a></code></li></ul></td><td><ul><li><code class="directive"><a href="../mod/core.html#allowoverride">AllowOverride</a></code></li><li><code class="directive"><a href="../mod/mod_dir.html#directoryindex">DirectoryIndex</a></code></li><li><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code></li><li><code class="directive"><a href="../mod/core.html#enablemmap">EnableMMAP</a></code></li><li><code class="directive"><a href="../mod/core.html#enablesendfile">EnableSendfile</a></code></li><li><code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code></li><li><code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code></li><li><code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code></li><li><code class="directive"><a href="../mod/core.html#options">Options</a></code></li><li><code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code></li></ul></td></tr></table> + + <h3><a name="dns" id="dns"><code>HostnameLookups</code> ve DNS ile ilgili diğer konular</a></h3> + + + + <p>Apache 1.3 öncesinde, <code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> yönergesinin öntanımlı değeri + <code>On</code> idi. İstek yerine getirilmeden önce bir DNS sorgusu + yapılmasını gerektirmesi sebebiyle bu ayarlama her istekte bir + miktar gecikmeye sebep olurdu. Apache 1.3’ten itibaren yönergenin + öntanımlı değeri <code>Off</code> yapılmıştır. Eğer günlük + dosyalarınızda konak isimlerinin bulunmasını isterseniz, Apache ile + birlikte gelen <code class="program"><a href="../programs/logresolve.html">logresolve</a></code> programını + kullanabileceğiniz gibi günlük raporlarını çözümleyen Apache ile + gelmeyen programlardan herhangi birini de kullanabilirsiniz.</p> + + <p>Günlük dosyaları üzerindeki bu işlemi sunucu makinesi dışında + günlük dosyasının bir kopyası üzerinde yapmanızı öneririz. Aksi + takdirde sunucunuzun başarımı önemli ölçüde etkilenebilir.</p> + + <p><code class="directive"><a href="../mod/mod_access_compat.html#allow">Allow</a></code> veya + <code class="directive"><a href="../mod/mod_access_compat.html#deny">Deny</a></code> + yönergelerinde IP adresi yerine bir konak veya alan ismi + belirtirseniz, iki DNS sorguluk bir bedel ödersiniz (biri normal, + diğeri IP taklidine karşı ters DNS sorgusu). Başarımı en iyilemek + için bu yönergelerde mümkün olduğunca isim yerine IP adreslerini + kullanınız.</p> + + <p><code class="directive"><a href="../mod/core.html#hostnamelookups">HostnameLookups</a></code> + yönergelerinin <code><Location "/server-status"></code> gibi + bölüm yönergelerinin içinde de yer alabileceğini unutmayın. Bu gibi + durumlarda DNS sorguları sadece istek kuralla eşleştiği takdirde + yapılacaktır. Aşağıdaki örnekte <code>.html</code> ve + <code>.cgi</code> dosyalarına yapılan istekler hariç DNS sorguları + iptal edilmektedir:</p> + + <pre class="prettyprint lang-config">HostnameLookups off +<Files ~ "\.(html|cgi)$"> + HostnameLookups on +</Files></pre> + + + <p>Yine de bazı CGI’lerin DNS isimlerine ihtiyacı olursa bu CGI’lerin + bu ihtiyaçlarına yönelik olarak <code>gethostbyname</code> çağrıları + yapabileceğini gözardı etmeyiniz.</p> + + + + <h3><a name="symlinks" id="symlinks"><code>FollowSymLinks</code> ve + <code>SymLinksIfOwnerMatch</code></a></h3> + + + + <p>URL uzayınızda geçerli olmak üzere bir <code>Options + FollowSymLinks</code> yoksa veya <code>Options + SymLinksIfOwnerMatch</code> yönergeleri varsa, Apache her sembolik + bağın üzerinde bazı sınamalar yapmak için ek bir sistem çağrısından + başka istenen her dosya için de ayrı bir çağrı yapacaktır.</p> + + <pre class="prettyprint lang-config">DocumentRoot "/siteler/htdocs" +<Directory /> + Options SymLinksIfOwnerMatch +</Directory></pre> + + + <p>Bu durumda <code>/index.html</code> için bir istek yapıldığında + Apache, <code>/siteler</code>, <code>/siteler/htdocs</code> ve<br /> + <code>/siteler/htdocs/index.html</code> üzerinde + <code>lstat</code>(2) çağrıları yapacaktır. <code>lstat</code> + sonuçları önbelleğe kaydedilmediğinden bu işlem her istekte + yinelenecektir. Amacınız gerçekten sembolik bağları güvenlik + açısından sınamaksa bunu şöyle yapabilirsiniz:</p> + + <pre class="prettyprint lang-config">DocumentRoot "/siteler/htdocs" +<Directory "/"> + Options FollowSymLinks +</Directory> + +<Directory "/siteler/htdocs"> + Options -FollowSymLinks +SymLinksIfOwnerMatch +</Directory></pre> + + + <p>Böylece <code class="directive"><a href="../mod/core.html#documentroot">DocumentRoot</a></code> altındaki + dosyalar için fazladan bir çağrı yapılmasını engellemiş olursunuz. + Eğer bazı bölümlerde <code class="directive"><a href="../mod/mod_alias.html#alias">Alias</a></code>, <code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> gibi yönergeler üzerinden belge kök + dizininizin dışında kalan dosya yollarına sahipseniz benzer + işlemleri onlar için de yapmalısınız. Sembolik bağ koruması yapmamak + suretiyle başarımı arttırmak isterseniz, <code>FollowSymLinks</code> + seçeneğini her yerde etkin kılın ve + <code>SymLinksIfOwnerMatch</code> seçeneğini asla + etkinleştirmeyin.</p> + + + + <h3><a name="htaccess" id="htaccess"><code>AllowOverride</code></a></h3> + + + + <p>Genellikle <code>.htaccess</code> dosyaları üzerinden yapıldığı + gibi URL uzayınızda geçersizleştirmelere izin veriyorsanız, Apache + her dosya bileşeni için bu <code>.htaccess</code> dosyalarını açmaya + çalışacaktır.</p> + + <pre class="prettyprint lang-config">DocumentRoot "/siteler/htdocs" +<Directory "/"> + AllowOverride all +</Directory></pre> + + + <p>Bu durumda <code>/index.html</code> sayfasına yapılan bir istek için + Apache, <code>/.htaccess</code>, <code>/siteler/.htaccess</code> ve + <code>/siteler/htdocs/.htaccess</code> dosyalarını açmaya + çalışacaktır. Çözüm <code>Options FollowSymLinks</code> durumunun + benzeridir; başarımı arttırmak için dosya sisteminizin her yerinde + <code>AllowOverride None</code> olsun.</p> + + + + <h3><a name="negotiation" id="negotiation">Dil Uzlaşımı</a></h3> + + + + <p>Başarımı son kırıntısına kadar arttırmak istiyorsanız, mümkünse + içerik dili uzlaşımı da yapmayın. Dil uzlaşımından yararlanmak + isterken büyük başarım kayıplarına uğrayabilirsiniz. Böyle bir + durumda sunucunun başarımını arttırmanın tek bir yolu vardır. </p> + + <pre class="prettyprint lang-config">DirectoryIndex index</pre> + + + <p>Yukarıdaki gibi bir dosya ismi kalıbı kullanmak yerine, aşağıdaki + gibi seçenekleri tam bir liste halinde belirtin:</p> + + <pre class="prettyprint lang-config">DirectoryIndex index.cgi index.pl index.shtml index.html</pre> + + + <p>Buradaki sıralama öncelik sırasını belirler; yani, + öncelikli olmasını istediğiniz seçeneği listenin başına + yazmalısınız.</p> + + <p>İstenen dosya için <code>MultiViews</code> kullanarak dizini + taratmak yerine, gerekli bilgiyi tek bir dosyadan okutmak suretiyle + başarımı arttırabilirsiniz. Bu amaçla türeşlem + (<code>type-map</code>) dosyaları kullanmanız yeterli olacaktır.</p> + + <p>Sitenizde içerik dili uzlaşımına gerek varsa, bunu <code>Options + MultiViews</code> yönergesi üzerinden değil, türeşlem dosyaları + kullanarak yapmayı deneyin. İçerik dili uzlaşımı ve türeşlem + dosyalarının oluşturulması hakkında daha ayrıntılı bilgi edinmek + için <a href="../content-negotiation.html">İçerik Uzlaşımı</a> + belgesine bakınız.</p> + + + + <h3>Bellek Eşlemleri</h3> + + + + <p>Apache’nin SSI sayfalarında olduğu gibi teslim edilecek dosyanın + içeriğine bakma gereği duyduğu durumlarda, eğer işletim sistemi + <code>mmap</code>(2) ve benzerlerini destekliyorsa çekirdek normal + olarak dosyayı belleğe kopyalayacaktır.</p> + + <p>Bazı platformlarda bu belleğe eşleme işlemi başarımı arttırsa da + başarımın veya httpd kararlılığının zora girdiği durumlar + olabilmektedir:</p> + + <ul> + <li> + <p>Bazı işletim sistemlerinde işlemci sayısı artışına bağlı + olarak, <code>mmap</code> işlevi <code>read</code>(2) kadar iyi + ölçeklenmemiştir. Örneğin, çok işlemcili Solaris sunucularda + <code>mmap</code> iptal edildiği takdirde içeriği sunucu + tarafından işlenen dosyalar üzerinde bazen daha hızlı işlem + yapılabilmektedir.</p> + </li> + + <li> + <p>Belleğe kopyalanacak dosya NFS üzerinden bağlanan bir dosya + sistemindeyse ve dosya başka bir NFS istemcisi makine tarafından + silinmiş veya dosyanın boyutu değiştirilmişse sunucunuz dosyaya + tekrar erişmeye çalıştığında bir hata alabilecektir.</p> + </li> + </ul> + + <p>Böyle durumların olasılık dahilinde olduğu kurulumlarda içeriği + sunucu tarafından işlenecek dosyaların belleğe kopyalanmaması için + yapılandırmanıza <code>EnableMMAP off</code> satırını ekleyiniz. + (Dikkat: Bu yönerge dizin seviyesinde geçersizleştirilebilen + yönergelerdendir.)</p> + + + + <h3><code>sendfile</code></h3> + + + + <p>Apache’nin duruk dosyalarda olduğu gibi teslim edilecek dosyanın + içeriğine bakmadığı durumlarda, eğer işletim sistemi + <code>sendfile</code>(2) desteğine sahipse çekirdek normal olarak bu + desteği kullanacaktır.</p> + + <p>Bazı platformlarda <code>sendfile</code> kullanımı, okuma ve yazma + işlemlerinin ayrı ayrı yapılmamasını sağlasa da + <code>sendfile</code> kullanımının httpd kararlılığını bozduğu bazı + durumlar sözkonusudur:</p> + + <ul> + <li> + <p>Bazı platformlar derleme sisteminin saptayamadığı bozuk bir + <code>sendfile</code> desteğine sahip olabilir. Özellikle + derleme işleminin başka bir platformda yapılıp + <code>sendfile</code> desteği bozuk bir makineye kurulum + yapıldığı durumlarda bu desteğin bozuk olduğu + saptanamayacaktır.</p> + </li> + <li> + <p>Çekirdek, NFS üzerinden erişilen ağ dosyalarını kendi önbelleği + üzerinden gerektiği gibi sunamayabilir.</p> + </li> + </ul> + + <p>Böyle durumların olasılık dahilinde olduğu kurulumlarda içeriğin + <code>sendfile</code> desteğiyle teslim edilmemesi için + yapılandırmanıza <code>EnableSendfile off</code> satırını ekleyiniz. + (Dikkat: Bu yönerge dizin seviyesinde geçersizleştirilebilen + yönergelerdendir.)</p> + + + + <h3><a name="process" id="process">Süreç Oluşturma</a></h3> + + + + <p>Apache 1.3 öncesinde <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> ve <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ayarları, başka sunucularla kıyaslama + denemelerinde olağanüstü kötü sonuçlar alınmasına sebep olmaktaydı. + Özellikle uygulanan yükü karşılamaya yetecek sayıda çocuk süreç + oluşturulması aşamasında Apache’nin elde ettiği ivme bunlardan + biriydi. Başlangıçta <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> yönergesiyle belli sayıda süreç + oluşturulduktan sonra her saniyede bir tane olmak üzere <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> sayıda çocuk süreç + oluşturulmaktaydı. Örneğin, aynı anda 100 isteğe yanıt vermek için + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> + yönergesinin öntanımlı değeri olarak başta <code>5</code> süreç + oluşturulduğundan kalan süreçler için 95 saniye geçmesi gerekirdi. + Sık sık yeniden başlatılmadıklarından dolayı gerçek hayatta + sunucuların başına gelen de buydu. Başka sunucularla kıyaslama + denemelerinde ise işlem sadece on dakika sürmekte ve içler acısı + sonuçlar alınmaktaydı.</p> + + <p>Saniyede bir kuralı, sunucunun yeni çocukları oluşturması sırasında + sistemin aşırı meşgul duruma düşmemesi için alınmış bir önlemdi. + Makine çocuk süreç oluşturmakla meşgul edildiği sürece isteklere + yanıt veremeyecektir. Böylesi bir durum Apache’nin başarımını + kötüleştirmekten başka işe yaramayacaktır. Apache 1.3’te saniyede + bir kuralı biraz esnetildi. Yeni gerçeklenimde artık bir süreç + oluşturduktan bir saniye sonra iki süreç, bir saniye sonra dört + süreç oluşturulmakta ve işlem, saniyede 32 çocuk süreç oluşturulur + duruma gelene kadar böyle ivmelenmektedir. Çocuk süreç oluşturma + işlemi <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code> + değerine ulaşılınca durmaktadır.</p> + + <p>Bu, <code class="directive"><a href="../mod/prefork.html#minspareservers">MinSpareServers</a></code>, + <code class="directive"><a href="../mod/prefork.html#maxspareservers">MaxSpareServers</a></code> ve + <code class="directive"><a href="../mod/mpm_common.html#startservers">StartServers</a></code> ayarlarıyla + oynamayı neredeyse gereksiz kılacak kadar iyi sonuçlar verecek gibi + görünmektedir. Saniyede 4 çocuktan fazlası oluşturulmaya + başlandığında hata günlüğüne bazı iletiler düşmeye başlar. Bu + iletilerin sayısı çok artarsa bu ayarlarla oynama vakti gelmiş + demektir. Bunun için <code class="module"><a href="../mod/mod_status.html">mod_status</a></code> çıktısını bir + kılavuz olarak kullanabilirsiniz.</p> + + <p>Süreç oluşturmayla ilgili olarak süreç ölümü <code class="directive"><a href="../mod/mpm_common.html#maxconnectionsperchild">MaxConnectionsPerChild</a></code> değeri ile + sağlanır. Bu değer öntanımlı olarak <code>0</code> olup, çocuk süreç + başına istek sayısının sınırsız olduğu anlamına gelir. Eğer + yapılandırmanızda bu değeri <code>30</code> gibi çok düşük bir + değere ayarlarsanız bunu hemen kaldırmak zorunda kalabilirsiniz. + Sunucunuzu SunOS veya Solaris’in eski bir sürümü üzerinde + çalıştırıyorsanız bellek kaçaklarına sebep olmamak için bu değeri + <code>10000</code> ile sınırlayınız.</p> + + <p>Kalıcı bağlantı özelliğini kullanıyorsanız, çocuk süreçler zaten + açık bağlantılardan istek beklemekte olacaklardır. <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> yönergesinin öntanımlı + değeri <code>5</code> saniye olup bu etkiyi en aza indirmeye yönelik + süredir. Burada ağ band genişliği ile sunucu kaynaklarının kullanımı + arasında bir seçim yapmak söz konusudur. Hiçbir şey umurunuzda + değilse <a href="http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-95-4.html"> + çoğu ayrıcalığın yitirilmesi pahasına</a> bu değeri rahatça + <code>60</code> saniyenin üzerine çıkarabilirsiniz.</p> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="compiletime" id="compiletime">Derleme Sırasında Yapılandırma ile İlgili Konular</a></h2> + + + <h3>MPM Seçimi</h3> + + + <p>Apache 2.x, <a href="../mpm.html">Çok Süreçlilik Modülleri</a> + (MPM) adı verilen eklemlenebilir çok görevlilik modellerini + destekler. Apache’yi derlerken bu MPM’lerden birini seçmeniz + gerekir. MPM’lerden bazıları platformlara özeldir: + <code class="module"><a href="../mod/mpm_netware.html">mpm_netware</a></code>, <code class="module"><a href="../mod/mpmt_os2.html">mpmt_os2</a></code> ve + <code class="module"><a href="../mod/mpm_winnt.html">mpm_winnt</a></code>. Unix + benzeri sistemler için ise seçebileceğiniz modül sayısı birden + fazladır. MPM seçiminin httpd’nin hızında ve ölçeklenebilirliğinde + bazı etkileri olabilir:</p> + + <ul> + + <li><code class="module"><a href="../mod/worker.html">worker</a></code> modülü her biri çok evreli çok sayıda + çocuk süreç kullanımını destekler. Her evre aynı anda tek bir + bağlantıya hizmet sunar. Aynı hizmeti daha az bellek harcayarak + vermesi nedeniyle yüksek trafiğe sahip sunucularda + <code class="module"><a href="../mod/prefork.html">prefork</a></code> modülüne göre daha iyi bir seçimdir.</li> + + <li><code class="module"><a href="../mod/event.html">event</a></code> modülü <code class="module"><a href="../mod/worker.html">worker</a></code> modülü gibi + çok evreli bir modüldür, fakat aunı anda dahafazla isteğe yanıt + verecek şekilde tasarlanmıştır. Bunu, evreleri destekleyen bazı + işlemleri yapmamak suretiyle yeni isteklerle çalışacak ana evreleri + serbestleştirerek sağlar.</li> + + <li><code class="module"><a href="../mod/prefork.html">prefork</a></code> modülü her biri tek bir evreye sahip + çok sayıda çocuk süreç kullanımını destekler. Her süreç aynı anda + tek bir bağlantıya hizmet sunar. Çoğu sistemde daha hızlı olması + nedeniyle <code class="module"><a href="../mod/worker.html">worker</a></code> modülüne göre daha iyi bir seçim + olarak görünürse de bunu daha fazla bellek kullanarak sağlar. + <code class="module"><a href="../mod/prefork.html">prefork</a></code> modülünün evresiz tasarımının + <code class="module"><a href="../mod/worker.html">worker</a></code> modülüne göre bazı yararlı tarafları + vardır: Çok evreli sistemlerde güvenilir olmayan üçüncü parti + modülleri kullanabilir ve evrelerde hata ayıklamanın yetersiz + kaldığı platformlarda hatalarını ayıklamak daha kolaydır.</li> + + </ul> + + <p>Bu modüller ve diğerleri hakkında daha ayrıntılı bilgi edinmek için + <a href="../mpm.html">Çok Süreçlilik Modülleri</a> belgesine + bakınız.</p> + + + + <h3><a name="modules" id="modules">Modüller</a></h3> + + + + <p>Bellek kullanımı başarım konusunda önemli olduğundan gerçekte + kullanmadığınız modülleri elemeye çalışmalısınız. Modülleri birer <a href="../dso.html">DSO</a> olarak derlediyseniz <code class="directive"><a href="../mod/mod_so.html#loadmodule">LoadModule</a></code> yönergesinin bulunduğu satırı + açıklama haline getirmeniz modülden kurtulmanız için yeterli + olacaktır. Modülleri bu şekilde kaldırarak onların yokluğunda + sitenizin hala işlevlerini yerine getirdiğini görme şansına da + kavuşmuş olursunuz.</p> + + <p>Ancak, eğer modülleri Apache çalıştırılabilirinin içine + gömmüşseniz istenmeyen modülleri kaldırmak için Apache'yi yeniden + derlemeniz gerekir.</p> + + <p>Bu noktada bir soru akla gelebilir: Hangi modüller gerekli, + hangileri değil? Bu sorunun yanıtı şüphesiz siteden siteye değişir. + Ancak, olmazsa olmaz moüller olarak <code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code>, + <code class="module"><a href="../mod/mod_dir.html">mod_dir</a></code> ve <code class="module"><a href="../mod/mod_log_config.html">mod_log_config</a></code> + modüllerini sayabiliriz. Bunlardan <code>mod_log_config</code> + olmadan da bir sitenin çalışabileceğinden hareketle bu modülün + varlığı isteğe bağlı olsa da bu modülü kaldırmanızı önermiyoruz.</p> + + + + <h3>Atomik İşlemler</h3> + + + + <p>Worker MPM'nin en son geliştirme sürümleri ve + <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> gibi bazı modüller APR'nin atomik API'sini + kullanırlar. Bu API, düşük ayarlı evre eşzamanlamasında atomik + işlemler yapar.</p> + + <p>Öntanımlı olarak, APR bu işlemleri hedef işletim sistemi/işlemci + platformunda kullanılabilecek en verimli mekanizmayı kullanarak + gerçekleştirir. Günümüz işlemcilerinin çoğu, örneğin, bir atomik + karşılaştırma ve takas (CAS) işlemini donanımda gerçekleştirmektedir. + Bazı platformlarda APR'nin atomik işlemler için öntanımlı olarak daha + yavaş olan mutekslere dayalı gerçeklenimi kullanmasının sebebi eski + işlemcilerde bu tür makine kodlarının yokluğudur. Apache'yi bu tür + platformalarda günümüz işlemcileriyde çalıştırmayı düşünüyorsanız + Apache'yi derlemek için yapılandırırken en hızlı atomik işlemin + seçilebilmesi için <code>--enable-nonportable-atomics</code> + seçeneğini kullanın:</p> + + <div class="example"><p><code> + ./buildconf<br /> + ./configure --with-mpm=worker --enable-nonportable-atomics=yes + </code></p></div> + + <p><code>--enable-nonportable-atomics</code> seçeneği şu platformlar + için uygundur:</p> + + <ul> + + <li>SPARC üzerinde Solaris<br /> + APR öntanımlı olarak, SPARC/Solaris üzerinde mutekslere dayalı + atomik işlemleri kullanır. Ancak, + <code>--enable-nonportable-atomics</code> yapılandırmasını + kullanırsanız, donanım üzerinde hızlı karşılaştırma ve takas + için uygun SPARC v8plus kodunu kullanacak şekilde kod üretilir. + Apache'yi bu seçenekle yapılandırırsanız atomik işlemler daha + verimli olacak fakat derlenen Apache çalıştırılabiliri sadece + UltraSPARC kırmığı üzerinde çalışacaktır. + </li> + + <li>x86 üzerinde Linux<br /> + APR öntanımlı olarak, Linux üzerinde mutekslere dayalı atomik + işlemleri kullanır. Ancak, + <code>--enable-nonportable-atomics</code> yapılandırmasını + kullanırsanız, donanım üzerinde hızlı karşılaştırma ve takas + için uygun 486 kodunu kullanacak şekilde kod üretilir. Apache'yi + bu seçenekle yapılandırırsanız atomik işlemler daha verimli + olacak fakat derlenen Apache çalıştırılabiliri (386 üzerinde + değil) sadece 486 ve sonrası kırmıklarda çalışacaktır. + </li> + + </ul> + + + + <h3><code>mod_status</code> ve <code>ExtendedStatus On</code> + </h3> + + + + <p><code class="module"><a href="../mod/mod_status.html">mod_status</a></code> modülünü derlemiş ve Apache'yi + yapılandırır ve çalıştırırken <code>ExtendedStatus On</code> satırını + da kullanmışsanız Apache her istek üzerinde + <code>gettimeofday(2)</code> (veya işletim sistemine bağlı olarak + <code>time(2)</code>) çağrısından başka (1.3 öncesinde) fazladan + defalarca <code>time(2)</code> çağrıları yapacaktır. Bu çağrılarla + durum raporununun zamanlama bilgilerini içermesi sağlanır. Başarımı + arttırmak için <code>ExtendedStatus off</code> yapın (zaten öntanımlı + böyledir).</p> + + + + <h3><code>accept</code> dizgilemesi ve çok soketli işlem</h3> + + + + <div class="warning"><h3>Uyarı:</h3> + <p>Bu bölüm, Apache HTTP sunucusunun 2.x sürümlerinde yapılan + değişikliklere göre tamamen güncellenmemiştir. Bazı bilgiler hala + geçerliyse de lütfen dikkatli kullanınız.</p> + </div> + + <p>Burada Unix soket arayüzü gerçeklenirken ihmal edilen bir durumdan + bahsedeceğiz. HTTP sunucunuzun çok sayıda adresten çok sayıda portu + dinlemek için çok sayıda <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> yönergesi kullanmakta olduğunu varsayalım. Her + soketi çalıştığını görmek için denerken Apache bağlantı için + <code>select(2)</code> kullanacaktır. <code>select(2)</code> çağrısı + bu soketin üzerinde <em>sıfır</em> veya <em>en azından bir</em> + bağlantının beklemekte olduğu anlamına gelir. Apache'nin modeli çok + sayıda çocuk süreç içerir ve boşta olanların tümünde aynı anda yeni + bağlantılar denenebilir. Gerçekte çalışan kod bu olmasa da meramımızı + anlatmak için kodun şöyle bir şey olduğunu varsayabiliriz:</p> + + <pre class="prettyprint lang-c"> for (;;) { + for (;;) { + fd_set accept_fds; + + FD_ZERO (&accept_fds); + for (i = first_socket; i <= last_socket; ++i) { + FD_SET (i, &accept_fds); + } + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + if (rc < 1) continue; + new_connection = -1; + for (i = first_socket; i <= last_socket; ++i) { + if (FD_ISSET (i, &accept_fds)) { + new_connection = accept (i, NULL, NULL); + if (new_connection != -1) break; + } + } + if (new_connection != -1) break; + } + process_the(new_connection); + }</pre> + + + <p>Bu özet gerçeklenim bir takım açlık sorunlarına sebep olur. Bu + döngünün çalışması sırasında aynı anda çok sayıda çocuk süreç yeniden + çağrılır ve istekler arasında kalan çoğu çocuk da <code>select</code> + ile engellenir. Engellenen tüm bu çocuklar soketlerden herhangi biri + üzerinde tek bir istek göründüğünde <code>select</code> tarafından + uyandırılıp işleme sokulmak üzere döndürülürler. (Uyandırılan çocuk + sayısı işletim sistemine ve zamanlama ayarlarına göre değişiklik + gösterir,) Bunların hepsi döngüye katılıp bağlantı kabul etmeye + (<code>accept</code>) çalışırlar. Fakat içlerinden yalnız biri + (sadece bir bağlantı isteğinin mevcut olduğu varsayımıyla) bunu + başarabilir. Kalanının bağlantı kabul etmesi (<code>accept</code>) + <em>engellenir</em>. Bu durum, bu çocukları istekleri başka başka soketlerden + değil mecburen tek bir soketten kabul etmeye kilitler ve bu soket + üzerinde yeni bir istek belirip uyandırılana kadar bu durumda + kalırlar. Bu açlık sorunu ilk olarak <a href="http://bugs.apache.org/index/full/467">PR#467</a> sayılı raporla + belgelenmiştir. Bu sorunun en az iki çözümü vardır.</p> + + <p>Çözümün biri engellenmeyen soket kullanımıdır. Bu durumda + <code>accept</code> çocukları engellemeyecek ve yapılan bir + bağlantının ardından diğer çocuklar durumları değişmeksizin bağlantı + beklemeye devam edeceklerdir. Fakat bu durum işlemci zamanının boşa + harcanmasına sebep olur. Seçilmiş (<code>select</code>) boşta on + çocuğun olduğunu ve bir bağlantı geldiğini varsayalım. Kalan dokuz + çocuk işine devam edip bağlantı kabul etmeyi (<code>accept</code>) + deneyecek, başarızsız olacak, dönecek başa, tekrar seçilecek + (<code>select</code>) ve böyle hiçbir iş yapmadan dönüp duracaktır. Bu + arada hizmet sunmakta olanlar da işlerini bitirdikten sonra bu + döngüdeki yerlerini alacaklardır. Aynı kutunun içinde boşta bir sürü + işlemciniz (çok işlemcili sistemler) yoksa bu çözüm pek verimli + olmayacaktır.</p> + + <p>Diğer çözüm ise Apache tarafından kullanılan çözüm olup, girdiyi + bir iç döngüde sıraya sokmaktır. Döngü aşağıda örneklenmiştir (farklar + vurgulanmıştır):</p> + + <pre class="prettyprint lang-c"> for (;;) { + <strong>accept_mutex_on ();</strong> + for (;;) { + fd_set accept_fds; + + FD_ZERO (&accept_fds); + for (i = first_socket; i <= last_socket; ++i) { + FD_SET (i, &accept_fds); + } + rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL); + if (rc < 1) continue; + new_connection = -1; + for (i = first_socket; i <= last_socket; ++i) { + if (FD_ISSET (i, &accept_fds)) { + new_connection = accept (i, NULL, NULL); + if (new_connection != -1) break; + } + } + if (new_connection != -1) break; + } + <strong>accept_mutex_off ();</strong> + process the new_connection; + }</pre> + + + <p><code>accept_mutex_on</code> ve <code>accept_mutex_off</code> <a id="serialize" name="serialize">işlevleri</a> bir karşılıklı red + semoforu oluştururlar. Mutekse aynı anda sadece bir çocuk sahip + olabilir. Bu muteksleri gerçeklemek için çeşitli seçenekler vardır. + Seçim, <code>src/conf.h</code> (1.3 öncesi) veya + <code>src/include/ap_config.h</code> (1.3 ve sonrası) dosyasında + tanımlanmıştır. Bazı mimariler bir kilitleme seçeneğine sahip + değildir. Böyle mimarilerde çok sayıda <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> yönergesi kullanmak güvenilir + olmayacaktır.</p> + + <p><code class="directive"><a href="../mod/core.html#mutex">Mutex</a></code> yönergesi, + <code>mpm-accept</code> muteks gerçeklenimini çalışma anında değiştirmek + için kullanılabilir. Farklı muteks gerçeklenimleri ile ilgili hususlar + bu yönergede belgelenmiştir.</p> + + <p>Başka bir çözüm daha vardır ancak döngü kısmen dizgilenmeyeceğinden + (yani belli sayıda sürece izin verilemeyeceğinden) asla + gerçeklenmemiştir. Bu sadece, aynı anda çok sayıda çocuk sürecin + çalışabileceği ve dolayısıyla band genişliğinin tüm yönleriyle + kullanılabileceği çok işlemcili sistemlerde ilginç olabilirdi. Bu + gelecekte incelenmeye değer bir konu olmakla beraber çok sayıda HTTP + sunucusunun aynı anda aynı amaca hizmet edecek şekilde çalışması + standart olarak pek mümkün görülmediğinden bu olasılık çok + düşüktür.</p> + + <p>En yüksek başarımı elde etmek için ideal olanı sunucuları + çalıştırırken çok sayıda <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> yönergesi kullanmamaktır. Fakat siz yine de + okumaya devam edin.</p> + + + + <h3><code>accept</code> dizgilemesi - tek soket</h3> + + + + <p>Çok soketli sunucular için yukarıda açıklananlar iyi güzel de tek + soketli sunucularda durum ne? Kuramsal olarak, bunların hiçbiriyle bir + sorunları olmaması gerekir. Çünkü yeni bir bağlantı gelene kadar tüm + çocuklar <code>accept(2)</code> ile engellenirler dolayısıyla hiçbir + açlık sorununun ortaya çıkmaması gerekir. Uygulamada ise son + kullanıcıdan gizli olarak, yukarıda engellenmeyen çocuklar çözümünde + bahsedilenle hemen hemen aynı "boşa dönüp durma" davranışı mevcuttur. + Çoğu TCP yığıtı bu yolu gerçeklemiştir. Çekirdek, yeni bir bağlantı + ortaya çıktığında <code>accept</code> ile engellenen tüm süreçleri + uyandırır. Bu süreçlerden bağlantıyı alan kullanıcı bölgesine geçerken + çekirdek içinde döngüde olan diğerleri de yeni bağlantı keşfedilene + kadar uykularına geri dönerler. Bu çekirdek içi döngü, kullanıcı + bölgesindeki kodlara görünür değildir ama bu olmadıkları anlamına + gelmez. Bu durum, çok soketli engellenmeyen çocuklar çözümündeki boşa + döngünün sebep olduğu gereksiz işlemci yükü sorununu içinde + barındırır.</p> + + <p>Bununla birlikte, tek soketli durumda bile bundan daha verimli bir + davranış sergileyen bir çok mimari bulduk. Bu aslında hemen hemen her + durumda öntanımlı olarak böyledir. Linux altında yapılan üstünkörü + denemelerde (128MB bellekli çift Pentium pro 166 işlemcili makinede + Linux 2.0.30) tek sokette dizgilemenin dizgilenmemiş duruma göre + saniyede %3 daha az istekle sonuçlandığı gösterilmiştir. Fakat + dizgilenmemiş tek soket durumunda her istekte 100ms'lik ek bir gecikme + olduğu görülmüştür. Bu gecikmenin sebebi muhtemelen uzun mesafeli + hatlar olup sadece yerel ağlarda söz konusudur. Tek soketli + dizgilemeyi geçersiz kılmak için + <code>SINGLE_LISTEN_UNSERIALIZED_ACCEPT</code> tanımlarsanız tek + soketli sunucularda artık dizgileme yapılmayacaktır.</p> + + + + <h3>Kapatmayı zamana yaymak</h3> + + + + <p><a href="http://www.ics.uci.edu/pub/ietf/http/draft-ietf-http-connection-00.txt">draft-ietf-http-connection-00.txt</a> taslağının 8. bölümünde + bahsedildiği gibi, bir HTTP sunucusunun protokolü <strong>güvenilir + şekilde</strong> gerçeklemesi için her iki yöndeki iletişimi + birbirinden bağımsız olarak (iki yönlü bir TCP bağlantısının her + yarısını diğerinden bağımsız olarak) kapatması gerekir.</p> + + <p>Bu özellik Apache'ye eklendiğinde Unix'in çeşitli sürümlerinde + uzgörüsüzlükten dolayı bir takım geçici telaş sorunlarına sebep oldu. + TCP belirtimi <code>FIN_WAIT_2</code> durumunda bir zaman aşımından + bahsetmez ama yasaklamaz da. Zaman aşımı olmayan sistemlerde, Apache + 1.2 çoğu soketin sonsuza kadar <code>FIN_WAIT_2</code> durumunda + takılıp kalmasına sebep olur. Çoğu durumda, satıcıdan sağlanan en son + TCP/IP yamalarını uygulanarak bu önlenebilir. Satıcının hiçbir yeni + yama dağıtmadığı durumlarda (örneğin, SunOS4 -- bir kaynak lisansı ile + insanlar bunu kendileri yamayabilirse de) bu özelliği devre dışı + bırakmaya karar verdik.</p> + + <p>Bunun üstesinden gelmenin iki yolu vardır. Bunlardan biri + <code>SO_LINGER</code> soket seçeneğidir. Bu işin kaderi buymuş gibi + görünürse de çoğu TCP/IP yığıtında bu gerektiği gibi + gerçeklenmemiştir. Bu yığıtlar üzerinde, bu yöntemin, doğru bir + gerçeklenimle bile (örneğin, Linux 2.0.31) sonraki çözümden daha + pahalı olduğu ortaya çıkmıştır.</p> + + <p>Çoğunlukla, Apache bunu (<code>http_main.c</code> içindeki) + <code>lingering_close</code> adında bir işlevle gerçekler. Bu işlev + kabaca şöyle görünür:</p> + + <pre class="prettyprint lang-c"> void lingering_close (int s) + { + char junk_buffer[2048]; + + /* shutdown the sending side */ + shutdown (s, 1); + + signal (SIGALRM, lingering_death); + alarm (30); + + for (;;) { + select (s for reading, 2 second timeout); + if (error) break; + if (s is ready for reading) { + if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) { + break; + } + /* just toss away whatever is here */ + } + } + + close (s); + }</pre> + + + <p>Bağlantı sonunda bu doğal olarak biraz daha masrafa yol açar, fakat + güvenilir bir gerçeklenim için bu gereklidir. HTTP/1.1'in daha yaygın + kullanılmaya başlanması ve tüm bağlantıların kalıcı hale gelmesiyle bu + gerçeklenim daha fazla istek üzerinden kendi masrafını + karşılayacaktır. Ateşle oynamak ve bu özelliği devre dışı bırakmak + isterseniz <code>NO_LINGCLOSE</code>'u tanımlayabilirsiniz, fakat bu + asla önerilmez. Özellikle, HTTP/1.1'den itibaren boruhatlı kalıcı + bağlantıların <code>lingering_close</code> kullanmaya başlaması mutlak + bir gerekliliktir (ve <a href="http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html"> + boruhatlı bağlantıların daha hızlı</a> olması nedeniyle bu + bağlantıları desteklemek isteyebilirsiniz).</p> + + + + <h3>Çetele Dosyası</h3> + + + + <p>Apache'nin ana ve alt süreçleri birbirleriyle çetele denen birşey + üzerinden haberleşirler. Bunun en mükemmel şekilde paylaşımlı bellekte + gerçeklenmesi gerekir. Eriştiğimiz veya portlarını ayrıntılı olarak + belirttiğimiz işletim sistemleri için bu, genellikle paylaşımlı bellek + kullanılarak gerçeklenir. Geri kalanlar, öntanımlı olarak bunu bir + disk dosyası kullanarak gerçekler. Bir disk dosyaı yavaş olmanın yanı + sıra güvenilir de değildir (ve daha az özelliğe sahiptir). Mimarinizin + <code>src/main/conf.h</code> dosyasını inceleyin ve + <code>USE_MMAP_SCOREBOARD</code> veya + <code>USE_SHMGET_SCOREBOARD</code>'a bakın. Bu ikisinden birinin (ve + yanı sıra sırasıyla <code>HAVE_MMAP</code> veya + <code>HAVE_SHMGET</code>'in) tanımlanmış olması, sağlanan paylaşımlı + bellek kodunu etkinleştirir. Eğer sisteminiz diğer türdeki paylaşımlı + belleğe sahipse, <code>src/main/http_main.c</code> dosyasını açıp, + Apache'de bu belleği kullanması gereken kanca işlevleri ekleyin (Bize + de bir yama yollayın, lütfen).</p> + + <div class="note">Tarihsel bilgi: Apache'nin Linux uyarlaması, Apache'nin 1.2 + sürümüne kadar paylaşımlı belleği kullanmaya başlamamıştı. Bu kusur, + Apache'nin Linux üzerindeki erken dönem sürümlerinin davranışlarının + zayıf ve güvenilmez olmasına yol açmıştı.</div> + + + + <h3>DYNAMIC_MODULE_LIMIT</h3> + + + + <p>Devingen olarak yüklenen modülleri kullanmamak niyetindeyseniz + (burayı okuyan ve sunucunuzun başarımını son kırıntısına kadar + arttırmakla ilgilenen biriyseniz bunu düşünmezsiniz), sunucunuzu + derlerken seçenekler arasına <code>-DDYNAMIC_MODULE_LIMIT=0</code> + seçeneğini de ekleyin. Bu suretle, sadece, devingen olarak yüklenen + modüller için ayrılacak belleği kazanmış olacaksınız.</p> + + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="trace" id="trace">Ek: Bir çağrı izlemesinin ayrıntılı çözümlemesi</a></h2> + + + + <p>Burada, Solaris 8 üzerinde worker MPM'li Apache 2.0.38'in bir sistem + çağrısı izlenmektedir. Bu izleme şu komutla elde edilmiştir:</p> + + <div class="example"><p><code> + truss -l -p <var>httpd_çocuk_pidi</var>. + </code></p></div> + + <p><code>-l</code> seçeneği, truss'a hafif bir sürecin yaptığı her + sistem çağrısını (hafif süreç -- HS -- Solaris'in bir çekirdek seviyesi + evreleme biçimi) günlüğe yazmasını söyler.</p> + + <p>Diğer sistemlerin sistem çağrılarını izleyen farklı araçları vardır + (<code>strace</code>, <code>ktrace</code>, <code>par</code> gibi). + Bunlar da benzer çıktılar üretirler.</p> + + <p>Bu izleme sırasında, bir istemci httpd'den 10 KB'lık duruk bir dosya + talebinde bulunmuştur. Duruk olmayan veya içerik uzlaşımlı isteklerin + izleme kayıtları vahşice (bazı durumlarda epey çirkince) farklı + görünür.</p> + + <div class="example"><p><code> + /67: accept(3, 0x00200BEC, 0x00200C0C, 1) (uykuda...)<br /> + /67: accept(3, 0x00200BEC, 0x00200C0C, 1) = 9 + </code></p></div> + + <p>Bu izlemede, dinleyen evre HS #67 içinde çalışmaktadır.</p> + + <div class="note"><code>accept(2)</code> dizgelemesinin olmayışına dikkat edin. + Özellikle bu platformda worker MPM, çok sayıda portu dinlemedikçe, + öntanımlı olarak dizgeleştirilmemiş bir accept çağrısı kullanır.</div> + + <div class="example"><p><code> + /65: lwp_park(0x00000000, 0) = 0<br /> + /67: lwp_unpark(65, 1) = 0 + </code></p></div> + + <p>Bağlantının kabul edilmesiyle, dinleyici evre isteği yerine getirmek + üzere bir worker evresini uyandırır. Bu izlemede, isteği yerine getiren + worker evresi HS #65'e aittir.</p> + + <div class="example"><p><code> + /65: getsockname(9, 0x00200BA4, 0x00200BC4, 1) = 0 + </code></p></div> + + <p>Sanal konakların gerçeklenimi sırasında, Apache'nin, bağlantıları + kabul etmek için kullanılan yerel soket adreslerini bilmesi gerekir. + Çoğu durumda bu çağrıyı bertaraf etmek mümkündür (hiç sanal konağın + olmadığı veya <code class="directive"><a href="../mod/mpm_common.html#listen">Listen</a></code> + yönergelerinin mutlak adreslerle kullanıldığı durumlarda). Fakat bu en + iyilemeleri yapmak için henüz bir çaba harcanmamıştır.</p> + + <div class="example"><p><code> + /65: brk(0x002170E8) = 0<br /> + /65: brk(0x002190E8) = 0 + </code></p></div> + + <p><code>brk(2)</code> çağrıları devingen bellekten bellek ayırır. httpd + çoğu isteği yerine getirirken özel bellek ayırıcılar + (<code>apr_pool</code> ve <code>apr_bucket_alloc</code>) kullandığından + bunlar bir sistem çağrısı izlemesinde nadiren görünür. Bu izlemede, + httpd henüz yeni başlatıldığından, özel bellek ayırıcıları oluşturmak + için ham bellek bloklarını ayırmak amacıyla <code>malloc(3)</code> + çağrıları yapması gerekir.</p> + + <div class="example"><p><code> +/65: fcntl(9, F_GETFL, 0x00000000) = 2<br /> +/65: fstat64(9, 0xFAF7B818) = 0<br /> +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0<br /> +/65: fstat64(9, 0xFAF7B818) = 0<br /> +/65: getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0<br /> +/65: setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0<br /> +/65: fcntl(9, F_SETFL, 0x00000082) = 0 + </code></p></div> + + <p>Ardından, worker evresi istemciye (dosya tanıtıcısı 9) engellenmeyen + kipte bir bağlantı açar. <code>setsockopt(2)</code> + ve <code>getsockopt(2)</code> çağrıları, Solaris libc'sinin soketler + üzerindeki <code>fcntl(2)</code> çağrısı yanında birer yan etkiden + ibarettirler.</p> + + <div class="example"><p><code> + /65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97 + </code></p></div> + + <p>Worker evresi istemciden isteği okur.</p> + + <div class="example"><p><code> +/65: stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0<br /> +/65: open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10 + </code></p></div> + + <p>Bu httpd <code>Options FollowSymLinks</code> ve <code>AllowOverride + None</code> ile yapılandırılmıştır. Bu bakımdan, ne istenen dosya ile + sonuçlanan yol üzerindeki her dizinde <code>lstat(2)</code> çağrısına ne + de <code>.htaccess</code> dosyalarına bakılmasına gerek vardır. + <code>stat(2)</code> çağrısı basitçe dosya için şunları doğrulamak + amacıyla yapılır: 1) dosya mevcuttur ve 2) bir dizin değil normal bir + dosyadır.</p> + + <div class="example"><p><code> + /65: sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C) = 10269 + </code></p></div> + + <p>Bu örnekte, httpd, istenen dosyayı ve HTTP yanıt başlığını tek bir + <code>sendfilev(2)</code> sistem çağrısı ile göndermektedir. Dosya + gönderim işleminin anlamı sistemden sisteme değişiklik gösterir. Bazı + sistemlerde, <code>sendfile(2)</code> çağrısından önce başlıkları + göndermek için <code>write(2)</code> veya <code>writev(2)</code> + çağrısı yapmak gerekir.</p> + + <div class="example"><p><code> + /65: write(4, " 1 2 7 . 0 . 0 . 1 - ".., 78) = 78 + </code></p></div> + + <p>Bu <code>write(2)</code> çağrısı isteği erişim günlüğüne kaydeder. Bu + izlemede eksik olan tek şey, <code>time(2)</code> çağrısıdır. Apache + 1.3'ün aksine, Apache 2.x zamana bakmak için + <code>gettimeofday(3)</code> çağırısını kullanır. Linux ve Solaris gibi + bazı işletim sistemleri, <code>gettimeofday</code> işlevinin, sıradan + bir sistem çağrısından daha fazla götürüsü olmayan en iyilenmiş bir + gerçeklenimine sahiptir.</p> + + <div class="example"><p><code> + /65: shutdown(9, 1, 1) = 0<br /> + /65: poll(0xFAF7B980, 1, 2000) = 1<br /> + /65: read(9, 0xFAF7BC20, 512) = 0<br /> + /65: close(9) = 0 + </code></p></div> + + <p>Burada worker evresi bağlantıyı zamana yaymaktadır.</p> + + <div class="example"><p><code> + /65: close(10) = 0<br /> + /65: lwp_park(0x00000000, 0) (uykuda...) + </code></p></div> + + <p>Son olarak, worker evresi teslim edilen dosyayı kapattıktan sonra + dinleyici evre tarafından başka bir bağlantı atanıncaya kadar beklemeye + alınır.</p> + + <div class="example"><p><code> + /67: accept(3, 0x001FEB74, 0x001FEB94, 1) (uykuda...) + </code></p></div> + + <p>Bu arada, dinleyici evre bağlantıyı bir worker evresine atar atamaz + başka bir bağlantıyı beklemeye başlar (Mevcut tüm evreler meşgulse + dinleyici evreyi baskılayan worker MPM'nin akış denetim şemasına konu + olur). Bu izlemede görünmüyor olsa da sonraki <code>accept(2)</code> + çağrısı, yeni bağlantı kabul eden worker evresine paralel olarak + yapılabilir (aşırı yük durumlarında normal olarak, bu yapılır).</p> + + </div></div> +<div class="bottomlang"> +<p><span>Mevcut Diller: </span><a href="../en/misc/perf-tuning.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/perf-tuning.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/perf-tuning.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/perf-tuning.html" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Yorum</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/perf-tuning.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/relevant_standards.html b/docs/manual/misc/relevant_standards.html new file mode 100644 index 0000000..9879960 --- /dev/null +++ b/docs/manual/misc/relevant_standards.html @@ -0,0 +1,13 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: relevant_standards.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 + +URI: relevant_standards.html.fr.utf8 +Content-Language: fr +Content-type: text/html; charset=UTF-8 + +URI: relevant_standards.html.ko.euc-kr +Content-Language: ko +Content-type: text/html; charset=EUC-KR diff --git a/docs/manual/misc/relevant_standards.html.en b/docs/manual/misc/relevant_standards.html.en new file mode 100644 index 0000000..c046d38 --- /dev/null +++ b/docs/manual/misc/relevant_standards.html.en @@ -0,0 +1,234 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Relevant Standards - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Relevant Standards</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/misc/relevant_standards.html" title="English"> en </a> | +<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> +</div> + + <p>This page documents all the relevant standards that the + Apache HTTP Server follows, along with brief descriptions.</p> + + <p>In addition to the information listed below, the following resources + should be consulted:</p> + + <ul> + <li> + <a href="http://purl.org/NET/http-errata"> + http://purl.org/NET/http-errata</a> - HTTP/1.1 Specification Errata + </li> + <li> + <a href="http://www.rfc-editor.org/errata.php"> + http://www.rfc-editor.org/errata.php</a> - RFC Errata + </li> + <li> + <a href="http://ftp.ics.uci.edu/pub/ietf/http/#RFC"> + http://ftp.ics.uci.edu/pub/ietf/http/#RFC</a> - A pre-compiled list + of HTTP related RFCs + </li> + </ul> + + <div class="warning"><h3>Notice</h3> + <p>This document is not yet complete.</p> + </div> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#http_recommendations">HTTP Recommendations</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#html_recommendations">HTML Recommendations</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#authentication">Authentication</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#language_country_codes">Language/Country Codes</a></li> +</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="http_recommendations" id="http_recommendations">HTTP Recommendations</a></h2> + + <p>Regardless of what modules are compiled and used, Apache as a + basic web server complies with the following IETF recommendations:</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc1945.txt">RFC 1945</a> + (Informational)</dt> + + <dd>The Hypertext Transfer Protocol (HTTP) is an application-level + protocol with the lightness and speed necessary for distributed, + collaborative, hypermedia information systems. This documents + HTTP/1.0.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC 2616</a> + (Standards Track)</dt> + + <dd>The Hypertext Transfer Protocol (HTTP) is an + application-level protocol for distributed, collaborative, + hypermedia information systems. This documents HTTP/1.1.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc2396.txt">RFC 2396</a> + (Standards Track)</dt> + + <dd>A Uniform Resource Identifier (URI) is a compact string of + characters for identifying an abstract or physical resource.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc4346.txt">RFC 4346</a> + (Standards Track)</dt> + + <dd>The TLS protocol provides communications security over the + Internet. It provides encryption, and is designed to prevent + eavesdropping, tampering, and message forgery.</dd> + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="html_recommendations" id="html_recommendations">HTML Recommendations</a></h2> + + <p>Regarding the Hypertext Markup Language, Apache complies with + the following IETF and W3C recommendations:</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc2854.txt">RFC 2854</a> + (Informational)</dt> + + <dd>This document summarizes the history of HTML development, + and defines the "text/html" MIME type by pointing to the relevant + W3C recommendations.</dd> + + <dt><a href="http://www.w3.org/TR/html401">HTML 4.01 Specification</a> + (<a href="http://www.w3.org/MarkUp/html4-updates/errata">Errata</a>) + </dt> + + <dd>This specification defines the HyperText Markup Language (HTML), + the publishing language of the World Wide Web. This specification + defines HTML 4.01, which is a subversion of HTML 4.</dd> + + <dt><a href="http://www.w3.org/TR/REC-html32">HTML 3.2 Reference + Specification</a></dt> + + <dd>The HyperText Markup Language (HTML) is a simple markup language + used to create hypertext documents that are portable from one + platform to another. HTML documents are SGML documents.</dd> + + <dt><a href="http://www.w3.org/TR/xhtml11/">XHTML 1.1 - + Module-based XHTML</a> + (<a href="http://www.w3.org/MarkUp/2009/xhtml11-2nd-edition-errata.html">Errata</a>) + </dt> + + <dd>This Recommendation defines a new XHTML document type + that is based upon the module framework and modules defined in + Modularization of XHTML.</dd> + + <dt><a href="http://www.w3.org/TR/xhtml1">XHTML 1.0 The + Extensible HyperText Markup Language (Second Edition)</a> + (<a href="http://www.w3.org/2002/08/REC-xhtml1-20020801-errata/">Errata</a>) + </dt> + + <dd>This specification defines the Second Edition of XHTML 1.0, + a reformulation of HTML 4 as an XML 1.0 application, and three + DTDs corresponding to the ones defined by HTML 4.</dd> + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="authentication" id="authentication">Authentication</a></h2> + + <p>Concerning the different methods of authentication, Apache + follows the following IETF recommendations:</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc2617.txt">RFC 2617</a> + (Standards Track)</dt> + + <dd>"HTTP/1.0", includes the specification for a Basic + Access Authentication scheme.</dd> + + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="language_country_codes" id="language_country_codes">Language/Country Codes</a></h2> + + <p>The following links document ISO and other language and country + code information:</p> + + <dl> + <dt><a href="http://www.loc.gov/standards/iso639-2/">ISO 639-2</a></dt> + + <dd>ISO 639 provides two sets of language codes, one as a two-letter + code set (639-1) and another as a three-letter code set (this part + of ISO 639) for the representation of names of languages.</dd> + + <dt><a href="http://www.iso.org/iso/country_codes"> + ISO 3166-1</a></dt> + + <dd>These pages document the country names (official short names + in English) in alphabetical order as given in ISO 3166-1 and the + corresponding ISO 3166-1-alpha-2 code elements.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">BCP 47</a> + (Best Current Practice), + <a href="http://www.rfc-editor.org/rfc/rfc3066.txt">RFC 3066</a></dt> + + <dd>This document describes a language tag for use in cases where + it is desired to indicate the language used in an information + object, how to register values for use in this language tag, + and a construct for matching such language tags.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc3282.txt">RFC 3282</a> + (Standards Track)</dt> + + <dd>This document defines a "Content-language:" header, for use in + cases where one desires to indicate the language of something that + has RFC 822-like headers, like MIME body parts or Web documents, + and an "Accept-Language:" header for use in cases where one wishes + to indicate one's preferences with regard to language.</dd> + </dl> + + </div></div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/misc/relevant_standards.html" title="English"> en </a> | +<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/relevant_standards.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/relevant_standards.html.fr.utf8 b/docs/manual/misc/relevant_standards.html.fr.utf8 new file mode 100644 index 0000000..30aefbe --- /dev/null +++ b/docs/manual/misc/relevant_standards.html.fr.utf8 @@ -0,0 +1,253 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Standards applicables - Serveur HTTP Apache Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="apache">Serveur HTTP Apache Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Standards applicables</h1> +<div class="toplang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/relevant_standards.html" title="Français"> fr </a> | +<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> +</div> + + <p>Cette page documente tous les standards applicables que suit le + serveur HTTP Apache, accompagnés d'une brève description.</p> + + <p>Pour compléter les informations fournies ci-dessous, vous pouvez + consulter les ressources suivantes :</p> + + <ul> + <li> + <a href="http://purl.org/NET/http-errata"> + http://purl.org/NET/http-errata</a> - Corrections de la + spécification HTTP/1.1 + </li> + <li> + <a href="http://www.rfc-editor.org/errata.php"> + http://www.rfc-editor.org/errata.php</a> - Corrections des RFCs + </li> + <li> + <a href="http://ftp.ics.uci.edu/pub/ietf/http/#RFC"> + http://ftp.ics.uci.edu/pub/ietf/http/#RFC</a> - Une liste + précompilée des RFCs en rapport avec HTTP + </li> + </ul> + + <div class="warning"><h3>Avertissement</h3> + <p>Ce document n'est pas encore finalisé.</p> + </div> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#http_recommendations">Recommandations HTTP</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#html_recommendations">Recommandations HTML</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#authentication">Authentification</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#language_country_codes">Codes de langues et de + pays</a></li> +</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="http_recommendations" id="http_recommendations">Recommandations HTTP</a></h2> + + <p>Indépendamment des modules compilés et utilisés, Apache en + tant que serveur web de base respecte les recommandations IETF + suivantes :</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc1945.txt">RFC 1945</a> + (Informations)</dt> + + <dd>Le Protocole de Transfert Hypertexte (Hypertext Transfer + Protocol - HTTP) est un protocole de niveau application avec la + clarté et la vitesse nécessaires pour les systèmes d'informations + distribués, collaboratifs et hypermédia. Cette RFC documente le + protocole HTTP/1.0.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC 2616</a> + (Série de standards)</dt> + + <dd>Le Protocole de Transfert Hypertexte (Hypertext Transfer + Protocol - HTTP) est un protocole de niveau application pour les + systèmes d'informations distribués, collaboratifs et hypermédia. + Cette RFC documente le protocole HTTP/1.1.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc2396.txt">RFC 2396</a> + (Série de standards)</dt> + + <dd>Un Identificateur de Ressource Uniforme (Uniform Resource + Identifier - URI) est une chaîne de caractères compacte permettant + d'identifier une ressource physique ou abstraite.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc4346.txt">RFC 4346</a> + (Série de standards)</dt> + + <dd>Le protocole TLS permet l'utilisation de communications + sécurisées sur l'Internet. Il fournit le chiffrement, et a été + conçu pour se prémunir contre l'interception, la modification et + la falsification de messages.</dd> + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="html_recommendations" id="html_recommendations">Recommandations HTML</a></h2> + + <p>En ce qui concerne le langage HTML, Apache respecte les + recommandations IETF et W3C suivantes :</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc2854.txt">RFC 2854</a> + (Informations)</dt> + + <dd>Ce document résume l'historique du développement de HTML, et + définit le type MIME "text/html" en pointant les recommandations + W3C correspondantes.</dd> + + <dt><a href="http://www.w3.org/TR/html401">Spécification HTML + 4.01</a> + (<a href="http://www.w3.org/MarkUp/html4-updates/errata">Corrections + d'erreurs</a>) + </dt> + + <dd>Cette spécification définit le Langage à Balises HyperTexte + (HyperText Markup Language - HTML), le langage de publication du + World Wide Web. Elle définit HTML 4.01, qui est une sous-version + de HTML 4.</dd> + + <dt><a href="http://www.w3.org/TR/REC-html32">Référence HTML + 3.2</a></dt> + + <dd>Le langage à Balises HyperTexte (HyperText Markup Language - + HTML) est un langage à balises simple permettant de créer des + documents hypertextes portables. Les documents HTML sont aussi des + documents SGML.</dd> + + <dt><a href="http://www.w3.org/TR/xhtml11/">XHTML 1.1 - + XHTML sous forme de modules</a> + (<a href="http://www.w3.org/MarkUp/2009/xhtml11-2nd-edition-errata.html">Corrections + d'erreurs</a>) + </dt> + + <dd>Cette recommandation définit un nouveau type de document XHTML + basé sur le cadre de développement des modules et les modules + définis dans la modularisation de XHTML.</dd> + + <dt><a href="http://www.w3.org/TR/xhtml1">XHTML 1.0, le Langage à + Balises Hypertexte Extensible (Extensible HyperText Markup + Language) - Seconde édition</a> + (<a href="http://www.w3.org/2002/08/REC-xhtml1-20020801-errata/">Corrections + d'erreurs</a>) + </dt> + + <dd>Cette spécification définit la seconde édition de XHTML 1.0, + une reformulation de HTML 4 en tant qu'application XML 1.0, ainsi + que trois DTDs correspondant à celles définies par HTML 4.</dd> + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="authentication" id="authentication">Authentification</a></h2> + + <p>En ce qui concerne les différentes méthodes d'authentification, + Apache respecte les recommandations IETF suivantes :</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc2617.txt">RFC 2617</a> + (Le track des standards)</dt> + + <dd>"HTTP/1.0", y compris la spécification d'un protocole basique + d'authentification et de contrôle d'accès.</dd> + + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="language_country_codes" id="language_country_codes">Codes de langues et de + pays</a></h2> + + <p>Les liens suivants fournissent des informations à propos des + codes de langues et de pays aux normes ISO ou autres :</p> + + <dl> + <dt><a href="http://www.loc.gov/standards/iso639-2/">ISO 639-2</a></dt> + + <dd>ISO 639 fournit deux jeux de codes de langues permettant de + représenter les noms des langues ; le premier est + un jeu de codes sur deux lettres (639-1), le second (celui + présenté dans le lien ci-dessus), est un jeu de codes sur trois + lettres (639-2).</dd> + + <dt><a href="http://www.iso.org/iso/country_codes"> + ISO 3166-1</a></dt> + + <dd>Ce document présente les noms de pays (les noms raccourcis + officiels en anglais) dans l'ordre alphabétique, tels qu'ils sont + présentés dans la norme ISO 3166-1 et les éléments de codes + correspondants de la norme ISO 3166-1-alpha-2.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">BCP 47</a> + (Les meilleurs pratiques courantes), + <a href="http://www.rfc-editor.org/rfc/rfc3066.txt">RFC 3066</a></dt> + + <dd>Ce document décrit une balise de langue permettant de + spécifier la langue utilisé dans un objet contenant des + informations, la manière d'enregistrer des valeurs à utiliser dans + cette balise de langage, et une méthode pour comparer les balises + de langue de ce style.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc3282.txt">RFC 3282</a> + (Série de standards)</dt> + + <dd>Ce document définit un en-tête "Content-language:" permettant + de spécifier le langage d'un élément possédant des en-têtes du + style RFC 822, comme les portions de corps MIME ou les documents + Web, et un en-tête "Accept-Language:" permettant de spécifier des + préférences en matière de langue.</dd> + </dl> + + </div></div> +<div class="bottomlang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/relevant_standards.html" title="Français"> fr </a> | +<a href="../ko/misc/relevant_standards.html" hreflang="ko" rel="alternate" title="Korean"> ko </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/relevant_standards.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/relevant_standards.html.ko.euc-kr b/docs/manual/misc/relevant_standards.html.ko.euc-kr new file mode 100644 index 0000000..aed4cd6 --- /dev/null +++ b/docs/manual/misc/relevant_standards.html.ko.euc-kr @@ -0,0 +1,221 @@ +<?xml version="1.0" encoding="EUC-KR"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head> +<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title> ǥ - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1> ǥ</h1> +<div class="toplang"> +<p><span> : </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/relevant_standards.html" title="Korean"> ko </a></p> +</div> +<div class="outofdate"> ֽ ƴմϴ. + ֱٿ ϼ.</div> + + <p> Բ ġ + ǥ Ѵ.</p> + + <p>Ʒ Ͽ ڷᵵ Ѵ:</p> + + <ul> + <li> + <a href="http://purl.org/NET/http-errata"> + http://purl.org/NET/http-errata</a> - HTTP/1.1 Ծ + ǥ + </li> + <li> + <a href="http://www.rfc-editor.org/errata.html"> + http://www.rfc-editor.org/errata.html</a> - RFC ǥ + </li> + <li> + <a href="http://ftp.ics.uci.edu/pub/ietf/http/#RFC"> + http://ftp.ics.uci.edu/pub/ietf/http/#RFC</a> - HTTP + RFC + </li> + </ul> + + <div class="warning"><h3></h3> + <p> ʴ.</p> + </div> + + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#http_recommendations">HTTP ǰ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#html_recommendations">HTML ǰ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#authentication"></a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#language_country_codes">/ ڵ</a></li> +</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="http_recommendations" id="http_recommendations">HTTP ǰ</a></h2> + + <p> ϰ ϴ ⺻ + ġ IETF ǰ(recommendation) :</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc1945.txt">RFC 1945</a> + (Informational)</dt> + + <dd>ؽƮ (Hypertext Transfer Protocol, + HTTP) л, , ۸ü ýۿ ʿ + ø̼ (application-level) ̴. + HTTP/1.0 Ѵ.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc2616.txt">RFC 2616</a> + (Standards Track)</dt> + + <dd>ؽƮ (Hypertext Transfer Protocol, + HTTP) л, , ۸ü ý ø̼ + ̴. HTTP/1.1 Ѵ.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc2396.txt">RFC 2396</a> + (Standards Track)</dt> + + <dd>ǥ ڿ ĺ (Uniform Resource Identifier, URI) + Ȥ ڿ ĺϱ ª ڿ̴.</dd> + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="html_recommendations" id="html_recommendations">HTML ǰ</a></h2> + + <p>ؽƮ ũ (Hypertext Markup Language, + HTML) Ͽ ġ IETF ǰ W3C ǰ :</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc2854.txt">RFC 2854</a> + (Informational)</dt> + + <dd> HTML ߰ ϰ, W3C ǰ + "text/html" MIME type Ѵ.</dd> + + <dt><a href="http://www.w3.org/TR/html401">HTML 4.01 Ծ</a> + (<a href="http://www.w3.org/MarkUp/html4-updates/errata">Errata</a>) + </dt> + + <dd> Ծ ̵ Ǿ ؽƮ ũ + (Hypertext Markup Language, HTML) Ѵ. + Ծ HTML 4 HTML 4.01 Ѵ.</dd> + + <dt><a href="http://www.w3.org/TR/REC-html32">HTML 3.2 Ծ</a></dt> + + <dd>ؽƮ ũ (Hypertext Markup Language, + HTML) ÷ ؽƮ + ũ ̴. HTML SGML ̱ ϴ.</dd> + + <dt><a href="http://www.w3.org/TR/xhtml11/">XHTML 1.1 - + XHTML</a> + (<a href="http://www.w3.org/2001/04/REC-xhtml-modularization-20060410-errata">ǥ</a>) + </dt> + + <dd> ǰ Modularization of XHTML + ÷ӿũ ο XHTML document type + Ѵ.</dd> + + <dt><a href="http://www.w3.org/TR/xhtml1">XHTML 1.0 + Ȯ ؽƮ ũ (Extensible HyperText Markup + Language) (Second Edition)</a> + (<a href="http://www.w3.org/2002/08/REC-xhtml1-20060801-errata">ǥ</a>) + </dt> + + <dd> HTML 4 XML 1.0 籸 XHTML 1.0 + ι° HTML 4 شϴ DTD Ѵ.</dd> + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="authentication" id="authentication"></a></h2> + + <p> ġ IETF ǰ :</p> + + <dl> + <dt><a href="http://www.rfc-editor.org/rfc/rfc2617.txt">RFC 2617</a> + (Draft standard)</dt> + + <dd>Basic Access Authentication Ծ "HTTP/1.0".</dd> + + </dl> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="language_country_codes" id="language_country_codes">/ ڵ</a></h2> + + <p>Ʒ ũ ISO ٸ / ڵ ִ:</p> + + <dl> + <dt><a href="http://www.loc.gov/standards/iso639-2/">ISO 639-2</a></dt> + + <dd>ISO 639 ̸ Ÿ ΰ ڵ带 + Ѵ. ϳ (639-1) ڵ̰ ٸ ϳ + ( ) ڵ̴.</dd> + + <dt><a href="http://www.iso.ch/iso/en/prods-services/iso3166ma/02iso-3166-code-lists/index.html"> + ISO 3166-1</a></dt> + + <dd> ISO 3166-1 ISO 3166-1-alpha-2 ڵ忡 + ĺ ( ª ̸) Ѵ.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/bcp/bcp47.txt">BCP 47</a> + (Best Current Practice), + <a href="http://www.rfc-editor.org/rfc/rfc3066.txt">RFC 3066</a></dt> + + <dd> ü ˸ + ± ± ϴ , + ± ã Ѵ.</dd> + + <dt><a href="http://www.rfc-editor.org/rfc/rfc3282.txt">RFC 3282</a> + (Standards Track)</dt> + + <dd> MIME κа RFC 822 + ִ ˸ "Content-language:" + , ȣϴ Ÿ "Accept-Language:" + Ѵ.</dd> + </dl> + + </div></div> +<div class="bottomlang"> +<p><span> : </span><a href="../en/misc/relevant_standards.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/relevant_standards.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/relevant_standards.html" title="Korean"> ko </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/relevant_standards.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/security_tips.html b/docs/manual/misc/security_tips.html new file mode 100644 index 0000000..bb9a427 --- /dev/null +++ b/docs/manual/misc/security_tips.html @@ -0,0 +1,17 @@ +# GENERATED FROM XML -- DO NOT EDIT + +URI: security_tips.html.en +Content-Language: en +Content-type: text/html; charset=ISO-8859-1 + +URI: security_tips.html.fr.utf8 +Content-Language: fr +Content-type: text/html; charset=UTF-8 + +URI: security_tips.html.ko.euc-kr +Content-Language: ko +Content-type: text/html; charset=EUC-KR + +URI: security_tips.html.tr.utf8 +Content-Language: tr +Content-type: text/html; charset=UTF-8 diff --git a/docs/manual/misc/security_tips.html.en b/docs/manual/misc/security_tips.html.en new file mode 100644 index 0000000..2e473d0 --- /dev/null +++ b/docs/manual/misc/security_tips.html.en @@ -0,0 +1,492 @@ +<?xml version="1.0" encoding="ISO-8859-1"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head> +<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Security Tips - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1>Security Tips</h1> +<div class="toplang"> +<p><span>Available Languages: </span><a href="../en/misc/security_tips.html" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Trke"> tr </a></p> +</div> + + <p>Some hints and tips on security issues in setting up a web server. + Some of the suggestions will be general, others specific to Apache.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Keep up to Date</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dos">Denial of Service (DoS) attacks</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#serverroot">Permissions on ServerRoot Directories</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI in General</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">Non Script Aliased CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">Script Aliased CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Other sources of dynamic content</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Dynamic content security</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protecting System Settings</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protect Server Files by Default</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Watching Your Logs</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#merging">Merging of configuration sections</a></li> +</ul><h3>See also</h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="uptodate" id="uptodate">Keep up to Date</a></h2> + + <p>The Apache HTTP Server has a good record for security and a + developer community highly concerned about security issues. But + it is inevitable that some problems -- small or large -- will be + discovered in software after it is released. For this reason, it + is crucial to keep aware of updates to the software. If you have + obtained your version of the HTTP Server directly from Apache, we + highly recommend you subscribe to the <a href="http://httpd.apache.org/lists.html#http-announce">Apache + HTTP Server Announcements List</a> where you can keep informed of + new releases and security updates. Similar services are available + from most third-party distributors of Apache software.</p> + + <p>Of course, most times that a web server is compromised, it is + not because of problems in the HTTP Server code. Rather, it comes + from problems in add-on code, CGI scripts, or the underlying + Operating System. You must therefore stay aware of problems and + updates with all the software on your system.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dos" id="dos">Denial of Service (DoS) attacks</a></h2> + + + + <p>All network servers can be subject to denial of service attacks + that attempt to prevent responses to clients by tying up the + resources of the server. It is not possible to prevent such + attacks entirely, but you can do certain things to mitigate the + problems that they create.</p> + + <p>Often the most effective anti-DoS tool will be a firewall or + other operating-system configurations. For example, most + firewalls can be configured to restrict the number of simultaneous + connections from any individual IP address or network, thus + preventing a range of simple attacks. Of course this is no help + against Distributed Denial of Service attacks (DDoS).</p> + + <p>There are also certain Apache HTTP Server configuration + settings that can help mitigate problems:</p> + + <ul> + <li>The <code class="directive"><a href="../mod/mod_reqtimeout.html#requestreadtimeout">RequestReadTimeout</a></code> + directive allows to limit the time a client may take to send the + request.</li> + + <li>The <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> directive + should be lowered on sites that are subject to DoS attacks. + Setting this to as low as a few seconds may be appropriate. + As <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> is currently + used for several different operations, setting it to a low value + introduces problems with long running CGI scripts.</li> + + <li>The <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> + directive may be also lowered on sites that are subject to DoS + attacks. Some sites even turn off the keepalives completely via + <code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code>, which has of course + other drawbacks on performance.</li> + + <li>The values of various timeout-related directives provided by + other modules should be checked.</li> + + <li>The directives + <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestfieldsize">LimitRequestFieldSize</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code>, and + <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code> + should be carefully configured to limit resource consumption + triggered by client input.</li> + + <li>On operating systems that support it, make sure that you use + the <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> directive + to offload part of the request processing to the operating + system. This is active by default in Apache httpd, but may + require reconfiguration of your kernel.</li> + + <li>Tune the <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> directive to allow + the server to handle the maximum number of simultaneous + connections without running out of resources. See also the <a href="perf-tuning.html">performance tuning + documentation</a>.</li> + + <li>The use of a threaded <a href="../mpm.html">mpm</a> may + allow you to handle more simultaneous connections, thereby + mitigating DoS attacks. Further, the + <code class="module"><a href="../mod/event.html">event</a></code> mpm + uses asynchronous processing to avoid devoting a thread to each + connection. Due to the nature of the OpenSSL library the + <code class="module"><a href="../mod/event.html">event</a></code> mpm is currently incompatible with + <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> and other input filters. In these + cases it falls back to the behaviour of the + <code class="module"><a href="../mod/worker.html">worker</a></code> mpm.</li> + + <li>There are a number of third-party modules available through + <a href="http://modules.apache.org/">http://modules.apache.org/</a> + that can restrict certain client behaviors and thereby mitigate + DoS problems.</li> + + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="serverroot" id="serverroot">Permissions on ServerRoot Directories</a></h2> + + + + <p>In typical operation, Apache is started by the root user, and it + switches to the user defined by the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive to serve hits. As is the + case with any command that root executes, you must take care that it is + protected from modification by non-root users. Not only must the files + themselves be writeable only by root, but so must the directories, and + parents of all directories. For example, if you choose to place + ServerRoot in <code>/usr/local/apache</code> then it is suggested that + you create that directory as root, with commands like these:</p> + + <div class="example"><p><code> + mkdir /usr/local/apache <br /> + cd /usr/local/apache <br /> + mkdir bin conf logs <br /> + chown 0 . bin conf logs <br /> + chgrp 0 . bin conf logs <br /> + chmod 755 . bin conf logs + </code></p></div> + + <p>It is assumed that <code>/</code>, <code>/usr</code>, and + <code>/usr/local</code> are only modifiable by root. When you install the + <code class="program"><a href="../programs/httpd.html">httpd</a></code> executable, you should ensure that it is + similarly protected:</p> + + <div class="example"><p><code> + cp httpd /usr/local/apache/bin <br /> + chown 0 /usr/local/apache/bin/httpd <br /> + chgrp 0 /usr/local/apache/bin/httpd <br /> + chmod 511 /usr/local/apache/bin/httpd + </code></p></div> + + <p>You can create an htdocs subdirectory which is modifiable by other + users -- since root never executes any files out of there, and shouldn't + be creating files in there.</p> + + <p>If you allow non-root users to modify any files that root either + executes or writes on then you open your system to root compromises. + For example, someone could replace the <code class="program"><a href="../programs/httpd.html">httpd</a></code> binary so + that the next time you start it, it will execute some arbitrary code. If + the logs directory is writeable (by a non-root user), someone could replace + a log file with a symlink to some other system file, and then root + might overwrite that file with arbitrary data. If the log files + themselves are writeable (by a non-root user), then someone may be + able to overwrite the log itself with bogus data.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="ssi" id="ssi">Server Side Includes</a></h2> + + + + <p>Server Side Includes (SSI) present a server administrator with + several potential security risks.</p> + + <p>The first risk is the increased load on the server. All + SSI-enabled files have to be parsed by Apache, whether or not + there are any SSI directives included within the files. While this + load increase is minor, in a shared server environment it can become + significant.</p> + + <p>SSI files also pose the same risks that are associated with CGI + scripts in general. Using the <code>exec cmd</code> element, SSI-enabled + files can execute any CGI script or program under the permissions of the + user and group Apache runs as, as configured in + <code>httpd.conf</code>.</p> + + <p>There are ways to enhance the security of SSI files while still + taking advantage of the benefits they provide.</p> + + <p>To isolate the damage a wayward SSI file can cause, a server + administrator can enable <a href="../suexec.html">suexec</a> as + described in the <a href="#cgi">CGI in General</a> section.</p> + + <p>Enabling SSI for files with <code>.html</code> or <code>.htm</code> + extensions can be dangerous. This is especially true in a shared, or high + traffic, server environment. SSI-enabled files should have a separate + extension, such as the conventional <code>.shtml</code>. This helps keep + server load at a minimum and allows for easier management of risk.</p> + + <p>Another solution is to disable the ability to run scripts and + programs from SSI pages. To do this replace <code>Includes</code> + with <code>IncludesNOEXEC</code> in the <code class="directive"><a href="../mod/core.html#options">Options</a></code> directive. Note that users may + still use <code><--#include virtual="..." --></code> to execute CGI + scripts if these scripts are in directories designated by a <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> directive.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="cgi" id="cgi">CGI in General</a></h2> + + + + <p>First of all, you always have to remember that you must trust the + writers of the CGI scripts/programs or your ability to spot potential + security holes in CGI, whether they were deliberate or accidental. CGI + scripts can run essentially arbitrary commands on your system with the + permissions of the web server user and can therefore be extremely + dangerous if they are not carefully checked.</p> + + <p>All the CGI scripts will run as the same user, so they have potential + to conflict (accidentally or deliberately) with other scripts e.g. User + A hates User B, so he writes a script to trash User B's CGI database. One + program which can be used to allow scripts to run as different users is + <a href="../suexec.html">suEXEC</a> which is included with Apache as of + 1.2 and is called from special hooks in the Apache server code. Another + popular way of doing this is with + <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a>.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="nsaliasedcgi" id="nsaliasedcgi">Non Script Aliased CGI</a></h2> + + + + <p>Allowing users to execute CGI scripts in any directory should only be + considered if:</p> + + <ul> + <li>You trust your users not to write scripts which will deliberately + or accidentally expose your system to an attack.</li> + <li>You consider security at your site to be so feeble in other areas, + as to make one more potential hole irrelevant.</li> + <li>You have no users, and nobody ever visits your server.</li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="saliasedcgi" id="saliasedcgi">Script Aliased CGI</a></h2> + + + + <p>Limiting CGI to special directories gives the admin control over what + goes into those directories. This is inevitably more secure than non + script aliased CGI, but only if users with write access to the + directories are trusted or the admin is willing to test each + new CGI script/program for potential security holes.</p> + + <p>Most sites choose this option over the non script aliased CGI + approach.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dynamic" id="dynamic">Other sources of dynamic content</a></h2> + + + + <p>Embedded scripting options which run as part of the server itself, + such as <code>mod_php</code>, <code>mod_perl</code>, <code>mod_tcl</code>, + and <code>mod_python</code>, run under the identity of the server itself + (see the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive), and + therefore scripts executed by these engines potentially can access anything + the server user can. Some scripting engines may provide restrictions, but + it is better to be safe and assume not.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dynamicsec" id="dynamicsec">Dynamic content security</a></h2> + + + + <p>When setting up dynamic content, such as <code>mod_php</code>, + <code>mod_perl</code> or <code>mod_python</code>, many security considerations + get out of the scope of <code>httpd</code> itself, and you need to consult + documentation from those modules. For example, PHP lets you setup <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Safe Mode</a>, + which is most usually disabled by default. Another example is <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>, a PHP addon for more + security. For more information about those, consult each project + documentation.</p> + + <p>At the Apache level, a module named <a href="http://modsecurity.org/">mod_security</a> + can be seen as a HTTP firewall and, provided you configure it finely enough, + can help you enhance your dynamic content security.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="systemsettings" id="systemsettings">Protecting System Settings</a></h2> + + + + <p>To run a really tight ship, you'll want to stop users from setting + up <code>.htaccess</code> files which can override security features + you've configured. Here's one way to do it.</p> + + <p>In the server configuration file, put</p> + + <pre class="prettyprint lang-config"><Directory "/"> + AllowOverride None +</Directory></pre> + + + <p>This prevents the use of <code>.htaccess</code> files in all + directories apart from those specifically enabled.</p> + + <p>Note that this setting is the default since Apache 2.3.9.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="protectserverfiles" id="protectserverfiles">Protect Server Files by Default</a></h2> + + + + <p>One aspect of Apache which is occasionally misunderstood is the + feature of default access. That is, unless you take steps to change it, + if the server can find its way to a file through normal URL mapping + rules, it can serve it to clients.</p> + + <p>For instance, consider the following example:</p> + + <div class="example"><p><code> + # cd /; ln -s / public_html <br /> + Accessing <code>http://localhost/~root/</code> + </code></p></div> + + <p>This would allow clients to walk through the entire filesystem. To + work around this, add the following block to your server's + configuration:</p> + + <pre class="prettyprint lang-config"><Directory "/"> + Require all denied +</Directory></pre> + + + <p>This will forbid default access to filesystem locations. Add + appropriate <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> blocks to + allow access only in those areas you wish. For example,</p> + + <pre class="prettyprint lang-config"><Directory "/usr/users/*/public_html"> + Require all granted +</Directory> +<Directory "/usr/local/httpd"> + Require all granted +</Directory></pre> + + + <p>Pay particular attention to the interactions of <code class="directive"><a href="../mod/core.html#location">Location</a></code> and <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> directives; for instance, even + if <code><Directory "/"></code> denies access, a <code> + <Location "/"></code> directive might overturn it.</p> + + <p>Also be wary of playing games with the <code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> directive; setting it to + something like <code>./</code> would have the same effect, for root, as + the first example above. We strongly + recommend that you include the following line in your server + configuration files:</p> + + <pre class="prettyprint lang-config">UserDir disabled root</pre> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="watchyourlogs" id="watchyourlogs">Watching Your Logs</a></h2> + + + + <p>To keep up-to-date with what is actually going on against your server + you have to check the <a href="../logs.html">Log Files</a>. Even though + the log files only reports what has already happened, they will give you + some understanding of what attacks is thrown against the server and + allow you to check if the necessary level of security is present.</p> + + <p>A couple of examples:</p> + + <div class="example"><p><code> + grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br /> + grep "client denied" error_log | tail -n 10 + </code></p></div> + + <p>The first example will list the number of attacks trying to exploit the + <a href="http://online.securityfocus.com/bid/4876/info/">Apache Tomcat + Source.JSP Malformed Request Information Disclosure Vulnerability</a>, + the second example will list the ten last denied clients, for example:</p> + + <div class="example"><p><code> + [Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied + by server configuration: /usr/local/apache/htdocs/.htpasswd + </code></p></div> + + <p>As you can see, the log files only report what already has happened, so + if the client had been able to access the <code>.htpasswd</code> file you + would have seen something similar to:</p> + + <div class="example"><p><code> + foo.example.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" + </code></p></div> + + <p>in your <a href="../logs.html#accesslog">Access Log</a>. This means + you probably commented out the following in your server configuration + file:</p> + + <pre class="prettyprint lang-config"><Files ".ht*"> + Require all denied +</Files></pre> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="merging" id="merging">Merging of configuration sections</a></h2> + + + + <p> The merging of configuration sections is complicated and sometimes + directive specific. Always test your changes when creating dependencies + on how directives are merged.</p> + + <p> For modules that don't implement any merging logic, such as + <code class="directive">mod_access_compat</code>, the behavior in later sections + depends on whether the later section has any directives + from the module. The configuration is inherited until a change is made, + at which point the configuration is <em>replaced</em> and not merged.</p> + </div></div> +<div class="bottomlang"> +<p><span>Available Languages: </span><a href="../en/misc/security_tips.html" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Franais"> fr </a> | +<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Trke"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/security_tips.html.fr.utf8 b/docs/manual/misc/security_tips.html.fr.utf8 new file mode 100644 index 0000000..67a8a8e --- /dev/null +++ b/docs/manual/misc/security_tips.html.fr.utf8 @@ -0,0 +1,513 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="fr" xml:lang="fr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Conseils sur la sécurité - Serveur HTTP Apache Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p> +<p class="apache">Serveur HTTP Apache Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">Serveur HTTP</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Documentations diverses</a></div><div id="page-content"><div id="preamble"><h1>Conseils sur la sécurité</h1> +<div class="toplang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" title="Français"> fr </a> | +<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> + + <p>Ce document propose quelques conseils et astuces concernant les + problèmes de sécurité liés + à l'installation d'un serveur web. Certaines suggestions seront à caractère + général, tandis que d'autres seront spécifiques à Apache.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Maintenez votre serveur à jour</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dos">Attaques de type "Déni de service" + (Denial of Service - DoS)</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#serverroot">Permissions sur les répertoires de la racine du serveur</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Inclusions côté serveur</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#cgi">Les CGI en général</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">CGI sans alias de script</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">CGI avec alias de script</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Autres sources de contenu dynamique</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Protection de la configuration du système</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Protection par défaut des fichiers du serveur</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Surveillez vos journaux</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#merging">Fusion des sections de configuration</a></li> +</ul><h3>Voir aussi</h3><ul class="seealso"><li><a href="#comments_section">Commentaires</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="uptodate" id="uptodate">Maintenez votre serveur à jour</a></h2> + + <p>Le serveur HTTP Apache a une bonne réputation en matière de sécurité + et possède une communauté de développeurs très sensibilisés aux problèmes + de sécurité. Mais il est inévitable de trouver certains problèmes + -- petits ou grands -- une fois le logiciel mis à disposition. C'est pour + cette raison qu'il est crucial de se tenir informé des mises à jour. Si + vous avez obtenu votre version du serveur HTTP directement depuis Apache, + nous vous conseillons grandement de vous abonner à la <a href="http://httpd.apache.org/lists.html#http-announce">Liste de diffusion + des annonces du serveur HTTP</a> qui vous informera de + la parution des nouvelles versions et des mises à jour de sécurité. La + plupart des distributeurs tiers d'Apache fournissent des services + similaires.</p> + + <p>Gardez cependant à l'esprit que lorsqu'un serveur web est compromis, le + code du serveur HTTP n'est la plupart du temps pas en cause. Les problèmes + proviennent plutôt de code ajouté, de scripts CGI, ou du système + d'exploitation sous-jacent. Vous devez donc vous tenir informé des + problèmes et mises à jour concernant tous les logiciels présents sur + votre système.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dos" id="dos">Attaques de type "Déni de service" + (Denial of Service - DoS)</a></h2> + + + + <p>Tous les services réseau peuvent faire l'objet d'attaques de type + "Déni de service" qui tentent de les empêcher de répondre aux clients en + saturant leurs ressources. Il est impossible de se prémunir totalement + contre ce type d'attaques, mais vous pouvez accomplir certaines actions + afin de minimiser les problèmes qu'elles créent.</p> + + <p>Souvent, l'outil anti-DoS le plus efficace sera constitué par le + pare-feu ou certaines configurations du système d'exploitation. Par + exemple, la plupart des pare-feu peuvent être configurés de façon à + limiter le nombre de connexions simultanées depuis une adresse IP ou un + réseau, ce qui permet de prévenir toute une gamme d'attaques simples. + Bien sûr, ceci n'est d'aucun secours contre les attaques de type + "Déni de service" distribuées (DDoS).</p> + + <p>Certains réglages de la configuration d'Apache peuvent aussi + minimiser les problèmes :</p> + + <ul> + <li>La directive <code class="directive"><a href="../mod/mod_reqtimeout.html#requestreadtimeout">RequestReadTimeout</a></code> permet de + limiter le temps que met le client pour envoyer sa requête.</li> + + <li>La valeur de la directive + <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> doit être diminuée sur les + sites sujets aux attaques DoS. Une valeur de quelques secondes devrait + convenir. Cependant, comme <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> + est actuellement concerné par de nombreuses opérations différentes, lui + attribuer une valeur trop faible peut provoquer des problèmes avec les + scripts CGI qui présentent un long temps de réponse.</li> + + <li>La valeur de la directive + <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> doit aussi être + diminuée sur les sites sujets aux attaques DoS. Certains sites + désactivent même complètement le "maintien en vie" (keepalives) + à l'aide de la directive + <code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code>, ce qui bien sûr + présente des inconvénients en matière de performances.</li> + + <li>Les valeurs des différentes directives fournies par d'autres modules + et en rapport avec des délais doivent aussi être vérifiées.</li> + + <li>Les directives + <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestfieldsize">LimitRequestFieldSize</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code>, et + <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code> doivent être + configurées avec prudence afin de limiter la consommation de ressources + induite par les demandes des clients. + </li> + + <li>Sur les systèmes d'exploitation qui le supportent, assurez-vous que + la directive <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> est + activée afin de déléguer une partie du traitement des requêtes au + système d'exploitation. Elle est activée par défaut dans le démon httpd + d'Apache, mais peut nécessiter une reconfiguration de votre noyau.</li> + + <li>Optimisez la directive <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> de façon à définir le nombre + maximum de connexions simultanées au dessus duquel les ressources + s'épuisent. Voir aussi la <a href="perf-tuning.html">documentation sur l'optimisation des + performances</a>.</li> + + <li>L'utilisation d'un <a href="../mpm.html">module mpm</a> threadé + vous permet de traiter d'avantage de connexions simultanées, ce qui + minimise l'effet des attaques DoS. Dans le futur, le module mpm + <code class="module"><a href="../mod/event.html">event</a></code> utilisera un traitement asynchrone afin de ne pas + dédier un thread à chaque connexion. De par la + nature de la bibliothèque OpenSSL, le module mpm <code class="module"><a href="../mod/event.html">event</a></code> est actuellement incompatible + avec le module <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ainsi que d'autres filtres + en entrée. Dans ces cas, son comportement se ramène à celui + du module mpm <code class="module"><a href="../mod/worker.html">worker</a></code>.</li> + + <li>Il existe de nombreux modules tiers disponibles à <a href="http://modules.apache.org/">http://modules.apache.org/</a> qui + peuvent retreindre les comportements de certains clients et ainsi + minimiser les problèmes de DoS.</li> + + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="serverroot" id="serverroot">Permissions sur les répertoires de la racine du serveur</a></h2> + + + + <p>Typiquement, Apache est démarré par l'utilisateur root, puis il devient + la propriété de l'utilisateur défini par la directive <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> afin de répondre aux demandes. Comme + pour toutes les commandes exécutées par root, vous devez vous assurer + qu'elle n'est pas modifiable par les utilisateurs autres que root. Les + fichiers eux-mêmes, mais aussi les répertoires ainsi que leurs parents ne + doivent être modifiables que par root. Par exemple, si vous avez choisi de + placer la racine du serveur dans <code>/usr/local/apache</code>, il est conseillé de + créer le répertoire en tant que root, avec des commandes du style :</p> + + <div class="example"><p><code> + mkdir /usr/local/apache <br /> + cd /usr/local/apache <br /> + mkdir bin conf logs <br /> + chown 0 . bin conf logs <br /> + chgrp 0 . bin conf logs <br /> + chmod 755 . bin conf logs + </code></p></div> + + <p>Nous supposerons que <code>/</code>, <code>/usr</code> et + <code>/usr/local</code> ne sont modifiables que par + root. Quand vous installez l'exécutable <code class="program"><a href="../programs/httpd.html">httpd</a></code>, vous + devez vous assurer qu'il possède des protections similaires :</p> + + <div class="example"><p><code> + cp httpd /usr/local/apache/bin <br /> + chown 0 /usr/local/apache/bin/httpd <br /> + chgrp 0 /usr/local/apache/bin/httpd <br /> + chmod 511 /usr/local/apache/bin/httpd + </code></p></div> + + <p>Vous pouvez créer un sous-répertoire htdocs modifiable par d'autres + utilisateurs -- car root ne crée ni exécute aucun fichier dans ce + sous-répertoire.</p> + + <p>Si vous permettez à des utilisateurs non root de modifier des fichiers + que root écrit ou exécute, vous exposez votre système à une compromission + de l'utilisateur root. Par exemple, quelqu'un pourrait remplacer le binaire + <code class="program"><a href="../programs/httpd.html">httpd</a></code> de façon à ce que la prochaine fois que vous le + redémarrerez, il exécutera un code arbitraire. Si le répertoire des + journaux a les droits en écriture (pour un utilisateur non root), quelqu'un + pourrait remplacer un fichier journal par un lien symbolique vers un autre + fichier système, et root pourrait alors écraser ce fichier avec des données + arbitraires. Si les fichiers journaux eux-mêmes ont des droits en + écriture (pour un utilisateur non root), quelqu'un pourrait + modifier les journaux eux-mêmes avec des données fausses.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="ssi" id="ssi">Inclusions côté serveur</a></h2> + + + + <p>Les inclusions côté serveur (Server Side Includes - SSI) exposent + l'administrateur du serveur à de nombreux risques potentiels en matière de + sécurité.</p> + + <p>Le premier risque est l'augmentation de la charge du serveur. Tous les + fichiers où SSI est activé doivent être analysés par Apache, qu'ils + contiennent des directives SSI ou non. L'augmentation de la charge induite + est minime, mais peut devenir significative dans le contexte d'un + serveur partagé.</p> + + <p>Les fichiers SSI présentent les mêmes risques que les scripts CGI en + général. Les fichiers où SSI est activé peuvent exécuter tout script CGI + ou autre programme à l'aide de la commande <code>"exec cmd"</code> avec les permissions + des utilisateur et groupe sous lesquels Apache s'exécute, comme défini + dans <code>httpd.conf</code>.</p> + + <p>Des méthodes existent pour améliorer la sécurité des fichiers SSI, tout + en tirant parti des bénéfices qu'ils apportent.</p> + + <p>Pour limiter les dommages qu'un fichier SSI agressif pourrait causer, + l'administrateur du serveur peut activer<a href="../suexec.html">suexec</a> + comme décrit dans la section <a href="#cgi">Les CGI en général</a>.</p> + + <p>L'activation des SSI pour des fichiers possédant des extensions + <code>.html</code> ou + <code>.htm</code> peut s'avérer dangereux. Ceci est particulièrement vrai dans un + environnement de serveur partagé ou étant le siège d'un traffic élevé. Les + fichiers où SSI est activé doivent posséder une extension spécifique, telle + que la conventionnelle <code>.shtml</code>. Ceci permet de limiter la charge du serveur + à un niveau minimum et de simplifier la gestion des risques.</p> + + <p>Une autre solution consiste à interdire l'exécution de scripts et + programmes à partir de pages SSI. Pour ce faire, remplacez + <code>Includes</code> par <code>IncludesNOEXEC</code> dans la directive + <code class="directive"><a href="../mod/core.html#options">Options</a></code>. Notez que les utilisateurs + pourront encore utiliser <code><--#include virtual="..." --></code> pour exécuter + des scripts CGI si ces scripts sont situés dans des répertoires spécifiés + par une directive + <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="cgi" id="cgi">Les CGI en général</a></h2> + + + + <p>Tout d'abord, vous devez toujours garder à l'esprit que vous devez + faire confiance aux développeurs de scripts ou programmes CGI ainsi qu'à + vos compétences pour déceler les trous de sécurité potentiels dans les + CGI, que ceux-ci soient délibérés ou accidentels. Les scripts CGI peuvent + essentiellement exécuter des commandes arbitraires sur votre système avec + les droits de l'utilisateur du serveur web, et peuvent par conséquent être + extrèmement dangereux s'ils ne sont pas vérifiés avec soin.</p> + + <p>Tous les scripts CGI s'exécutent sous le même utilisateur, il peuvent + donc entrer en conflit (accidentellement ou délibérément) avec d'autres + scripts. Par exemple, l'utilisateur A hait l'utilisateur B, il écrit donc + un script qui efface la base de données CGI de l'utilisateur B. Vous pouvez + utiliser le programme <a href="../suexec.html">suEXEC</a> pour faire en + sorte que les scripts s'exécutent sous des utilisateurs différents. Ce + programme est inclus dans la distribution d'Apache depuis la version 1.2 + et est appelé à partir de certaines portions de code du serveur Apache. Une + autre méthode plus connue est l'utilisation de + <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a>.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="nsaliasedcgi" id="nsaliasedcgi">CGI sans alias de script</a></h2> + + + + <p>Vous ne devez permettre aux utilisateurs d'exécuter des scripts CGI + depuis n'importe quel répertoire que dans l'éventualité où :</p> + + <ul> + <li>Vous faites confiance à vos utilisateurs pour ne pas écrire de + scripts qui vont délibérément ou accidentellement exposer votre + système à une attaque.</li> + <li>Vous estimez que le niveau de sécurité dans les autres parties de + votre site est si faible qu'un trou de sécurité de plus ou de moins + n'est pas très important.</li> + <li>Votre système ne comporte aucun utilisateur, et personne ne visite + jamais votre site.</li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="saliasedcgi" id="saliasedcgi">CGI avec alias de script</a></h2> + + + + <p>Le confinement des CGI dans des répertoires spécifiques permet à + l'administrateur de contrôler ce que l'on met dans ces répertoires. Ceci + est bien entendu mieux sécurisé que les CGI sans alias de script, mais + seulement à condition que les utilisateurs avec les droits en écriture sur + les répertoires soient dignes de confiance, et que l'administrateur ait la + volonté de tester chaque programme ou script CGI à la recherche d'éventuels + trous de sécurité.</p> + + <p>La plupart des sites choisissent cette approche au détriment des CGI + sans alias de script.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dynamic" id="dynamic">Autres sources de contenu dynamique</a></h2> + + + + <p> + Les options de scripting intégrées qui s'exécutent en tant que partie du + serveur lui-même, comme <code>mod_php</code>, <code>mod_perl</code>, + <code>mod_tcl</code>, et <code>mod_python</code>, + s'exécutent sous le même utilisateur que le serveur (voir la directive + <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code>), et par conséquent, + les scripts que ces moteurs exécutent peuvent accéder aux mêmes ressources + que le serveur. Certains moteurs de scripting peuvent proposer des + restrictions, mais pour plus de sûreté, il vaut mieux partir du principe + que ce n'est pas le cas.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="systemsettings" id="systemsettings">Protection de la configuration du système</a></h2> + + + + <p>Pour contrôler étroitement votre serveur, vous pouvez interdire + l'utilisation des fichiers <code>.htaccess</code> qui permettent de + passer outre les fonctionnalités de sécurité que vous avez configurées. + Voici un moyen pour y parvenir :</p> + + <p>Ajoutez dans le fichier de configuration du serveur</p> + + <pre class="prettyprint lang-config"><Directory "/"> + AllowOverride None +</Directory></pre> + + + <p>Ceci interdit l'utilisation des fichiers <code>.htaccess</code> dans + tous les répertoires, sauf ceux pour lesquels c'est explicitement + autorisé.</p> + + <p>Notez que c'est la configuration par défaut depuis Apache 2.3.9.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="protectserverfiles" id="protectserverfiles">Protection par défaut des fichiers du serveur</a></h2> + + + + <p>Le concept d'accès par défaut est un aspect d'Apache qui est parfois mal + compris. C'est à dire que, à moins que vous ne changiez explicitement ce + comportement, si le serveur trouve son chemin vers un fichier en suivant + les règles normales de correspondance URL - fichier, il peut le retourner + aux clients.</p> + + <p>Considérons l'exemple suivant :</p> + + <div class="example"><p><code> + # cd /; ln -s / public_html <br /> + puis accès à <code>http://localhost/~root/</code> + </code></p></div> + + <p>Ceci permettrait aux clients de parcourir l'ensemble du système de + fichiers. Pour l'éviter, ajoutez le bloc suivant à la configuration + de votre serveur :</p> + + <pre class="prettyprint lang-config"><Directory "/"> + Require all denied +</Directory></pre> + + + <p>ceci va interdire l'accès par défaut à tous les fichiers du système de + fichiers. Vous devrez ensuite ajouter les blocs + <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> appropriés correspondant + aux répertoires auxquels vous voulez autorisez l'accès. Par exemple,</p> + + <pre class="prettyprint lang-config"><Directory "/usr/users/*/public_html"> + Require all granted +</Directory> +<Directory "/usr/local/httpd"> + Require all granted +</Directory></pre> + + + <p>Portez une attention particulière aux interactions entre les directives + <code class="directive"><a href="../mod/core.html#location">Location</a></code> et + <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> ; par exemple, si une + directive <code><Directory ""/></code> interdit un accès, une + directive <code><Location "/"></code> pourra passer outre.</p> + + <p>De même, soyez méfiant en jouant avec la directive + <code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> ; la positionner à + <code>"./"</code> aurait le même effet, pour root, que le premier exemple plus haut. + Nous vous conseillons + fortement d'inclure la ligne suivante dans le fichier de configuration de + votre serveur :</p> + + <pre class="prettyprint lang-config">UserDir disabled root</pre> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="watchyourlogs" id="watchyourlogs">Surveillez vos journaux</a></h2> + + + + <p>Pour vous tenir informé de ce qui se passe réellement dans votre + serveur, vous devez consulter vos + <a href="../logs.html">fichiers journaux</a>. Même si les fichiers journaux + ne consignent que des évènements qui se sont déjà produits, ils vous + informeront sur la nature des attaques qui sont lancées contre le serveur + et vous permettront de vérifier si le niveau de sécurité nécessaire est + atteint.</p> + + <p>Quelques exemples :</p> + + <div class="example"><p><code> + grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br /> + grep "client denied" error_log | tail -n 10 + </code></p></div> + + <p>Le premier exemple listera les attaques essayant d'exploiter la + <a href="http://online.securityfocus.com/bid/4876/info/">vulnérabilité + d'Apache Tomcat pouvant provoquer la divulgation d'informations par des + requêtes Source.JSP mal formées</a>, le second donnera la liste des dix + dernières interdictions client ; par exemple :</p> + + <div class="example"><p><code> + [Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied + by server configuration: /usr/local/apache/htdocs/.htpasswd + </code></p></div> + + <p>Comme vous le voyez, les fichiers journaux ne consignent que ce qui + s'est déjà produit ; ainsi, si le client a pu accéder au fichier + <code>.htpasswd</code>, vous devriez avoir quelque chose du style :</p> + + <div class="example"><p><code> + foo.example.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" + </code></p></div> + + <p>dans votre <a href="../logs.html#accesslog">journal des accès</a> ; ce + qui signifie que vous avez probablement mis en commentaire ce qui suit dans + le fichier de configuration de votre serveur :</p> + + <pre class="prettyprint lang-config"><Files ".ht*"> + Require all denied +</Files></pre> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="merging" id="merging">Fusion des sections de configuration</a></h2> + + + + <p>La fusion des sections de configuration est complexe et dépend + souvent des directives utilisées. Vous devez systématiquement tester + vos modifications pour vérifier la manière dont les directives sont + fusionnées.</p> + + <p>Concernant les modules qui n'implémentent aucune logique de + fusion, comme <code class="directive">mod_access_compat</code>, le + comportement des sections suivantes est tributaire de la présence + dans ces dernières de directives appartenant à ces modules. La + configuration est héritée jusqu'à ce qu'une modification soit + effectuée ; à ce moment, la configuration est <em>remplacée</em> et + non fusionnée.</p> + </div></div> +<div class="bottomlang"> +<p><span>Langues Disponibles: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" title="Français"> fr </a> | +<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Commentaires</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Autorisé sous <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossaire</a> | <a href="../sitemap.html">Plan du site</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/security_tips.html.ko.euc-kr b/docs/manual/misc/security_tips.html.ko.euc-kr new file mode 100644 index 0000000..8d9e58b --- /dev/null +++ b/docs/manual/misc/security_tips.html.ko.euc-kr @@ -0,0 +1,373 @@ +<?xml version="1.0" encoding="EUC-KR"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="ko" xml:lang="ko"><head> +<meta content="text/html; charset=EUC-KR" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title> - Apache HTTP Server Version 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p> +<p class="apache">Apache HTTP Server Version 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.4</a> > <a href="./">Miscellaneous Documentation</a></div><div id="page-content"><div id="preamble"><h1> </h1> +<div class="toplang"> +<p><span> : </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/security_tips.html" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div> +<div class="outofdate"> ֽ ƴմϴ. + ֱٿ ϼ.</div> + + <p> Ҷ Ʈ ̴. + Ϲ̰, ġ شϴ ̴.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">ֽ ϱ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#serverroot">ServerRoot 丮 </a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Server Side Includes</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#cgi">Ϲ CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi">ScriptAlias CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi">ScriptAlias CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dynamic"> ϴ ٸ </a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">ý ȣϱ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">⺻ ִ ȣϱ</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">α 캸</a></li> +</ul><h3></h3><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="uptodate" id="uptodate">ֽ ϱ</a></h2> + + <p>ġ + ü ϴ. ũ ۰ ǥ ߰ߵǴ + . Ʈ ֽŹ ϴ + ߿ϴ. ġ ٿεߴٸ, + ο Ʈ ˷ִ <a href="http://httpd.apache.org/lists.html#http-announce">ġ + ǥ ϸƮ</a> ϱ Ѵ. + ġ Ʈ ϴ ڵ鵵 + Ѵ.</p> + + <p> ڵ嶧 ϴ + ʴ. ߰ ڵ, CGI ũƮ, ü + ϴ 찡 . Ƿ ϸ + ý Ʈ Ʈؾ Ѵ.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="serverroot" id="serverroot">ServerRoot 丮 </a></h2> + + + + <p> root ڰ ġ , û ϱ + <code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> þ + ڷ ȯѴ. root ϴ ɾ ִٸ, + root ̿ ڰ ϵ ؾ Ѵ. + ϵ root ־ ϰ, 丮 丮 + . , ServerRoot /usr/local/apache + Ѵٸ root ڰ 丮 + Ѵ:</p> + + <div class="example"><p><code> + mkdir /usr/local/apache <br /> + cd /usr/local/apache <br /> + mkdir bin conf logs <br /> + chown 0 . bin conf logs <br /> + chgrp 0 . bin conf logs <br /> + chmod 755 . bin conf logs + </code></p></div> + + <p> /, /usr, /usr/local root ִ. + httpd ġҶ ȣؾ Ѵ:</p> + + <div class="example"><p><code> + cp httpd /usr/local/apache/bin <br /> + chown 0 /usr/local/apache/bin/httpd <br /> + chgrp 0 /usr/local/apache/bin/httpd <br /> + chmod 511 /usr/local/apache/bin/httpd + </code></p></div> + + <p>htdocs 丮 ٸ ڵ ֵ + ִ -- root װ ִ , + ʾƾ Ѵ.</p> + + <p>root ƴ ڰ root ϰų Ⱑ + ִٸ ý root ĥ ִ. + , httpd Ͽٸ Ҷ + ڵ带 ϰ ȴ. logs 丮 (root ƴ + ڿ) Ⱑϴٸ α ٸ ýϷ + ɺũ ɾ root Ͽ ڷḦ + ִ. α (root ƴ ڿ) Ⱑϴٸ + α ̻ ڷḦ ִ.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="ssi" id="ssi">Server Side Includes</a></h2> + + + + <p>Server Side Includes (SSI) ڿ Ȼ + ̴.</p> + + <p>ù° ϸ ø ̴. ġ Ͽ + SSI þ ִ ο SSI мؾ + Ѵ. ϰ , ϴ + ȯ濡 ɰ ִ.</p> + + <p>, SSI Ϲ CGI ũƮ + . SSI Ͽ "exec cmd" ϸ httpd.conf + ġ ϵ ڿ CGI + ũƮ α ִ.</p> + + <p> Ȱϸ鼭 SSI Ű + ִ.</p> + + <p>SSI ִ ظ ݸϱ ڴ + <a href="#cgi">Ϲ CGI</a> ϴ + <a href="../suexec.html">suexec</a> ִ</p> + + <p>.html̳ .htm Ȯڸ SSI Ϸ ϴ ϴ. + Ư ϰų ŷ ȯ濡 + ϴ. SSI Ϲ ϴ .shtml + Ȯڸ Ѵ. ϸ ּȭϰ + Ҹ ִ.</p> + + <p>ٸ SSI ũƮ α + ϵ ̴. <code class="directive"><a href="../mod/core.html#options">Options</a></code> þ <code>Includes</code> + <code>IncludesNOEXEC</code> Ѵ. ũƮ + <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> þ + 丮 ִٸ <--#include virtual="..." --> + Ͽ CGI ũƮ ϶.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="cgi" id="cgi">Ϲ CGI</a></h2> + + + + <p>ᱹ CGI ũƮ/α ڸ ŷؾ + ϰ, ǰ Ǽ̰ CGI Ȼ ߰ + ־ Ѵ. ⺻ CGI ũƮ + ýۿ ɾ ֱ + ְ Ȯ ſ ϴ.</p> + + <p> CGI ũƮ ڷ DZ ٸ + ũƮ (ǰ Ǽ̰) 浹 ɼ ִ. + , A B ſ ȾϿ, B CGI + ͺ̽ ũƮ ۼ ִ. ġ + 1.2 ԵǾ ġ Ư (hook) + ϴ <a href="../suexec.html">suEXEC</a> ũƮ + ٸ ڷ ϴ ϳ. ٸ + <a href="http://cgiwrap.unixtools.org/">CGIWrap</a> ִ.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="nsaliasedcgi" id="nsaliasedcgi">ScriptAlias CGI</a></h2> + + + + <p> Ҷ ڰ 丮 + CGI ũƮ ϵ ִ:</p> + + <ul> + <li> ǰ Ǽ̰ ڰ ý ݿ Ű + ũƮ ۼ ʴ´ٰ ϴ´.</li> + <li>ý ٸ κ ؼ, + ϳ ٰ ϴ .</li> + <li>ڰ , Ƹ ƹ 湮ʴ .</li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="saliasedcgi" id="saliasedcgi">ScriptAlias CGI</a></h2> + + + + <p>Ư 丮 CGI ֵ ϸ ڴ + ̵ 丮 ִ. scriptalias + CGI Ȯ ϴ. , ŷϴ ڸ 丮 + ְ, ڰ ο CGI ũƮ/α + Ȼ ˻ ̰ ִٸ.</p> + + <p>κ Ʈ scriptalias CGI + Ѵ.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dynamic" id="dynamic"> ϴ ٸ </a></h2> + + + + <p> + mod_php, mod_perl, mod_tcl, mod_python Ϻη + ϴ Ӻ ũƮ ڷ (<code class="directive"><a href="../mod/mpm_common.html#user">User</a></code> þ ) DZ, + ũƮ ϴ ũƮ ڰ + ִ Ϳ ִ. ũƮ + , ϴٰ ʴ .</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="systemsettings" id="systemsettings">ý ȣϱ</a></h2> + + + + <p> Ϸ ڰ + <code>.htaccess</code> Ͽ ȱ + ϱ ٶ ̴. + ִ.</p> + + <p> Ͽ ߰Ѵ</p> + + <div class="example"><p><code> + <Directory /> <br /> + AllowOverride None <br /> + </Directory> + </code></p></div> + + <p> 밡ϵ 丮 ϰ + <code>.htaccess</code> .</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="protectserverfiles" id="protectserverfiles">⺻ ִ ȣϱ</a></h2> + + + + <p> ġ ⺻ ٿ ߸ ˰ִ. + , Ϲ URL Ģ Ͽ ã + ִٸ, Ư ġ ʴ Ŭ̾Ʈ + ִ.</p> + + <p> , Ʒ :</p> + + <div class="example"><p><code> + # cd /; ln -s / public_html <br /> + <code>http://localhost/~root/</code> Ѵ + </code></p></div> + + <p> Ŭ̾Ʈ ü Ͻý ƴٴ ִ. + ̸ ġ Ѵ:</p> + + <div class="example"><p><code> + <Directory /> <br /> + Order Deny,Allow <br /> + Deny from all <br /> + </Directory> + </code></p></div> + + <p> Ͻý ġ ⺻ źεȴ. + ϴ ֵ <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> ߰Ѵ.</p> + + <div class="example"><p><code> + <Directory /usr/users/*/public_html> <br /> + Order Deny,Allow <br /> + Allow from all <br /> + </Directory> <br /> + <Directory /usr/local/httpd> <br /> + Order Deny,Allow <br /> + Allow from all <br /> + </Directory> + </code></p></div> + + <p><code class="directive"><a href="../mod/core.html#location">Location</a></code> <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> þ ϴ + Ư Ǹ ←. , <code><Directory + /></code> źϴ <code><Location + /></code> þ ̸ ִ</p> + + <p><code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> þ + ϴ 쿡 ϶. þ "./" ϸ + root ڿ ٷ Ѵ. + ġ 1.3 ̻ Ѵٸ Ͽ Ʒ ߰ϱ + Ѵ:</p> + + <div class="example"><p><code> + UserDir disabled root + </code></p></div> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="watchyourlogs" id="watchyourlogs">α 캸</a></h2> + + + + <p> ־ ִ ˷ <a href="../logs.html">α</a> Ѵ. α + ̹ Ͼ ϸ , ־ + ˷ְ ʿ ŭ Ȯϰ ش.</p> + + <p> :</p> + + <div class="example"><p><code> + grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br /> + grep "client denied" error_log | tail -n 10 + </code></p></div> + + <p>ù° <a href="http://online.securityfocus.com/bid/4876/info/">߸ + Source.JSP û ˾Ƴ ִ Tomcat + </a> ̿Ϸ Ƚ ˷ְ, ι° + źε ֱ Ŭ̾Ʈ 10 ش:</p> + + <div class="example"><p><code> + [Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied + by server configuration: /usr/local/apache/htdocs/.htpasswd + </code></p></div> + + <p> α ̹ Ǹ Ѵ. + Ŭ̾Ʈ <code>.htpasswd</code> Ͽ + ־ٸ <a href="../logs.html#accesslog"> α</a> + ̴:</p> + + <div class="example"><p><code> + foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" + </code></p></div> + + <p>, Ͽ κ ּó + ̴:</p> + + <div class="example"><p><code> + <Files ".ht*"> <br /> + Order allow,deny <br /> + Deny from all <br /> + <Files> + </code></p></div> + + </div></div> +<div class="bottomlang"> +<p><span> : </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/security_tips.html" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" hreflang="tr" rel="alternate" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> +<p class="menu"><a href="../mod/"></a> | <a href="../mod/directives.html">þ</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html"></a> | <a href="../sitemap.html">Ʈ</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file diff --git a/docs/manual/misc/security_tips.html.tr.utf8 b/docs/manual/misc/security_tips.html.tr.utf8 new file mode 100644 index 0000000..3ce6775 --- /dev/null +++ b/docs/manual/misc/security_tips.html.tr.utf8 @@ -0,0 +1,486 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="tr" xml:lang="tr"><head> +<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /> +<!-- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + This file is generated from xml source: DO NOT EDIT + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + --> +<title>Güvenlik İpuçları - Apache HTTP Sunucusu Sürüm 2.4</title> +<link href="../style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" /> +<link href="../style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" /> +<link href="../style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="../style/css/prettify.css" /> +<script src="../style/scripts/prettify.min.js" type="text/javascript"> +</script> + +<link href="../images/favicon.ico" rel="shortcut icon" /></head> +<body id="manual-page"><div id="page-header"> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p> +<p class="apache">Apache HTTP Sunucusu Sürüm 2.4</p> +<img alt="" src="../images/feather.png" /></div> +<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> +<div id="path"> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Sunucusu</a> > <a href="http://httpd.apache.org/docs/">Belgeleme</a> > <a href="../">Sürüm 2.4</a> > <a href="./">Çeşitli Belgeler</a></div><div id="page-content"><div id="preamble"><h1>Güvenlik İpuçları</h1> +<div class="toplang"> +<p><span>Mevcut Diller: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" title="Türkçe"> tr </a></p> +</div> + + <p>Bir HTTP Sunucusunu ayarlarken dikkat edilmesi gerekenler ve bazı + ipuçları. Öneriler kısmen Apache’ye özel kısmen de genel olacaktır.</p> + </div> +<div id="quickview"><a href="https://www.apache.org/foundation/contributing.html" class="badge"><img src="https://www.apache.org/images/SupportApache-small.png" alt="Support Apache!" /></a><ul id="toc"><li><img alt="" src="../images/down.gif" /> <a href="#uptodate">Güncel Tutma</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dos">Hizmet Reddi (DoS) Saldırıları</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#serverroot"><code>ServerRoot</code> Dizinlerinin İzinleri</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ssi">Sunucu Taraflı İçerik Yerleştirme</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#cgi">CGI Genelinde</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#nsaliasedcgi"><code>ScriptAlias</code>’sız CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#saliasedcgi"><code>ScriptAlias</code>’lı CGI</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dynamic">Devingen içerikli kaynaklar</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#dynamicsec">Devingen içeriğin güvenliği</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#systemsettings">Sistem Ayarlarının Korunması</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#protectserverfiles">Sunucu dosyalarının öntanımlı olarak korunması</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#watchyourlogs">Günlüklerin İzlenmesi</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#merging">Yapılandırma bölümlerinin birleştirilmesi</a></li> +</ul><h3>Ayrıca bakınız:</h3><ul class="seealso"><li><a href="#comments_section">Yorum</a></li></ul></div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="uptodate" id="uptodate">Güncel Tutma</a></h2> + + <p>Apache HTTP Sunucusu iyi bir güvenlik sicilinin yanında güvenlik + konularıyla oldukça ilgili bir geliştirici topluluğuna sahiptir. Fakat, + bir yazılımın dağıtılmasının ardından küçük ya da büyük bazı sorunların + keşfedilmesi kaçınılmazdır. Bu sebeple, yazılım güncellemelerinden + haberdar olmak oldukça önem kazanır. HTTP sunucunuzu doğrudan + Apache’den temin ediyorsanız yeni sürümler ve güvenlik güncellemeleri + ile ilgili bilgileri tam zamanında alabilmek için <a href="http://httpd.apache.org/lists.html#http-announce">Apache + HTTP Sunucusu Duyuru Listesi</a>ne mutlaka üye olmanızı öneririz. + Apache yazılımının üçüncü parti dağıtımlarını yapanların da buna benzer + hizmetleri vardır.</p> + + <p>Şüphesiz, bir HTTP sunucusu, sunucu kodunda bir sorun olmasa da + tehlike altındadır. Eklenti kodları, CGI betikleri hatta işletim + sisteminden kaynaklanan sorunlar nedeniyle bu ortaya çıkabilir. Bu + bakımdan, sisteminizdeki tüm yazılımların sorunları ve güncellemeleri + hakkında bilgi sahibi olmalısınız.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dos" id="dos">Hizmet Reddi (DoS) Saldırıları</a></h2> + + + <p>Tüm ağ sunucuları, istemcilerin sistem kaynaklarından yararlanmalarını + engellemeye çalışan hizmet reddi saldırılarına (HRS) maruz kalabilir. + Bu tür saldırıları tamamen engellemek mümkün değildir, fakat + yarattıkları sorunları azaltmak için bazı şeyler yapabilirsiniz.</p> + + <p>Çoğunlukla en etkili anti-HRS aracı bir güvenlik duvarı veya başka bir + işletim sistemi yapılandırmasıdır. Örneğin, çoğu güvenlik duvarı + herhangi bir IP adresinden aynı anda yapılan bağlantıların sayısına bir + sınırlama getirmek üzere yapılandırılabilir. Böylece basit saldırılar + engellenebilir. Ancak bunun dağıtık hizmet reddi saldırılarına (DHRS) + karşı bir etkisi olmaz.</p> + + <p>Bunların yanında Apache HTTP Sunucusunun da sorunları azaltıcı + tedbirler alınmasını sağlayacak bazı yapılandırmaları vardır:</p> + + <ul> + <li><code class="directive"><a href="../mod/mod_reqtimeout.html#requestreadtimeout">RequestReadTimeout</a></code> + yönergesi bir istemcinin isteği göndermek için harcadığı zamanı + sınırlamayı sağlar.</li> + + <li>HRS’ye maruz kalması olası sitelerde <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> yönergesinin değeri düşürülmelidir. Birkaç + saniye gibi mümkün olduğunca düşük bir ayar uygun olabilir. Ancak + <code class="directive"><a href="../mod/core.html#timeout">TimeOut</a></code> başka işlemlerde de + kullanıldığından çok düşük değerler, örneğin, uzun süre çalışan CGI + betiklerinde sorunlar çıkmasına sebep olabilir.</li> + + <li>HRS’ye maruz kalması olası sitelerde <code class="directive"><a href="../mod/core.html#keepalivetimeout">KeepAliveTimeout</a></code> yönergesinin değeri de düşürülebilir. + Hatta bazı siteler başarımı arttırmak amacıyla <code class="directive"><a href="../mod/core.html#keepalive">KeepAlive</a></code> yönergesi üzerinden kalıcı + bağlantıları tamamen kapatabilirler.</li> + + <li>Zaman aşımıyla ilgili yönergeler bakımından diğer modüller de + araştırılmalıdır.</li> + + <li><code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestfields">LimitRequestFields</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestfieldsize">LimitRequestFieldSize</a></code>, + <code class="directive"><a href="../mod/core.html#limitrequestline">LimitRequestLine</a></code> ve + <code class="directive"><a href="../mod/core.html#limitxmlrequestbody">LimitXMLRequestBody</a></code> yönergeleri, + istemci girdileri ile tetiklenen özkaynak tüketimini sınırlamak için + yapılandırılırken dikkatli olunmalıdır.</li> + + <li>İşletim sisteminiz desteklediği takdirde, işletim sisteminin isteği + işleyen kısmını yüksüz bırakmak için <code class="directive"><a href="../mod/core.html#acceptfilter">AcceptFilter</a></code> yönergesinin etkin olmasını sağlamalısınız. + Bu, Apache HTTP Sunucusunda zaten öntanımlı olarak etkindir. + Yapacağınız şey işletim sistemi çekirdeğini buna göre yapılandırmak + olacaktır.</li> + + <li>Sunucu tarafından özkaynakları tüketmeden aynı anda işlenebilecek + bağlantıların sayısını sınırlamak için <code class="directive"><a href="../mod/mpm_common.html#maxrequestworkers">MaxRequestWorkers</a></code> yönergesini kullanın. Ayrıca, <a href="perf-tuning.html">başarım arttırma belgesine</a> de + bakabilirsiniz.</li> + + <li>HRS’lerin etkilerini azaltmak için aynı andaki bağlantı sayısını + arttırabilecek evreli <a href="../mpm.html">MPM</a>’lerden birini + kullanmak iyi olabilir. Dahası, <code class="module"><a href="../mod/event.html">event</a></code> MPM’i + her bağlantıya yeni bir evre atanmaması için eşzamansız işlem yapar. + OpenSSL kütüphanesinin doğası nedeniyle + <code class="module"><a href="../mod/event.html">event</a></code> MPM’i <code class="module"><a href="../mod/mod_ssl.html">mod_ssl</a></code> ve diğer girdi + süzgeçleri ile henüz uyumlu değildir. Bu durumlarda, + <code class="module"><a href="../mod/worker.html">worker</a></code> MPM'inin davranışına geri döner.</li> + + <li><a href="http://modules.apache.org/">http://modules.apache.org/</a> + adresinde, belli istemci davranışlarını sınırlayacak ve HRS ile + ilgili sorunları azaltmaya yardımcı olacak üçüncü parti modüller + bulunabilir.</li> + </ul> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="serverroot" id="serverroot"><code>ServerRoot</code> Dizinlerinin İzinleri</a></h2> + + + <p>Normalde, Apache root kullanıcı tarafından başlatılır ve hizmetleri + sunarken <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> yönergesi + tarafından tanımlanan kullanıcının aidiyetinde çalışır. Root tarafından + çalıştırılan komutlarda olduğu gibi, root olmayan kullanıcıların + yapacakları değişikliklerden korunmak konusunda da dikkatli + olmalısınız. Dosyaların sadece root tarafından yazılabilir olmasını + sağlamak yeterli değildir, bu dizinler ve üst dizinler için de + yapılmalıdır. Örneğin, sunucu kök dizininin + <code>/usr/local/apache</code> olmasına karar verdiyseniz, bu dizini + root olarak şöyle oluşturmanız önerilir:</p> + + <div class="example"><p><code> + mkdir /usr/local/apache <br /> + cd /usr/local/apache <br /> + mkdir bin conf logs <br /> + chown 0 . bin conf logs <br /> + chgrp 0 . bin conf logs <br /> + chmod 755 . bin conf logs + </code></p></div> + + <p><code>/</code>, <code>/usr</code>, <code>/usr/local</code> + dizinlerinde sadece root tarafından değişiklik yapılabileceği kabul + edilir. <code class="program"><a href="../programs/httpd.html">httpd</a></code> çalıştırılabilirini kurarken de benzer + bir önlemin alındığından emin olmalısınız:</p> + + <div class="example"><p><code> + cp httpd /usr/local/apache/bin <br /> + chown 0 /usr/local/apache/bin/httpd <br /> + chgrp 0 /usr/local/apache/bin/httpd <br /> + chmod 511 /usr/local/apache/bin/httpd + </code></p></div> + + <p>Diğer kullanıcıların değişiklik yapabileceği bir dizin olarak bir + <code>htdocs</code> dizini oluşturabilirsiniz. Bu dizine root + tarafından çalıştırılabilecek dosyalar konulmamalı ve burada root + tarafından hiçbir dosya oluşturulmamalıdır.</p> + + <p>Diğer kullanıcılara root tarafından yazılabilen ve çalıştırılabilen + dosyalarda değişiklik yapma hakkını tanırsanız, onlara root + kullanıcısını ele geçirilebilme hakkını da tanımış olursunuz. Örneğin, + biri <code class="program"><a href="../programs/httpd.html">httpd</a></code> çalıştırılabilirini zararlı bir programla + değiştirebilir ve o programı tekrar çalıştırdığınız sırada program + yapacağını yapmış olur. Günlükleri kaydettiğiniz dizin herkes + tarafından yazılabilen bir dizin olduğu takdirde, birileri bir günlük + dosyasını bir sistem dosyasına sembolik bağ haline getirerek root + kullanıcısının bu dosyaya ilgisiz şeyler yazmasına sebep olabilir. + Günlüklerin dosyaları herkes tarafından yazılabilir olduğu takdirde ise + birileri dosyaya yanıltıcı veriler girebilir.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="ssi" id="ssi">Sunucu Taraflı İçerik Yerleştirme</a></h2> + + + <p>SSI sayfaları bir sunucu yöneticisi açısından çeşitli olası risklere + kaynaklık edebilir.</p> + + <p>İlk risk, sunucu yükündeki artış olasılığıdır. Tüm SSI sayfaları, SSI + kodu içersin içermesin Apache tarafından çözümlenir. Bu küçük bir artış + gibi görünürse de bir paylaşımlı sunucu ortamında önemli bir yük haline + gelebilir.</p> + + <p>SSI sayfaları, CGI betikleriyle ilgili riskleri de taşır. <code>exec + cmd</code> elemanı kullanılarak bir SSI sayfasından herhangi bir CGI + betiğini veya bir sistem programını Apache’nin aidiyetinde olduğu + kullanıcının yetkisiyle çalıştırmak mümkündür.</p> + + <p>SSI sayfalarının yararlı özelliklerinden yararlanırken güvenliğini de + arttırmanın bazı yolları vardır.</p> + + <p>Sunucu yöneticisi, bir başıbozuk SSI sayfasının sebep olabileceği + zararları bertaraf etmek için <a href="#cgi">CGI Genelinde</a> + bölümünde açıklandığı gibi <a href="../suexec.html">suexec</a>’i etkin + kılabilir.</p> + + <p>SSI sayfalarını <code>.html</code> veya <code>.htm</code> + uzantılarıyla etkinleştirmek tehlikeli olabilir. Bu özellikle + paylaşımlı ve yüksek trafikli bir sunucu ortamında önemlidir. SSI + sayfalarını normal sayfalardan farklı olarak <code>.shtml</code> gibi + bildik bir uzantıyla etkinleştirmek gerekir. Bu, sunucu yükünü asgari + düzeyde tutmaya ve risk yönetimini kolaylaştırmaya yarar.</p> + + <p>Diğer bir çözüm de SSI sayfalarından betik ve program çalıştırmayı + iptal etmektir. Bu, <code class="directive"><a href="../mod/core.html#options">Options</a></code> + yönergesine değer olarak <code>Includes</code> yerine + <code>IncludesNOEXEC</code> vererek sağlanır. Ancak, eğer betiklerin + bulunduğu dizinde <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code> + yönergesiyle CGI betiklerinin çalışması mümkün kılınmışsa, + kullanıcıların <code><--#include virtual="..." --></code> ile bu + betikleri çalıştırabileceklerine dikkat ediniz.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="cgi" id="cgi">CGI Genelinde</a></h2> + + + <p>Herşeyden önce ya CGI betiğini/programını yazanlara ya da kendinizin + CGI'deki güvenlik açıklarını (ister kasıtlı olsun ister tesadüfi) + yakalama becerinize güvenmek zorundasınız. CGI betikleri esasen + sisteminizdeki komutları site kullanıcılarının izinleriyle + çalıştırırlar. Bu bakımdan dikkatle denenmedikleri takdirde oldukça + tehlikeli olabilirler.</p> + + <p>CGI betiklerinin hepsi aynı kullanıcının aidiyetinde çalışırsa diğer + betiklerle aralarında çelişkilerin ortaya çıkması ister istemez + kaçınılmazdır. Örneğin A kullanıcısının B kullanıcısına garezi varsa + bir betik yazıp B’nin CGI veritabanını silebilir. Bu gibi durumların + ortaya çıkmaması için betiklerin farklı kullanıcıların aidiyetlerinde + çalışmasını sağlayan ve 1.2 sürümünden beri Apache ile dağıtılan <a href="../suexec.html">suEXEC</a> diye bir program vardır. Başka bir yol + da <a href="http://cgiwrap.sourceforge.net/">CGIWrap</a> kullanmaktır.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="nsaliasedcgi" id="nsaliasedcgi"><code>ScriptAlias</code>’sız CGI</a></h2> + + + <p>Kullanıcıların sitenin her yerinde CGI betiklerini çalıştırmalarına + izin vermek ancak şu koşullarda mümkün olabilir:</p> + + <ul> + <li>Kullanıcılarınızın kasıtlı ya da kasıtsız sistemi saldırıya açık + hale getirecek betikler yazmayacaklarına tam güveniniz vardır.</li> + <li>Sitenizin güvenliği zaten o kadar kötüdür ki, bir delik daha + açılmasının mahzuru yoktur.</li> + <li>Sitenizin sizden başka kullanıcısı yoktur ve sunucunuzu sizden + başka hiç kimsenin ziyaret etmesi mümkün değildir.</li> + </ul> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="saliasedcgi" id="saliasedcgi"><code>ScriptAlias</code>’lı CGI</a></h2> + + + <p>CGI’yi belli dizinlerle sınırlamak yöneticiye bu dizinlerde daha iyi + denetim imkanı sağlar. Bu kaçınılmaz olarak <code class="directive"><a href="../mod/mod_alias.html#scriptalias">ScriptAlias</a></code>’sız CGI’den çok daha + güvenlidir, ancak bu dizinlere yazma hakkı olan kullanıcılarınız + güvenilir kişiler olması ve site yöneticisinin de olası güvenlik + açıklarına karşı CGI betiklerini ve programlarını denemeye istekli + olması şartıyla.</p> + + <p>Çoğu site yöneticisi <code>ScriptAlias</code>’sız CGI yerine bu + yaklaşımı seçer.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dynamic" id="dynamic">Devingen içerikli kaynaklar</a></h2> + + + <p>Sunucunun bir parçası gibi çalışan, <code>mod_php</code>, + <code>mod_perl</code>, <code>mod_tcl</code> ve <code>mod_python</code> + gibi gömülü betik çalıştırma seçenekleri sunucuyu çalıştıran + kullanıcının aidiyetinde çalışırlar (<code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> yönergesine bakınız). Bu bakımdan bu betik + yorumlayıcılar tarafından çalıştırılan betikler, sunucu kullanıcısının + eriştiği herşeye erişebilirler. Bazı betik yorumlayıcıların getirdiği + bazı sınırlamalar varsa da bunlara pek güvenmemek, gerekli sınamaları + yine de yapmak gerekir.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="dynamicsec" id="dynamicsec">Devingen içeriğin güvenliği</a></h2> + + + <p><code>mod_php</code>, <code>mod_perl</code> veya + <code>mod_python</code> gibi devingen içeriği yapılandırırken + güvenlikle ilgili değerlendirmelerin çoğu <code>httpd</code>'nin + kapsamından çıkar ve bu modüllerin belgelerini incelemek ihtiyacı + duyarsınız. Örneğin, PHP çoğu zaman kapalı tutulan + <a href="http://www.php.net/manual/en/ini.sect.safe-mode.php">Güvenli + Kip</a> ayarını etkin kılmanızı önerir. Daha fazla güvenlik için bir + diğer örnek bir PHP eklentisi olan + <a href="http://www.hardened-php.net/suhosin/">Suhosin</a>'dir. Bunlar + hakkında daha ayrıntılı bilgi için her projenin kendi belgelerine + başvurun.</p> + + <p>Apache seviyesinde, <a href="http://modsecurity.org/">mod_security</a> + adı verilen modülü bir HTTP güvenlik duvarı gibi ele alabilir, devingen + içeriğin güvenliğini arttırmanıza yardımcı olmak üzere inceden inceye + yapılandırabilirsiniz.</p> + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="systemsettings" id="systemsettings">Sistem Ayarlarının Korunması</a></h2> + + + <p>Güvenliği gerçekten sıkı tutmak istiyorsanız, kullanıcılarınızın + yapılandırmanızdaki güvenlik ayarlarını geçersiz kılmak için + <code>.htaccess</code> dosyalarını kullanabilmelerinin de önüne + geçmelisiniz. Bunu yapmanın tek bir yolu vardır.</p> + + <p>Sunucu yapılandırma dosyanıza şunu yerleştirin:</p> + + <pre class="prettyprint lang-config"><Directory "/"> + AllowOverride None +</Directory></pre> + + + <p>Böylece, belli dizinlerde özellikle etkinleştirilmedikçe bütün + dizinlerde <code>.htaccess</code> dosyalarının kullanımını engellemiş + olursunuz.</p> + + <p>Bu ayar Apache 2.3.9 itibariyle öntanımlıdır.</p> + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="protectserverfiles" id="protectserverfiles">Sunucu dosyalarının öntanımlı olarak korunması</a></h2> + + + <p>Apache’nin ister istemez yanlış anlaşılan yönlerinden biri öntanımlı + erişim özelliğidir. Yani siz aksine bir şeyler yapmadıkça, sunucu normal + URL eşleme kurallarını kullanarak bir dosyayı bulabildiği sürece onu + istemciye sunacaktır.</p> + + <p>Örneğin, aşağıdaki durumu ele alalım:</p> + + <div class="example"><p><code> + # cd /; ln -s / public_html + </code></p></div> + + <p>Ve, tarayıcınıza <code>http://localhost/~root/</code> yazın.</p> + + <p>Böylece, istemcilerin tüm dosya sisteminizi gezmelerine izin vermiş + olursunuz. Bu işlemin sonuçlarının önünü almak için sunucu yapılandırma + dosyanıza şunları yazın:</p> + + <pre class="prettyprint lang-config"><Directory "/"> + Require all denied +</Directory></pre> + + + <p>Bu suretle, dosya sisteminize öntanımlı erişimi yasaklamış olursunuz. + Erişime izin vermek istediğiniz dizinler için uygun <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> bölümleri eklemeniz yeterli + olacaktır. Örnek:</p> + + <pre class="prettyprint lang-config"><Directory "/usr/users/*/public_html"> + Require all granted +</Directory> +<Directory "/usr/local/httpd"> + Require all granted +</Directory></pre> + + + <p><code class="directive"><a href="../mod/core.html#location">Location</a></code> ve <code class="directive"><a href="../mod/core.html#directory">Directory</a></code> yönergelerinin etkileşimine de + özellikle önem vermelisiniz; örneğin <code><Directory "/"></code> + erişimi yasaklarken bir <code><Location "/"></code> yönergesi bunu + ortadan kaldırabilir.</p> + + <p><code class="directive"><a href="../mod/mod_userdir.html#userdir">UserDir</a></code> yönergesi de size + buna benzer bir oyun oynayabilir; yönergeye <code>./</code> atamasını + yaparsanız, root kullanıcısı söz konusu olduğunda yukarıda ilk örnekteki + durumla karşılaşırız. Sunucu yapılandırma dosyanızda aşağıdaki satırın + mutlaka bulunmasını öneririz:</p> + + <pre class="prettyprint lang-config">UserDir disabled root</pre> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="watchyourlogs" id="watchyourlogs">Günlüklerin İzlenmesi</a></h2> + + + <p>Sunucunuzda olup biteni günü gününe bilmek istiyorsanız <a href="../logs.html">günlük dosyalarına</a> bakmalısınız. Günlük dosyaları + sadece olup biteni raporlamakla kalmaz, sunucunuza ne tür saldırılar + yapıldığını ve güvenlik seviyenizin yeterli olup olmadığını anlamanızı da + sağlarlar.</p> + + <p>Bazı örnekler:</p> + + <div class="example"><p><code> + grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log <br /> + grep "client denied" error_log | tail -n 10 + </code></p></div> + + <p>İlk örnek, <a href="http://online.securityfocus.com/bid/4876/info/">Apache Tomcat Source.JSP Bozuk İstek Bilgilerini İfşa Açığı</a>nı + istismar etmeyi deneyen saldırıların sayısını verirken ikinci örnek, + reddedilen son on istemciyi listeler; örnek:</p> + + <div class="example"><p><code> + [Thu Jul 11 17:18:39 2002] [error] [client foo.example.com] client denied + by server configuration: /usr/local/apache/htdocs/.htpasswd + </code></p></div> + + <p>Gördüğünüz gibi günlük dosyaları sadece ne olup bittiğini raporlar, bu + bakımdan eğer istemci <code>.htpasswd</code> dosyasına erişebiliyorsa <a href="../logs.html#accesslog">erişim günlüğünüzde</a> şuna benzer bir + kayıt görürsünüz:</p> + + <div class="example"><p><code> + foo.example.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1" + </code></p></div> + + <p>Bu, sunucu yapılandırma dosyanızda aşağıdaki yapılandırmayı iptal + ettiğiniz anlamına gelir:</p> + + <pre class="prettyprint lang-config"><Files ".ht*"> + Require all denied +</Files></pre> + + + </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="section"> +<h2><a name="merging" id="merging">Yapılandırma bölümlerinin birleştirilmesi</a></h2> + + + + <p>Yapılandırma bölümlerinin birleştirilmesi karmaşık bir işlem olup bazı + durumlarda yönergelere bağlıdır. Yönergeleri bir araya getirirken + aralarındaki bağımlılıkları daima sınayın.</p> + + <p><code class="directive">mod_access_compat</code> gibi henüz yönerge katıştırma + mantığını gerçeklememiş modüller için sonraki bölümlerdeki davranış, bu + modüllerin yönergelerini içerip içermemesine bağlıdır. Yapılandırmada + yönergelerin <em>yerleri değiştirildiğinde</em> fakat bir katıştırma + yapılmadığında, yapılandırma bir değişiklik yapılana kadar miras + alınır.</p> + </div></div> +<div class="bottomlang"> +<p><span>Mevcut Diller: </span><a href="../en/misc/security_tips.html" hreflang="en" rel="alternate" title="English"> en </a> | +<a href="../fr/misc/security_tips.html" hreflang="fr" rel="alternate" title="Français"> fr </a> | +<a href="../ko/misc/security_tips.html" hreflang="ko" rel="alternate" title="Korean"> ko </a> | +<a href="../tr/misc/security_tips.html" title="Türkçe"> tr </a></p> +</div><div class="top"><a href="#page-header"><img src="../images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Yorum</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div> +<script type="text/javascript"><!--//--><![CDATA[//><!-- +var comments_shortname = 'httpd'; +var comments_identifier = 'http://httpd.apache.org/docs/2.4/misc/security_tips.html'; +(function(w, d) { + if (w.location.hostname.toLowerCase() == "httpd.apache.org") { + d.write('<div id="comments_thread"><\/div>'); + var s = d.createElement('script'); + s.type = 'text/javascript'; + s.async = true; + s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier; + (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s); + } + else { + d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>'); + } +})(window, document); +//--><!]]></script></div><div id="footer"> +<p class="apache">Copyright 2019 The Apache Software Foundation.<br /><a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> altında lisanslıdır.</p> +<p class="menu"><a href="../mod/">Modüller</a> | <a href="../mod/directives.html">Yönergeler</a> | <a href="http://wiki.apache.org/httpd/FAQ">SSS</a> | <a href="../glossary.html">Terimler</a> | <a href="../sitemap.html">Site Haritası</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!-- +if (typeof(prettyPrint) !== 'undefined') { + prettyPrint(); +} +//--><!]]></script> +</body></html>
\ No newline at end of file |