[5047] in WWW Security List Archive
Re: user cgi-advice SUMMARY - let's end this one, shall we?
daemon@ATHENA.MIT.EDU (Yuan John Jiang)
Sun Apr 13 01:26:04 1997
Date: Sat, 12 Apr 1997 22:02:39 -0400
From: yjj@mci.net (Yuan John Jiang)
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>I'm currently running servers with the Netscape server binaries and binaries
>compiled from Apache source, and the Netscape httpd out-performs the
>Apache httpd. It's also more stable. When something better comes along,
>I'll probably use it. Use what works best for you, and keep an open mind about
>where the best solution might come from.
I have extensive experience with both servers. I'm attaching my
web hosting FAQ below. Apparently you are not experienced with
web hosting. Otherwise, you wouldn't think you need a $100,000
box. You wouldn't think the small speed difference between
Apache and Netscape is that a big deal. My experience is that
Apache is rock solid. Netscape is often problematic, probably
due to the pressure to rush to market. In particular, the
multi-thread problem Enterprise server has.
When comes to support, I only hear curses about NS' support.
I do not sing praises to Apache's support. Regular users may
get answers from newsgroups quickly. But my questions usualy
could only be answered by the developers. Then I find Apache
and NS are in equal footing.
====================
Virtual Web Hosting FAQ
1. What is virtual web hosting?
(Yuan John Jiang, http://www.ifcss.org/, <yjj@ifcss.org>)
It's also called multi-home or virtual hosting.
Basically, several web sites share one machine.
Typically, these sites have different domain names, e.g.
www.company-a.com, www.company-b.com, etc.
2. How does it work?
(Yuan John Jiang, http://www.ifcss.org/, <yjj@ifcss.org>)
There are two ways: 1) assigning an IP address
for each site or 2) having the sites share one IP
address.
Many people call them web hosting with
or without IPs. Netscape call them hardware or
software web hosting.
The first type of web hosting relies on how TCP/IP
and the socket programming interface work. All web
server should be able to distinguish which server IP address
a client is connecting to and, therefore, switching
the client to access the corresponding web site pages.
The second type relies on a new HTTP version 1.1 header,
e.g., "HOST" header, a client passes on to a server.
This header tells the server the host/domain name
the client tries to access.
But not all web browsers/clients pass this "HOST" header.
My experiment shows that Netscape 2.x, MS IE 3.x,
Lynx2.5fm and versions above support this header.
Crawlers, such as MOMSpider, relying on libWWW4.0 and
many other search crawlers do not.
The second type of web hosting apparently saves
precious IP numbers. But you have to know whether
your users have the updated browsers before you choose
to use the second type of web hosting.
3. Which web server should I use?
(Yuan John Jiang, http://www.ifcss.org/, <yjj@ifcss.org>)
Apache, NCSA and Netscape are the most popular servers
for web hosting.
Apache is a general all around winner for web hosting.
Almost all features you need are there. It's robust,
efficient and fast, let alone free.
NCSA is outdated by Apache. So I would not use NCSA.
Netscape out of the box is not a good server
for web hosting. Its software virtual hosting is useless
because it only switches the top page of a site. Its
hardware virtual hosting, in its Unix version, does not
allow you to share one server instance for several sites
and you have to set up a server instance for each host.
This wastes of RAM and CPU -- you cannot put many sites
on one box.
However, Netscape NSAPI plugins are very easy to program, and
I wrote a few plugins for my work to do hardware/software hosting,
matching the features Apache offers plus some customary
features.
4. How do I set up web hosting "with IPs"?
(Yuan John Jiang, http://www.ifcss.org/, <yjj@ifcss.org>)
First you need to have several IP addresses for your
machine and set up DNS to point hostnames to the addresses.
See below for how to assign IP addresses to one machine.
For Apache, you add an entry for each virtual host in
conf/httpd.conf file:
<VirtualHost HOST_i>
ServerAdmin MY@ADDRESS
DocumentRoot /DOC_ROOT
ServerName HOST_i
ErrorLog /data/www/logs/error_log
TransferLog /data/www/logs/access_log
RefererLog /data/www/logs/referer_log
AgentLog /data/www/logs/agent_log
</VirtualHost>
For Netscape NT version, you use the Server Administration page
to configure for hardware hosting.
For its Unix versions, you install a new server for each host
from the Server Administration page. Or, you copy
the existing server setup to another:
# cp -r https-SERVER1 https-SERVER2
then edit the path and parameters of the files in https-SERVER2/
5. How do set up web hosting "without IPs"?
(Yuan John Jiang, http://www.ifcss.org/, <yjj@ifcss.org>)
For Apache, you do the same thing as for web hosting
with IPs.
For Netscape, you do it in the Server Administration page,
but it doesn't worth the trouble because it's useless.
6. How do I have several IP address on one machine?
(Yuan John Jiang, http://www.ifcss.org/, <yjj@ifcss.org>)
You can install several network cards in the
same machine and assign an IP to each card.
/**********************************/
Terry A. Szucsko's "Virtual IP addresses and
Netscape servers on SGI servers"
(http://www.thewebzone.com/ipaliases)
is a good reference for SGI setup and Netscape server.
/**********************************/
Many OSs allow you to assign several IP addresses
to the same network card. You can do it with
Solaris, Linux, NT, FreeBSD, BSDI, Irix, etc.
I've done it on Solaris and Linux. Solaris is the
easiest:
# ifconfig le0:1 SECOND_IP_NUMBER up
and store this SECOND_IP_NUMBER in /etc/hostname.le0:1
You can do this all the way to le0:255 for one card.
After this, you need to add another card.
Linux(Slakware 1.2.8) is a bit complicated:
a. Install/compile the kernel WITHOUT the dummy driver:
say no to
Dummy net driver support (CONFIG_DUMMY) [n]
during installation.
b.
# insmod -o dummy0 PATH_TO_dummy.o
(/lib/modules/1.2.x/net/dummy.o
or wherever you put the file)
# ifconfig dummy0 SECOND_IP_NUMBER -broadcast
# arp -s SECOND_IP_NUMBER ETHERNET_ADDRESS pub
You can do dummy0, dummy1 ... all the way up to
someone said 10, and others said >100.
I don't know.
Later versions of Linux have added BSDI style
interface aliasing.
/****************************/
"Christopher Schroeder" <cds@nvt.net>
On one of our machines, I'm running Apache 1.1.1 and Linux 1.3.70. When I
want to add a virtual host, I add lines like this to rc.local:
/sbin/ifconfig eth0:3 foo.com up
/sbin/route add foo.com eth0:3
/sbin/ifconfig eth0:4 foo.com up
/sbin/route add foo.com eth0:4
I increment the number after the colon for each additional IP address
binding I wish to make.
...
I needed to enable network aliasing and ip aliasing in the kernel.
