Open Source

SolutionBase: What's new in Apache 2.2?

Apache powers more Web servers on the Internet than any other program. Recently, a new version was released - Apache 2.2. Scott Lowe shows you some of the new things you'll find in this version.

The most popular web server on the planet is Apache. It powers more Web sites than its nearest competitor IIS, by quite a large margin. Recently, a new version of Apache appeared - Apache 2.2. This release is fairly significant and provides a number of new features and enhancements over previous versions of the server. In this article, I'll point out some of the major new things you'll find in Apache 2.2.

Database handling changes

In versions of Apache prior to the 2.2 release, each module requiring database connectivity (PHP, Perl, Python, etc.) was responsible for implementing its own database connection pool. Apache 2.2 introduces mod_dbd, which provides SQL database support directly to modules that need it and further pools database connections server-wide, thus making connections dynamically available and persistent, resulting in better use of resources, improved performance, and great scalability.

The new mod_dbd current supports Oracle, MySQL, PostgreSQL, and SQLite.

Addition of caching and proxy load balancing

Apache has long had the capability to be used as a typical proxy server and offers support for both forward and reverse proxy services. For some time as well, Apache has been able to cache content, but this functionality has been labeled as experimental, indicating that users should proceed at their own risk with a caching implementation. For 2.2, the Apache folks have stripped the experimental label from the caching system and replaced it with the 'stable' moniker and enabled a much more robust proxy system through the addition of load balancing for the proxy service.

On the caching side of the house, Apache can use either disk (mod_disk_cache) or RAM (mod_mem_cache) to hold the appropriate content, although it has been indicated that RAM caching does not provide an advantage over disk-based caching. Caching in general, whether it's in conjunction with a proxy service or just used to statically provide dynamic content that has not changed, can result in a huge performance boost for the end-user and for the web server. On the end-user front, the person doesn't need to wait for a page to be generated since the content is being provided from the cache. The web server itself can enjoy a performance boost for the same reason. After all, it takes CPU cycles to provide dynamic content. Apache 2.2's disk-caching engine is very good and is limited only by the speed of the disk subsystem only. In fact, in some tests, the caching engine has been able to saturate even a gigabit Ethernet connection.

The addition of proxy load balancing for the Apache 2.2 release provides a simpler way for organizations to implement a more highly available proxy service that is not dependent on a single-server solution and does not require the installation of third party tools. Apache 2.2's proxy service provides support for the HTTP/0.9, HTTP/1.0 and HTTP/1.1 as well as for SSL traffic, AJP13 and FTP. The fact that the proxy service supports SSL makes Apache extremely viable as a reverse proxy solution.

The load balancer's role is to distribute the load between multiple servers, a job that Apache 2.2 handles in a couple of different ways: request counting and weighted traffic average. Request counting simply counts requests and distributes them until they have each load balance member has served an equal number of requests. Weighted traffic works similarly, but individual members can be weighted so certain ones handle more requests than others.

Other improvements in Apache 2.2's proxy-handling features include connection pooling and failover capability, making Apache a choice for enterprise-grade applications.

Filtering improvements

Apache's filtering module, which provides you with the ability to make changes to the way that Apache handles certain tasks related to the traversal of data to and from the server, has also undergone a transformation in Apache 2.2. Called Smart Filtering, does away with dependencies and ordering problems that were inherent in the inflexible filtering model offered by older versions of Apache.

Instead, the new filtering system provides dynamic configuration capabilities by enabling filters to be conditionally inserted into the filter chain. This conditional processing allows Apache to process different content types through different filters, even when Apache can't tell what kind of content is being handled. Previously, filters were added in a static, serial way, and each filter had to make a determination whether or not to run and all filters had to be evaluated. Under the new model, the filters can be dynamically configured based on the outcome of a filter handler.

Configuration files changes

If you've used Apache at all in the past, you're well aware of what it takes to maintain the one-size-fits-all httpd.conf configuration file. Some people file it intuitive and easy to handle while others long for a GUI while they try to find the entries to define a new virtual server. While Apache 2.2 is also capable of working with the single httpd.conf configuration file, out of the box (or off of the net, in this case), this new release breaks the configuration file up into a number of files, each focused on one particular area, such as virtual servers, SSL configuration, or user home directories.

Regardless, the httpd.conf file is still used, but may have just a few server-wide configuration parameters along with a number of "Include" directives that load other configuration files. The httpd.conf file now contains only essential information, with configuration settings for more advanced features being located in the /conf/extra directory.

Authentication

The Apache 2.2 developers decided to rework much of the server's authentication functionality, resulting in a number of changes to modules and configuration directives. In short, Apache 2.2 separates the authentication and authorization functions of Apache and provides an easier means by which to develop new authentication back-ends.

The module named mod_auth has been broken up into four new modules:

  • mod_auth_basic - Allows the user of HTTP Basic Authentication.
  • mod_authn_file - Provides the ability to authenticate users through the user of plain-text password files.
  • mod_authz_user - Allows a user to be granted access to or denied access to particular sections of the web site. If the user is listed in a "require user" directive, access is granted.
  • mod_authz_groupfile - Provides similar services to those offered by mod_authz_user, but works on group membership instead.

The LDAP authentication module, mod_auth_ldap had been renamed to mod_authnz_ldap.

Note that each module's name includes "auth", "authz", "authn", or "authnz" somewhere. Each of these means something:

  • auth - Some kind of HTTP authentication.
  • authn - A back-end authentication system. These kinds of modules help to verify that someone is who the claim to be. In most cases, this consists of the user providing a username and password, but could also be accomplished through the user of a smartcard or some other means.
  • authz - An authorization module. Authorization takes place after a user has been identified by an authentication system and determines whether or not that user is permitted access to a resource.
  • authnz - A module that uses both authentication and authorization.

If you're upgrading from 1.3 or 2.0 to 2.2 and you're using authentication/authorization, make sure to read upgrade docs before you take the plunge as the httpd.conf directives related to these services have changed.

Other items of note

There are a few miscellaneous items that we also changed in this upgrade, some of which may create problems for you if you don't do a little research and testing before upgrade. Here are some more improvements and changes that have been made in Apache 2.2. Take note of the changes as they could be potential gotchas during an upgrade.

  • Almost all Apache 2.0 modules are source-compatible. This means that, in many cases, modules created for Apache 2.0 will just need to be recompiled in order to work with 2.2.
  • Large file support (up to 2GB) has been added, along with support for request bodies greater than 2GB.
  • New command line parameter: -M: Lists all loaded static and shared modules. The -l (that's an 'el') parameter has always been able to list modules compiled into the server, but does not include dynamically loaded modules included using the LoadModule directive in httpd.conf.
  • Mod_imap has been renamed mod_imagemap. I'm not ashamed to admit that, in my early Apache days, this naming was pretty confusing.
  • SSL support is no longer included by using "apachectl startssl". Instead, add the necessary SSL directives to http.conf and just use "apachectl start". Note that an example configuration files, "conf/extra/httpd-ssl.conf", has been included to help you in this.
  • The default setting for the UseCanonicalName directive is now off, meaning that a self-referring directive will now be constructed using the hostname and port supplied by the client. If you would rather have a self-referring directive that is built using the value in httpd.conf's ServerName directive, include a line in http.conf that reads "UseCanonicalName On".

A good upgrade

Even though Apache 2.2 isn't the massive upgrade that 1.3 to 2.0 was, there are a number of modifications and improvements that make this latest release worth considering, particularly if you want to use Apache's proxy or caching features.

Editor's Picks

Free Newsletters, In your Inbox