Apache has long had the capability to be used as a typical proxy server and offers support for both forward and reverse proxy services. Apache 2.2.4 adds many new features. Jack Wallen gives a primer on the newest version.
Released in early 2007, Apache 2.2.4 is the latest version of Apache released in the 2.2 branch. Apache 2.2 is a major update from Apache 2.0 and provides a number of new features and enhancements over previous versions of the server. Apache 2.2.4 is available for most operating systems, including Windows, OS X, UNIX and Linux.
Database handling changes
In versions of Apache prior to the 2.2 release, each module requiring database connectivity (PHP, Perl, Python, etc.) was responsible for implementing its own database connection pool. Apache 2.2 introduces mod_dbd, which provides SQL database support directly to modules that need it and further pools database connections server-wide, thus making connections dynamically available and persistent, resulting in better use of resources, improved performance, and great scalability.
The new mod_dbd current supports Oracle, MySQL, PostgreSQL, SQLite2 and SQLite3.
Apache 2.2.4 fixes some bugs in mod_dbd and improves some of mod_dbd's behavior to make it more efficient. For example, mod_dbd now shares per-request database handles across subrequests and internal redirects and keys database connection pools to virtual hosts correctly even when the ServerName directive has not been set. By ensuring that the right database connections are made available to the right virtual host, the overall security of the system is improved as well.
Addition of caching and proxy load balancing
Apache has long had the capability to be used as a typical proxy server and offers support for both forward and reverse proxy services. For some time as well, Apache has been able to cache content, but this functionality has been labeled as experimental, indicating that users should proceed at their own risk with a caching implementation. For 2.2, the Apache folks have stripped the experimental label from the caching system and replaced it with the 'stable' moniker and enabled a much more robust proxy system through the addition of load balancing for the proxy service.
On the caching side of the house, Apache can use either disk (mod_disk_cache) or RAM (mod_mem_cache) to hold the appropriate content, although it has been indicated that RAM caching does not provide an advantage over disk-based caching. Caching in general, whether it's in conjunction with a proxy service or just used to statically provide dynamic content that has not changed, can result in a huge performance boost for the end-user and for the Web server.
On the end-user front, the person doesn't need to wait for a page to be generated since the content is being provided from the cache. The Web server itself can enjoy a performance boost for the same reason. After all, it takes CPU cycles to provide dynamic content. Apache 2.2's disk-caching engine is very good and is limited only by the speed of the disk subsystem only. In fact, in some tests, the caching engine has been able to saturate even a gigabit Ethernet connection.
For Apache 2.2.4, the caching module has been updated to conform to RFC3986, which states that if an address contains an authority component and an empty path, the empty path is to be equivalent to "/". Therefore, http://example.com, http://example.com/, http://example.com:/, and http://example.com:80/ are all equivalent URLs.
Apache 2.2.4's mod_cache module also fixes a bug in which dates in the past could be used for a request's expiration. By using a date in the past, mod_cache would cache the URL 100 percent of the time, and the bug could lead to errors when Apache was used on Windows servers.
The addition of proxy load balancing for the Apache 2.2 release provides a simpler way for organizations to implement a more highly available proxy service that is not dependent on a single-server solution and does not require the installation of third-party tools. Apache 2.2's proxy service provides support for the HTTP/0.9, HTTP/1.0 and HTTP/1.1 as well as for SSL traffic, AJP13 and FTP. The fact that the proxy service supports SSL makes Apache extremely viable as a reverse proxy solution.
The load balancer's role is to distribute the load between multiple servers, a job that Apache 2.2 handles in a couple of different ways: request counting and weighted traffic average. Request counting simply counts requests and distributes them until they have each load balance member has served an equal number of requests. Weighted traffic works similarly, but individual members can be weighted so certain ones handle more requests than others.
Other improvements in Apache 2.2's proxy-handling features include connection pooling and failover capability, making Apache a choice for enterprise-grade applications.
Apache's filtering module, which provides you with the ability to make changes to the way that Apache handles certain tasks related to the traversal of data to and from the server, has also undergone a transformation in Apache 2.2. Called Smart Filtering, it does away with dependencies and ordering problems that were inherent in the inflexible filtering model offered by older versions of Apache.
Instead, the new filtering system provides dynamic configuration capabilities by enabling filters to be conditionally inserted into the filter chain. This conditional processing allows Apache to process different content types through different filters, even when Apache can't tell what kind of content is being handled. Previously, filters were added in a static, serial way, and each filter had to make a determination whether or not to run and all filters had to be evaluated. Under the new model, the filters can be dynamically configured based on the outcome of a filter handler.
Configuration files changes
If you've used Apache at all in the past, you're well aware of what it takes to maintain the one-size-fits-all httpd.conf configuration file. Some people find it intuitive and easy to handle, while others long for a GUI while they try to find the entries to define a new virtual server. While Apache 2.2 is also capable of working with the single httpd.conf configuration file, out of the box (or off of the Internet, in this case), this new release breaks the configuration file up into a number of files, each focused on one particular area, such as virtual servers, SSL configuration, or user home directories.
Regardless, the httpd.conf file is still used, but may have just a few server-wide configuration parameters along with a number of "Include" directives that load other configuration files. The httpd.conf file now contains only essential information, with configuration settings for more advanced features being located in the /conf/extra directory.
The Apache 2.2 developers have reworked much of the server's authentication functionality, resulting in a number of changes to modules and configuration directives. In short, Apache 2.2 separates the authentication and authorization functions of Apache and provides an easier means by which to develop new authentication back-ends.
The module named mod_auth has been broken up into four new modules:
- mod_auth_basic: Allows the user of HTTP Basic Authentication.
- mod_authn_file: Provides the ability to authenticate users through the user of plain-text password files.
- mod_authz_user: Allows a user to be granted access to or denied access to particular sections of the Web site. If the user is listed in a "require user" directive, access is granted.
- mod_authz_groupfile: Provides similar services to those offered by mod_authz_user, but works on group membership instead.
The LDAP authentication module, mod_auth_ldap had been renamed to mod_authnz_ldap.
Note that each module's name includes "auth", "authz", "authn", or "authnz" somewhere. Each of these means something:
- auth: Anything that has to do with HTTP authentication.
- authn: A back-end authentication system. These kinds of modules help to verify that someone is who they claim to be. In most cases, this consists of the user providing a username and password, but could also be accomplished through the user of a smartcard, or some other means.
- authz: An authorization module. Authorization takes place after a user has been identified by an authentication system and determines whether or not that user is permitted access to a resource.
- authnz: A module that uses both authentication and authorization.
If you're upgrading from 1.3, or 2.0 to 2.2, and you're using authentication/authorization, make sure to read upgrade docs before you take the plunge, as the httpd.conf directives related to these services have changed significantly.
Other items of note
There are a few miscellaneous items that were also changed in the Apache 2.2 branch, some of which may create problems if you don't do a little research and testing before upgrading. Here are some more improvements and changes that have been made in Apache 2.2. Take note of the changes, as they could be potential gotchas during an upgrade.
- Almost all Apache 2.0 modules are source-compatible: This means that, in many cases, modules created for Apache 2.0 will just need to be recompiled in order to work with 2.2.
- Large file support (up to 2 GB): A new addition, along with support for request bodies greater than 2 GB.
- New command line parameter: -M: Lists all loaded static and shared modules, as seen in Figure A.
- New command line parameter: The -l (that's an "el") parameter has always been able to list modules compiled into the server, but does not include dynamically loaded modules included using the LoadModule directive in httpd.conf. You can see this in Figure B.
- Mod_imap has been renamed mod_imagemap: These kinds of changes actually improve the usability of the product by reducing what could be significant confusion.
- SSL support is no longer included by using apachectl startssl: Instead, add the necessary SSL directives to http.conf and just use apachectl start. Note that an example configuration files, conf/extra/httpd-ssl.conf, has been included to help you in this.
- The default setting for the UseCanonicalName directive is now off: A self-referring directive will now be constructed using the hostname and port supplied by the client. If you would rather have a self-referring directive that is built using the value in httpd.conf's ServerName directive, include a line in http.conf that reads "UseCanonicalName On".
Even though Apache 2.2 isn't the massive upgrade that 1.3 to 2.0 was, there are a number of modifications and improvements that make this latest release worth considering, particularly if you want to use Apache's proxy or caching features. Apache 2.2.4 builds on the overall 2.2 release and rolls up all of the bugs fixes and minor enhancements that have been introduced to the product since the 2005 release of Apache 2.2.