&

PHP&Apache
Why httpd.conf is your new BFF!

Why httpd.conf is your new BFF!

PHP & Apache

Jeff Jones
AtlantaPHP
February 5th, 2009

Jump by reebs*
 Web “Solutions Stacks”
(Thanks Wikipedia!)

LAMP
Linux Apache MySQL PHP

WAMP
Windows Apache MySQL PHP

WIMP
Windows IIS MySQL PHP

LAPP
Linux Apache PostgreSQL PHP

FAPP
FreeBSD Apache PostgreSQL PHP

Common denominator? Apache. “yellow lamp“

 Apache Background

Since April 1996 Apache has been the most

popular HTTP server on the World Wide Web.
As of December 2008 Apache served over
51% of all websites.

“Fort Apache by PhillipC”

Apache Software Foundation
From ApacheCon 2007, Atlanta, GA

“ASF by Ted Leung”

Apache HTTP Server

“Geronimo's Camp”
“a patchy server”

Skydiving
“Needs more duct tape”
Full-Featured Web Server
Some Features...
 Authentication, Authorization,  Environment Variables
& Access Control Log Files

 CGI: Dynamic Content w/ CGI  Server Side Includes

 Configuration Files  URL Mapping

 Content negotiation  URL Rewriting

“Server” by existentist
 Apache Configuration
By handjes

Contexts
Server config: Server wide httpd.conf and included files.
VirtualHost: <VirtualHost></VirtualHost>
Directory: Directory,DirectoryMatch,Files,FilesMatch
.htaccess: Per directory config files.
 “PCI Slot” by Ryan

Apache Modules
#httpd.conf
httpd.conf
#Comment

#Directive
Include /usr/local/apache/conf/ssl.conf
Include /usr/local/apache/conf/vhosts/
Include /usr/local/apache/conf/a/*.conf

#Block Directive
<IfModule mod_rewrite.c>
RewriteEngine on
</IfModule> “Floppy” by Marcin Wichary
.htaccess

“Apple I & Altair” by Shiny Things

Scope Directives
VirtualHost
Directory / DirectoryMatch
Files / FilesMatch
Location/LocationMatch

“Radiance” by jurvetson
 Virtual Host

<VirtualHost 10.1.2.3>
ServerAdmin admin@example.com
DocumentRoot /www/example.com
ServerName example.com
ErrorLog exlogs/error_log
TransferLog exlogs/access_log
</VirtualHost>

“CNN Hologram” by Hard Seat Sleeper

 Directory

<Directory />
</Directory>

<Directory /home/*>
</Directory>

“Dewey” by emdot
 DirectoryMatch

<DirectoryMatch "^/www/.*/[0-9]{3}">

</DirectoryMatch>
 Files

<Files admin.cgi>
Require group admin
</Files>
“Filed away..” by tpholland
 FilesMatch

<FilesMatch "\.(gif|jpe?g|png)$">

</FilesMatch>
“Alphabetical”
Location

“Lost” by w00kie
LocationMatch

“Little Blue Pins”

mod_core

“Earth Core”
 ErrorDocument “Coat Check Fail”

#Output a customized message.

ErrorDocument 403 "No Access”

#Redirect to a local URL-path.

ErrorDocument 404 /errors/404.php

#Redirect to an external URL.

ErrorDocument 500 http://example.com/5.php
 404 for pretty urls: Bad Idea!
(Hello mod_rewrite!)

ErrorDocument 404 index.php “Irony”

 KeepAlive “Zombie Jeff”

KeepAlive on
KeepAliveTimeout 2
MaxKeepAliveRequests 100
 TimeOut

TimeOut 300
“Hang up.” by Robert Brook
 UseCanonicalName

ServerName example.com
UseCanonicalName On

Request: www.example.com/secure
Redirects to: example.com/secure/

By Greyhorn
 mod_php

● php_value / php_flag
● php_admin_value / php_admin_flag
● Contexts: All, Perdir, System.
“php is cool” by Sara Golemon
 PHP Config Contexts

● PHP_INI_ALL
● PHP_INI_PERDIR
● PHP_INI_SYSTEM
 php_value

“Gratuitous Bacon”

php_value name value

 php_flag

php_flag name off|on “Wave the flags”

php_admin_(flag|value)

php_admin_flag safe_mode on
“The Flag”
 How is this useful?

“Mixer Detail”

Set PHP Configuration per directory, uri, or file.

 Prepend & Append

auto_prepend_file header.php
auto_append_file footer.php

auto_prepend_file none

“My Stapler”
 include_path

include_path=".;/php/includes"

include_path=".;C:/php/includes"
“Gahuti Trail” by Jeff Jones
 Turn that crap off!

php_flag magic_quotes_gpc off

php_flag register_globals off “Sausage King”

 Output Buffering

php_flag output_buffering on
php_value output_handler ob_tidyhandler
php_flag implicit_flushoff
“AOL Coasters”
 PHP Error Logging

log_errors stderr

php_value error_log /path/to/error.log

“Telex Machine”
 Display Errors

display_errors off
“Don't you feel secure?”
 mod_env
“Capitol Reef National Park” by W. Staudt

● Access via $_ENV[] or getenv();

 SetEnv

SetEnv webenv production

SetEnv webenv testing

SetEnv scriptdebug true

“Programmable Thermostat”
mod_mime

“Mime Typing...”
 AddType/Handler
AddType image/gif .gif

AddHandler php-script .php

#Not the best way:

AddType application/x-httpd-php .html

#better
AddHandler php-script .html

“Juggling Practice”
 ForceType/SetHandler
ForceType application/x-httpd-php

<Files *.php>
SetHandler php-script
</Files>

<Location /images>
ForceType image/jpeg
</Location>
 mod_negotiation
URI: foo

URI: foo.jpeg
Content-type: image/jpeg; qs=0.8

URI: foo.gif
Content-type: image/gif; qs=0.5

URI: foo.txt
Content-type: text/plain; qs=0.01
“Tough Negotiations”
 MultiViews
Set as part of directory options
MultiViews tracks down the best file.

<Directory /usr/local/www>
Options Indexes MultiViews
</Directory>

foo
foo.html.es
foo.html.en.gz “Sniffin'”
 mod_rewrite

http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

http://httpd.apache.org/docs/1.3/misc/rewriteguide.html

The Definitive Guide to Apache mod_rewrite

by Rich Bowen
http://apress.com/book/view/9781590595619 “The Vortex”
 Rewrite Rules

RewriteEngine On
RewriteBase /
RewriteCond /home/www/$1.php -f
RewriteRule ^(/?[^/\.]+)/$ /$1.php

“Tapping a pencil”
 RewriteRule Flags
RewriteEngine On
RewriteCond %{HTTP_HOST} ^.*website2.com
RewriteRule ^/?$ /website2.php [QSA, E=thedomain:website2,NC,L]

QSA = Query String Append

E = Set Environment Variables

NC=No Case

L=Last
 Rewrites & Redirects

RewriteCond %{HTTP_HOST} !=www.domain.com

RewriteRule (.*) http://www.domain.com/$1 [R=301,L]
 Front Controller

The Front Controller Pattern is a

software design pattern listed in
several pattern catalogs. The pattern
relates to the design of web
applications. It "provides a
centralized entry point for handling
requests."

Source: Wikipedia
 mod_auth
Other Auth & Related Modules
● mod_access
● Access control based on client hostname or IP address
● mod_auth_dbm
● User authentication using DBM files
● mod_auth_db
● User authentication using Berkeley DB files
● mod_auth_anon Apache 1.1 and up
● Anonymous user access to authenticated areas
● mod_digest
● MD5 authentication
 Basic Auth
.htpasswd .htgroups
username:md5(password) phpers: Tetraboy bdole
Tetraboy:crypt(password)
bramsey:md5(WildGarlic)
bdole:crypt(lbp)

AuthType Basic
AuthName "Apache Logins"
AuthUserFile /usr/apasswd/.htpasswd
AuthGroupFile /usr/apasswd/.htgroups

#Examples
Require user Tetraboy bramsey bdole
Require group phpers
Require valid-user
 PHP HTTP Auth
$_SERVER['PHP_AUTH_USER'] & $_SERVER['PHP_AUTH_PW']

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
echo 'Text to send if user hits Cancel button';
exit;
} else {
echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
echo "<p>Your pass:{$_SERVER['PHP_AUTH_PW']}.</p>";
}
?>
 mod_headers

Header set|append|add header value

Header unset header

ErrorHeader
 Setting Headers

<Files *.css>
SetHandler php-script
Header Set Content-type “text/css”
</Files>
 PHP's Apache Extension
● apache_child_terminate — Terminate apache process after this request
● apache_get_modules — Get a list of loaded Apache modules
● apache_get_version — Fetch Apache version
● apache_getenv — Get an Apache subprocess_env variable
● apache_lookup_uri — Perform a partial request on a URI, returns info.
● apache_note — Get and set apache request notes
● apache_request_headers — Fetch all HTTP request headers
● apache_reset_timeout — Reset the Apache write timer
● apache_response_headers — Fetch all HTTP response headers
● apache_setenv — Set an Apache subprocess_env variable
● ascii2ebcdic — Translate string from ASCII to EBCDIC
● ebcdic2ascii — Translate string from EBCDIC to ASCII
● getallheaders — Fetch all HTTP request headers
“Trilions Served”
● virtual — Perform an Apache sub-request
apache_child_terminate();

“Terminator
 apache_lookup_uri
<?php
info = apache_lookup_uri('index.php?var=value');
var_dump($info);
?> stdClass Object
(
[status] => 200
[the_request] => GET /dir/file.php HTTP/1.1
[method] => GET
[mtime] => 0
[clength] => 0
[chunked] => 0
[content_type] => application/x-httpd-php
[no_cache] => 0
[no_local_copy] => 1
[unparsed_uri] => /dir/index.php?var=value
[uri] => /dir/index.php
[filename] => /home/htdocs/dir/index.php
[args] => var=value
[allowed] => 0
[sent_bodyct] => 0
[bytes_sent] => 0
[request_time] => 1074282764
)
 Apache HTTP Headers

<?php

apache_request_headers();

apache_response_headers();

?>
 Tip of Iceberg
● There are around 100 modules for Apache 1.3.x

● There are about 300 modules for Apache 2.x

● mod_rewrite can do amazing stuff with URIs

● Apache can be expanded with custom modules!

“Ice Breaker”
 “Books by Bowen”

Apache is a Web Server.

●
Don't rewrite a web server in PHP.
●
Unless you really have to.
 More info?
● http://httpd.apache.org/
● irc.freenode.net #apache
● http://planetapache.org/
● http://apache-cookbook.com/

“Theo Thinks”
 Questions?

● Why is the sky blue?

● Why is the moon white?
● Why is the grass green?
● Where do babies come from?

“Downtown ATL”