Debianhelp.co.uk

Apache2 Server Tokens, Security And Performance Tuning Configuration in Debian

ServerTokens Directive

ServerTokens is only available in Apache 1.3 and later; the ProductOnly keyword is only available in versions later than 1.3.12 This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules

Description: Configures the Server HTTP response header

Syntax: ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full

Default: ServerTokens Full

Context: server config

ServerTokens Prod[uctOnly]

Server sends (e.g.): Server: Apache

ServerTokens Major

Server sends (e.g.): Server: Apache/2

ServerTokens Minor

Server sends (e.g.): Server: Apache/2.0

ServerTokens Min[imal]

Server sends (e.g.): Server: Apache/2.0.41

ServerTokens OS

Server sends (e.g.): Server: Apache/2.0.41 (Unix)

ServerTokens Full (or not specified)

Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

 

For more apache2 core features Configuration Directives click here

 

Apache2 Security

 

Configuring Apache2 security tips Click here

 

Apache2 Performance Tuning

 

To learn about performance tuning in Apache2 click here

 

Apache2 Proactive Performance Tuning

The following are some techniques for proactively increasing the performance of your Web server.

Mapping Files to Memory

Accesses to disk affect performance significantly. Although most modern operating systems keep a cache of the most frequently accessed files, Apache also enables you to explicitly map a file into memory so that access to disk isn't necessary. The module that performs this mapping is mod_file_cache. You can specify a list of files to memory map by using the MMapFile directive, which applies to the server as a whole. An additional directive in Apache 2.0, CacheFile, takes a list of files, caches the file descriptors at startup, and keeps them around between requests, saving time and resources for frequently requested files.

Distributing the Load among several servers

Another way to increase performance is to distribute the load among several servers. This can be done in a variety of ways:

     A hardware load balancer directing network and HTTP traffic across several servers, making it look like a single server from the outside.

     A software load balancer solution using a reverse proxy with mod_rewrite.

    Separate servers providing images, large download files, and other static material. For example, you can place your images in a server called images.test.com and link to them from your main server.

Caching

The fastest way to serve content is not to serve it! This can be achieved by using appropriate HTTP headers that instruct clients and proxies of the validity in time of the requested resources. In this way, some resources that appear in multiple pages, but don't change frequently, such as logos or navigation buttons, are transmitted only once for a certain period of time.

Additionally, you can use mod_cache in Apache 2.0 to cache dynamic content so that it doesn't need to be created for every request. This is potentially a big performance boost because dynamic content usually requires accessing databases, processing templates, and so on, which can take significant resources.

As of this writing, mod_cache is still experimental. You want to know more about this click here

Reduce  the load on the servers Transmitted Data

Another way to reduce the load on the servers is to reduce the amount of data being transferred to the client. This in turn makes your clients'Web site access faster, especially for those over slow links. You can do a number of things to achieve this:

    Reduce the number of images.

    Reduce the size of your images.

    Compress big downloadable files.

    Precompress static HTML and use content negotiation.

   Use mod_deflate to compress HTML content. This can be useful if CPU power is available and clients are connecting over slow links. The content will be delivered quicker and the process will be free sooner to answer additional requests.

Network Settings

The KeepAliveTimeout directive enables you to specify the maximum time in seconds that the server will wait before closing an inactive connection. Increasing the timeout means that you will increase the chance of the connection being reused. On the other hand, it also ties up the connection and Apache process during the waiting time, which can prevent scalability, as discussed earlier in the hour.