You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2012/05/04 16:36:40 UTC
svn commit: r1333991 - in /httpd/httpd/branches/2.4.x/docs/manual/misc:
perf-tuning.xml perf-tuning.xml.fr security_tips.xml security_tips.xml.fr
Author: humbedooh
Date: Fri May 4 14:36:40 2012
New Revision: 1333991
URL: http://svn.apache.org/viewvc?rev=1333991&view=rev
Log:
Backporting syntax highlighting for misc/
Modified:
httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml
httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml.fr
httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml
httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml.fr
Modified: httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml?rev=1333991&r1=1333990&r2=1333991&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml Fri May 4 14:36:40 2012
@@ -152,14 +152,12 @@
matching the criteria. Here's an example which disables lookups
except for <code>.html</code> and <code>.cgi</code> files:</p>
- <example>
- HostnameLookups off<br />
- <Files ~ "\.(html|cgi)$"><br />
- <indent>
- HostnameLookups on<br />
- </indent>
- </Files>
- </example>
+ <highlight language="config">
+HostnameLookups off
+<Files ~ "\.(html|cgi)$">
+ HostnameLookups on
+</Files>
+ </highlight>
<p>But even still, if you just need DNS names in some CGIs you
could consider doing the <code>gethostbyname</code> call in the
@@ -177,14 +175,12 @@
system calls to check up on symlinks. One extra call per
filename component. For example, if you had:</p>
- <example>
- DocumentRoot /www/htdocs<br />
- <Directory /><br />
- <indent>
- Options SymLinksIfOwnerMatch<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+DocumentRoot /www/htdocs
+<Directory />
+ Options SymLinksIfOwnerMatch
+</Directory>
+ </highlight>
<p>and a request is made for the URI <code>/index.html</code>.
Then Apache will perform <code>lstat(2)</code> on
@@ -194,20 +190,16 @@
every single request. If you really desire the symlinks
security checking you can do something like this:</p>
- <example>
- DocumentRoot /www/htdocs<br />
- <Directory /><br />
- <indent>
- Options FollowSymLinks<br />
- </indent>
- </Directory><br />
- <br />
- <Directory /www/htdocs><br />
- <indent>
- Options -FollowSymLinks +SymLinksIfOwnerMatch<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+DocumentRoot /www/htdocs
+<Directory />
+ Options FollowSymLinks
+</Directory>
+
+<Directory /www/htdocs>
+ Options -FollowSymLinks +SymLinksIfOwnerMatch
+</Directory>
+ </highlight>
<p>This at least avoids the extra checks for the
<directive module="core">DocumentRoot</directive> path.
@@ -229,14 +221,12 @@
<code>.htaccess</code> for each filename component. For
example,</p>
- <example>
- DocumentRoot /www/htdocs<br />
- <Directory /><br />
- <indent>
- AllowOverride all<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+DocumentRoot /www/htdocs
+<Directory />
+ AllowOverride all
+</Directory>
+ </highlight>
<p>and a request is made for the URI <code>/index.html</code>.
Then Apache will attempt to open <code>/.htaccess</code>,
@@ -258,15 +248,11 @@
penalties. There's one case where you can speed up the server.
Instead of using a wildcard such as:</p>
- <example>
- DirectoryIndex index
- </example>
+ <highlight language="config">DirectoryIndex index</highlight>
<p>Use a complete list of options:</p>
- <example>
- DirectoryIndex index.cgi index.pl index.shtml index.html
- </example>
+ <highlight language="config">DirectoryIndex index.cgi index.pl index.shtml index.html</highlight>
<p>where you list the most common choice first.</p>
@@ -445,6 +431,12 @@
one connection at a time. Worker generally is a good
choice for high-traffic servers because it has a smaller
memory footprint than the prefork MPM.</li>
+
+ <li>The <module>event</module> MPM is threaded like the
+ Worker MPM, but is designed to allow more requests to be
+ served simultaneously by passing off some processing work
+ to supporting threads, freeing up the main threads to work
+ on new requests.</li>
<li>The <module>prefork</module> MPM uses multiple child
processes with one thread each. Each process handles
@@ -473,7 +465,7 @@
matter of commenting out the associated <directive
module="mod_so">LoadModule</directive> directive for that module.
This allows you to experiment with removing modules, and seeing
- if your site still functions in their absense.</p>
+ if your site still functions in their absence.</p>
<p>If, on the other hand, you have modules statically linked
into your Apache binary, you will need to recompile Apache in
@@ -586,39 +578,29 @@
do not match the code, they're contrived for pedagogical
purposes):</p>
- <example>
- for (;;) {<br />
- <indent>
- for (;;) {<br />
- <indent>
- fd_set accept_fds;<br />
- <br />
- FD_ZERO (&accept_fds);<br />
- for (i = first_socket; i <= last_socket; ++i) {<br />
- <indent>
- FD_SET (i, &accept_fds);<br />
- </indent>
- }<br />
- rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);<br />
- if (rc < 1) continue;<br />
- new_connection = -1;<br />
- for (i = first_socket; i <= last_socket; ++i) {<br />
- <indent>
- if (FD_ISSET (i, &accept_fds)) {<br />
- <indent>
- new_connection = accept (i, NULL, NULL);<br />
- if (new_connection != -1) break;<br />
- </indent>
- }<br />
- </indent>
- }<br />
- if (new_connection != -1) break;<br />
- </indent>
- }<br />
- process the new_connection;<br />
- </indent>
+ <highlight language="c">
+ for (;;) {
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&accept_fds);
+ for (i = first_socket; i <= last_socket; ++i) {
+ FD_SET (i, &accept_fds);
+ }
+ rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
+ if (rc < 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i <= last_socket; ++i) {
+ if (FD_ISSET (i, &accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ process_the(new_connection);
}
- </example>
+ </highlight>
<p>But this naive implementation has a serious starvation problem.
Recall that multiple children execute this loop at the same
@@ -657,41 +639,31 @@
entry into the inner loop. The loop looks like this
(differences highlighted):</p>
- <example>
- for (;;) {<br />
- <indent>
- <strong>accept_mutex_on ();</strong><br />
- for (;;) {<br />
- <indent>
- fd_set accept_fds;<br />
- <br />
- FD_ZERO (&accept_fds);<br />
- for (i = first_socket; i <= last_socket; ++i) {<br />
- <indent>
- FD_SET (i, &accept_fds);<br />
- </indent>
- }<br />
- rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);<br />
- if (rc < 1) continue;<br />
- new_connection = -1;<br />
- for (i = first_socket; i <= last_socket; ++i) {<br />
- <indent>
- if (FD_ISSET (i, &accept_fds)) {<br />
- <indent>
- new_connection = accept (i, NULL, NULL);<br />
- if (new_connection != -1) break;<br />
- </indent>
- }<br />
- </indent>
- }<br />
- if (new_connection != -1) break;<br />
- </indent>
- }<br />
- <strong>accept_mutex_off ();</strong><br />
- process the new_connection;<br />
- </indent>
+ <highlight language="c">
+ for (;;) {
+ <strong>accept_mutex_on ();</strong>
+ for (;;) {
+ fd_set accept_fds;
+
+ FD_ZERO (&accept_fds);
+ for (i = first_socket; i <= last_socket; ++i) {
+ FD_SET (i, &accept_fds);
+ }
+ rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
+ if (rc < 1) continue;
+ new_connection = -1;
+ for (i = first_socket; i <= last_socket; ++i) {
+ if (FD_ISSET (i, &accept_fds)) {
+ new_connection = accept (i, NULL, NULL);
+ if (new_connection != -1) break;
+ }
+ }
+ if (new_connection != -1) break;
+ }
+ <strong>accept_mutex_off ();</strong>
+ process the new_connection;
}
- </example>
+ </highlight>
<p><a id="serialize" name="serialize">The functions</a>
<code>accept_mutex_on</code> and <code>accept_mutex_off</code>
@@ -800,39 +772,31 @@
<code>http_main.c</code>). The function looks roughly like
this:</p>
- <example>
- void lingering_close (int s)<br />
- {<br />
- <indent>
- char junk_buffer[2048];<br />
- <br />
- /* shutdown the sending side */<br />
- shutdown (s, 1);<br />
- <br />
- signal (SIGALRM, lingering_death);<br />
- alarm (30);<br />
- <br />
- for (;;) {<br />
- <indent>
- select (s for reading, 2 second timeout);<br />
- if (error) break;<br />
- if (s is ready for reading) {<br />
- <indent>
- if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) {<br />
- <indent>
- break;<br />
- </indent>
- }<br />
- /* just toss away whatever is here */<br />
- </indent>
- }<br />
- </indent>
- }<br />
- <br />
- close (s);<br />
- </indent>
+ <highlight language="c">
+ void lingering_close (int s)
+ {
+ char junk_buffer[2048];
+
+ /* shutdown the sending side */
+ shutdown (s, 1);
+
+ signal (SIGALRM, lingering_death);
+ alarm (30);
+
+ for (;;) {
+ select (s for reading, 2 second timeout);
+ if (error) break;
+ if (s is ready for reading) {
+ if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) {
+ break;
+ }
+ /* just toss away whatever is here */
+ }
+ }
+
+ close (s);
}
- </example>
+ </highlight>
<p>This naturally adds some expense at the end of a connection,
but it is required for a reliable implementation. As HTTP/1.1
@@ -904,7 +868,7 @@
</example>
<p>The <code>-l</code> option tells truss to log the ID of the
- LWP (lightweight process--Solaris's form of kernel-level thread)
+ LWP (lightweight process--Solaris' form of kernel-level thread)
that invokes each system call.</p>
<p>Other systems may have different system call tracing utilities
@@ -974,7 +938,7 @@
<p>Next, the worker thread puts the connection to the client (file
descriptor 9) in non-blocking mode. The <code>setsockopt(2)</code>
and <code>getsockopt(2)</code> calls are a side-effect of how
- Solaris's libc handles <code>fcntl(2)</code> on sockets.</p>
+ Solaris' libc handles <code>fcntl(2)</code> on sockets.</p>
<example>
<pre>/65: read(9, " G E T / 1 0 k . h t m".., 8000) = 97</pre>
Modified: httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml.fr?rev=1333991&r1=1333990&r2=1333991&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/misc/perf-tuning.xml.fr Fri May 4 14:36:40 2012
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English Revision : 1174747 -->
+<!-- English Revision: 1328334:1333317 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->
Modified: httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml?rev=1333991&r1=1333990&r2=1333991&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml Fri May 4 14:36:40 2012
@@ -327,11 +327,11 @@
<p>In the server configuration file, put</p>
- <example>
- <Directory /> <br />
- AllowOverride None <br />
- </Directory>
- </example>
+ <highlight language="config">
+<Directory />
+ AllowOverride None
+</Directory>
+ </highlight>
<p>This prevents the use of <code>.htaccess</code> files in all
directories apart from those specifically enabled.</p>
@@ -358,27 +358,27 @@
work around this, add the following block to your server's
configuration:</p>
- <example>
- <Directory /> <br />
- Order Deny,Allow <br />
- Deny from all <br />
- </Directory>
- </example>
+ <highlight language="config">
+<Directory />
+ Order Deny,Allow
+ Deny from all
+</Directory>
+ </highlight>
<p>This will forbid default access to filesystem locations. Add
appropriate <directive module="core">Directory</directive> blocks to
allow access only in those areas you wish. For example,</p>
- <example>
- <Directory /usr/users/*/public_html> <br />
- Order Deny,Allow <br />
- Allow from all <br />
- </Directory> <br />
- <Directory /usr/local/httpd> <br />
- Order Deny,Allow <br />
- Allow from all <br />
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /usr/users/*/public_html>
+ Order Deny,Allow
+ Allow from all
+</Directory>
+<Directory /usr/local/httpd>
+ Order Deny,Allow
+ Allow from all
+</Directory>
+ </highlight>
<p>Pay particular attention to the interactions of <directive
module="core">Location</directive> and <directive
@@ -393,9 +393,7 @@
recommend that you include the following line in your server
configuration files:</p>
- <example>
- UserDir disabled root
- </example>
+ <highlight language="config">UserDir disabled root</highlight>
</section>
@@ -438,12 +436,12 @@
you probably commented out the following in your server configuration
file:</p>
- <example>
- <Files ".ht*"> <br />
- Order allow,deny <br />
- Deny from all <br />
- </Files>
- </example>
+ <highlight language="config">
+<Files ".ht*">
+ Order allow,deny
+ Deny from all
+</Files>
+ </highlight>
</section>
Modified: httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml.fr
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml.fr?rev=1333991&r1=1333990&r2=1333991&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml.fr (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/misc/security_tips.xml.fr Fri May 4 14:36:40 2012
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.fr.xsl"?>
-<!-- English revision : 1300926 -->
+<!-- English Revision: 1300924:1330882 (outdated) -->
<!-- French translation : Lucien GENTIS -->
<!-- Reviewed by : Vincent Deffontaines -->