I spend a lot of my time tweaking the performance of web applications, in addition to optimizing code it’s also necessary to verify that your server settings are also optimized for network performance to reduce bandwidth usage and thus client response times.
NOTE: This is a tradeoff between CPU and network performance, it works by compressing the content on the server just before it is sent over the wire…. when the client receives it, it then also spends some of it’s resources to decompress the content.
The Apache HTTP server provided mod_deflate (for 2.x) or mod_gzip (for 1.3).
Here’s a quick start as well as a few references:
1. Uncomment the module:
LoadModule deflate_module modules/mod_deflate.so
2. Add the following (modify if required):
AddOutputFilterByType DEFLATE text/*
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
# Insert filter
# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0 no-gzip
# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won’t work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
# Don’t compress images or ZIP/GZ/7Z
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|zip|7z|gz)$ no-gzip dont-vary
# Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
This can be used to for several reasons:
- To add headers to modify the behavior of a specific ‘misbehaving’ browser or client.
- To replace headers that you don’t want leaked to the Internet.
- To add monitoring information to your server responses.
Changes can be accomplished in the Apache2 ‘httpd.conf’ file.
- Verify that the module is not disabled or commented out:
LoadModule headers_module modules/mod_headers.so
- To add some common metrics:
Header append MyHeader “%D %t”
- To Hide the HTTP Server header that you send in your responses (often done for security through obscurity):
Header unset Server
- You could also replace the Server Header like this:
Header set Server “ScottServer 1.0”
This is a HUGE topic, I’ve outlined some simple steps below as well as my initial configuration for you to start with…
NOTE: this is for simple ‘static’ content such as images, additional work is required for dynamic (program generated) content, such as that generated in PHP.
1. In ‘httpd.conf’ make sure the following line is uncommented.
LoadModule expires_module modules/mod_expires.so
2. In ‘httpd.conf’ add the following:
### Expire images 1 day from when they’re accessed
ExpiresByType application/java-archive “access plus 1 day”
ExpiresByType image/gif “access plus 1 day”
ExpiresByType image/png “access plus 1 day”
ExpiresByType image/jpg “access plus 1 day”
ExpiresByType image/jpeg “access plus 1 day”
ExpiresByType image/x-icon “access plus 1 day”
ExpiresByType text/css “access plus 1 day”
ExpiresByType text/xml “access plus 1 day”
ExpiresByType application/xml “access plus 1 day”
ExpiresByType text/plain “access plus 1 month”
3. (Optional) Set default expiry of content in ‘httpd.conf’:
### Expire everything else 1 day from when it’s last modified
ExpiresDefault “modified plus 1 day”
NOTE: These we’re my original settings, you may want to add attitional MIME type and expiry configurations particular to your web content.
This has been quite frustrating. It seems that Microsoft has again ventured from complying with the industry web standards in this space too!
The comments from the Apache HTTP 2.x ‘http-ssl.conf’ files say it all:
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
A little further research indicates that MSIE6 has (probably) partially fixed this (the HTTP/1.0 & KeepAlive issues), so the updated config should use a Regular Expression to look like…
SetEnvIf User-Agent ".*MSIE [1-5].*"
SetEnvIf User-Agent ".*MSIE [6-9].*"
Installing Perl on a Win32 installation of Apache is trivial. Just a few short years ago (roughly the year 2000) most commercial website still ran large amounts of Perl code. Several open-source projects like BugZilla still rely on this powerful scripting language.
Here’s a few simple steps and advice to consider when the need comes to add this feature to your installation.
- Download Perl for Win32 – ActiveState Perl is the standard distribution to use, and installation is a snap.URL = http://www.activestate.com/Products/ActivePerl/a) Get the MSI file version as it’s executable (the AS version is a ZIP file for manual installs)
b) The default path it chooses is “C:\Perl”, I advise that you use “c:\usr” instead as it makes it easier to port programs to and from UNIX/LINUX.
c) The MSI installer takes care of the PATH file settings, so you should have no other work for installation.
- Modify the Apache httpd.conf file to enable (uncomment or add the following lines).
AddHandler cgi-script .cgi
AddHandler cgi-script .pl
- Restart Windows to ensure that the new configuration is available to the operating system.
- Test your install…a) Create a new file on the server named /cgi-bin/hello.pl with the following content:
print “hello world”;
b) Start (or restart) the Apache service.
c) Access the file in the browser, example:
URL = http://localhost/cgi-bin/hello.pl
d) If everything works, you should see the words “hello world”, otherwise, if you see the source code or ‘500 Server Error’ then the config has a problem.
I often find myself administering WAMP (Windows, Apache, PHP/Perl/Python, mySQL) servers…. usually this occurs because it is better ‘supported’ (or perhaps ‘tolerated’) configuration in a corporate alternative to the more common LAMP (Linux… etc.) variety. This gives you the benefit of a centrally controlled operating system while maintaining a mostly open source server environment. Albeit with Microsoft’s poor security record, you’ll be patching it a LOT!
Many common distributions exist… here’s some helpful resources with downloads:
If you are a Java shop, you might also consider the following…
Configuration of each of these is a topic in it’s own right. If you need a shortcut to development, you may want to check out this!
This came as a shock to me a while back, when i started evaluating an upgrade to Apache 2.2 from Apache 2.0.58. It seems that PHP doesn’t ship with a handler for Apache 2.2, as such after a huge headache and little bit of searching I found this article and downloads available at http://www.apachelounge.com/
It should also be added that other great binary assets are available at these sites/