httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@hyperreal.com>
Subject cvs commit: apache/htdocs/manual/misc FAQ.html
Date Sat, 21 Jun 1997 18:56:39 GMT
dgaudet     97/06/21 11:56:38

  Modified:    htdocs/manual/misc  FAQ.html
  Log:
  merge in Dirk's three new faq additions
  
  Revision  Changes    Path
  1.73      +119 -5    apache/htdocs/manual/misc/FAQ.html
  
  Index: FAQ.html
  ===================================================================
  RCS file: /export/home/cvs/apache/htdocs/manual/misc/FAQ.html,v
  retrieving revision 1.72
  retrieving revision 1.73
  diff -C3 -r1.72 -r1.73
  *** FAQ.html	1997/06/20 17:17:23	1.72
  --- FAQ.html	1997/06/21 18:56:36	1.73
  ***************
  *** 15,21 ****
      <!--#include virtual="header.html" -->
      <H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>
      <P>
  !   $Revision: 1.72 $ ($Date: 1997/06/20 17:17:23 $)
      </P>
      <P>
      The latest version of this FAQ is always available from the main
  --- 15,21 ----
      <!--#include virtual="header.html" -->
      <H1 ALIGN="CENTER">Apache Server Frequently Asked Questions</H1>
      <P>
  !   $Revision: 1.73 $ ($Date: 1997/06/21 18:56:36 $)
      </P>
      <P>
      The latest version of this FAQ is always available from the main
  ***************
  *** 131,136 ****
  --- 131,138 ----
       <LI><A HREF="#fdlim">Why can't I run more than &lt;<EM>n</EM>&gt;
        virtual hosts?</A>
       </LI>
  +    <LI><A HREF="#freebsd-setsize">Can I increase FD_SETSIZE on FreeBSD?</A>
  +    </LI>
       <LI><A HREF="#limitGET">Why do I keep getting &quot;access denied&quot;
for
        form POST requests?</A>
       </LI>
  ***************
  *** 208,213 ****
  --- 210,222 ----
       <LI><A HREF="#linux-shmget">When I run it under Linux I get "shmget:
        function not found", what should I do?</A>
       </LI>
  +    <LI><A HREF="#authauthoritative">Why does my authentification give
  +     me a server error?</A>
  +    <LI><A HREF="#auth-on-same-machine">Do I have to keep the (mSQL)
  +       authentification information on the same machine?</A>
  +    </LI>
  +    <LI><A HREF="#msql-slow">Why is my mSQL authentification terribly slow?</A>
  +    </LI>
      </OL>
     </LI>
    </UL>
  ***************
  *** 819,826 ****
            HREF="../mod/core.html#listen"
           ><SAMP>Listen</SAMP></A>
           directives.  If there are no other servers running on the machine 
  !        and all of them are running on the same port, you normally don't 
  !        need any Listen directives at all.
       </LI>
       <LI>Reduce the number of log files.  You can use 
           <A
  --- 828,836 ----
            HREF="../mod/core.html#listen"
           ><SAMP>Listen</SAMP></A>
           directives.  If there are no other servers running on the machine 
  !        on the same port then you normally don't
  !        need any Listen directives at all.  By default Apache listens to
  !        all addresses on port 80.
       </LI>
       <LI>Reduce the number of log files.  You can use 
           <A
  ***************
  *** 838,844 ****
           <A
            HREF="perf.html"
           >performance hints</A>
  !        page.
       </LI>
       <LI>&quot;Don't do that&quot; - try to run with fewer virtual hosts
       </LI>
  --- 848,855 ----
           <A
            HREF="perf.html"
           >performance hints</A>
  !        page.  There is a specific note for
  !        <a href="#freebsd-setsize">FreeBSD</a> below.
       </LI>
       <LI>&quot;Don't do that&quot; - try to run with fewer virtual hosts
       </LI>
  ***************
  *** 854,859 ****
  --- 865,888 ----
      available in the way of solutions.
      </P>
      <HR>
  + 
  +  <LI><A NAME="freebsd-setsize">
  +       <STRONG>Can I increase FD_SETSIZE on FreeBSD?</STRONG>
  +      </A>
  +   <P>
  +     On FreeBSD 2.2 and older FD_SETSIZE, which limits the number of open
  +     files on the system, is limted to 256. This can limit the number of
  +     virtual hosts you are using; especially if they all use different log
  +     files. Increasing this limit (and recompiling apache) is not enough
  +     (As it is on some platforms, such as Solaris), as you also will have
  +     to recompile libc with the changed setting.
  +   </P>
  +   <p>
  +     On FreeBSD 3.0 the default is 1024, so the problem is lessened.
  +   </p>
  +   <HR>
  +  </LI>
  + 
     <LI><A NAME="limitGET">
          <STRONG>Why do I keep getting &quot;access denied&quot; for form POST
          requests?</STRONG>
  ***************
  *** 1160,1166 ****
     </LI>
     <LI><A NAME="linuxiovec">
          <STRONG>Why do I get complaints about redefinition
  !       of &quot;<CODE>struct iovec</CODE>&quot; when compiling under
Linux?</STRONG>
         </A>
      <P>
      This is a conflict between your C library includes and your kernel
  --- 1189,1196 ----
     </LI>
     <LI><A NAME="linuxiovec">
          <STRONG>Why do I get complaints about redefinition
  !       of &quot;<CODE>struct iovec</CODE>&quot; when
  !       compiling under Linux?</STRONG>
         </A>
      <P>
      This is a conflict between your C library includes and your kernel
  ***************
  *** 1582,1587 ****
  --- 1612,1701 ----
        a server which is slower and less reliable.
      </P>
      <HR>
  +  </LI>
  + 
  +  <LI><A NAME="authauthoritative">
  +       <STRONG>Why does my authentification give me a server error?</STRONG>
  +      </A>
  +   <P>
  +     Under normal circumstances, the apache access control modules will
  +     pass unrecognized userids on to the next access control module in
  +     line.  Only if the userid is recognized, the password is validated
  +     (or not) will it give the usual success or authentification failed
  +     messages.
  +   </p>
  +   <p>
  +     However if the last access module in line 'declines' the validation
  +     request (because it has never heard of the userid or because it is not
  +     configured) the http_request handler will give one of the following,
  +     confusing, errors:
  +   <UL>
  +     <li> <code>check access</code>
  +     <li> <code>check user.  No user file? </code>
  +     <li> <code>check access.  No groups file? </code>
  +   </ul> 
  +     This does not mean that you have to add a 'AuthUserFile /dev/null'
  +     line as some magazines suggest !
  +   </p>
  +   <p>
  +     The solution is to ensure that at least the last module is authoritative
  +     and <b>CONFIGURED</b>. By default <code>mod_auth</code> is
authoritative
  +     and will give an OK/Denied, but only if it is configured with the
  +     proper AuthUserFile. Likewise if a valid group is required.  (Remember
  +     that the modules are processed in the reverse order they appear in
  +     your compile-time Configuration file.)
  +   </P>
  +   <p>
  +     A typical situation for this error is when you are using the
  +     mod_auth_dbm, mod_auth_msql, mod_auth_mysql, mod_auth_anon or
  +     mod_auth_cookie on their own.  These are by default <b>not</b>
  +     authoritative, and this will pass the buck on to the (non-existent) next
  +     authentification module when the user ID is not in their respective
  +     database.  Just add the appropriate 'XXXAuthoritative yes' line to
  +     the configuration.
  +   </p>
  +   <p>
  +     In general it is a good idea (though not terribly efficient) to have the
  +     file based mod_auth a module of last resort. This allows you to access
  +     the web server with a few special passwords even if the databases are
  +     down or corrupted.  This does cost a file-open/seek/close for each
  +     request in a protected area.
  +   </p>
  +   <HR>
  +  </LI>
  + 
  +  <LI><A NAME="auth-on-same-machine">
  +       <STRONG>Do I have to keep the (mSQL) authentification information
  +       on the same machine?</STRONG>
  +      </A>
  +   <p>
  +     Some organizations feel very strongly about keeping the authentification
  +     information on a different machine than the webserver. With the
  +     mod_auth_msql, mod_auth_mysql and other SQL modules connecting to
  +     (R)DBMses this is quite well possible. Just configure an explicit host
  +     to contact.
  +   </p>
  +   <p>
  +     Be aware that with mSQL and Oracle, opening and closing these database
  +     connections is very expensive and time consuming. You might want to
  +     look at the code in the auth_modules and play with the compile time
  +     flags to alleviate this somewhat; if your RDBMS licences alows for it.
  +   </p>
  +   <HR>
  +  </LI>
  + 
  +  <LI><A NAME="msql-slow">
  +       <STRONG>Why is my mSQL authentification terribly slow?</STRONG>
  +      </A>
  +   <p>
  +     You have probably configured the Host by specificing a FQHN,
  +     and thus the libmsql will use a full blown tcp/ip socket to talk to
  +     the database, rather than a fast internal device. Both the libmsql,
  +     the mSQL faq and the mod_auth_msql documentation warn you about this. If
  +     you have to use different hosts, check out the mod_auth_msql code for
  +     some compile time flags which might, or might not suit you.
  +   </p>
  +  <HR>
     </LI>
    
      <!-- Don't forget to add HR tags at the end of each list item.. -->
  
  
  

Mime
View raw message