Your Debian web server continues to take shape as we delve into the depths of apache's configuration options.
We won't go into detail about every directive (you can look at the apache docs for that), but we will highlight the settings that most people will need to change and talk about how they can be tailored for a site. Fortunately the config files are nicely commented as well, so just skimming the main config file should let you see what other directives do and whether or not you would need to change them.
This sets (in simple terms) the maximum time, in seconds, to wait for a request, action it and the response to the request.
The default is deliberately set high to allow for varied situations. You can reduce this to something more sane, to 30 seconds or even lower. A decrease may also help in reducing the effects of a DOS attack.
You should generally have KeepAlive "On" as it allows for persistent connections to a client so each file, image, etc. that gets requested. Without keepalives, the apache server and web client will need to establish new connections for every element needed to display a web page. Keeping a single connection going that the client can reuse allows your server to manage clients more efficiently.
Define other KeepAlive settings as shown below:
So how long does a persistent connection to a client wait for the next request? The default setting is very high and can easily be reduced to 2 or 3 seconds. If no new requests are received during this time the connection is killed.
Once a connection has been established and the client has requested the files needed for the web page, this setting tells that connection, "This is your client. There are many like it, but this one is yours. Handle only that client's requests until you reach the KeepAliveTimeout, ignore the others." So you'll want to balance the duration of KeepAlives (which make the server more responsive to a web client) against the need to free up old connections to make room for new clients.
The best way to optimize this setting is to use your site like an average visitor would, and pay attention to how often you click links. If you find someone would generally take a minute to read a page after navigating to it, a lower timeout would free their connection up quickly once they've reached that page. If you find that you click links regularly with small lulls between (for something like a one-question-per-page quiz), your site would be more responsive to a user with a higher KeepAliveTimeout to handle them.
If you want happy users and to save traffic, keep this at Off.
Setting this to "On" will enable DNS lookups so host names can be logged (it performs a reverse DNS check). Setting it to "Double" will not only perform the reverse DNS check, it will then check the resulting hostname with a regular DNS query.
All a bit much just to make your access logs easier to read. If you really want hostname information from your visitors in your logs it is advised to use logresolve (located in /usr/sbin/logresolve) for this purpose. A small explanation of its use can be found here.
Quite a lot here, but as you go through the different settings you will see that several are fairly easy to understand. Naturally, there is a lot more to it than this article (or set of articles) can go into.
In the second part of this apache configuration overview we will look at other settings that will add some more efficiency and help in increasing the security of our Slice.
- -- Jered