This glossary defines some of the common terminology related to Apache HTTP Server in
particular, and web serving in general. More information on each concept
is provided in the links.
A perl script that aids in compiling module sources into Dynamic Shared Objects
(DSOs) and helps install them in the
httpd web server.
See: Manual Page: apxs
A set of libraries providing many of the basic interfaces
between the server and the operating system. APR is developed
parallel to the Apache HTTP Server as an independent project.
See: Apache Portable Runtime
Project
A data record used for authenticating network entities such
as a server or a client. A certificate contains X.509 information pieces
about its owner (called the subject) and the signing Certification Authority (called
the issuer), plus the owner's public
key and the
signature made by the CA. Network entities verify these signatures
using CA certificates.
See: SSL/TLS Encryption
A trusted third party whose purpose is to sign certificates for network
entities it has authenticated using secure means. Other network entities
can check the signature to verify that a CA has authenticated the bearer
of a certificate.
See: SSL/TLS Encryption
A standard definition for an interface between a web server and an
external program that allows the external program to service requests.
There is an Informational RFC (RFC 3875) which covers the specifics.
See: Dynamic Content with CGI
An encrypted text block that validates a certificate or other file. A
Certification Authority
creates a signature by generating a hash of the Public Key
embedded in a Certificate, then encrypting the hash with its own
Private Key. Only the CA's public key can decrypt the signature,
verifying that the CA has authenticated the network entity that owns the
Certificate.
See: SSL/TLS Encryption
Named variables managed by the operating system shell and used to store
information and communicate between programs. httpd also contains
internal variables that are referred to as environment variables, but are
stored in internal httpd structures, rather than in the shell
environment.
See: Environment Variables in Apache httpd
Diminished in cryptographic strength (and security) in order to comply
with the United States' Export Administration Regulations (EAR).
Export-crippled cryptographic software is limited to a small key size,
resulting in Ciphertext which usually can be decrypted by brute
force.
See: SSL/TLS Encryption
A process that is applied to data that is sent or received by the
server. Input filters process data sent by the client to the server,
while output filters process documents on the server before they are sent
to the client. For example, the INCLUDES output filter
processes documents for Server Side
Includes.
See: Filters
The unique name of a network entity, consisting of a hostname and a
domain name that can resolve to an IP address. For example,
www is a hostname, example.com is a domain name,
and www.example.com is a fully-qualified domain name.
An internal httpd representation of the action to be performed when a
file is called. Generally, files have implicit handlers, based on the file
type. Normally, all files are simply served by the server, but certain
file types are "handled" separately. For example, the
cgi-script handler designates files to be processed as
CGIs.
See: httpd's Handler Use
A mathematical one-way, irreversible algorithm generating a string with
fixed-length from another string of any length. Different input strings
will usually produce different hashes (depending on the hash function).
A configuration file that
is placed inside the web tree and applies configuration directives to the directory where it is
placed and all sub-directories. Despite its name, this file can hold
almost any type of directive, not just access-control directives.
See: Configuration Files
The main httpd configuration
file. The default location is
/usr/local/apache2/conf/httpd.conf, but it may be moved using
run-time or compile-time configuration.
See: Configuration Files
The standard transmission protocol used on the World Wide Web. httpd
implements version 1.1 of the protocol, referred to as HTTP/1.1 and
defined by RFC 2616.
The HyperText Transfer Protocol (Secure), the standard encrypted
communication mechanism on the World Wide Web. This is actually just HTTP
over SSL.
See: SSL/TLS Encryption
In the context of HTTP, an action to
perform on a resource, specified on the request line by the client. Some
of the methods available in HTTP are GET, POST,
and PUT.
A way to describe the kind of document being transmitted. Its name
comes from that fact that its format is borrowed from the Multipurpose
Internet Mail Extensions. It consists of a major type and a minor type,
separated by a slash. Some examples are text/html,
image/gif, and application/octet-stream. In
HTTP, the MIME-type is transmitted in the Content-Typeheader.
See: mod_mime
An independent part of a program. Much of httpd's functionality is
contained in modules that you can choose to include or exclude. Modules
that are compiled into the httpd binary are
called static modules, while modules that are stored
separately and can be optionally loaded at run-time are called
dynamic modules or DSOs.
Modules that are included by default
are called base modules. Many modules are available for httpd
that are not distributed as part of the Apache HTTP Server tarball. These are referred to as
third-party modules.
See: Module Index
Module Magic Number is a constant defined in the httpd source code that
is associated with binary compatibility of modules. It is changed when
internal httpd structures, function calls and other significant parts of
API change in such a way that binary compatibility cannot be guaranteed
any more. On MMN change, all third party modules have to be at least
recompiled, sometimes even slightly changed in order to work with the new
version of httpd.
The word or phrase that protects private key files. It prevents
unauthorized users from encrypting them. Usually it's just the secret
encryption/decryption key used for Ciphers.
See: SSL/TLS Encryption
A directive is in
per-directory context when it appears in a <Directory>, <DirectoryMatch>, <Files>, or <FilesMatch> section in the main
configuration files, or in a .htaccess file.
In per-directory context, directives apply only to the
directory (or set of files) they are associated with.
See: Configuration Sections
An intermediate server that sits between the client and the origin
server. It accepts requests from clients, transmits those requests
on to the origin server, and then returns the response from the origin
server to the client. If several clients request the same content, the
proxy can deliver that content from its cache, rather than requesting it
from the origin server each time, thereby reducing response time.
See: mod_proxy
The publicly available key in a Public Key Cryptography system,
used to encrypt messages bound for its owner and to decrypt signatures
made by its owner.
See: SSL/TLS Encryption
The study and application of asymmetric encryption systems, which use
one key for encryption and another for decryption. A corresponding pair of
such keys constitutes a key pair. Also called Asymmetric Cryptography.
See: SSL/TLS Encryption
A way of describing a pattern in text - for example, "all the words that
begin with the letter A" or "every 10-digit phone number" or even "Every
sentence with two commas in it, and no capital letter Q". Regular
expressions are useful in httpd because they let you apply certain
attributes against collections of files or resources in very flexible ways
- for example, all .gif and .jpg files under any "images" directory could
be written as "/images/.*(jpg|gif)$". In places where
regular expressions are used to replace strings, the special variables
$1 ... $9 contain backreferences to the grouped parts (in parentheses) of
the matched expression. The special variable $0 contains a backreference
to the whole matched expression. To write a literal dollar sign in a
replacement string, it can be escaped with a backslash. Historically, the
variable & could be used as alias for $0 in some places. This is no
longer possible since version 2.3.6. httpd uses Perl Compatible Regular
Expressions provided by the PCRE
library. You can find more documentation about PCRE's regular expression
syntax at that site, or at
Wikipedia.
A proxy server that appears to the client
as if it is an origin server. This is useful to hide the real
origin server from the client for security reasons, or to load balance.
A protocol created by Netscape Communications Corporation for general
communication authentication and encryption over TCP/IP networks. The most
popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP)
over SSL.
See: SSL/TLS Encryption
An SSL function that allows passing the desired server
hostname in the initial SSL handshake message, so that the web
server can select the correct virtual host configuration to use
in processing the SSL handshake. It was added to SSL starting
with the TLS extensions, RFC 3546.
See: the SSL FAQ
and RFC 3546
httpd provides a subrequest API to modules that allows other
filesystem or URL paths to be partially or fully evaluated by
the server. Example consumers of this API are
DirectoryIndex,
mod_autoindex, and mod_include.
The successor protocol to SSL, created by the Internet Engineering Task
Force (IETF) for general communication authentication and encryption over
TCP/IP networks. TLS version 1 is nearly identical with SSL version 3.
See: SSL/TLS Encryption
The name/address of a resource on the Internet. This is the common
informal term for what is formally called a Uniform Resource Identifier.
URLs are usually made up of a scheme, like http or
https, a hostname, and a path. A URL for this page might
be http://httpd.apache.org/docs/2.4/glossary.html.
A compact string of characters for identifying an abstract or physical
resource. It is formally defined by RFC 2396. URIs used on the
world-wide web are commonly referred to as URLs.
Serving multiple websites using a single instance of httpd. IP
virtual hosting differentiates between websites based on their IP
address, while name-based virtual hosting uses only the name of the
host and can therefore host many sites on the same IP address.
See: httpd Virtual Host documentation
An authentication certificate scheme recommended by the International
Telecommunication Union (ITU-T) which is used for SSL/TLS authentication. See: SSL/TLS Encryption
