Proper use of Header set Connection Keep-Alive (Apache) - apache

<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
In order to make files reloading bit faster, a server needs the Keep Alive enabled in Apache. Some questions though:
Q1) does it matter where (top or bottom of htacces) these three lines go?
Q2) if I omit the ifModule above and below the Header set Connection keep-alive then it seems still to work so is it necessary / what does the ifModule do?
Q3) on the bottom of my htacces there is already a section with ifModule mod_headers.c and all sorts of FilesMatch in there (static caching of files per filetype like css js html etc. can the Header set Connection keep-alive go in there?

Q1) It only matters if there are other lines in the file that may override it. In general, whatever comes last wins.
Q2) ifModule is a basic conditional that allows you to specify configuration if the indicated module is loaded or not
Q3) Yes, it can go in there. A conditional is a conditional, so unless you have a rather complex module-dependent configuration, you will only really need one ifModule block for any given module in a particular file

Related

Is it possible to deactivate caching Rules in htacces by IP matching?

Is it possible to deactivate caching Rules like mod_expires.c, mod_headers.c in htaccess by IP matching like < FilesMatch > or < IfModule >?
I did not find any possible solution so far. Any hints?
If you want to deactivate caching you can use the following in your .htaccess file:
ExpiresActive On
ExpiresDefault A1
Header append Cache-Control must-revalidate
Just make sure you place it at the top of your .htaccess file and clear your cache upon entering it. From that point forward it will also ask the cache to re-validate.

Can mod_headers change headers generated by uWSGI?

I have a uWSGI service running behing an apache front-end. The part of my apache conf handling that lools like:
<Location /myapp>
SetHandler uwsgi-handler
uWSGISocket /var/run/uwsgi/myapp.sock
Allow from all
</Location>
and I'd like to add a custom header to the responses of my app. I know I can do that by adding some code in the app, but I would prefer doing it with mod_headers, by adding the following line in the Location directive
Header set Custom-Header "hello world"
It does not seem to work, although mod_headers documentation states
This directive can replace, merge or remove HTTP response headers.
The header is modified just after the content handler and output filters are run,
allowing outgoing headers to be modified.
What do I do wrong, or understand wrong?
As stated in the docs mod_uwsgi is very raw and uses the 'assbackwards' mode, unless you enable the CGI mode. This mode (assbackwards) gives superior performance but breaks basically all of the filters. You should use mod_proxy_uwsgi (fully apache-friendly) or let uWSGI do the hard work for you using the internal routing:
http://uwsgi-docs.readthedocs.org/en/latest/InternalRouting.html
(or the --add-header more invasive option)

Set mod_reqtimeout to unlimited time for a specific folder

I basically have two questions:
How do you set the RequestReadTimeout (in mod_reqtimeout), header and body time to: unlimited time
and
How do I apply that to a specific folder?
The default reqtimeout.conf is:
<IfModule reqtimeout_module>
RequestReadTimeout header=10-20,minrate=500
RequestReadTimeout body=10,minrate=500
</IfModule>
So that it would be something like:
<IfModule reqtimeout_module>
#Apply this to the /var/www/unlimitedtime folder
<Directory /var/www/unlimitedtime>
RequestReadTimeout header=unlimited,MinRate=0 body=unlimited,MinRate=0
</Directory>
</IfModule>
This doesn't work but it's just an example that maybe will make my question more clear.
Thx
Several tips from official documentation of top
RequestReadTimeout :
Context: server config, virtual host
That means this directive is a quite high level directive, you do not have the Location or Directory context here. In fact the timeouts are applied far before the web server can apply a directory decision on the request (the request is not received...), so it's quite normal. What it means is that you cannot apply this directive in a Directory, and there's nothing you can do for that, sorry.
type=timeout
The time in seconds allowed for reading all of the request headers or
body, respectively. A value of 0 means no limit.
So instead of using the 10-20 form simply set 0 and it becomes an unlimited timeout. Or at least that's what the documentation seems to imply. But that's a real nice way of making your webserver DOS-enabled. A few HTTP requests on the right url and you will get a nice Deny of Service, so I hope some other Timeout setting will override it (but maybe not, be careful) :-)

.htaccess or httpd.conf

I need to do a url-rewriting job now.
I don't know whether I should put the code into a .htaccess or httpd.conf?
EDIT
What's the effecting range of .htaccess?Will it affect all requests or only requests to the specific directory it's located?
If you wont have to change your rules very often, you should put them in the httpd.conf and turn off overriding in the top directory your rules apply to
AllowOverride None
With no overriding, your apache will not scan every directory for .htaccess files making less of an overhead for each request.
Whenever you do have to change your rules, you will have to restart your apache server if you put it in your httpd.conf as opposed to them being instantly detected in .htaccess files because it reads them all on every request.
You can easily do this using a graceful restart with the apachectl tool to avoid cutting off any current requests being served.
apachectl graceful
If you aren't going to turn override off, you might as well just use .htaccess only.
Edit in response to your edit:
Say you have a request for www.example.com/dir1/dir2/dir3/file
Apache will look for a .htaccess file in all 3 of those directories and the root for rules to apply to the request if you have overriding allowed.
Ease of use and IMO maintainability (just go to the dir you want as any permissioned user) = .htaccess but that is parsed repeatedly vs. the parse once in httpd.conf where your über-high volume would be best set.
There are three issues here in terms of which is "better":
performance
management
security
.htaccess is slower, harder to manage, and potentially less secure. If you have access to the httpd.conf, then placing rules there can be easier to manage (in one place), faster ("AllowOverrides None" means that the server does not look in the current directory and any parent directories for an override file to parse and follow), and since .htaccess files are not present in the website directory, they cannot be edited (and if created, will be ignored).
You may use both of them. IMHO, .htaccess will be a bit better

Using keep-alive feature in .htaccess

I want to use the keep-alive feature in Apache. How can I do this with my host (.htaccess file), and what are the best values for the parameters like KeepAliveTimeout?
If Keep-alive is turned on in the Apache configuration, all you need is just set an HTTP header Connection: keep-alive. E.g. add following lines to your .htaccess file:
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
You can't control keepalive behaviour in an .htaccess. Keepalives are a host-level feature, not one where different directories can behave differently depending on the per-directory htaccess info.
If you are on the kind of basic shared hosting that only gives you .htaccess to configure your sites, you can't change the keepalive settings. Presumably the hosting company will have set them appropriately, or just left them on the default settings, which are usually fine.
Yes Keep-alive behavior can be controlled in .htaccess file.
First check the server setting by printing $_SERVER and if
[HTTP_CONNECTION] => keep-alive
is there then you just have to include the setting in your .htaccess file.
Add the following line at the end of .htaccess file in your project's root directory.
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
If you have SSH access to your server you should edit the Apache config file. Use these settings as a starter:
KeepAlive: on
KeepAliveTimeout: 3 seconds
MaxKeepAliveRequests: 60
This should work for most basic server setups with average traffic. You can always tweak the settings to suit your own needs. See here for more detailed info about this: http://www.giftofspeed.com/enable-keep-alive/
If you don't have access to your server you should contact your host. Changing the keepalive settings on your own by editing the .htaccess file will probably don't work.
It very much depends on your site and the amount of traffic it receives. If a user comes to your site, then clicks through to another page within the KeepAliveTimeout setting (default is 15), a new TCP does not have to be created. This can really help with overhead.
On the other hand, any Apache processes that are currently tied up w/ existing visitors will not be able to talk to the new ones. So you may have to increase the total number of Apache processes that are available.
In short... it requires tweaking.
you can't control keep-alive behavior in .htaccess
Paste the following code in your .htaccess file:
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
Then use this website: https://varvy.com/pagespeed/ to check if it's enabled.