This is like prefork MPM but instead of each child process having a single thread, each child process is allowed to have a specified number of threads. Because threads are more resource efficient than processes, this MPM is very scalable. Each thread within a child process can service a different request.
A process is added or removed by monitoring its spare thread count. For example, if a process has less than the minimum number of spare threads, a new process is added. Similarly, when a process has a maximum number of idle threads, it is killed.
All processes run under the same user and group ID assigned to Apache server.
CoreDumpDirectory
The CoreDumpDirectorydirective sets the directory that Apache tries to switch to before crashing and dumping the core (memory image of the server) file. The default location is the directory specified by the ServerRootdirective.
Syntax: CoreDumpDirectory directory_path Default setting: Server’s root directory
Context: Server config Note
Group
The Groupdirective should be used in conjunction with the Userdirective. Group determines the group under which the standalone server answers requests. To use this directive, the standalone server must be run initially as root. The Group direc-tive can be assigned a group number as well. Grouplooks up group names and their corresponding numeric values in your /etc/groupfile.
Syntax: Group Unix-group Default setting: Group #-1 Context: Server config, virtual host
All the warnings and recommendations I provide for the User directive (later) apply to this directive as well. Make sure that you read the Userdirective details later in this chapter.
Listen
By default, Apache responds to requests on all the IP addresses attached to the server machine, but only to the port address specified by the Portdirective. The Listendirective can be used to make this situation more configurable. You can use the Listendirective to tell Apache to respond to a certain IP address, an IP
address and port combination, or just a port by itself.
Syntax: Listen [IP address:] port_number Default setting: None
Context: Server config
Although Listencan be used instead of BindAddressand Port, you may have to use the Portdirective if your Apache server generates URLs that point to itself.
Multiple Listendirectives may be used to specify a number of addresses and ports to listen to. The server will respond to requests from any of the listed addresses and ports. For example, to make the server accept connections on both port 80 and port 8080, use:
Listen 80 Listen 8080
The following examples make Apache accept connections on two IP addresses and port numbers:
Listen 192.168.1.100:80 Listen 192.168.1.101:8080 Note
ListenBacklog
The ListenBacklogdirective enables you to take defensive action against a known security attack called Denial of Service (DOS) by enabling you to set the maximum length of the queue of pending connections. Increase this if you detect that you are under a TCP SYN flood (DOS) attack; otherwise, you can leave it alone.
Syntax: ListenBacklog backlog Default setting: ListenBacklog 511 Context: Server config
LockFile
If Apache is compiled with the USE_FCNTL_SERIALIZED_ACCEPTor
USE_FLOCK_SERIALIZED_ACCEPToptions, a lock file is used. You can use the LockFiledirective to set the path to the filename of the lock file. Make sure that only the Apache server has read and write access to the file.
Syntax: LockFile filename
Default setting: LockFile logs/accept.lock Context: server config
Storing the lock file on a Network File System (NFS) mounted partition is not a good idea because NFS is known to be problematic when it comes to file locking and security.
MaxClients
The MaxClientsdirective limits the number of simultaneous requests that Apache can service. Because Apache uses one child server for each request, this is also the effective limit for the number of child servers that can exist at the same time.
Syntax: MaxClients number Default setting: MaxClients 256 Context: Server config
The default limit is really the hard limit set in the httpd.hfile in the Apache source distribution. This setting should be fine for most typical-to-moderate load sites. The Apache programmers put the hard limit there for two reasons: they do not want the server to crash the system by filling out some kernel table, and this maximum limit keeps the scoreboard file small enough to be easily readable. When the server reaches the maximum request count, it puts the incoming requests in a wait state until it is free to service them.
Note
If you have a high-performance server system and have the necessary bandwidth, you can recompile the server with a higher hard limit by modifying appropriate MPM header file (mpmdefauls.h). See Table 2-3 in Chapter 2.
MaxRequestsPerChild
Apache launches a child server process to service a request; however, a child server can process multiple requests. The number of requests a child server can process is limited by the MaxRequestsPerChilddirective.
Syntax: MaxRequestsPerChild number Default setting: MaxRequestsPerChild 0 Context: Server config
After servicing the maximum number of requests, the child process terminates. If the MaxRequestsPerChildis 0, then the process will never expire. If you suspect there are libraries on your operating system (for example, Solaris) that have memory-leaking code, you may want to set this directive to a nonzero value. This enables you to define a life cycle for a child process, reducing the chances of a process consuming leaked memory and slowly eating up all available memory. It also provides you with a small load-average number for your system, because the Apache-related load is reduced as your Web server becomes less busy.
MaxSpareThreads
The MaxSpareThreadsdirective sets the maximum number of idle threads. The threadedMPM deals with idle threads on a server-wide basis, which means that if there are too many idle threads in the server, it starts killing child processes until the number of idle threads is down to the number specified here.
Syntax: MaxSpareThreads number
Default setting: MaxSpareThreads 10(for Perchild MPM) or 500(for threaded MPM)
Context: Server config
The perchildMPM counts idle threads on a per child basis, which means that if there are too many idle threads in a child the threads are destroyed until thread count per child is less than the number specified with MaxSpareThreadsdirective.
MinSpareThreads
The MinSpareThreadsdirective sets the minimum number of idle threads. The threadedMPM deals with the idle threads on a server-wide basis, which means that when there are fewer idle threads than the number specified here Apache cre-ates new child processes to bring the total thread count to at least this number.
Tip
Syntax: MinSpareServers number
Default setting: MaxSpareThreads 5 (for Perchild MPM) or 250(for threaded MPM)
Context: Server config
The perchildMPM handles idle thread count on a per child basis; thus, when a child has less than the number of minimum threads specified here, the server creates new threads within that child process.
SendBufferSize
The SendBufferSizedirective sets the TCP send buffer size to the number of bytes specified. On a high-performance network, setting the directive to a higher value than the operating system defaults may increase server performance.
Syntax: SendBufferSize bytes Default setting: None
Context: Server config
StartServers
The StartServersdirective sets the number of child Apache server processes that are created on startup. The number of Apache child processes needed for a certain time period is dynamically controlled. The primary Apache server (the dae-mon process) launches new child processes as it encounters higher request loads.
The actual number of child processes is controlled by the MinSpareServers, MaxSpareServers, and the MaxClientsdirectives. Therefore, you have little to gain by adjusting this parameter.
Syntax: StartServers number Default setting: StartServers 5 Context: Server config
The StartServersdirective is useful only when the Apache server is running as a standalone server. In other words, you need to have ServeTypeset to stand-alone for this directive to be effective.
When running Microsoft Windows, this directive sets the total number of child pro-cesses running. Because the Windows version of Apache is multithreaded, one process handles all the requests. The rest of the processes are held in reserve until the primary process dies.
Note Note
ThreadsPerChild
The Windows version of Apache is a multithreaded server. The ThreadsPerChild directive tells the server how many threads it should use. It also determines the maximum number of connections that the server can handle at any given time.
Therefore, this value should be set reasonably high to allow the maximum number of possible hits.
Syntax: ThreadsPerChild number Default setting: ThreadsPerChild 50 Context: Server config (Windows)
User
The Userdirective sets the user ID that is used by the Apache children that ser-vices HTTP requests. Once the Apache server is started, it launches child pro-cesses to respond to requests. However, these child propro-cesses are not run as root. The parent Apache process (often called the daemon) changes the child process user ID to whatever is set in the Userdirective, as long as it is a valid user ID.
Syntax: User unix-userid Default setting: User #-1
Context: Server config, virtual host
If you start the server as a nonroot user, it fails to change to the user ID specified by the Userdirective, and instead continues to run as the original user. If you do start the server as root, then it is normal for the parent Apache process to remain run-ning as root; however, it runs the child processes as the user specified by the User directive.
Never set the User(or Group) directive to root unless you know exactly what you are doing and what the dangers are.
You can also use user ID numbers, which you can usually find in your /etc/
passwordfile. If you plan on using a numeric value instead of the actual username, the number should be preceded by a # sign.
Many Apache administrators use the default nobodyuser for their Web sites. This user is not available on all Unix systems, and is not always desirable. I highly rec-ommend that you employ a unique user and group ID (see the Groupdirective) for your Apache server. Doing so will give you better control of what the server can or cannot access. The user ID you decide to use for Apache child processes should have very few access privileges. It should not be able to access files that are not intended to be visible to the outside world, and similarly, the user should not be able to execute applications that are not meant for HTTP requests.
Caution
Use of this directive in the <VirtualHost>container requires a properly config-ured suEXECwrapper. When the wrapper is used inside a <VirtualHost> con-tainer in this manner, only the user that CGIs are run as is affected. Non-CGI requests are still processed with the user specified in the main Userdirective. So, the primary Userdirective cannot be completely overridden.