l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
July 21: Defensive computing: Information security for individuals
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Mar 15 17:20

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Apache2 status (was: php5 and Debian/testing)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Apache2 status (was: php5 and Debian/testing)



On Tue, Mar 15, 2005 at 01:46:16PM -0500, Peter Jay Salzman wrote:
> Sweet!  Thanks.
> 
> I guess that leaves me with a question I didn't intend on asking.  What's
> the status of Apache2 on Linux?
> 
> There was a /. expose on it awhile ago - many people were very unhappy with
> Apache2, for reasons ranging from not playing well with PHP to security
> concerns (IIRC, it had something to do with Apache2 assuming that some
> libraries were thread-safe when the libraries in question were not thread
> safe).
...

Apache 2 introduced the concept of Multi-Processing Modules (MPM's)
which allow the administrator to select the concurrency model for the
web server.  For example, if you use the "prefork" MPM, then a separate
process will be used to handle each request, just as Apache 1.x
functioned ("prefork" is the default MPM under Apache 2).  However if
you select the "worker" MPM, then Apache will use a threaded[1] model
instead.  There are several different MPM's, including some for specific
operating systems (e.g., a Windows-specific one), but "prefork" and
"worker" are the ones that most Unix users will be interested in.
Details on MPM's can be found at http://httpd.apache.org/docs-2.0/mpm.html

The problems with PHP occur when PHP is used under the "worker" (i.e.,
threaded) MPM.  Since threads share an address space, anything that runs
under Apache must be thread-safe in order to work properly without race
conditions.  PHP itself is thread-safe, but the concern is that some 3rd
party modules that PHP developers might download and use in their
applications will not be thread-safe.  PHP itself doesn't have any
control over these 3rd party modules, so it isn't something that they
can just go fix.  PHP has a repository of modules called PEAR which is
similar to Perl's CPAN; obviously it just isn't possible to convince
every developer who's submitted a module to go back and make sure it's
thread-safe.  I suspect that other projects like mod_perl probably face a
similar problem when run under Apache2's "worker" MPM.

This is somewhat unfortunate.  The light-weight threaded nature of the
"worker" MPM is attractive because it allows Apache to use fewer
resources, but it's the one that causes the problems when used with PHP.
As far as I know, you should be completely safe if you should be safe if
you use the (default) "prefork" MPM, but you won't get the benefits of
using a threaded model instead of a process-based model.  Apache2 has
other advantages over 1.x (e.g., I hear you can do some pretty advanced
stuff filtering your output through a pipeline of various
transformations before sending it back to the user), but for the average
server administrator, the advantages just aren't worth the hassle of
installing, reconfiguring, and testing Apache 2 as a replacement for
1.x. 

I personally still run 1.3 simply because I haven't wanted to bother
doing an upgrade.  If I were setting up a new web server, I'd probably
go with 2.x.

Hope this helps.


[1] Technically, the "worker" MPM is a hybrid process/thread model
    instead of being purely threaded as I implied above.  Multiple
    processes are used, each which have a set (configurable) number of
    worker threads under them.


Matt

-- 

*************************************************
* Matt Roper <matt@mattrope.com>                *
* http://www.mattrope.com                       *
* PGP Key: http://www.mattrope.com/mattrope.asc *
*************************************************
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.