Saturday, July 21, 2012

Apache Server Interview Questions & Answer

Q: - What is location of log files for Apache server ?

Q: - What are the types of virtual hosts ?
name-based and IP-based.
Name-based virtual host means that multiple names are running on each IP address.
IP-based virtual host means that a different IP address exists for each website served. Most configurations are named-based because it only requires one IP address.

Q: - How to restart Apache web server ?
service httpd restart

Q: - How to check the version of Apache server ?
rpm -qa |grep httpd

Q: - What is meaning of "Listen" in httpd.conf file ?
Port number on which to listen for nonsecure (http) transfers.

Q: - What is DocumentRoot ?
it is a location of files which are accessible by clients. By default, the Apache HTTP server in RedHat Enterprise Linux is configured to serve files from the /var/www/html/ directory.

Q: - On which port Apache server works ?
http - port 80
https - port 443

Q: - Tell me name of main configuration file of Apache server ?

Q: - On which version of apache you have worked ?

Q: - What do you mean by a valid ServerName directive?
The DNS system is used to associate IP addresses with domain names. The value of ServerName is returned when the server generates a URL. If you are using a certain domain name, you must make sure that it is included in your DNS system and will be available to clients visiting your site.

Q: - What is the main difference between <Location> and <Directory> sections?
Directory sections refer to file system objects; Location sections refer to elements in the address bar of the Web page

What is the difference between a restart and a graceful restart of a web server?
During a normal restart, the server is stopped and then started, causing some requests to be lost. A graceful restart allows Apache children to continue to serve their current requests until they can be replaced with children running the new configuration.

Q: - What is the use of mod_perl module?
mod_perl scripting module to allow better Perl script performance and easy integration with the Web server.

Q: - If you have added “loglevel Debug” in httpd.conf file, than what will happen?
It will give you more information in the error log in order to debug a problem.

Q: - Can you record the MAC (hardware) address of clients that access your server.

Q: - Can you record all the cookies sent to your server by clients in Web Server logs?
Yes, add following lines in httpd.conf file.
CustomLog logs/cookies_in.log "%{UNIQUE_ID}e %{Cookie}i" CustomLog logs/cookies2_in.log "%{UNIQUE_ID}e %{Cookie2}i"

Q: - Can we do automatically roll over the Apache logs at specific times without having to shut down and restart the server?
Use CustomLog and the rotatelogs programs
Add following line in httpd.conf file. CustomLog "| /path/to/rotatelogs/path/to/logs/access_log.%Y-%m-%d 86400" combined

Q: - What we can do to find out how people are reaching your site?
Add the following effector to your activity log format. %{Referer}

Q: - If you have only one IP address, but you want to host two web sites on your server. What will you do?
In this case I will use Name Based Virtual hosting.

<VirtualHost *:80> 
DocumentRoot    /var/www/ 
CustomLog         logs/ combined 
ErrorLog             logs/ 
<VirtualHost *:80>
DocumentRoot /var/www/html/web2

Q: - Can I serve content out of a directory other than the DocumentRootdirectory?
Yes, by using “Alias” we can do this.

Q: - If you have to more than one URL map to the same directory but you don't have multiple Alias directives. What you will do?
In this case I will use “AliasMatch” directives.

The AliasMatch directive allows you to use regular expressions to match arbitrary patterns in URLs and map anything matching the pattern to the desired URL.

Q: - How you will put a limit on uploads on your web server?
This can be achieved by LimitRequestBody directive.
<Directory "/var/www/html/data_uploads">
LimitRequestBody 100000
Here I have put limit of 100000 Bytes

Q: - I want to stop people using my site by Proxy server. Is it possible?
<Directory proxy:>
Order Allow,Deny
Deny from all
Satisfy All

Q: - What is mod_evasive module?
mod_evasive is a third-party module that performs one simple task, and performs it very well. It detects when your site is receiving a Denial of Service (DoS) attack, and it prevents that attack from doing as much damage. mod_evasive detects when a single client is making multiple requests in a short period of time, and denies further requests from that client. The period for which the ban is in place can be very short, because it just gets renewed the next time a request is detected from that same host.

Q: - How t to enable PHP scripts on your server?
If you have mod_php installed, use AddHandler to map .php and .phtml files to the PHP handler. AddHandler application/x-httpd-php .phtml .php
Q: - Which tool you have used for Apache benchmarking?
ab (Apache bench)
ab -n 1000 -c 10

Q: - Can we cache files which are viewed frequently?
Yes we can do it by using mod_file_cache module.
CacheFile /www/htdocs/index.html

Q: - Can we have two apache servers having diff versions?
Yes, you can have two different apache servers on one server, but they can't listen to the same port at the same time.Normally apache listens to port 80 which is the default HTTP port. The second apache version should listen to another port with the Listen option in httpd.conf, for example to port 81.

For testing a new apache version before moving your sites from one version to another, this might be a good option.You just type in the browser window and you will be connected to the second apache instance.

Q: - What is the difference between signed and self signed certificates ?
Whether you get your certificate signed by a certificate authority or sign it yourself, there is one thing that is exactly the same on both:

  • Both certificates will generate a site that cannot be read by third-parties. The data sent over an https connection or SSL, will be encrypted regardless of whether the certificate is signed or self-signed.
In other words, both types of certificates will encrypt the data to create a secure website.

A certificate authority tells your customers that this server information has been verified by a trusted source. The most commonly used Certificate Authority is Verisign. Depending upon which CA is used, the domain is verified and a certificate is issued. Verisign and other more trusted CAs will verify the existence of the business in question and the ownership of the domain to provide a bit more security that the site in question is legitimate.
The problem with using a self-signed certificate is that nearly every Web browser checks that an https connection is signed by a recognized CA. If the connection is self-signed, this will be flagged as potentially risky and error messages will pop up encouraging your customers to not trust the site.

Self-signed certificates are great for testing servers. If you're creating a website that you need to test over an https connection, you don't have to pay for a signed certificate for that testing site. You just need to tell your testers that their browser may pop warning messages.
What it comes down to is trust. When you use a self-signed certificate, you are saying to your customers "trust me - I am who I say I am." When you use a certificate signed by a CA, you are saying, "Trust me - Verisign agrees I am who I say I am."

Q. How to make a website secure ?