EzDevInfo.com

web-server interview questions

Top web-server frequently asked interview questions

Web gardens... are they good or bad or what?

Are there any downsides to giving Application Pools multiple Worker Processes in IIS? They seem really easy to enable and (almost) everything I’ve read seems to suggest they’re good... so why doesn’t IIS give each App Pool 10+ Worker Processes? There must be some detrimental effects, right?


Source: (StackOverflow)

How to disable http basic auth in nginx for a specific ip range?

I'm developing an application with facebook login. So far it's not public and is protected by http basic auth in nginx. Is it possible to disable http auth for facebook's ip range so that we can have our tester test the facebook capabilities as well? Please, include an example configuration snippet, if possible.


Source: (StackOverflow)

Advertisements

Why is setting Nginx as a reverse proxy a good idea?

I have a Django site running on Gunicorn with a reverse proxy through Nginx. Isn't Nginx just an extra unnecessary overhead? How does adding that on top of Gunicorn help?


Source: (StackOverflow)

What permissions should my website files/folders have on a Linux webserver?

This is a Canonical Question about File Permissions on a Linux web server.

I have a Linux web server running Apache2 that hosts several websites. Each website has its own folder in /var/www/.

/var/www/contoso.com/
/var/www/contoso.net/
/var/www/fabrikam.com/

The base directory /var/www/ is owned by root:root. Apache is running as www-data:www-data. The Fabrikam website is maintained by two developers, Alice and Bob. Both Contoso websites are maintained by one developer, Eve. All websites allow users to upload images. If a website is compromised, the impact should be as limited as possible.

I want to know the best way to set up permissions so that Apache can serve the content, the website is secure from attacks, and the developers can still make changes. One of the websites is structured like this:

/var/www/fabrikam.com
    /cache
    /modules
    /styles
    /uploads
    /index.php

How should the permissions be set on these directories and files? I read somewhere that you should never use 777 permissions on a website, but I don't understand what problems that could cause. During busy periods, the website automatically caches some pages and stores the results in the cache folder. All of the content submitted by website visitors is saved to the uploads folder.


Source: (StackOverflow)

Why is Nginx so fast?

How does a site like rambler serve dynamic content so fast? Even faster than Yahoo (which has a server in my country- SE Asia; rambler does not).

Is this purely Nginx’s capability? Where should I be looking into to learn about such capabilities?

Pretty much a newbie here, I believe that serverfault.com if served from Nginx will be much faster the IIS 7 (assuming db access time to be same in both the case). Is this a fair assumption?

Edit:

Post from Karl using Nginx in front of IIS7


Source: (StackOverflow)

Linux hardening - web servers

What are your checklist/routine when setting up a Linux web server?

What do you recommend to achieve maximum security?

Is there any preferred way to perform repeated maintenance?


Source: (StackOverflow)

How do you do load testing and capacity planning for web sites?

This is a canonical question about capacity planning for web sites.

Related:

What are some recommended tools and methods of capacity planning for web sites and web-applications?

Please feel free to describe different tools and techniques for different web-servers, frameworks, etc., as well as best-practices that apply to web servers in general.


Source: (StackOverflow)

Why is the response on localhost so slow?

I am working on a tiny little PHP project for a friend of mine, and I have a WAMP environment setup for local development. I remember the days when the response from my local Apache 2.2 was immediate. Alas, now that I got back from a long, long holiday, I find the responses from localhost painfully slow.

It takes around 5 seconds to get a 300B HTML page served out.

When I look at the task manager, the httpd processes (2) are using up 0% of the CPU and overall my computer is not under load (0-2% CPU usage).

Why is the latency so high? Is there any Apache setting that I could tweak to perhaps make its thread run with a higher priority or something? It seems like it's simply sleeping before it's serving out the response.


Source: (StackOverflow)

How to reduce memory usage on a Unix webserver

I'm currently using a Joyent Accelerator to host my webapps, and it's working fine, however I need to reduce costs so I'm downgrading my current plan and that imposes some new memory limits (256M rss, 512M swap). I wasn't too far over them yesterday, but after restarting Apache several times today, I'm now 411M rss, 721M swap (prstat -Z -s cpu).

Searching in Server Fault only gives me lots of ways and specific tools to monitor the server, but no advice on how to reduce/optimize it's memory usage. I've also seen this question, but I don't think it's good for this particular (or may I say generic?) situation.

The server is running Solaris on a shared CPU, and I'm using a Apache + MySQL + PHP stack.

I'm interested in knowing the steps one can take to troubleshot this and solve the issues. However, I'm also running out of time to lower my memory foot print and downgrade the plan before the current ends, so anything that can make magic and save the day is welcome as well :)


Source: (StackOverflow)

How to use DNS/Hostnames or Other ways to resolve to a specific IP:Port

This is a Canonical Question about DNS/Hostnames resolution to IPs/Ports

Example 1

I'm running a web server on port 80 and another on port 87. I would like to use DNS so that www.example.com goes to port 87. How can I accomplish this using DNS only?

Example 2

I'm running a service on my server on a non-standard port. How can I get clients to connect to this non-standard port automatically? Can I use DNS? Is there some application specific support where DNS could indicate the IP and Port?

Example 3

Do some application protocols specifically support hostname awareness, and allow special actions to be taken based on this information? Are there other questions on Server Fault that cover some of these?

Commandeering: This question was originally asking about running IIS and Apache on the same server, but the same concepts can be applied to any server software receiving connections from clients. The Answers below describe the technical problems and solutions of using DNS and application protocol support to assign a port number for a client to connect.


Source: (StackOverflow)

How to best defend against a "slowloris" DOS attack against an Apache web server?

Recently a script called "slowloris" has gained attention. The basic concept of what slowloris does is not a new attack but given the recent attention I have seen a small increase in attacks against some of our Apache websites.

At the moment there does not appear to be any 100% defence against this.

The best solution we have determined (so far) is to increase MaxClients.

This of course does nothing more than increase the requirements for the attacker's computer and does not actually protect the server 100%.

One other report indicates that using a reverse proxy (such as Perlbal) in front of the Apache server can help prevent the attack.

Using mod_evasive to limit the number of connections from one host and use mod_security to deny requests that look like they were issued by slowloris seem to be the best defence so far.

Has anyone on ServerFault been experiencing attacks such as this? If so, what measures did you implement to defend/prevent it?

NOTE: This question is for Apache servers as it is my understanding that Windows IIS servers are not affected.


Source: (StackOverflow)

What is the different usages for sites-available vs the conf.d directory for nginx

I have some experience using linux but none using nginx. I have been tasked with researching load-balancing options for an application server.

I have used apt-get to install nginx and all seems fine.

I have a couple of questions.

What is the difference between the sites-available folder and the conf.d folder. Both of those folders were INCLUDED in the default configuration setup for nginx. Tutorials use both. What are they for and what is the best practice?

What is the sites-enabled folder used for? How do I use it?

The default configuration references a www-data user? Do I have to create that user? How do I give that user optimal permissions for running nginx?


Source: (StackOverflow)

How to list Apache enabled modules?

Is there a command that list all enabled Apache modules?


Source: (StackOverflow)

Why would a server not send a SYN/ACK packet in response to a SYN packet

Lately, we've become aware of a TCP connection issue that is mostly limited to mac and Linux users who browse our websites.

From the user perspective, it presents itself as a really long connection time to our websites (>11 seconds).

We've managed to track down the technical signature of this problem, but can't figure out why it is happening or how to fix it.

Basically, what is happening is that the client's machine is sending the SYN packet to establish the TCP connection and the web server receives it, but does not respond with the SYN/ACK packet. After the client has sent many SYN packets, the server finally responds with a SYN/ACK packet and everything is fine for the remainder of the connection.

And, of course, the kicker to the problem: it is intermittent and does not happen all the time (though it does happen between 10-30% of the time)

We are using Fedora 12 Linux as the OS and Nginx as the web server.

Screenshot of wireshark analysis

Screenshot of wireshark analysis

Update:

Turning off window scaling on the client stopped the issue from happening. Now I just need a server side resolution (we can't make all the clients do this) :)

Final Update:

The solution was to turn off both TCP window scaling and TCP timestamps on our servers that are accessible to the public.


Source: (StackOverflow)

How do I make Apache Web Server listen on two different ports?

I'd like an Apache Web Server I have installed at home to listen on port 80 and port 8080.

I've added Listen 8080 to httpd.conf and restarted the Apache services but the server doesn't seem to be listening on 8080. Punching in http://localhost:8080 times out and doesn't display my index.html but http://localhost will display my index.html.

How do I make it listen to 80 and 8080?


Source: (StackOverflow)