Tuning the Apache MaxClients parameter

One thing that can have a really drastic effect on a large site using Apache, is the value assigned to the MaxClients parameter.

This parameter defines how many simultaneous request can be served. Any connection request from browsers that come in after that will be queued.

Apache prefork, StartServers, MaxSpareServers and MinSpareServers

In the most common case, you will be using Apache in the prefork mode, meaning one process per connection, with a pool of processes pre-forked to standby for connections. The number of spare processes is defined by the values MaxSpareServers, MinSpareServers, while the number to start is defined by StartServers.
Read more…

How to install mod_security

What is mod_security ?
ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella – shielding applications from attacks. ModSecurity supports both branches of the Apache web server.

Rfx Networks Recommended:

“mod_security is great and I encourage it be used by everyone; it does have the potential to break some web applications but so far iv seen very few issues to say the least. Likewise it is easy to fix any applications that may break with the granular filter rules that can be setup to either deny or allow certain content. Overall mod_security is a needed addition to apache, providing a layer of security yet unseen for apache. I highly encourage you read the reference document on the modsecurity.org site (under documentation) to better understand each directive and the role it plays in protecting your server and sites.”

Requirements:
Apache Web Server 1.3x or 2.x

How to install ?
Read more…

Setting Apache expires header

There’s two ways of getting there with Apache. mod_expires yields the most flexible solution, but mod_headers will work too, if you cannot use mod_expires for some reason.

mod_expires
Read more…

Configure mod deflate for Apache 2.2.x

Mod Deflate comes built into Apache, but is not enabled by default. This tutorial will explain the simplest way of enabling it and setting which mime times to compress. Mod Deflate will increase your server load, but decreases the amount of time that clients are connected and can usually reduce the page size by 60 to 80 percent.
Read more…

Install mod_evasive on Apache (anti Dos)

mod_evasive is a Apache module that provides evasive maneuvers action in the event of an HTTP DoS or DDoS (Denial of Service) attack or brute force attack at the web server. When possible attacks are detected, mod_evasive will block the traffic from the source for a specific duration of time, while reports abuses via email and syslog facilities. Or administrators can configure mod_evasive to talk to iptables, ipchains, firewalls, routers, and etc. to build a comprehensive DDOS prevention system for the high traffic busy web server.
Read more…