Web Services Flashcards
LPIC-2 Web services, including Apache, Nginx and Squid
1
Q
What do HTTP and HTTPS stand for?
A
HyperText transfer protocol and Secure HTTP
2
Q
What does HTML stand for?
A
HyperText Markup Language
3
Q
HTTP status codes have the format 1xx, 2xx, 3xx, 4xx, 5xx - what types of messages do these number represent?
A
1xx - Informational messages 2xx - Success 3xx - Redirection 4xx - Client Error 5xx - Server Error
4
Q
What does SSL stand for?
A
Secure Sockets Layer
5
Q
What does TLS stand for and what is it?
A
TLS is Transport Layer security, it is the security layer applied to web traffic, the successor to SSL.
6
Q
Which port numbers do these services usually run on:
Web server (HTTP)
Secure Web server (HTTPS)
Squid Proxy Server
A
HTTP - 80
HTTPS - 443
Squid - 138
7
Q
There are a number of web service options available, which 3 web services does LPIC-2 focus on? Which is the most popular in Linux today?
A
Apache - Web Server (most popular)
Nginx - Web Server
Squid - Web Proxy Server
8
Q
Name some of the core features of the Apache web server
A
Loadable dynamic modules (that can be activated/deactivated on the fly) Scalable Multi-Session Support Limiting concurrent connections Bandwidth Throttling Web Caching (web proxy) Load Balancing (reverse Proxy) Common Gateway Interface (CGI) support Virtual Hosting User-Based Web Page Hosting
9
Q
In Web Hosting, what does CGI stand for? What does it do?
A
Common Gateway Interface. It allows programs to be run that can generate dynamic web content.
10
Q
What are the two main functions of the squid proxy server?
A
Web filtering and web caching
11
Q
What is nginx?
A
Nginx is a web server that is gaining popularity. It can act as either a web server or as a reverse proxy server that performs load balancing
12
Q
Where are Apache web documents generally stored?
A
/var/www/html/
13
Q
Which Apache utility allows you to control (stop, start, restart, status) the Apache service?
A
apachectl
14
Q
Unfortunately the configuration file location for Apache are not standard across distros. Which 2 places would you check on Debian based distros, which 2 places on Redhat based distros.
A
Debian: /etc/apache2.conf /etc/apache2/apache2.conf Redhat: /etc/httpd/httpd.conf /etc/httpd/httpd2.conf
15
Q
Name the Apache directive that allows you to specify a port number to listen on and an optional IP address.
A
Listen
16
Q
Name the Apache directive that specifies the user account which should be used to start the service
A
User
17
Q
Name the Apache directive that allows you to specify a group for the Apache daemon service
A
Group
18
Q
Name the Apache directive that allows you to specify an email address for the Apache server administrator
A
ServerAdmin
19
Q
Name the Apache directive that allows you to specify a name for the Web server
A
ServerName
20
Q
Name the Apache directive that allows you to specify the base directory for the configuration files
A
ServerRoot
21
Q
Name the Apache directive that allows you to specify the base directory for the data files
A
DocumentRoot
22
Q
Name the Apache directive that allows you to specify a default file served when a client requests an index of a directory
A
DirectoryIndex
23
Q
Name the Apache directive that allows you to specify a file to serve when an error occurs
A
ErrorDocument
24
Q
Name the Apache directive that allows you to specify the log file location
A
ErrorLog
25
Name the Apache directive that allows you to specify a file that lists restrictions on files in a folder
AccessFileName
26
Name the Apache directive that allows you to specify another file to include in the configuration
Include
27
Name the Apache directive that allows you to specify the number of servers to start to handle concurrent requests
StartServers
28
Name the Apache directive that allows you to specify the maximum number of servers to handle concurrent requests
MaxClients
29
Name the Apache directive that allows you to specify the minimum number of spare servers to have running
MinSpareServers
30
Name the Apache directive that allows you to specify the maximum number of spare servers to have running
MaxSpareServers
31
Name the Apache directive that allows you to load and enable special feature modules on the server
LoadModule
32
What does an Apache conditional BLOCK directive look like?
directives
33
What does an Apache conditional MODULE directive look like?
directives
34
What does an Apache conditional DIRECTORY directive look like?
directives
35
What are the two types of Apache logs?
Access logs and Error Logs
36
The location of the Apache Error logs can be different on Debian based distros to that on Redhat based distros. What are the likely locations and files names on each?
Debian:
/var/log/apache2/error.log
Redhat:
/var/log/httpd/error_log
37
The location of the Apache Access logs can be different on Debian based distros to that on Redhat based distros. What are the likely locations and files names on each?
Debian:
/var/log/apache2/access.log
Redhat:
/var/log/httpd/access_log
38
Name the Apache directive that allows users to host their own files on a system
USERDIR
e.g
USERDIR public_html
http://localhost/~username/test.html
39
What is named based virtual web hosting?
Where multiple hostnames point to a single IP address
40
What does an Apache name based virtual hosting definition look like?
NameVirtualHost 192.168.10.1
ServerName www.example1.com
DocumentRoot /var/www/html/example1
Servername www.example2.com
DocumentRoot /var/www/html/example2
41
What does an Apache IP based virtual hosting definition look like?
Listen 192.168.10.1
Listen 192.168.10.2
Servername www.example1.com
DocumentRoot /var/www/html/example1
Servername www.example2.com
DocumentRoot /var/www/html/example2
42
There are a number of Apache access restriction modules, which is the most common
mod_auth
| also known as mod_authn_file
43
Name the Apache directive that allows you to specify a name for a mod_auth access restricted location
AuthName
44
Name the Apache directive that allows you to specify an authentication type for a mod_auth access restricted location
AuthType
45
Name the Apache directive that allows you to specify a file name for a mod_auth access restricted location
AuthUserFile
| file can be created with the htpasswd utility
46
What does a mod_auth restricted access configuration directive look like?
```
AuthName "Secure pages, restricted access"
AuthType Basic
AuthUserFile /etc/apache/passwords
Require valid-user
DocumentRoot /var/www/html/secure
```
47
Which utility allows you to create a password file for a restricted access setup? How would you use it?
htpassed
```
#to create a new file
htpasswd -c /etc/apache/password jdoe
```
48
What are the three methods of restricting access to content on an Apache server?
Using an authentication module, using .htaccess files or IP address based restrictions
49
Name the Apache directive that allows users to specify configuration directives in a .htaccess file
AllowOverRide
50
What does an IP based restriction configuration directive look like?
Order Deny,Allow
Deny from all
Allow from 192.168.10.0/255.255.255.0
DocumentRoot /var/www/html/secure
51
Which two Apache directives do you need for any CGI configuration?
ScriptAlias
e.g. ScriptAlias /cgi-bin/ /var/www/cgi-bin/
AddHandler
e.g. AddHandler cgi-script .cgi .pl
52
What are mod_perl, mod_php, mod_python, mod_ruby?
Commonly used installable Apache modules that can be with CGI to create dynamic web content.
53
What are the 6 steps to setting up https on Apache?
1 Install Apache SSL module
2 Create server public/private key pair
3 Create a CSR
4 Have the CSR Signed
5 Copy Certificate and Keys into your Apache Setup
6 Configure Apache to use the certificate
54
Using openssl, how would you create a public/private certificate key pair for your server
openssl genrsa -des3 -out server.key 2048
55
Using openssl, how would you create a certificate signing request for your server key "server.key"
openssl req -new -key server.key -out newreq.pem
56
There is a perl script that is part of the openssl-perl package that allows you to setup a certificate authority and self sign your CSR's. What is the name and location of the perl script
/var/lib/ssl/misc/CA.pl
CA.pl -newca
CA.pl -signreq
57
What is SNI
Server Name Indication - this is an extension of the TLS protocol in which the hostname is indicated during the handshake. This allows multiple signed hosts to run on a single web server.
58
Name the Apache directive that turns on SSL capability
SSLEngine
e.g. SSLEngine on
59
Name the Apache directive that defines an SSL certificate to use
SSLCertificateFile
e.g. SSLCertificateFile /etc/apache/certs/server.pem
60
Name the Apache directive that defines an SSL certificate key
SSLCertificateKeyFile
e.g. SSLCertificateKeyFile /etc/apache/certs/server.key
61
Name the Apache directive that defines the certificate authorities key file
SSLCACertificateFile
62
Name the Apache directive that defines the certificate authorities key file path
SSLCACertificatePth
63
Name the Apache directive that defines the a file that contains multiple concatenated certificate files for validating client files
SSLCertificateChainFile
64
Name the Apache directive that allows the specification of versions of the TLS and SSL protocols
SSLProtocol
65
Name the Apache directive that defines the supports SSL/TLS ciphers
SSLCipherSuite
66
Where is the squid config file in
Redhat based distros?
Debian based distros?
Redhat
/etc/squid/squid.conf
Debian
/etc/squid3/squid.conf
67
Only two directives are required for a basic Squid web caching setup, what are they?
http_port
Cache_dir
Example:
http_port 3128
cache_dir ufs /var/spool/squid3 100 16 256
100MB
16 top level cache folders
256 2nd level cache folders
More folders should equal better caching performance
68
Name the Squid directive that defines an access control list
acl
69
Name the Squid directive that specifies a program to authenticate users
auth_param
70
Name the Squid directive that specifies a folder to cache web requests
cache_dir
71
Name the Squid directive that specifies a rule for allowing or denying access for an ACL group
http_access
72
Name the Squid directive that specifies the port on which the Squid service will listen on
http_port
73
Name the Squid directive that specifies an external program where all web requests can be redirected to
redirect_program
74
What does a squid acl directive look like?
acl ourhosts src 192.168.30.0/255.255.255.0
75
What is the squid acl src directive?
allows you to specify source IP addresses
76
What is the squid acl dst directive?
allows you to specify destination IP addresses
77
What is the squid acl port directive?
allows you to specify a list of TCP ports
78
What is the squid acl srcdomain directive?
allows you to specify a list of source domain names
79
What is the squid acl dstdomain directive?
allow you to specify a list of destination domain names
80
What is the squid acl time directive?
allows you to specify a list of days or time of day
81
What is the squid acl proto directive?
allows you to specify a list of protocols
82
What is the squid acl browser directive?
allows you to specify a list of browsers
83
What is this squid configuration doing?
acl socialmedia dstdomain www.facebook.com www.twitter.com
acl lunch MTWHF 12:00-13:00
http_access allow socialmedia lunch
http_access deny socialmedia
The first acl defines a list of destination domains
The second acl defines an hour, monday - Friday called lunch
The first http_access directive allows access to the domains during lunch
The second http_access directive denies access to the domains (at any other time)
84
Client authentication in squid uses which configuration directive?
auth_param
The same parameter is used in the config file to defines multiple settings, for example to use pam
auth_param basic /usr/lib/squid/pam_auth
auth_param basic children 5 startup=5 idle=1
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl ourhosts proxy_auth REQUIRED
85
What is the benefits of Nginx over Apache?
Nginx doesn't spawn a new program thread for each client request like Apache. It spawns client threads within the main application program. This has the benefit of using less memory and can therefore be useful in large scale websites.
The second benefit is the ability to use Nginx as a reverse proxy which can serve as a load balancer for backend applications
86
Where is the nginx config file usually found and what is it called?
/etc/nginx/
| nginx.conf
87
Name the nginx config directive that specifies the port nginx should listen on
listen
e.g.
listen 80 default_server;
88
Name the nginx config directive that specifies the location of the web content. What is the equivalent directive in Apache?
root
e.g.
root /var/www/html;
equivalent directive in Apache is DocumentRoot
89
Name the nginx config directive that defines the default file to load. What is the equivalent directive in Apache?
index
e.g.
index index.htm index.html;
equivalent directive in Apache is DirectoryIndex
90
Name the nginx config directive that specifies the web server name. What is the equivalent directive in Apache?
server_name
e.g.
server_name localhost;
equivalent directive in Apache is ServerName
91
Name the nginx config directive that specifies the settings for specific locations on the server
location
e.g.
location / {
try_files $uri $uri/ =404;
}
92
Which nginx directives are used to create a reverse proxy? What does a simple example look like?
The location directive with proxy_pass
location / {
proxy_pass http://www.someotherplace.com;
}
or using IP and port
location / {
proxy_pass 192.168.30.30:5100;
}
