***mod_cgid (2.0 only)***

	Used instead of mod_cgi in MPMs that do threading

	Forking a threaded process is very expensive

	cgid runs as a daemon, and does nothing but fork lightweight, single-thread processes, for the purpose of executing cgi


	

Performance
	measuring
	# ab


    		ab -n 1000 -c 10 http://localhost/index.html
	 	 
	# VERY simple benchmarking

		-n Number of requests to make		
		-c Concurrency - how many requests at once
		-k Keepalive - Allow persistent connections
		-h Display help message and full list of options

	 	 
	# Note that it is just fetching a single URL multiple times. Does not simulate real server use by actual users.	

	http://httpd.apache.org/docs/misc/perf-tuning.html

	Hardware and OS issues

		RAM, processor, hard Drive
		SSL accelerator card (costs a LOT !!)
		
	
	Configuration settings

	General rules




	HostNameLookups off
		stops looking up ip address reverse lookup

	*******Deny From hostname*******
		Allow and Deny, use IP addresses only, NOT hostnames.
		Does double-reverse lookups


	DONT use .htaccess files
##	maybe include files to conf with permissions for builders ?? restart at midnight.



	Process creation is expensive
	
	MinSpareServers MaxSpareServers

	

	Content Negotiation
	turn off if poss
		options -multiviews 
		or dont load module
	gets from accept-language header of client


	Symlinks
		Followsymlinks = goes there
		Symlinksifowermatch = checks, very slow

	Keepalive
		

Authentication - making sure people are who they say they are
	authorisation - making sure people can only see what they are supposed to
	

	user & password - passed in the clear - open to everyone on network (ulp)

	AuthType
	AuthUserFile
	AuthGroupFile
	AuthName

	require Group foo
	require user foo bar baz	

	put somewhere safe


		<Directory /usr/local/apache/htdocs/private>
        		AuthType Basic
        		AuthName "Password required"
        		AuthUserFile /usr/local/apache/passwords/pass
        		AuthGroupFile /usr/local/apache/passwords/group
        		Require user tom bob harry
    		</Directory>

	Digest password security (only recent browsers) moz 0.98 onwards
		# Password is sent encrypted (actually, "digested")

		# Content still sent in the clear

	htpasswd -c my.passwords username
		-c create new	

		
	The password can be encrypted with crypt or with MD5, as you like

	

	apache 2.0 mod_log_io	
	logs total sent data 

apachetoday.com
apacheweek.com