Glossary

This glossary defines some of the common terminology related to Apache in particular, and web serving in general. More information on each concept is provided in the links.

Definitions
Access Control
The restriction of access to network realms. In an Apache context usually the restriction of access to certain URLs.
See: Authentication, Authorization, and Access Control
Algorithm
An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called Ciphers.
APache eXtension Tool (apxs)
A perl script that aids in compiling module sources into Dynamic Shared Objects (DSOs) and helps install them in the Apache Web server.
See: Manual Page: apxs
Apache Portable Runtime (APR)
A set of libraries providing many of the basic interfaces between the server and the operating system. APR is developed parallel to the Apache HTTP Server as an independent project.
See: Apache Portable Runtime Project
Authentication
The positive identification of a network entity such as a server, a client, or a user.
See: Authentication, Authorization, and Access Control
Certificate
A data record used for authenticating network entities such as a server or a client. A certificate contains X.509 information pieces about its owner (called the subject) and the signing Certification Authority (called the issuer), plus the owner's public key and the signature made by the CA. Network entities verify these signatures using CA certificates.
See: SSL/TLS Encryption
Certificate Signing Request (CSR)
An unsigned certificate for submission to a Certification Authority, which signs it with the Private Key of their CA Certificate. Once the CSR is signed, it becomes a real certificate.
See: SSL/TLS Encryption
Certification Authority (CA)
A trusted third party whose purpose is to sign certificates for network entities it has authenticated using secure means. Other network entities can check the signature to verify that a CA has authenticated the bearer of a certificate.
See: SSL/TLS Encryption
Cipher
An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.
See: SSL/TLS Encryption
Ciphertext
The result after Plaintext is passed through a Cipher.
See: SSL/TLS Encryption
Common Gateway Interface (CGI)
A standard definition for an interface between a web server and an external program that allows the external program to service requests. There is an Informational RFC which covers the specifics.
See: Dynamic Content with CGI
Configuration Directive
See: Directive
Configuration File
A text file containing Directives that control the configuration of Apache.
See: Configuration Files
CONNECT
An HTTP method for proxying raw data channels over HTTP. It can be used to encapsulate other protocols, such as the SSL protocol.
Context
An area in the configuration files where certain types of directives are allowed.
See: Terms Used to Describe Apache Directives
Digital Signature
An encrypted text block that validates a certificate or other file. A Certification Authority creates a signature by generating a hash of the Public Key embedded in a Certificate, then encrypting the hash with its own Private Key. Only the CA's public key can decrypt the signature, verifying that the CA has authenticated the network entity that owns the Certificate.
See: SSL/TLS Encryption
Directive
A configuration command that controls one or more aspects of Apache's behavior. Directives are placed in the Configuration File
See: Directive Index
Dynamic Shared Object (DSO)
Modules compiled separately from the Apache httpd binary that can be loaded on-demand.
See: Dynamic Shared Object Support
Environment Variable (env-variable)
Named variables managed by the operating system shell and used to store information and communicate between programs. Apache also contains internal variables that are referred to as environment variables, but are stored in internal Apache structures, rather than in the shell environment.
See: Environment Variables in Apache
Export-Crippled
Diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export-crippled cryptographic software is limited to a small key size, resulting in Ciphertext which usually can be decrypted by brute force.
See: SSL/TLS Encryption
Filter
A process that is applied to data that is sent or received by the server. Input filters process data sent by the client to the server, while output filters process documents on the server before they are sent to the client. For example, the INCLUDES output filter processes documents for Server Side Includes.
See: Filters
Fully-Qualified Domain-Name (FQDN)
The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, www is a hostname, example.com is a domain name, and www.example.com is a fully-qualified domain name.
Handler
An internal Apache representation of the action to be performed when a file is called. Generally, files have implicit handlers, based on the file type. Normally, all files are simply served by the server, but certain file types are "handled" separately. For example, the cgi-script handler designates files to be processed as CGIs.
See: Apache's Handler Use
Hash
A mathematical one-way, irreversible algorithm generating a string with fixed-length from another string of any length. Different input strings will usually produce different hashes (depending on the hash function).
Header
The part of the HTTP request and response that is sent before the actual content, and that contains meta-information describing the content.
.htaccess
A configuration file that is placed inside the web tree and applies configuration directives to the directory where it is placed and all sub-directories. Despite its name, this file can hold almost any type of directive, not just access-control directives.
See: Configuration Files
httpd.conf
The main Apache configuration file. The default location is /usr/local/apache2/conf/httpd.conf, but it may be moved using run-time or compile-time configuration.
See: Configuration Files
HyperText Transfer Protocol (HTTP)
The standard transmission protocol used on the World Wide Web. Apache implements version 1.1 of the protocol, referred to as HTTP/1.1 and defined by RFC 2616.
HTTPS
The HyperText Transfer Protocol (Secure), the standard encrypted communication mechanism on the World Wide Web. This is actually just HTTP over SSL.
See: SSL/TLS Encryption
Method
In the context of HTTP, an action to perform on a resource, specified on the request line by the client. Some of the methods available in HTTP are GET, POST, and PUT.
Message Digest
A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.
See: SSL/TLS Encryption
MIME-type
A way to describe the kind of document being transmitted. Its name comes from that fact that its format is borrowed from the Multipurpose Internet Mail Extensions. It consists of a major type and a minor type, separated by a slash. Some examples are text/html, image/gif, and application/octet-stream. In HTTP, the MIME-type is transmitted in the Content-Type header.
See: mod_mime
Module
An independent part of a program. Much of Apache's functionality is contained in modules that you can choose to include or exclude. Modules that are compiled into the Apache httpd binary are called static modules, while modules that are stored separately and can be optionally loaded at run-time are called dynamic modules or DSOs. Modules that are included by default are called base modules. Many modules are available for Apache that are not distributed as part of the Apache HTTP Server tarball. These are referred to as third-party modules.
See: Module Index
Module Magic Number (MMN)
Module Magic Number is a constant defined in the Apache source code that is associated with binary compatibility of modules. It is changed when internal Apache structures, function calls and other significant parts of API change in such a way that binary compatibility cannot be guaranteed any more. On MMN change, all third party modules have to be at least recompiled, sometimes even slightly changed in order to work with the new version of Apache.
OpenSSL
The Open Source toolkit for SSL/TLS
See http://www.openssl.org/#
Pass Phrase
The word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually it's just the secret encryption/decryption key used for Ciphers.
See: SSL/TLS Encryption
Plaintext
The unencrypted text.
Private Key
The secret key in a Public Key Cryptography system, used to decrypt incoming messages and sign outgoing ones.
See: SSL/TLS Encryption
Proxy
An intermediate server that sits between the client and the origin server. It accepts requests from clients, transmits those requests on to the origin server, and then returns the response from the origin server to the client. If several clients request the same content, the proxy can deliver that content from its cache, rather than requesting it from the origin server each time, thereby reducing response time.
See: mod_proxy
Public Key
The publicly available key in a Public Key Cryptography system, used to encrypt messages bound for its owner and to decrypt signatures made by its owner.
See: SSL/TLS Encryption
Public Key Cryptography
The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair. Also called Asymmetric Cryptography.
See: SSL/TLS Encryption
Regular Expression (Regex)
A way of describing a pattern in text - for example, "all the words that begin with the letter A" or "every 10-digit phone number" or even "Every sentence with two commas in it, and no capital letter Q". Regular expressions are useful in Apache because they let you apply certain attributes against collections of files or resources in very flexible ways - for example, all .gif and .jpg files under any "images" directory could be written as "/images/.*(jpg|gif)$". In places where regular expressions are used to replace strings, the special variables $1 ... $9 contain backreferences to the grouped parts (in parentheses) of the matched expression. The special variable $0 contains a backerference to the whole matched expression. To write a literal dollar sign in a replacement string, it can be escaped with a backslash. Historically, the variable & could be used as alias for $0 in some places. This is no longer possible since version 2.3.6. Apache uses Perl Compatible Regular Expressions provided by the PCRE library. You can find more documentation about PCRE's regular expression syntax at that site, or at Wikipedia.
Reverse Proxy
A proxy server that appears to the client as if it is an origin server. This is useful to hide the real origin server from the client for security reasons, or to load balance.
Secure Sockets Layer (SSL)
A protocol created by Netscape Communications Corporation for general communication authentication and encryption over TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP) over SSL.
See: SSL/TLS Encryption
Server Name Indication (SNI)
An SSL function that allows passing the desired server hostname in the initial SSL handshake message, so that the web server can select the correct virtual host configuration to use in processing the SSL handshake. It was added to SSL starting with the TLS extensions, RFC 3546.
See: the SSL FAQ and RFC 3546
Server Side Includes (SSI)
A technique for embedding processing directives inside HTML files.
See: Introduction to Server Side Includes
Session
The context information of a communication in general.
SSLeay
The original SSL/TLS implementation library developed by Eric A. Young
Symmetric Cryptography
The study and application of Ciphers that use a single secret key for both encryption and decryption operations.
See: SSL/TLS Encryption
Tarball
A package of files gathered together using the tar utility. Apache distributions are stored in compressed tar archives or using pkzip.
Transport Layer Security (TLS)
The successor protocol to SSL, created by the Internet Engineering Task Force (IETF) for general communication authentication and encryption over TCP/IP networks. TLS version 1 is nearly identical with SSL version 3.
See: SSL/TLS Encryption
Uniform Resource Locator (URL)
The name/address of a resource on the Internet. This is the common informal term for what is formally called a Uniform Resource Identifier. URLs are usually made up of a scheme, like http or https, a hostname, and a path. A URL for this page might be http://httpd.apache.org/docs/&httpd.docs;/glossary.html.
Uniform Resource Identifier (URI)
A compact string of characters for identifying an abstract or physical resource. It is formally defined by RFC 2396. URIs used on the world-wide web are commonly referred to as URLs.
Virtual Hosting
Serving multiple websites using a single instance of Apache. IP virtual hosting differentiates between websites based on their IP address, while name-based virtual hosting uses only the name of the host and can therefore host many sites on the same IP address.
See: Apache Virtual Host documentation
X.509
An authentication certificate scheme recommended by the International Telecommunication Union (ITU-T) which is used for SSL/TLS authentication.
See: SSL/TLS Encryption