The object-oriented paradigm of server configuration

THE OBJECT-ORIENTED PARADIGM OF SERVER CONFIGURATION

In designing the configuration system of the Netscape HTTP server, we have used much of the experience gained from the early development of research prototypes. These lessons have led us toward a more flexible and easily extensible paradigm for server configuration.

FLEXIBILITY

The first observation that we applied to the configuration design was that site administrators will want to control every aspect of server operation on a per-directory basis. This capability was provided in part by the NCSA research prototype, in which access control used full pathnames to specify directories that were to be protected. This capability was then extended to allow simple shell wildcards using * or ? to specify more than one directory with a single pattern. To control other aspects of server operation such as MIME types and directory indexing, directories were allowed to contain files called .htaccess which evolved from being simple extensions to the global access control file into controlling some different aspects of server operation.

The problem with .htaccess files is their high cost in performance. These files are hierarchical, i.e. if I have /foo/.htaccess, the configuration specified in this file must be applied to /foo/bar/file as well as /foo/file. This requires the server to perform a linear search of pathnames, looking for .htaccess files. In this case, it would need to look for /.htaccess, /foo/.htaccess, and /foo/bar/.htaccess. These searches can add tremendous overhead to the response process.

However, the ability to control server functions on a per-directory basis is a useful feature. We have taken this idea and extended it in the Netscape servers in our object-oriented paradigm.

YET ANOTHER OBJECT PARADIGM

Calling the paradigm object-oriented was a bit of a misnomer, due to the large number of other contexts in which the term is used, as well as the recent fad in computer science to apply it to everything.

We define object-oriented to mean a method of grouping server documents and resources (such as CGI programs and parsed HTML documents) into logical objects. These groupings or objects can then have sets of configuration parameters applied to them.

Grouping of these server resources is accomplished through two methods. The first is based on the filesystem pathname of the file or directory. In conjunction with a wildcard expression parser, the Netscape servers allows groupings of files and directories similar to many extended UNIX shells such as Paul Falstad's zsh. Using this grouping, both directories, files, or sets of directories and sets of files may be specified using a wildcard expression. Example: /foo/dir/* would apply to everything inside the directory /foo/dir. If we wanted to protect only two CGI files inside that directory, we could use /foo/dir/(script1|script2).cgi.

The second method is a bit more complex than the first but allows for some relatively powerful concepts. Using this method, configuration groups are given names which uniquely identify them. Using I>name translation functions, a named object is associated with a directory or set of directories. An example is creating a named object which applies to all users' home directories. Another example is using a configuration grouping to cause certain directories to hold only CGI programs (similar to the Exec rule in CERN httpd).

APPLYING THE OBJECT PARADIGM

Applying the object paradigm to a specific server request requires the server to construct a set of objects that all apply to the requested directory or file. To illustrate this, an example is required.

Assume a former NCSA httpd user who now uses Netscape Server software has a leftover directory called /usr/local/etc/httpd/cgi-bin. Now assume that the user wants to apply access control to a set of scripts inside that directory but allow free access to others.

When responding to a request for one of the protected scripts, the server must construct a set of three objects: the default object that controls the behavior of the entire server, the CGI object that causes every file within the directory to be treated as a CGI program regardless of its type, and the object that protects the set of scripts within that directory from access by unauthorized hosts.

Once the server has constructed this set of objects from its database, it must apply the configuration they specify to the script being requested and take the proper action.

Corporate Sales: 415/528-2555; Personal Sales: 415/528-3777
If you have any questions, please visit Customer Service.