Apache HTTPD-based Webservers
- Product names
- Publisher page
-
- [Apache Foundation|Apache Foundation]
- [IBM|IBM]
- [Oracle|Oracle]
- [HP|HP]
- [Red Hat|Red Hat]
- Category
- Application Server Software Platforms
- Release
- TKU 2023-May-1
- More information
- Publisher links
Product Description
Extended Discovery pattern, which models SoftwareComponent Nodes for websites, is available for this product.
Apache HTTP Server
Apache HTTP Server is a web server. Apache HTTP Server is available on many platforms, including most Unix platforms, Windows, Mac OS X, NetWare.
It has been taken and used as the base for a number of other Web server products, including IBM HTTP Server, Oracle HTTP Server and HP HP-UX Apache-based Web Server.
IBM HTTP Server
The IBM HTTP Server is a simple Web HTTP hosting server. It communicates with LDAP, supports SSL protocol and multi-threading. It's more optimized in the sense of performance than Apache HTTP Server. It uses a java installation process that is standard across all platforms and compatible with the SUN and GNU Java VMs.
Oracle HTTP Server
Oracle HTTP Server enables additional functionality specific to Oracle-based Databases and Application Servers.
HP HP-UX Apache-Based Web Server
HP HP-UX Apache-Based Web Server has combined numerous popular modules from other Open Source projects and provided HP value-added features just for the HP-UX platform.
JBoss Core Services Apache HTTP Server
Apache HTTP Server is used in multiple Red Hat JBoss Middleware products(starting from version 7 and onwards).
Software Pattern Summary
Product Component | Pattern | OS Type | Versioning | Pattern Depth |
---|---|---|---|---|
Apache HTTP Server | ApacheBasedWebserver | Unix | Active, Path and Package | Instance-based |
Windows | ||||
IBM HTTP Server | Unix | |||
Windows | ||||
Oracle HTTP Server | Unix | Path | ||
Windows | ||||
HP Apche-Based Web Server | Unix | Active | ||
HP-UX Apache-Based Web Server | Unix | Active | ||
Red Hat JBoss Enterprise Web Server | Unix | Path | ||
JBoss Core Services Apache HTTP Server | Unix | Active |
Platforms Supported by the Pattern
The pattern supports the identification and versioning of all Apache-based web servers on all major platforms - Unix, Linux, and Windows.
Identification
Due to the broad nature of the products, the fact that three different products can use the same binary to provide a service, the same binary can be found in many different forms with different names, and that the product sometimes forks a separate process that could be named the same as its parent, we have chosen to have several different triggers that can be used to run the product. Once the pattern is triggered, we perform some additional checks that will allow us to understand what the process is doing and which product it is representing.
Software Instance Triggers
If any of the trigger conditions below are met, then the pattern's body will commence.
Trigger Node | Attribute | Condition | Argument |
---|---|---|---|
DiscoveredProcess | cmd | matches | unix_cmd 'httpd\d?' |
or | |||
windows_cmd 'httpd\d?' | |||
or | |||
regex
| |||
or | |||
regex
|
Created types
The pattern creates Software Instances with the following types:
SI Type |
---|
Apache Webserver |
IBM HTTP Server |
Oracle HTTP Server |
HP Apache-based Web Server |
HP HP-UX Apache-based Web Server |
Apache HTTPD-based Webserver |
Red Hat JBoss Enterprise Web Server |
JBoss Core Services Apache HTTP Server |
Simple Identification Mappings
Name | cmd matches | args matches |
---|---|---|
Apache Webserver | regex
| N/A |
regex
| ||
Apache / Apache Variant Webserver | regex
| |
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
| regex
| |
Apache Monitor (Windows) | regex
| N/A |
Apache Rotatelogs Process | regex
| |
regex
| ||
Oracle HTTP Server (Apache Variant) | regex
| |
regex
| ||
IBM HTTP Webserver (Apache Variant) | regex
| |
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
| ||
regex
|
Versioning
Version information for this product can be gathered using one of three possible methods.
Active Versioning
We first perform a check for all active version commands to ensure that we have a full command path before executing a command or parsing a binary file.
Regex used to check Windows path: |
|
---|---|
Regex used to check Unix path: |
|
We have identified two different ways to version these products, one of them for all Apache-based Web Servers, the other specifically for the IBM HTTP Server.
Before we execute the specific command, we check the path of the command to see if it is a known IBM deployment, more information on how the check is performed can be found in the Publisher and Type Identification section and the list of regular expressions we use to check the path can be found within the IBM HTTP Server Path Identification of it.
IBM Specific Version Command
If the path identifies that the webserver we are dealing with is an instance of IBM HTTP Server, we then perform the IBM Specific version command.
Windows
The command that is executed on Windows involves performing a find for the string '\"HTTP\"' in a file called "version.signature", which can be found in the directory above the location of the HTTP binary.
Executed command: | findstr HTTP "%cmd_path%\\..\\version.signature" |
---|
Unix
The command that is executed on Unix involves performing a grep for the string 'HTTP' on a file called "version.signature", which can be found in the directory above the location of the HTTP binary.
Executed command: |
|
---|
Generic Apache Version Command
Unix
On Unix based systems we extract the version number of the HTTP server by parsing the binary that we triggered on using the strings command.
Executed command: |
|
---|
The command returns the first line within the binary file that contains the string "Apache/", as the version information for Apache is stored as "Apache/x.x.x.x" we can be confident that the first instance of this string contains a valid version number.
For instances of Oracle HTTP Server before Oracle 10g releases and for HP Apache-based Web Server, the binary still contains the Apache information because Oracle HTTP Server and HP Apache-based Web Server is simply Apache repackaged with an additional set of modules.
Windows
If the path was not identified as an IBM HTTP Server deployment, then a more generic command is executed. We run the triggered process with the argument "-version."
Executed command: |
|
---|
Note: The executable is run with quotes to get a round running commands with spaces in the path under DOS/Windows CLI.
We have found that all of the approaches provide a version number up to four levels of depth, i.e. x.x.x.x.
Oracle HTTP Server Version Command
For Oracle HTTP Server from Oracle 10g onwards, we get version information by executing the trigger process with the argument "-version." The versions returned are now based on Oracle versioning and no longer on Apache versions.
Executed commands: |
|
---|
On Solaris x64, the previous command may fail if the 64 bit HTTP server is running. In this case, pattern runs the command:
Executed command: |
|
---|
If On Solaris x64 no install_root is obtained, the following command is to be executed:
Executed command: |
|
---|
On Debian, Ubuntu:
Executed command: |
|
---|
Parsing of the Version Command Output
Because multiple Versioning Commands may be running (Generic Command and Oracle Command), we store all the results in a list containing 1 to 2 elements. We then iterate through that list and parse each result through a series of Regular Expressions, stopping when we find a match.
Regular Expressions employed to obtain Version (in the following order):
IBM[_\s]+HTTP[_\s]+Server[/\s]+(\d+(?:\.\d+)*)
(\d+(?:\.\d+)*)\s+Oracle-HTTP-Server
HP Apache-based Web Server/(\d+(?:\.\d+)*)
HP-UX_Apache-based_Web_Server/(\d+(?:\.\d+)*)
Path Versioning
If the Active Version Command does not return any version or publisher information, then we attempt to parse the full command path against a regex to see if we can identify the publisher and/or version of the product.
(?i)apache(?:_|/|-|\.|\\|)(\d+(?:\.\d+){0,2}(?:-\d+)?)
(?i)/ihs[-_/]?(\d(?:\.\d+){0,2}(?:-\d+)?)/
(?i)/(\d(?:\.\d+){0,2}(?:-\d+)?)[-_/]?ihs/
(?i)HTTPServer(\d+)
(?i)/jboss-ews/base/(\d(?:\.\d+){0,2}(?:-\d+)?)
A returned value of apache22 is taken as indicating version 2.2.
Package Versioning
If neither the Active Command nor Path regex returns any version information but the pattern has .Apache HTTPD-based Webservers vv1#Publisher and Type Identification is either 'Apache' or 'IBM', it then checks the installed packages to see if it can extract version information from one of them.
Package Regular expressions for 'Apache Foundation' publisher:
- ^httpd
- ^SUNWapch2r$
- ^SUNWapchu$
- ^SUNWapch2u$
- ^SUNWapch22r$
- ^SUNWapch22u$
- ^COVLapache
- ^apache2
- ^(?i)Apache HTTP Server
- web/server/apache-13
- web/server/apache-22
Package Regular expressions for 'IBM' publisher:
- ^IBMHTTP
- ^ISIHS
- ^IHS6\.base$
- ^(?i)IBM HTTP Server
If a single package is returned, then the version number is taken from it and assigned to the Software Instance.
Where multiple packages are returned for "Apache Foundation" publisher, they are checked against a pre-defined preference list, and the most 'trusted' package is used to version the Software Instance. For "IBM," the publisher version of the first found package is extracted.
Package preference in descending order:
- httpd
- SUNWapch2r
- SUNWapchu
- SUNWapch2u
- COVLapache
- apache2
- SUNWapch22r
- SUNWapch22u
Alternative Versioning Approach
From the information we have, we believe that the versioning techniques we are using are accurate enough to be considered the best options for the current releases. Future release may need to have additional techniques added to cover unforeseen circumstances or new features.
Future Considerations
The current versioning techniques provide a broad scope and good depth in the majority of circumstances, as such, we do not know of any further versioning techniques that would be beneficial for this product at this time.
The versioning techniques may need to be updated if more commands become available or new/different packages are used during the installation.
Publisher and Type Identification
The pattern attempts to obtain publisher information from the trigger process command line and the active version command.
Publisher from Trigger Process
The pattern parses the trigger process command line with the following regular expressions to check the publisher
If command matches regular expression | Publisher is |
---|---|
| Oracle |
| |
| |
| IBM |
| |
| |
| Apache |
| |
| |
| |
| |
| |
| |
|
Depending on the publisher information, the pattern assigns the product type:
Publisher | Type |
---|---|
Oracle | Oracle HTTP Server |
IBM | IBM HTTP Server |
HP | HP Apache-based Web Server |
HP-UX | HP HP-UX Apache-based Web Server |
Apache Foundation | Apache Webserver |
If no publisher information is present, the pattern sets 'Apache HTTPD-based Webserver' type for the SI.
Publisher from Active Command
In addition to version information, we can also retrieve the publisher from the Active Version Command, To do this, we parse the executed command's output with a simple regex to identify whether IBM, Apache, or Oracle was found in the output.
The same information is presented on both types of Operating Systems (Unix and Windows) in the same format to use a single regex for both of them.
Publisher Regex: |
|
---|
Extracting list of installed modules
Pattern extracts the modules using the following commands:
- %full_process_cmd% -M
- %full_process_cmd%" -h
- %sbin_dir%/apache2ctl" -M
Application Model Produced by Software Pattern
Product Architecture
The webserver may be installed both as a standalone and included as a component of other business applications.
Single or multiple instances of the webserver could be running on a specific host. This is dictated by platform and configuration.
On Linux/Unix, it is more common to find a forking instance of the webserver. It is started with a single HTTPS process. This then forks several children to assist in the handling of HTTP requests.
On Windows, it is more common to have a single process that manages all requests internally.
A single instance of the webserver can host more than one website at a single time using virtual hosts.
Configuration Option
There is a configuration option for this product that allows using default configuration file locations.
There are three ways to find the path to this file:
- The -f option in the trigger process arguments gives a direct path to httpd.conf.
- The -d option in the trigger process might give a path to httpd.conf, either directly or when cobined with -f (e.g. -d /opt/IBM/HTTPServer -f conf/httpd.conf means a file at /opt/IBM/HTTPServer/conf/httpd.conf).
- We can find the path to the trigger process command then check in that directory.
Software Pattern Model
The pattern is triggered on all processes that match the specified regular expressions; this will result in the pattern being triggered several times equal to the number of Apache-based web server processes running on a single host - not ideal where the running instance has forked children.
To ensure that only a single Software Instance is created for each truly unique running instance of the webserver, a further check is then made to ensure that the pattern continues only if the process is the parent process - if it is a child process then the pattern stops.
The added advantage of performing this check is that it ensures that the commands are only executed when we are sure that we have a unique instance - making the pattern more efficient and saving time when scanning.
Thanks to this functionality and the multi-step commands, we can create a Deep Software Instance.
As mentioned above, a check is performed to ensure that the process is a distinct webserver parent process. The additional information used by the pattern to create a unique key is the arguments of the process.
When an Apache-based web server is started, it either uses a default configuration or has a specific configuration set using the arguments. Using the '-f' and/or '-d' arguments, you can identify the specific configuration of the webserver. The -f argument is used to identify a Config File, whereas the -d argument identifies the ServerRoot. When present, each argument is added as an attribute to the SI.
The Pattern also creates different Software Instances based on the information it has retrieved from the commands and/or path it queried.
The Software Instance Type is based on the returned publisher, so if 'IBM' were returned by a version command or were in the path, then the Type would be set to "IBM HTTP Server," this information is also used in the key to creating distinct Software Instances for each type of web server running on a specific host.
SI Depth
The pattern creates an Instance-based Software Instance, its key being based on the hashed value of Config file attribute, obtained SI type, and host key. If the Config file attribute is not obtained, the pattern creates grouped Software Instance. The key group is based on the hashed cmd line. If the argument line is present, it is also added into the key group.
Build
Build attribute is extracted from full version with help of regex:
_'-(\d+)$'_
Server root
Server root attribute is extracted in several different ways on Windows and Unix.
Windows
The pattern tries to extract server root from trigger' args or from its children processes using the following regex:
_'-d\s+(\"\w:.*?\"|\w:\S+)'_
Note
If several "-d" attributes present in arguments, the pattern extracts them all (2 instances are expected at most). In this case the last one contains the path to domain-specific configuration file and it should be considered as server root.
If this method fails, the pattern tries to extract server root from trigger command line using regular expression:
_'(?i)^(\w:.*)\\bin\\[^\\]*\.exe$'_
UNIX
The pattern tries to parse trigger' arguments using regex:
_'-d (/\S+)'_
Should this method fail and Oracle HTTP Server Version Command has succeeded, the pattern tries to extract server root from command output using regex:
_'(?i)-D HTTPD_ROOT\s*=\s*[\"\'](.*?)[\"\']'_
Config file
Config file attribute is extracted in several different ways on Windows and Unix. If extracted path is not fully qualified, it can be combined of <SERVER_ROOT><CONFIG_FILE>.
Windows
The pattern tries to extract config file from trigger' args or from its children processes using the following regex:
_'-f\s+(\".*?\"|\S+\.conf)'_
If this method fails and if any of Active Versioning was successful, the pattern tries to extract config file from the last obtained result:
_'(?i)-D SERVER_CONFIG_FILE\s*=\s*[\"\'](.*?)[\"\']'_
UNIX
The pattern tries to parse trigger' arguments using regex:
_'-f (\S+)'_
If this method fails, the pattern tries to extract config files using active command output, the same way as it is managed on Windows, but it parses Unix-related command results.
Server Name
Additional attribute Server Name is extracted from root config file. It is modeled as an additional attribute and is describing the root Server Name. All names that are within VirtualHosts are modeled in extended discovery and stand as Details of SI.
Server Name RegEx |
|
---|
Relationships Creation
Oracle e-Business
If we are dealing with the Oracle HTTP Server, the pattern works on establishing a Relationship with Oracle E-Business Suite.
While the pattern doesn't actually model a Relationship with Oracle E-Business Suite, it creates the grounds on which the Relationship is based by modeling the ebs_sid attribute.
This attribute is added to the Web Server SI and represents the Database SID that E-Business Suite is working with.
To obtain it, the pattern extracts the contents of the -f Config File, and parses its content through a Regular Expression.
Regular Expression employed to extract Database SID:
(?i)DocumentRoot *.+portal[/\\](.+)_
The ebs_sid attribute is going to be looked for by the Oracle E-Business Suite Pattern, in order to model a Relationship with the Web Server.
Website SoftwareComponents
Current BMC Discovery model allows to see all the websites configured within an Apache Server instance. This functionality is delegated to Apache extended pattern.
Associate processes
The pattern identifies all the child processes of the trigger process that created the SI and relates them to the SI via an associate relationship.
Testing
This pattern has been tested against installations of all possible product types that can be created across multiple platforms, additional tests were performed against record data for other webservers to ensure that erroneous Software Instances were not created.
Comments
Log in or register to comment.