Using GZIP for Faster Websites

Good webmasters and system administrators are always looking for ways to increase efficiency and create faster websites. While much of website speed depends on the speed of the server, network connection, and the design of the site, there are other software tweaks that can add some zip to your site. Gzip compression is one of those tweaks.

Gzip is a free and open compression method, developed by the GNU project (the same project responsible for a good portion of GNU/Linux). Gzip is also an RFC 1952 standard and is the most popular method for web compression. What essentially happens is that the browser (client) contacts the site (host) and receives a header that indicates that the file can be compressed with gzip. If the browser supports gzip, it will respond and retrieve the compressed file, extract the contents, and display. As a result, it takes less time to download content, thus reducing stress on the server.

Gzip can reduce response size by 70%, which means a tremendous amount of savings on bandwidth. Furthermore, nearly 90% of browsers used on the Internet support it, which includes all modern browsers. The older ones that do not support it are fading away quickly. Apache 1.3 uses a module called mod_gzip, while Apache 2 uses one called mod_deflate. Many content management systems have support for gzip compression built into the backend, if the user choose to enable it.

Test your server load with curl-loader

It is very difficult to test a server’s real-world performance under stress. While you could hire a company or individual to bombard your server, the cost involved may not be worth the results. The open source application called curl-loader simulates load and application behavior of thousands of HTTP/HTTPS and FTP/FTPS clients.

Imagine having your website visited by thousands of visitors at once. Will your website hold up to the stress? Curl-loader allows you to test it and find out. Some of the features include:

• GET, POST, and PUT tests
• Web and proxy authentication
• Cookies and DNS caches
• URL fetching probability
• and much more.

Curl-loader is free and open source software released under the GNU GPL, available for download from the sourceforge.net.

Source: curl-loader

Monitoring your server from your iPhone

Picture this. You’re on the go, traveling, working, going on a date, or even just taking a nap, and you suddenly start getting phone calls. Little do you know that those phone calls are from angry customers or your boss. The server went down two hours ago, but you had no idea what was going on.

Many of us in the IT industry, particularly server administrators, have experienced a scenario like this one. It could be something small. Maybe Apache just needs a restart, but instead of it being a small issue, your stakeholders blow it out of proportion. Rather than getting upset with them and possibly losing your job, why not put your iPhone to use?

Root Internet, an Internet service company, offers an iPhone server monitoring tool. It pings HTTP, HTTPS, FTP, SSH, SMTP, DNS, POP3, IMAP, MySQL, and custom TCP/IP services that you specify. When your server experiences trouble, you will receive a notification on your iPhone, through email, and even a text message. Now you can rest easy and enjoy your vacation time – that is until the next disaster strikes.

Source: Apple.com
Photo: Flickr

Running an entire website under SSL

Question: I was thinking of making my entire website HTTPS instead of just the shopping cart. Is this a good idea?

Answer: There are both pros and cons to securing an entire site with SSL, but most seem to agree that the cons outweigh the pros. The advantage is that your users know from the beginning that they are working with a secure site. If your website happens to be for a financial institution, this may add to users’ comfort when they are entering login data.

The disadvantages are that a site will mostly like run slower when it has to authenticate encrypted data. The larger your site, the more data it will have to encrypt. Also, if a browser ever has issues with the certificate, a user will be locked out from your site completely or will have to click through unnecessary confirmations. This may prevent them from even getting to a contact form to tell you something is wrong.

Generally speaking, there is simply no need to encrypt general pages of information. Login forms should point to encrypted script URLs, and all shopping cart data, personal information, and financial information should be under HTTPS. If that is all you have (i.e. you only have those private forms on your site and nothing else), then complete HTTPS might be a good idea.

Source: webhostingtalk.com
Photo: Flickr

Securing Apache with ModSecurity

Apache HTTP Server is the most widely used web server application and is arguably the best available. Nevertheless, being a good application does not automatically make Apache secure. If your websites are simple html pages with no dynamic web applications or scripts, you probably do not have need for much concern. Once you start introducing other elements, however, security can become an issue.

PHP scripts, for example, introduce vulnerabilities into your system that can be hard to predict. Rather than find out you have a security hole after the fact, the proactive web host will use a security system. ModSecurity is a free and open source web application firewall. As the name and description imply, it protects your web server by placing a firewall between it and your web applications. Before an outside entity can use your web applications to interact with the server, it must go through ModSecurity.

ModSecurity comes with a set standard core rules that you can install and immediately apply. Chances are, however, that you will want to customize those rules depending on your needs. Sometimes they might be too restrictive for certain applications. You can make exceptions and tweak it to your liking. The large community of users also submit custom rules that they share with each other. In addition to the source code, you can obtain binary packages for ModSecurity for various Linux distributions, BSD, Windows, and many Unix variants.

Photo source: Flickr