Saturday, December 13, 2008

High Performance Web Applications Checklist

High Performance Web Applications Checklist


1. Tuning the Apache MaxClients parameter – It varies acc. to the application so tune it as per the process size of your application. The RSS column in "ps -ylC httpd --sort:rss" shows non-swapped physical memory usage by Apache processes in kiloBytes.

MaxClients = (Total Memory - Operating System Memory - MySQL memory) / Size Per Apache process

For example, if one has 1GB of memory, and leaves 250 MB for the system and MySQL, with an Apache process of 15MB, this means 50 Apache processes can fit in the remaining 750MB.

2. AllowOverride – It should be set to NONE to avoid additional file system lookups.

3. Add an Expires or a Cache-Control Header - A first-time visitor to your page may have to make several HTTP requests, but by using the Expires header you make those components cacheable. This avoids unnecessary HTTP requests on subsequent page views. Expires headers are most often used with images, but they should be used on all components including scripts, stylesheets, and Flash components.

4. Gzip Components - Gzipping as many file types as possible is an easy way to reduce page weight and accelerate the user experience.

5. Configure ETags - If you're not taking advantage of the flexible validation model that ETags provide, it's better to just remove the ETag altogether.

6. Disable folders listing on production sites

7. Mod_Security – It is an Apache module that shields web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.

8. Mod_Evasive – It is an Apache module that blocks the DOS (Denial of Service) attacks and reports abuses via email and syslog facilities


1. Indexing – Using slow query log / devel module, you can find slow queries in the page and then with help help “Explain” statement in SQL, you can find out if there are enough indexes in the database.

2. Query Cache – It should be on and the query size cache as per the requirements of your site by monitoring the ratio of Qcache_hits (The number of cache hits) and Qcache_inserts (The number of queries added to the cache) mysql variables.

3. max_connections - Each apache process will use one MySQL process so the MySQL max_connections should not be set to be less than the Apache MaxClients. This must be higher than "MaxClients" set in Apache.

4. Master Slave Replication – If one db server is utilizing complete resources then add another db server using master slave replication and distribute the load.


1. error_reporting - The setting (E_ALL & ~E_NOTICE & ~E_STRICT) is recommonded on production sites as we should not display notices and coding standard warnings on live site. We should use E_ALL on development system to write clean code.

2. display_errors - Default is "on" but it should be off on production sites.

3. log_errors - Default is "Off" but it should be on on production sites.

4. error_log - Default is not set but it should be set on production sites.

5. post_max_size - Default is 8MB but sometimes we may need to increase it when we allow users to upload large media files like videos etc.

6. upload_max_filesize - Default is 2MB but sometimes we may need to increase it when we allow users to upload large media files like videos/audios etc.

7. session.cookie_domain - Default is set to nothing but if we need to have single sign for sub-domains then we should give the name of main site. (e.g.

8. max_execution_time – Default is 30 seconds, but sometimes if we using lengthy / heavy php scripts (e.g. video proccessing scripts) then we may need to increase it as needed.

9. memory_limit – Default is 8MB, but sometimes we may need to increase it. E.g. if we are using many modules in Drupal then we may need to increase it. Sometimes, if you see the page is coming blank without any reason then it indicates we need to increase memory limit.

10. Application Cache – Put the complex blocks in your page or complete pages in cache (database / filesystem / memory).

Front End Engineering

1. YSlow Analysis – The YSlow ( score should be greater than 85.

No comments:

Post a Comment