diff options
Diffstat (limited to 'docs/manual/mod/core.html')
-rw-r--r-- | docs/manual/mod/core.html | 3309 |
1 files changed, 0 insertions, 3309 deletions
diff --git a/docs/manual/mod/core.html b/docs/manual/mod/core.html deleted file mode 100644 index 148eab5155..0000000000 --- a/docs/manual/mod/core.html +++ /dev/null @@ -1,3309 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> -<HTML> -<HEAD> -<TITLE>Apache Core Features</TITLE> -</HEAD> - -<!-- Background white, links blue (unvisited), navy (visited), red (active) --> -<BODY - BGCOLOR="#FFFFFF" - TEXT="#000000" - LINK="#0000FF" - VLINK="#000080" - ALINK="#FF0000" -> -<!--#include virtual="header.html" --> - -<H1 ALIGN="CENTER">Apache Core Features</H1> -<P> -These configuration parameters control the core Apache features, and are -always available. -</P> -<H2>Directives</H2> -<UL> -<LI><A HREF="#accessconfig">AccessConfig</A> -<LI><A HREF="#accessfilename">AccessFileName</A> -<LI><A HREF="#addmodule">AddModule</A> -<LI><A HREF="#allowoverride">AllowOverride</A> -<LI><A HREF="#authname">AuthName</A> -<LI><A HREF="#authtype">AuthType</A> -<LI><A HREF="#bindaddress">BindAddress</A> -<LI><A HREF="#bs2000account">BS2000Account</A> -<LI><A HREF="#clearmodulelist">ClearModuleList</A> -<LI><A HREF="#contentdigest">ContentDigest</A> -<LI><A HREF="#coredumpdirectory">CoreDumpDirectory</A> -<LI><A HREF="#defaulttype">DefaultType</A> -<LI><A HREF="#directory"><Directory></A> -<LI><A HREF="#directorymatch"><DirectoryMatch></A> -<LI><A HREF="#documentroot">DocumentRoot</A> -<LI><A HREF="#documentrootcheck">DocumentRootCheck</A> -<LI><A HREF="#errordocument">ErrorDocument</A> -<LI><A HREF="#errorlog">ErrorLog</A> -<LI><A HREF="#files"><Files></A> -<LI><A HREF="#filesmatch"><FilesMatch></A> -<LI><A HREF="#group">Group</A> -<LI><A HREF="#hostnamelookups">HostNameLookups</A> -<LI><A HREF="#identitycheck">IdentityCheck</A> -<LI><A HREF="#ifdefine"><IfDefine></A> -<LI><A HREF="#ifmodule"><IfModule></A> -<LI><A HREF="#include">Include</A> -<LI><A HREF="#keepalive">KeepAlive</A> -<LI><A HREF="#keepalivetimeout">KeepAliveTimeout</A> -<LI><A HREF="#limit"><Limit></A> -<LI><A HREF="#limitexcept"><LimitExcept></A> -<LI><A HREF="#limitrequestbody">LimitRequestBody</A> -<LI><A HREF="#limitrequestfields">LimitRequestFields</A> -<LI><A HREF="#limitrequestfieldsize">LimitRequestFieldsize</A> -<LI><A HREF="#limitrequestline">LimitRequestLine</A> -<LI><A HREF="#listen">Listen</A> -<LI><A HREF="#listenbacklog">ListenBacklog</A> -<LI><A HREF="#location"><Location></A> -<LI><A HREF="#locationmatch"><LocationMatch></A> -<LI><A HREF="#lockfile">LockFile</A> -<LI><A HREF="#loglevel">LogLevel</A> -<LI><A HREF="#maxclients">MaxClients</A> -<LI><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> -<LI><A HREF="#maxrequestsperchild">MaxRequestsPerChild</A> -<LI><A HREF="#maxspareservers">MaxSpareServers</A> -<LI><A HREF="#minspareservers">MinSpareServers</A> -<LI><A HREF="#namevirtualhost">NameVirtualHost</A> -<LI><A HREF="#options">Options</A> -<LI><A HREF="#pidfile">PidFile</A> -<LI><A HREF="#port">Port</A> -<LI><A HREF="#require">require</A> -<LI><A HREF="#resourceconfig">ResourceConfig</A> -<LI><A HREF="#rlimitcpu">RLimitCPU</A> -<LI><A HREF="#rlimitmem">RLimitMEM</A> -<LI><A HREF="#rlimitnproc">RLimitNPROC</A> -<LI><A HREF="#satisfy">Satisfy</A> -<LI><A HREF="#scoreboardfile">ScoreBoardFile</A> -<LI><A HREF="#scriptinterpretersource">ScriptInterpreterSource</A> -<LI><A HREF="#sendbuffersize">SendBufferSize</A> -<LI><A HREF="#serveradmin">ServerAdmin</A> -<LI><A HREF="#serveralias">ServerAlias</A> -<LI><A HREF="#servername">ServerName</A> -<LI><A HREF="#serverpath">ServerPath</A> -<LI><A HREF="#serverroot">ServerRoot</A> -<LI><A HREF="#serversignature">ServerSignature</A> -<LI><A HREF="#servertokens">ServerTokens</A> -<LI><A HREF="#servertype">ServerType</A> -<LI><A HREF="#startservers">StartServers</A> -<LI><A HREF="#threadsperchild">ThreadsPerChild</A> -<LI><A HREF="#timeout">TimeOut</A> -<LI><A HREF="#usecanonicalname">UseCanonicalName</A> -<LI><A HREF="#user">User</A> -<LI><A HREF="#virtualhost"><VirtualHost></A> -</UL> -<HR> - -<H2><A NAME="accessconfig">AccessConfig directive</A></H2> -<!--%plaintext <?INDEX {\tt AccessConfig} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AccessConfig <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>AccessConfig conf/access.conf</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The server will read this file for more directives after reading the -<A HREF="#resourceconfig">ResourceConfig</A> file. <EM>Filename</EM> is -relative to the <A HREF="#serverroot">ServerRoot</A>. -This feature can be disabled using: -<BLOCKQUOTE><CODE>AccessConfig /dev/null</CODE></BLOCKQUOTE> -Historically, this file only contained -<A HREF="#directory"><Directory></A> sections; in fact it can now -contain any server directive allowed in the <EM>server config</EM> context. -<P><HR> - -<H2><A NAME="accessfilename">AccessFileName directive</A></H2> -<!--%plaintext <?INDEX {\tt AccessFileName} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AccessFileName <EM>filename filename ...</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>AccessFileName .htaccess</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> AccessFileName can accept more than -one filename only in Apache 1.3 and later<P> - -When returning a document to the client the server looks for the first existing -access control file from this list of names in every directory of the path to -the document, if access control files are enabled for that directory. - -For example: -<BLOCKQUOTE><CODE>AccessFileName .acl</CODE></BLOCKQUOTE> -before returning the document /usr/local/web/index.html, the -server will read /.acl, /usr/.acl, /usr/local/.acl and /usr/local/web/.acl -for directives, unless they have been disabled with -<BLOCKQUOTE><CODE> -<Directory /><BR> -AllowOverride None<BR> -</Directory></CODE></BLOCKQUOTE><P><HR> - -<H2><A NAME="addmodule">AddModule directive</A></H2> -<!--%plaintext <?INDEX {\tt AddModule} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AddModule <EM>module module ...</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config <BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> AddModule is only available in -Apache 1.2 and later<P> - -The server can have modules compiled in which are not actively in use. -This directive can be used to enable the use of those modules. The -server comes with a pre-loaded list of active modules; this list can -be cleared with the <A HREF="#clearmodulelist">ClearModuleList</A> -directive.<P><HR> - -<H2><A NAME="allowoverride">AllowOverride directive</A></H2> -<!--%plaintext <?INDEX {\tt AllowOverride} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AllowOverride <EM>override override ...</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>AllowOverride All</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -When the server finds an .htaccess file (as specified by -<A HREF="#accessfilename">AccessFileName</A>) it needs to know which -directives declared in that file can override earlier access information.<P> - -<EM>Override</EM> can be set to <CODE>None</CODE>, in which case the server -will not read the file, <CODE>All</CODE> in which case the server will -allow all the directives, or one or more of the following: -<DL> -<DT>AuthConfig -<DD> -<!--%plaintext <?INDEX {\tt AuthConfig} override> --> -Allow use of the authorization directives -(<A HREF="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</A>, -<A HREF="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</A>, -<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A>, -<A HREF="#authname">AuthName</A>, <A HREF="#authtype">AuthType</A>, -<A HREF="mod_auth.html#authuserfile">AuthUserFile</A>, -<A HREF="#require">require</A>, <EM>etc.</EM>). -<DT>FileInfo -<DD> -<!--%plaintext <?INDEX {\tt FileInfo} override> --> -Allow use of the directives controlling document types -(<A HREF="mod_mime.html#addencoding">AddEncoding</A>, -<A HREF="mod_mime.html#addlanguage">AddLanguage</A>, -<A HREF="mod_mime.html#addtype">AddType</A>, -<A HREF="#defaulttype">DefaultType</A>, -<A HREF="#errordocument">ErrorDocument</A>, -<A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A>, <EM>etc.</EM>). -<DT>Indexes -<DD> -<!--%plaintext <?INDEX {\tt Indexes} override> --> -Allow use of the directives controlling directory indexing -(<A HREF="mod_autoindex.html#adddescription">AddDescription</A>, -<A HREF="mod_autoindex.html#addicon">AddIcon</A>, -<A HREF="mod_autoindex.html#addiconbyencoding">AddIconByEncoding</A>, -<A HREF="mod_autoindex.html#addiconbytype">AddIconByType</A>, -<A HREF="mod_autoindex.html#defaulticon">DefaultIcon</A>, -<A HREF="mod_dir.html#directoryindex">DirectoryIndex</A>, -<A HREF="mod_autoindex.html#fancyindexing">FancyIndexing</A>, -<A HREF="mod_autoindex.html#headername">HeaderName</A>, -<A HREF="mod_autoindex.html#indexignore">IndexIgnore</A>, -<A HREF="mod_autoindex.html#indexoptions">IndexOptions</A>, -<A HREF="mod_autoindex.html#readmename">ReadmeName</A>, <EM>etc.</EM>). -<DT>Limit -<DD> -<!--%plaintext <?INDEX {\tt Limit} override> --> -Allow use of the directives controlling host access (allow, deny and order). -<DT>Options -<DD> -<!--%plaintext <?INDEX {\tt Options} override> --> -Allow use of the directives controlling specific directory features -(<A HREF="#options">Options</A> and -<A HREF="mod_include.html#xbithack">XBitHack</A>). -</DL><P><HR> - -<H2><A NAME="authname">AuthName directive</A></H2> -<!--%plaintext <?INDEX {\tt AuthName} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AuthName <EM>auth-domain</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> AuthConfig<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -This directive sets the name of the authorization realm for a directory. -This realm is given to the client so that the user knows which username and -password to send. <SAMP>AuthName</SAMP> takes a single argument; -if the realm name contains spaces, it must be enclosed in quotation marks. -It must be accompanied by <A HREF="#authtype">AuthType</A> and -<A HREF="#require">require</A> directives, and directives such as -<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and -<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<P><HR> - -<H2><A NAME="authtype">AuthType directive</A></H2> -<!--%plaintext <?INDEX {\tt AuthType} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> AuthType <EM>type</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> AuthConfig<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -This directive selects the type of user authentication for a directory. -Only <CODE>Basic</CODE> and <CODE>Digest</CODE> are currently implemented. -<!--%plaintext <?INDEX {\tt Basic} authentication scheme> --> -It must be accompanied by <A HREF="#authname">AuthName</A> and -<A HREF="#require">require</A> directives, and directives such as -<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and -<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<P><HR> - -<H2><A NAME="bindaddress">BindAddress directive</A></H2> -<!--%plaintext <?INDEX {\tt BindAddress} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> BindAddress <EM>saddr</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>BindAddress *</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -A Unix® http server can either listen for connections to every -IP address of the server machine, or just one IP address of the server -machine. <EM>Saddr</EM> can be - -<MENU> -<LI>* -<LI>An IP address -<LI>A fully-qualified Internet domain name -</MENU> -If the value is *, then the server will listen for connections on -every IP address, otherwise it will only listen on the IP address -specified. <P> - -Only one <CODE>BindAddress</CODE> directive can be used. For more -control over which address and ports Apache listens to, use the -<CODE><A HREF="#listen">Listen</A></CODE> directive instead of -<CODE>BindAddress</CODE>.<P> - -<CODE>BindAddress</CODE> can be used as an alternative method for -supporting <A HREF="../vhosts/index.html">virtual hosts</A> using -multiple independent servers, instead of using <CODE><A -HREF="#virtualhost"><VirtualHost></A></CODE> sections. - -<P><STRONG>See Also:</STRONG> -<A HREF="../dns-caveats.html">DNS Issues</A><BR> -<STRONG>See Also:</STRONG> -<A HREF="../bind.html">Setting which addresses and ports Apache uses</A></P> - -<HR> - -<H2><A NAME="bs2000account">BS2000Account directive</A></H2> -<!--%plaintext <?INDEX {\tt BS2000Account} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> BS2000Account <EM>account</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <EM>none</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> BS2000Account is only available for -BS2000 machines, as of Apache 1.3 and later.<P> - -The <CODE>BS2000Account</CODE> directive is available for BS2000 hosts -only. It must be used to define the account number for the non-privileged -apache server user (which was configured using the -<A HREF="#user">User</A> directive). -This is required by the BS2000 POSIX subsystem (to change the underlying -BS2000 task environment by performing a sub-LOGON) to prevent CGI scripts -from accessing resources of the privileged account which started the -server, usually <SAMP>SYSROOT</SAMP>.<BR> -Only one <CODE>BS2000Account</CODE> directive can be used. <P> - -<P><STRONG>See Also:</STRONG> -<A HREF="../ebcdic.html">Apache EBCDIC port</A></P> - -<HR> - -<H2><A NAME="clearmodulelist">ClearModuleList directive</A></H2> -<!--%plaintext <?INDEX {\tt ClearModuleList} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ClearModuleList<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ClearModuleList is only available in -Apache 1.2 and later<P> - -The server comes with a built-in list of active modules. This -directive clears the list. It is assumed that the list will then be -re-populated using the <A HREF="#addmodule">AddModule</A> directive.<P><HR> - -<H2><A NAME="contentdigest">ContentDigest directive</A></H2> -<!--%plaintext <?INDEX {\tt ContentDigest} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ContentDigest <EM>on|off</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ContentDigest off</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory, -.htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> Options<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> experimental<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ContentDigest is only available in -Apache 1.1 and later<P> - -This directive enables the generation of <CODE>Content-MD5</CODE> headers -as defined in RFC1864 respectively RFC2068.<P> - -MD5 is an algorithm for computing a "message digest" (sometimes called -"fingerprint") of arbitrary-length data, with a high degree of confidence -that any alterations in the data will be reflected in alterations in the -message digest.<P> - -The <CODE>Content-MD5</CODE> header provides an end-to-end message -integrity check (MIC) of the entity-body. A proxy or client may check this -header for detecting accidental modification of the entity-body -in transit. -Example header: -<PRE> Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==</PRE><P> - -Note that this can cause performance problems on your server -since the message digest is computed on every request -(the values are not cached).<P> - -<CODE>Content-MD5</CODE> is only sent for documents served by the -core, and not by any module. For example, SSI documents, output from -CGI scripts, and byte range responses do not have this header. - -<HR> - -<H2><A NAME="coredumpdirectory">CoreDumpDirectory directive</A></H2> -<!--%plaintext <?INDEX {\tt CoreDumpDirectory} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> CoreDumpDirectory <EM>directory</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> the same location as ServerRoot<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -This controls the directory to which Apache attempts to switch before -dumping core. The default is in the <A HREF="#serverroot">ServerRoot</A> -directory, however since this should not be writable by the user -the server runs as, core dumps won't normally get written. If you -want a core dump for debugging, you can use this directive to place -it in a different location.<P><HR> - -<H2><A NAME="defaulttype">DefaultType directive</A></H2> -<!--%plaintext <?INDEX {\tt DefaultType} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> DefaultType <EM>MIME-type</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>DefaultType text/html</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory, -.htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> FileInfo<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -There will be times when the server is asked to provide a document -whose type cannot be determined by its MIME types mappings.<P> - -The server must inform the client of the content-type of the document, so in -the event of an unknown type it uses the <CODE>DefaultType</CODE>. For -example: -<BLOCKQUOTE><CODE>DefaultType image/gif</CODE></BLOCKQUOTE> -would be appropriate for a directory which contained many gif images -with filenames missing the .gif extension.<P><HR> - -<H2><A NAME="directory"><Directory> directive</A></H2> -<!--%plaintext <?INDEX {\tt Directory} section directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <Directory <EM>directory</EM>> - ... </Directory> <BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core. <P> - -<Directory> and </Directory> are used to enclose a group of -directives which will apply only to the named directory and sub-directories -of that directory. Any directive which is allowed in a directory -context may be used. <EM>Directory</EM> is either the full path to a directory, -or a wild-card string. In a wild-card string, `?' matches any single character, -and `*' matches any sequences of characters. As of Apache 1.3, you -may also use `[]' character ranges like in the shell. Also as of Apache 1.3 -none of the wildcards match a `/' character, which more closely mimics the -behaviour of Unix shells. -Example: -<PRE> - <Directory /usr/local/httpd/htdocs> - Options Indexes FollowSymLinks - </Directory> -</PRE> - -<P><STRONG>Apache 1.2 and above:</STRONG> -Extended regular expressions can also be used, with the addition of the -<CODE>~</CODE> character. For example:</P> - -<PRE> - <Directory ~ "^/www/.*/[0-9]{3}"> -</PRE> - -would match directories in /www/ that consisted of three numbers. - -<P>If multiple (non-regular expression) directory sections match the -directory (or its parents) containing -a document, then the directives are applied in the order of shortest match -first, interspersed with the directives from the -<A HREF="#accessfilename">.htaccess</A> files. For example, with -<BLOCKQUOTE><CODE> -<Directory /><BR> -AllowOverride None<BR> -</Directory><BR><BR> -<Directory /home/*><BR> -AllowOverride FileInfo<BR> -</Directory></CODE></BLOCKQUOTE> -for access to the document <CODE>/home/web/dir/doc.html</CODE> the -steps are: -<MENU> -<LI>Apply directive <CODE>AllowOverride None</CODE> (disabling -<CODE>.htaccess</CODE> files). -<LI>Apply directive <CODE>AllowOverride FileInfo</CODE> (for directory -<CODE>/home/web</CODE>). -<LI>Apply any FileInfo directives in <CODE>/home/web/.htaccess</CODE> -</MENU> - -<P> -Regular expression directory sections are handled slightly differently -by Apache 1.2 and 1.3. In Apache 1.2 they are interspersed with the normal -directory sections and applied in the order they appear in the configuration -file. They are applied only once, and apply when the shortest match -possible occurs. In Apache 1.3 regular expressions are not considered -until after all of the normal sections have been applied. Then all of -the regular expressions are tested in the order they appeared in the -configuration file. For example, with -<BLOCKQUOTE><CODE> -<Directory ~ abc$><BR> -... directives here ...<BR> -</Directory><BR> -</CODE></BLOCKQUOTE> -Suppose that the filename being accessed is -<CODE>/home/abc/public_html/abc/index.html</CODE>. The server -considers each of <CODE>/</CODE>, <CODE>/home</CODE>, <CODE>/home/abc</CODE>, -<CODE>/home/abc/public_html</CODE>, and <CODE>/home/abc/public_html/abc</CODE> -in that order. In Apache 1.2, when -<CODE>/home/abc</CODE> is considered, the regular expression will match -and be applied. In Apache 1.3 the regular expression isn't considered -at all at that point in the tree. It won't be considered until after -all normal <Directory>s and <CODE>.htaccess</CODE> files have -been applied. Then the regular expression will -match on <CODE>/home/abc/public_html/abc</CODE> and be applied. - -<P> - -<STRONG> -Note that the default Apache access for <Directory /> is -<SAMP>Allow from All</SAMP>. This means that Apache will serve any file -mapped from an URL. It is recommended that you change this with a block -such as -</STRONG> -<PRE> - <Directory /> - Order Deny,Allow - Deny from All - </Directory> -</PRE> -<P> -<STRONG> -and then override this for directories you <EM>want</EM> accessible. -See the -<A - HREF="../misc/security_tips.html" ->Security Tips</A> -page for more details. -</STRONG> -</P> - -The directory sections typically occur in the access.conf file, but they -may appear in any configuration file. <Directory> directives cannot -nest, and cannot appear in a <A HREF="#limit"><Limit></A> or -<A HREF="#limitexcept"><LimitExcept></A> section. -<P> - -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received - -<HR> - -<H2><A NAME="directorymatch"><DirectoryMatch></A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <DirectoryMatch <EM>regex</EM>> - ... </DirectoryMatch> <BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core.<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3 and later - -<P><DirectoryMatch> and </DirectoryMatch> are used to enclose a -group of -directives which will apply only to the named directory and sub-directories -of that directory, the same as <A -HREF="#directory"><Directory></A>. However, it takes as an -argument a regular expression. For example:</P> - -<PRE> - <DirectoryMatch "^/www/.*/[0-9]{3}"> -</PRE> - -<P>would match directories in /www/ that consisted of three numbers.</P> - -<P><STRONG>See Also:</STRONG> -<A HREF="#directory"><Directory></A> for a description of how -regular expressions are mixed in with normal <Directory>s. -<BR> -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received - -<HR> - -<H2><A NAME="documentroot">DocumentRoot directive</A></H2> -<!--%plaintext <?INDEX {\tt DocumentRoot} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> DocumentRoot <EM>directory-filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>DocumentRoot -/usr/local/apache/htdocs</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -This directive sets the directory from which httpd will serve files. -Unless matched by a directive like Alias, the server appends the path -from the requested URL to the document root to make the path to the -document. Example: -<BLOCKQUOTE><CODE>DocumentRoot /usr/web</CODE></BLOCKQUOTE> -then an access to <CODE>http://www.my.host.com/index.html</CODE> refers -to <CODE>/usr/web/index.html</CODE>. - -<P>There appears to be a bug in mod_dir which causes problems when the -DocumentRoot has a trailing slash (<EM>i.e.</EM>, "DocumentRoot /usr/web/") so -please avoid that. - -<P><HR> - -<H2><A NAME="documentrootcheck">DocumentRootCheck directive</A></H2> -<!--%plaintext <?INDEX {\tt DocumentRootCheck} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> DocumentRootCheck <EM>On/Off</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>DocumentRootCheck On</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.7 and later -<P> -During startup, Apache does a <CODE>stat</CODE> of each -<A HREF="#documentroot">DocumentRoot</A> -to determine if the directory exists. If your server is -configured with lots of DocumentRoot directives (for example, -if you serve numerous virtual hosts), this can <em>greatly</em> increase -the startup time. If you are sure that all the DocumentRoot -entries exist, you can tell Apache to bypass this check using: -<BLOCKQUOTE><CODE>DocumentRootCheck Off</CODE></BLOCKQUOTE> -<P> -This directive is ignored when Apache is called with the -<CODE>-t</CODE> command line option to perform a configuration -test. - -<P><HR> - -<H2><A NAME="errordocument">ErrorDocument directive</A></H2> -<!--%plaintext <?INDEX {\tt ErrorDocument} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ErrorDocument <EM>error-code document</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory, -.htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> FileInfo<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> The directory and .htaccess contexts -are only available in Apache 1.1 and later.<P> - -In the event of a problem or error, Apache can be configured to do -one of four things, - -<OL> -<LI>output a simple hardcoded error message -<LI>output a customized message -<LI>redirect to a local URL to handle the problem/error -<LI>redirect to an external URL to handle the problem/error -</OL> - -<P>The first option is the default, while options 2-4 are configured -using the <CODE>ErrorDocument</CODE> directive, which is followed by -the HTTP response code and a message or URL. - -<P><EM>Messages</EM> in this context begin with a single quote -(<CODE>"</CODE>), which does not form part of the message itself. -Apache will sometimes offer additional information regarding the -problem/error. - -<P>URLs can begin with a slash (/) for local URLs, or be a full -URL which the client can resolve. Examples: -<BLOCKQUOTE><CODE> -ErrorDocument 500 http://foo.example.com/cgi-bin/tester<BR> -ErrorDocument 404 /cgi-bin/bad_urls.pl<BR> -ErrorDocument 401 /subscription_info.html<BR> -ErrorDocument 403 "Sorry can't allow you access today -</CODE></BLOCKQUOTE> - -<P>Note that when you specify an <CODE>ErrorDocument</CODE> that -points to a remote URL (ie. anything with a method such as "http" in -front of it) Apache will send a redirect to the client to tell it -where to find the document, even if the document ends up being -on the same server.. This has several implications, the -most important being that <STRONG>if you use an "ErrorDocument 401" -directive then it must refer to a local document.</STRONG> This results -from the nature of the HTTP basic authentication scheme. - -<P>See Also: <A HREF="../custom-error.html">documentation of customizable -responses.</A><P><HR> - -<H2><A NAME="errorlog">ErrorLog directive</A></H2> -<!--%plaintext <?INDEX {\tt ErrorLog} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ErrorLog <EM>filename</EM>|<CODE>syslog[:facility]</CODE> -<BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ErrorLog logs/error_log</CODE> (Unix)<BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ErrorLog logs/error.log</CODE> - (Windows and OS/2)<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The error log directive sets the name of the file to which the server will log -any errors it encounters. If the filename does not begin with a slash (/) -then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>. -If the filename begins with a pipe (|) then it is assumed to be a command to -spawn to handle the error log. - -<P><STRONG>Apache 1.3 and above:</STRONG> -Using <CODE>syslog</CODE> instead of a filename enables logging via syslogd(8) -if the system supports it. The default is to use syslog facility -<CODE>local7</CODE>, but you can override this by using the -<CODE>syslog:</CODE><EM>facility</EM> syntax where <EM>facility</EM> can be -one of the names usually documented in syslog(1). - -<P> -SECURITY: See the -<A HREF="../misc/security_tips.html#serverroot">security tips</A> -document for details on why your security could be compromised if -the directory where logfiles are stored is writable by anyone other -than the user that starts the server. - -<P><STRONG>See also:</STRONG> <A HREF="#loglevel">LogLevel</A> -<P><HR> - -<H2><A NAME="files"><Files> directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <Files <EM>filename</EM>> -... </Files><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, .htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> only available in Apache -1.2 and above.<P> - -<P>The <Files> directive provides for access control by -filename. It is comparable to the <A -HREF="#directory"><Directory></A> directive and -<A HREF="#location"><Location></A> directives. It -should be matched with a </Files> directive. The -directives given within this section will be applied to any -object with a basename (last component of filename) matching -the specified filename. -<CODE><Files></CODE> sections are processed in the -order they appear in the configuration file, after the -<Directory> sections and <CODE>.htaccess</CODE> files are -read, but before <Location> sections. Note that -<Files> can be nested inside <Directory> -sections to restrict the portion of the filesystem they -apply to.</P> - -<P>The <EM>filename</EM> argument should include a filename, or a -wild-card string, where `?' matches any single character, and `*' matches any -sequences of characters. Extended regular expressions can also be used, -with the addition of -the <CODE>~</CODE> character. For example:</P> - -<PRE> - <Files ~ "\.(gif|jpe?g|png)$"> -</PRE> - -would match most common Internet graphics formats. In Apache 1.3 and -later, <A HREF="#filesmatch"><FilesMatch></A> is preferred, -however. - -<P>Note that unlike <A -HREF="#directory"><CODE><Directory></CODE></A> and <A -HREF="#location"><CODE><Location></CODE></A> sections, -<CODE><Files></CODE> sections can be used inside .htaccess -files. This allows users to control access to their own files, at a -file-by-file level. - -<P> - -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received - -<HR> - -<H2><A NAME="filesmatch"><FilesMatch></A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <FilesMatch <EM>regex</EM>> -... </FilesMatch><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, .htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> only available in Apache -1.3 and above.<P> - -<P>The <FilesMatch> directive provides for access control by -filename, just as the <A HREF="#files"><Files></A> directive -does. However, it accepts a regular expression. For example:</P> - -<PRE> - <FilesMatch "\.(gif|jpe?g|png)$"> -</PRE> - -<P>would match most common Internet graphics formats.</P> - -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received - -<HR> - -<H2><A NAME="group">Group directive</A></H2> -<!--%plaintext <?INDEX {\tt Group} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> Group <EM>unix-group</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>Group #-1</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The Group directive sets the group under which the server will answer requests. -In order to use this directive, the stand-alone server must be run initially -as root. <EM>Unix-group</EM> is one of: -<DL> -<DT>A group name -<DD>Refers to the given group by name. -<DT># followed by a group number. -<DD>Refers to a group by its number. -</DL> - -It is recommended that you set up a new group specifically for running the -server. Some admins use user <CODE>nobody</CODE>, but this is not always -possible or desirable.<P> - -Note: if you start the server as a non-root user, it will fail to change -to the specified group, and will instead continue to run as the group of the -original user. <P> - -Special note: Use of this directive in <VirtualHost> requires a -properly configured <A HREF="../suexec.html">suEXEC wrapper</A>. -When used inside a <VirtualHost> in this manner, only the group -that CGIs are run as is affected. Non-CGI requests are still processed -as the group specified in the main Group directive.<P> - -SECURITY: See <A HREF="#user">User</A> for a discussion of the security -considerations.<P><HR> - -<H2><A NAME="hostnamelookups">HostNameLookups directive</A></H2> -<!--%plaintext <?INDEX {\tt HostNameLookups} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> HostNameLookups <EM>on | off | double</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>HostNameLookups off</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> <CODE>double</CODE> available only in -Apache -1.3 and above.<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Default was <CODE>on</CODE> prior to -Apache 1.3.<P> - -This directive enables DNS lookups so that host names can be logged (and -passed to CGIs/SSIs in <CODE>REMOTE_HOST</CODE>). -The value <CODE>double</CODE> refers to doing double-reverse DNS. -That is, after a reverse lookup is performed, a forward lookup is then -performed on that result. At least one of the ip addresses in the forward -lookup must match the original address. (In "tcpwrappers" terminology -this is called <CODE>PARANOID</CODE>.)<P> - -Regardless of the setting, when <A HREF="mod_access.html">mod_access</A> -is used for controlling access by hostname, a double reverse lookup -will be performed. This is necessary for security. Note that the -result of this double-reverse isn't generally available unless -you set <CODE>HostnameLookups double</CODE>. For example, if only -<CODE>HostnameLookups on</CODE> and a request is made to an object that -is protected by hostname restrictions, regardless of whether the -double-reverse fails or not, CGIs will still be passed the single-reverse -result in <CODE>REMOTE_HOST</CODE>.<P> - -The default for this directive was previously <CODE>on</CODE> in -versions of Apache prior to 1.3. It was changed to <CODE>off</CODE> -in order to save the network traffic for those sites that don't truly -need the reverse lookups done. It is also better for the end users -because they don't have to suffer the extra latency that a lookup -entails. -Heavily loaded sites should leave this directive <CODE>off</CODE>, since DNS -lookups can take considerable amounts of time. The utility <EM>logresolve</EM>, -provided in the <EM>/support</EM> directory, can be used to look up host names -from logged IP addresses offline.<P><HR> - -<H2><A NAME="identitycheck">IdentityCheck directive</A></H2> -<!--%plaintext <?INDEX {\tt IdentityCheck} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> IdentityCheck <EM>boolean</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>IdentityCheck off</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -This directive enables RFC1413-compliant logging of the remote user name -for each connection, where the client machine runs identd or something similar. -This information is logged in the access log. <EM>Boolean</EM> is either -<CODE>on</CODE> or <CODE>off</CODE>.<P> - -The information should not be trusted in any way except for rudimentary usage -tracking.<P> - -Note that this can cause serious latency problems accessing your server -since every request requires one of these lookups to be performed. When -firewalls are involved each lookup might possibly fail and add 30 seconds -of latency to each hit. So in general this is not very useful on public -servers accessible from the Internet. -<P><HR> - -<H2><A NAME="ifdefine"><IfDefine> directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <IfDefine [!]<EM>parameter-name</EM>> <EM>...</EM> -</IfDefine><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> None<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> all<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> <IfDefine> is only available in -1.3.1 and later.<P> - -<P> - -The <IfDefine <EM>test</EM>>...</IfDefine> -section is used to mark directives that are conditional. The -directives within an IfDefine section are only -processed if the <EM>test</EM> is true. If <EM>test</EM> -is false, everything between the start and end markers -is ignored.<P> - -The <EM>test</EM> in the <IfDefine> section directive -can be one of two forms: - -<UL> -<LI><EM>parameter-name</EM> -<LI><CODE>!</CODE><EM>parameter-name</EM> -</UL> - -<P>In the former case, the directives between the start and end markers are -only processed if the parameter named <EM>parameter-name</EM> is defined. -The second format reverses the test, and only processes the directives if -<EM>parameter-name</EM> is <STRONG>not</STRONG> defined. - -<P>The <EM>parameter-name</EM> argument is a define as given on the -<CODE>httpd</CODE> command line via <CODE>-D</CODE><EM>parameter-</EM>, at the -time the server was started. - -<P><IfDefine> sections are nest-able, which can be used to implement -simple multiple-parameter tests. - -Example: - -<PRE> - $ httpd -DReverseProxy ... - - # httpd.conf - <IfDefine ReverseProxy> - LoadModule rewrite_module libexec/mod_rewrite.so - LoadModule proxy_module libexec/libproxy.so - </IfDefine> -</PRE> - -<P> <HR> - -<H2><A NAME="ifmodule"><IfModule> directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <IfModule [!]<EM>module-name</EM>> - <EM>...</EM> -</IfModule><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> None<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> all<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> IfModule is only available in 1.2 and -later.<P> - -<P> - -The <IfModule <EM>test</EM>>...</IfModule> -section is used to mark directives that are conditional. The -directives within an IfModule section are only -processed if the <EM>test</EM> is true. If <EM>test</EM> -is false, everything between the start and end markers -is ignored.<P> - -The <EM>test</EM> in the <IfModule> section directive -can be one of two forms: - -<UL> -<LI><EM>module name</EM> -<LI>!<EM>module name</EM> -</UL> - -<P>In the former case, the directives between the start and end markers -are only processed if the module named <EM>module name</EM> is compiled -in to Apache. The second format reverses the test, and only processes -the directives if <EM>module name</EM> is <STRONG>not</STRONG> compiled in. - -<P>The <EM>module name</EM> argument is a module name as given as the file -name of the module, at the time it was compiled. For example, -<CODE>mod_rewrite.c</CODE>. - -<P><IfModule> sections are nest-able, which can be used to implement -simple multiple-module tests. - -<P> <HR> - -<H2><A NAME="include">Include directive</A></H2> -<STRONG>Syntax:</STRONG> Include <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Include is only available in Apache 1.3 -and later. -<P> -This directive allows inclusion of other configuration files from within the -server configuration files. - -<P> <HR> - -<H2><A NAME="keepalive">KeepAlive directive</A></H2> -<STRONG>Syntax: (Apache 1.1)</STRONG> KeepAlive <EM>max-requests</EM><BR> -<STRONG>Default: (Apache 1.1)</STRONG> <CODE>KeepAlive 5</CODE><BR> -<STRONG>Syntax: (Apache 1.2)</STRONG> KeepAlive <EM>on/off</EM><BR> -<STRONG>Default: (Apache 1.2)</STRONG> <CODE>KeepAlive On</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> KeepAlive is only available in Apache -1.1 and later.<P> - -This directive enables -<A HREF="../keepalive.html">Keep-Alive</A> -support. - -<P><STRONG>Apache 1.1</STRONG>: Set <EM>max-requests</EM> -to the maximum number of requests you want Apache to entertain per -request. A limit is imposed to prevent a client from hogging your -server resources. Set this to <CODE>0</CODE> to disable support. - -<P><STRONG>Apache 1.2 and later</STRONG>: Set to "On" to enable -persistent connections, "Off" to disable. See also the <A -HREF="#maxkeepaliverequests">MaxKeepAliveRequests</A> directive.</P><HR> - -<H2><A NAME="keepalivetimeout">KeepAliveTimeout directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> KeepAliveTimeout <EM>seconds</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>KeepAliveTimeout 15</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> KeepAliveTimeout is only available in -Apache 1.1 and later.<P> - -The number of seconds Apache will wait for a subsequent request before -closing the connection. Once a request has been received, the timeout -value specified by the <A -HREF="#timeout"><CODE>Timeout</CODE></A> directive -applies. -<HR> - -<H2><A NAME="limit"><Limit> directive</A></H2> -<!--%plaintext <?INDEX {\tt Limit} section directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> - <Limit <EM>method method</EM> ... > ... </Limit><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> any<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -<Limit> and </Limit> are used to enclose a group of -access control directives which will then apply only to the specified -access methods, where <EM>method</EM> is any valid HTTP method. -Any directive except another <Limit> or -<A HREF="#directory"><Directory></A> may be used; the majority will be -unaffected by the <Limit>. Example: -<BLOCKQUOTE><CODE> -<Limit GET POST><BR> -require valid-user<BR> -</Limit></CODE></BLOCKQUOTE> - -If an access control directive appears outside a <Limit> -directive, then it applies to all access methods. The method names -listed can be one or more of: GET, POST, PUT, DELETE, CONNECT or -OPTIONS. <STRONG>The method name is case-sensitive.</STRONG> -If GET is used it will also restrict HEAD requests. -<STRONG>If you wish to limit all methods, do not include any -<Limit> directive at all.</STRONG> - -<P><HR> - -<H2><A NAME="limitexcept"><LimitExcept> directive</A></H2> -<!--%plaintext <?INDEX {\tt LimitExcept} section directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> - <LimitExcept <EM>method method</EM> ... > ... </LimitExcept><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> any<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Available in Apache 1.3.5 and later<P> - -<LimitExcept> and </LimitExcept> are used to enclose a group of -access control directives which will then apply to any HTTP access method -<STRONG>not</STRONG> listed in the arguments; i.e., it is the opposite of a -<A HREF="#limit"><Limit></A> section and can be used to control both -standard and nonstandard/unrecognized methods. See the documentation for -<A HREF="#limit"><Limit></A> for more details. - -<P><HR> - -<H2><A NAME="limitrequestbody">LimitRequestBody directive</A></H2> -<!--%plaintext <?INDEX {\tt LimitRequestBody} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestBody <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>LimitRequestBody 0</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory, -.htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> LimitRequestBody is only available in -Apache 1.3.2 and later. -<P> - -<EM>Number</EM> is a long integer from 0 (meaning unlimited) to 2147483647 -(2GB). The default value is defined by the compile-time constant -<CODE>DEFAULT_LIMIT_REQUEST_BODY</CODE> (0 as distributed). -<P> - -The LimitRequestBody directive allows the user to set a -limit on the allowed size of an HTTP request message body within -the context in which the directive is given (server, per-directory, -per-file or per-location). If the client request exceeds that limit, -the server will return an error response instead of servicing the request. -The size of a normal request message body will vary greatly depending -on the nature of the resource and the methods allowed on that resource. -CGI scripts typically use the message body for passing form information -to the server. Implementations of the PUT method will require a value -at least as large as any representation that the server wishes -to accept for that resource. -<P> - -This directive gives the server administrator greater control over abnormal -client request behavior, which may be useful for avoiding some forms -of denial-of-service attacks. -<P> - -<P><HR> - -<H2><A NAME="limitrequestfields">LimitRequestFields directive</A></H2> -<!--%plaintext <?INDEX {\tt LimitRequestFields} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestFields <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>LimitRequestFields 100</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> LimitRequestFields is only available in -Apache 1.3.2 and later. -<P> - -<EM>Number</EM> is an integer from 0 (meaning unlimited) to 32767. -The default value is defined by the compile-time constant -<CODE>DEFAULT_LIMIT_REQUEST_FIELDS</CODE> (100 as distributed). -<P> - -The LimitRequestFields directive allows the server administrator to modify -the limit on the number of request header fields allowed in an HTTP request. -A server needs this value to be larger than the number of fields that a -normal client request might include. The number of request header fields -used by a client rarely exceeds 20, but this may vary among different -client implementations, often depending upon the extent to which a user -has configured their browser to support detailed content negotiation. -Optional HTTP extensions are often expressed using request header fields. -<P> - -This directive gives the server administrator greater control over abnormal -client request behavior, which may be useful for avoiding some forms -of denial-of-service attacks. The value should be increased if normal -clients see an error response from the server that indicates too many -fields were sent in the request.<P> - -<P><HR> - -<H2><A NAME="limitrequestfieldsize">LimitRequestFieldsize directive</A></H2> -<!--%plaintext <?INDEX {\tt LimitRequestFieldsize} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestFieldsize <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>LimitRequestFieldsize 8190</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> LimitRequestFieldsize is only available in -Apache 1.3.2 and later. -<P> - -<EM>Number</EM> is an integer size in bytes from 0 to the value of the -compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_FIELDSIZE</CODE> -(8190 as distributed). -<P> - -The LimitRequestFieldsize directive allows the server administrator to reduce -the limit on the allowed size of an HTTP request header field below the -normal input buffer size compiled with the server. A server needs this -value to be large enough to hold any one header field from a normal client -request. The size of a normal request header field will vary greatly -among different client implementations, often depending upon the extent -to which a user has configured their browser to support detailed -content negotiation. -<P> - -This directive gives the server administrator greater control over abnormal -client request behavior, which may be useful for avoiding some forms -of denial-of-service attacks. Under normal conditions, the value should -not be changed from the default.<P> - -<P><HR> - -<H2><A NAME="limitrequestline">LimitRequestLine directive</A></H2> -<!--%plaintext <?INDEX {\tt LimitRequestLine} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> LimitRequestLine <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>LimitRequestLine 8190</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> LimitRequestLine is only available in -Apache 1.3.2 and later. -<P> - -<EM>Number</EM> is an integer size in bytes from 0 to the value of the -compile-time constant <CODE>DEFAULT_LIMIT_REQUEST_LINE</CODE> -(8190 as distributed). -<P> - -The LimitRequestLine directive allows the server administrator to reduce -the limit on the allowed size of a client's HTTP request-line below the -normal input buffer size compiled with the server. Since the request-line -consists of the HTTP method, URI, and protocol version, the -LimitRequestLine directive places a restriction on the length of a -request-URI allowed for a request on the server. A server needs this -value to be large enough to hold any of its resource names, including -any information that might be passed in the query part of a GET request. -<P> - -This directive gives the server administrator greater control over abnormal -client request behavior, which may be useful for avoiding some forms -of denial-of-service attacks. Under normal conditions, the value should -not be changed from the default.<P> - -<P><HR> - -<H2><A NAME="listen">Listen directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> -Listen [<EM>IP address</EM>:]<EM>port number</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Listen is only available in Apache -1.1 and later.<P> - -<P>The Listen directive instructs Apache to listen to more than one IP -address or port; by default it responds to requests on all IP -interfaces, but only on the port given by the <CODE><A -HREF="#port">Port</A></CODE> directive.</P> - -<TT>Listen</TT> can be used instead of <TT><A -HREF="#bindaddress">BindAddress</A></TT> and <TT>Port</TT>. It tells -the server to accept incoming requests on the specified port or -address-and-port combination. If the first format is used, with a port -number only, the server listens to the given port on all interfaces, -instead of the port given by the <TT>Port</TT> directive. If an IP -address is given as well as a port, the server will listen on the -given port and interface. <P> - -Note that you may still require a <TT>Port</TT> directive so -that URLs that Apache generates that point to your server still -work.<P> - -Multiple Listen directives may be used -to specify a number of addresses and ports to listen to. The server -will respond to requests from any of the listed addresses and -ports. -<P> - -For example, to make the server accept connections on both port -80 and port 8000, use: -<PRE> - Listen 80 - Listen 8000 -</PRE> - -To make the server accept connections on two specified -interfaces and port numbers, use -<PRE> - Listen 192.170.2.1:80 - Listen 192.170.2.5:8000 -</PRE> - -<P><STRONG>See Also:</STRONG> -<A HREF="../dns-caveats.html">DNS Issues</A><BR> -<STRONG>See Also:</STRONG> -<A HREF="../bind.html">Setting which addresses and ports Apache uses</A><BR> -<STRONG>See Also:</STRONG> -<A HREF="http://www.apache.org/info/known_bugs.html#listenbug">Known Bugs</A> -</P> -<HR> - -<H2><A NAME="listenbacklog">ListenBacklog directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ListenBacklog <EM>backlog</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ListenBacklog 511</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ListenBacklog is only available in Apache -versions after 1.2.0. - -<P>The maximum length of the queue of pending connections. Generally no -tuning is needed or desired, however on some systems it is desirable -to increase this when under a TCP SYN flood attack. See -the backlog parameter to the <CODE>listen(2)</CODE> system call. - -<P>This will often be limited to a smaller number by the operating -system. This varies from OS to OS. Also note that many OSes do not -use exactly what is specified as the backlog, but use a number based on -(but normally larger than) what is set. -<HR> - -<H2><A NAME="location"><Location> directive</A></H2> - -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <Location <EM>URL</EM>> -... </Location><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Location is only available in Apache -1.1 and later.<P> - -<P>The <Location> directive provides for access control by -URL. It is similar to the <A -HREF="#directory"><Directory></A> directive, and -starts a subsection which is terminated with a </Location> -directive. <CODE><Location></CODE> sections are processed in the -order they appear in the configuration file, after the -<Directory> sections and <CODE>.htaccess</CODE> files are -read, and after the <Files> sections.</P> - -<P>Note that URLs do not have to line up with the filesystem at all, -it should be emphasized that <Location> operates completely outside -the filesystem. - -<P>For all origin (non-proxy) requests, the URL to be matched is -of the form <CODE>/path/</CODE>, and you should not include any -<CODE>http://servername</CODE> prefix. For proxy requests, the URL -to be matched is of the form <CODE>scheme://servername/path</CODE>, -and you must include the prefix. - -<P>The URL may use wildcards In a wild-card string, `?' matches any -single character, and `*' matches any sequences of characters. - -<P><STRONG>Apache 1.2 and above:</STRONG> -Extended regular expressions can also be used, with the addition of -the <CODE>~</CODE> character. - -For example:</P> - -<PRE> - <Location ~ "/(extra|special)/data"> -</PRE> - -<P>would match URLs that contained the substring "/extra/data" or -"/special/data". In Apache 1.3 and above, a new directive -<A HREF="#locationmatch"><LocationMatch></A> exists which -behaves identical to the regex version of -<CODE><Location></CODE>. - -<P>The <CODE>Location</CODE> functionality is especially useful when -combined with the <CODE><A -HREF="mod_mime.html#sethandler">SetHandler</A></CODE> directive. For example, -to enable status requests, but allow them only -from browsers at foo.com, you might use: - -<PRE> - <Location /status> - SetHandler server-status - order deny,allow - deny from all - allow from .foo.com - </Location> -</PRE> - -<P><STRONG>Apache 1.3 and above note about / (slash)</STRONG>: The slash -character has special -meaning depending on where in a URL it appears. People may be used -to its behaviour in the filesystem where multiple adjacent slashes are -frequently collapsed to a single slash (<EM>i.e.</EM>, <CODE>/home///foo</CODE> -is the same as <CODE>/home/foo</CODE>). In URL-space this is not -necessarily true. The <CODE><LocationMatch></CODE> directive -and the regex version of <CODE><Location></CODE> require you -to explicitly specify multiple slashes if that is your intention. -For example, <CODE><LocationMatch ^/abc></CODE> would match the -request URL <CODE>/abc</CODE> but not the request URL <CODE>//abc</CODE>. -The (non-regex) <CODE><Location></CODE> directive behaves -similarly when used for proxy requests. But when (non-regex) -<CODE><Location></CODE> is used for non-proxy requests it will -implicitly match multiple slashes with a single slash. For example, -if you specify <CODE><Location /abc/def></CODE> and the request -is to <CODE>/abc//def</CODE> then it will match. - -<P> -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received - -<HR> - -<H2><A NAME="locationmatch"><LocationMatch></A></H2> - -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <LocationMatch <EM>regex</EM>> -... </LocationMatch><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> LocationMatch is only available in -Apache 1.3 and later.<P> - -<P>The <LocationMatch> directive provides for access control by -URL, in an identical manner to <A -HREF="#location"><Location></A>. However, it takes a regular -expression as an argument instead of a simple string. For example:</P> - -<PRE> - <LocationMatch "/(extra|special)/data"> -</PRE> - -<P>would match URLs that contained the substring "/extra/data" or -"/special/data".</P> - -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received - -<HR> - -<H2><A NAME="lockfile">LockFile directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> LockFile <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>LockFile logs/accept.lock</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The LockFile directive sets the path to the lockfile used when -Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or -USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be -left at its default value. The main reason for changing it is if -the <CODE>logs</CODE> directory is NFS mounted, since <STRONG>the lockfile -must be stored on a local disk</STRONG>. The PID of the main -server process is automatically appended to the filename. <P> - -<STRONG>SECURITY:</STRONG> It is best to avoid putting this file in a -world writable directory such as <CODE>/var/tmp</CODE> because someone -could create a denial of service attack and prevent the server from -starting by creating a lockfile with the same name as the one the -server will try to create.<P> - -<P><HR> - -<H2><A NAME="loglevel">LogLevel directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> LogLevel <EM>level</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>LogLevel error</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> LogLevel is only available in 1.3 or -later. - -<P>LogLevel adjusts the verbosity of the messages recorded in the -error logs (see <A HREF="#errorlog">ErrorLog</A> directive). -The following <EM>level</EM>s are available, in order of -decreasing significance: - -<P><TABLE> - <TR><TH ALIGN="LEFT"><STRONG>Level</STRONG> - <TH ALIGN="LEFT"><STRONG>Description</STRONG> - <TR><TH><TH ALIGN="LEFT"><STRONG>Example</STRONG> - <TR><TD><CODE>emerg</CODE> - <TD>Emergencies - system is unusable. - <TR><TD><TD>"Child cannot open lock file. Exiting" - <TR><TD><CODE>alert</CODE> - <TD>Action must be taken immediately. - <TR><TD><TD>"getpwuid: couldn't determine user name from uid" - <TR><TD><CODE>crit</CODE> - <TD>Critical Conditions. - <TR><TD><TD>"socket: Failed to get a socket, exiting child" - <TR><TD><CODE>error</CODE> - <TD>Error conditions. - <TR><TD><TD>"Premature end of script headers" - <TR><TD><CODE>warn</CODE> - <TD>Warning conditions. - <TR><TD><TD>"child process 1234 did not exit, sending another SIGHUP" - <TR><TD><CODE>notice</CODE> - <TD>Normal but significant condition. - <TR><TD><TD>"httpd: caught SIGBUS, attempting to dump core in ..." - <TR><TD><CODE>info</CODE> - <TD>Informational. - <TR><TD><TD>"Server seems busy, (you may need to increase StartServers, or - Min/MaxSpareServers)..." - <TR><TD><CODE>debug</CODE> - <TD>Debug-level messages - <TR><TD><TD>"Opening config file ..." -</TABLE> - -<P>When a particular level is specified, messages from all other levels -of higher significance will be reported as well. <EM>E.g.</EM>, when -<CODE>LogLevel info</CODE> is specified, then messages with log levels of -<CODE>notice</CODE> and <CODE>warn</CODE> will also be posted. -<P> -Using a level of at least <CODE>crit</CODE> is recommended. -<P><HR> - -<H2><A NAME="maxclients">MaxClients directive</A></H2> -<!--%plaintext <?INDEX {\tt MaxClients} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> MaxClients <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>MaxClients 256</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -<P>The MaxClients directive sets the limit on the number of simultaneous -requests that can be supported; not more than this number of child server -processes will be created. To configure more than 256 clients, you must -edit the HARD_SERVER_LIMIT entry in httpd.h and recompile. - -<P>Any connection attempts over the MaxClients limit will normally -be queued, up to a number based on the <A HREF="#listenbacklog"> -ListenBacklog</A> directive. Once a child process is freed at the -end of a different request, the connection will then be serviced. - -<HR> - -<H2><A NAME="maxkeepaliverequests">MaxKeepAliveRequests directive</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> MaxKeepAliveRequests <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>MaxKeepAliveRequests 100</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Only available in Apache -1.2 and later. - -<P>The MaxKeepAliveRequests directive limits the number of requests -allowed per connection when <A HREF="#keepalive">KeepAlive</A> is -on. If it is set to "<CODE>0</CODE>", unlimited requests will be -allowed. We recommend that this setting be kept to a high value for -maximum server performance.</P><HR> - -<H2><A NAME="maxrequestsperchild">MaxRequestsPerChild directive</A></H2> -<!--%plaintext <?INDEX {\tt MaxRequestsPerChild} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> MaxRequestsPerChild <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>MaxRequestsPerChild 0</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The MaxRequestsPerChild directive sets the limit on the number of requests -that an individual child server process will handle. After MaxRequestsPerChild -requests, the child process will die. If MaxRequestsPerChild is 0, then -the process will never expire.<P> - -Setting MaxRequestsPerChild to a non-zero limit has two beneficial effects: -<UL> -<LI>it limits the amount of memory that process can consume by (accidental) -memory leakage; -<LI> by giving processes a finite lifetime, it helps reduce the -number of processes when the server load reduces. -</UL> - -<P>This directive has no effect on Win32. - -<P><STRONG>NOTE:</STRONG> For <EM>KeepAlive</EM> requests, only the first -request is counted towards this limit. In effect, it changes the -behavior to limit the number of <EM>connections</EM> per child. - -<P><HR> - -<H2><A NAME="maxspareservers">MaxSpareServers directive</A></H2> -<!--%plaintext <?INDEX {\tt MaxSpareServers} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> MaxSpareServers <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>MaxSpareServers 10</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The MaxSpareServers directive sets the desired maximum number of <EM>idle</EM> -child server processes. An idle process is one which is not handling -a request. If there are more than MaxSpareServers idle, then the parent -process will kill off the excess processes.<P> - -Tuning of this parameter should only be necessary on very busy sites. -Setting this parameter to a large number is almost always a bad idea.<P> - -This directive has no effect when used with the Apache Web server on a -Microsoft Windows platform. - -<P> - -See also <A HREF="#minspareservers">MinSpareServers</A> and -<A HREF="#startservers">StartServers</A>.<P><HR> - -<H2><A NAME="minspareservers">MinSpareServers directive</A></H2> -<!--%plaintext <?INDEX {\tt MinSpareServers} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> MinSpareServers <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>MinSpareServers 5</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The MinSpareServers directive sets the desired minimum number of <EM>idle</EM> -child server processes. An idle process is one which is not handling -a request. If there are fewer than MinSpareServers idle, then the parent -process creates new children at a maximum rate of 1 per second.<P> - -Tuning of this parameter should only be necessary on very busy sites. -Setting this parameter to a large number is almost always a bad idea.<P> - -This directive has no effect on Microsoft Windows. - -<P> - -See also <A HREF="#maxspareservers">MaxSpareServers</A> and -<A HREF="#startservers">StartServers</A>.<P><HR> - -<H2><A NAME="namevirtualhost">NameVirtualHost directive</A></H2> -<!--%plaintext <?INDEX {\tt NameVirtualHost} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> NameVirtualHost <EM>addr</EM>[:<EM>port</EM>]<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> NameVirtualHost is only available in -Apache 1.3 and later<P> - -The NameVirtualHost directive is a required directive if you want to configure -<A HREF="../vhosts/index.html">name-based virtual hosts</A>.<P> - -Although <EM>addr</EM> can be hostname it is recommended that you always use -an IP address, <EM>e.g.</EM> - -<BLOCKQUOTE><CODE>NameVirtualHost 111.22.33.44</CODE></BLOCKQUOTE> - -With the NameVirtualHost directive you specify the address to which your -name-based virtual host names resolve. If you have multiple name-based -hosts on multiple addresses, repeat the directive for each address.<P> - -Note: the "main server" and any _default_ servers will <STRONG>never</STRONG> -be served for a request to a NameVirtualHost IP Address (unless for some -reason you specify NameVirtualHost but then don't define any VirtualHosts -for that address).<P> - -Optionally you can specify a port number on which the name-based -virtual hosts should be used, <EM>e.g.</EM> - -<BLOCKQUOTE><CODE>NameVirtualHost 111.22.33.44:8080</CODE></BLOCKQUOTE> - -<STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> -<HR> -<H2><A NAME="options">Options directive</A></H2> -<!--%plaintext <?INDEX {\tt Options} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> Options <EM>[+|-]option [+|-]option ...</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory, -.htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> Options<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The Options directive controls which server features are available in -a particular directory. -<P> -<EM>option</EM> can be set to <CODE>None</CODE>, in which case none of -the extra features are enabled, or one or more of the following: -<DL> -<DT>All -<DD>All options except for MultiViews. This is the default setting. -<DT>ExecCGI -<DD> -<!--%plaintext <?INDEX {\tt ExecCGI} option> --> -Execution of CGI scripts is permitted. -<DT>FollowSymLinks -<DD> -<!--%plaintext <?INDEX {\tt FollowSymLinks} option> --> -The server will follow symbolic links in this directory. -<BR> -<STRONG>Note</STRONG>: even though the server follows the symlink it -does <EM>not</EM> -change the pathname used to match against <CODE><Directory></CODE> -sections. -<BR> -<STRONG>Note</STRONG>: this option gets ignored if set inside a -<Location> section. - -<DT>Includes -<DD> -<!--%plaintext <?INDEX {\tt Includes} option> --> -Server-side includes are permitted. -<DT>IncludesNOEXEC -<DD> -<!--%plaintext <?INDEX {\tt IncludesNOEXEC} option> --> -Server-side includes are permitted, but the #exec command and -#include of CGI scripts are disabled. -<DT>Indexes -<DD> -<!--%plaintext <?INDEX {\tt Indexes} option> --> -If a URL which maps to a directory is requested, and the there is no -DirectoryIndex (<EM>e.g.</EM>, index.html) in that directory, then the server will -return a formatted listing of the directory. -<DT>MultiViews -<DD> -<!--%plaintext <?INDEX {\tt MultiViews} option> --> -<A HREF="../content-negotiation.html">Content negotiated</A> MultiViews are -allowed. -<DT>SymLinksIfOwnerMatch -<DD> -<!--%plaintext <?INDEX {\tt SymLinksIfOwnerMatch} option> --> -The server will only follow symbolic links for which the target -file or directory is owned by the same user id as the link. -<BR> -<STRONG>Note</STRONG>: this option gets ignored if set inside a -<Location> section. -</DL> - -Normally, if multiple <CODE>Options</CODE> could apply to a directory, -then the most specific one is taken complete; the options are not -merged. However if <EM>all</EM> the options on the <CODE>Options</CODE> -directive are preceded by a + or - symbol, the options are -merged. Any options preceded by a + are added to the options -currently in force, and any options preceded by a - are removed from -the options currently in force. <P> - -For example, without any + and - symbols: - -<BLOCKQUOTE><CODE> -<Directory /web/docs> <BR> -Options Indexes FollowSymLinks<BR> -</Directory><BR> -<Directory /web/docs/spec> <BR> -Options Includes<BR> -</Directory> -</CODE></BLOCKQUOTE> -then only <CODE>Includes</CODE> will be set for the /web/docs/spec -directory. However if the second <CODE>Options</CODE> directive uses the + -and - symbols:<P> - -<BLOCKQUOTE><CODE> -<Directory /web/docs> <BR> -Options Indexes FollowSymLinks<BR> -</Directory><BR> -<Directory /web/docs/spec> <BR> -Options +Includes -Indexes<BR> -</Directory> -</CODE></BLOCKQUOTE> -then the options <CODE>FollowSymLinks</CODE> and <CODE>Includes</CODE> -are set for the /web/docs/spec directory.<P> - -<STRONG>Note:</STRONG> Using <CODE>-IncludesNOEXEC</CODE> or -<CODE>-Includes</CODE> -disables server-side includes completely regardless of the previous setting.<P> - -The default in the absence of any other settings is <CODE>All</CODE>.<P> -<HR> - -<H2><A NAME="pidfile">PidFile directive</A></H2> -<!--%plaintext <?INDEX {\tt PidFile} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> PidFile <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>PidFile logs/httpd.pid</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The PidFile directive sets the file to which the server records the -process id of the daemon. If the filename does not begin with a slash (/) -then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>. -The PidFile is only used in <A HREF="#servertype">standalone</A> mode.<P> - -It is often useful to be able to send the server a signal, so that it closes -and then reopens its <A HREF="#errorlog">ErrorLog</A> and TransferLog, and -re-reads its configuration files. This is done by sending a SIGHUP (kill -1) -signal to the process id listed in the PidFile.<P> - -The PidFile is subject to the same warnings about log file placement and -<A HREF="../misc/security_tips.html#serverroot">security</A>. - -<P><HR> - -<H2><A NAME="port">Port directive</A></H2> -<!--%plaintext <?INDEX {\tt Port} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> Port <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>Port 80</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -<EM>Number</EM> is a number from 0 to 65535; some port numbers -(especially below -1024) are reserved for particular protocols. See <CODE>/etc/services</CODE> -for a list of some defined ports; the standard port for the http protocol -is 80.<P> - -The Port directive has two behaviors, the first of which is necessary for -NCSA backwards compatibility (and which is confusing in the context of -Apache).<P> - -<UL> -<LI> -In the absence of any <A HREF="#listen">Listen</A> or -<A HREF="#bindaddress">BindAddress</A> directives specifying a port number, -a Port directive given in the "main server" -(<EM>i.e.</EM>, outside any <A HREF="#virtualhost"><VirtualHost></A> section) -sets the network port on which the server listens. -If there are any Listen or BindAddress directives specifying -<CODE>:number</CODE> then Port has no effect on what address the server -listens at. - -<LI>The Port directive -sets the <CODE>SERVER_PORT</CODE> environment variable (for -<A HREF="mod_cgi.html">CGI</A> and <A HREF="mod_include.html">SSI</A>), -and is used when the server must generate a URL that refers to itself -(for example when creating an external redirect to itself). This -behaviour is modified by -<A HREF="#usecanonicalname">UseCanonicalName</A>. -</UL> - -In no event does a Port setting affect -what ports a <A HREF="#virtualhost">VirtualHost</A> responds on, the -VirtualHost directive itself is used for that.<P> - -The primary behaviour of Port should be considered to be similar to that of -the <A HREF="#servername">ServerName</A> directive. The ServerName -and Port together specify what you consider to be the <EM>canonical</EM> -address of the server. -(See also <A HREF="#usecanonicalname">UseCanonicalName</A>.)<P> - -Port 80 is one of Unix's special ports. All ports numbered -below 1024 are reserved for system use, <EM>i.e.</EM>, regular (non-root) users cannot -make use of them; instead they can only use higher port numbers. -To use port 80, you must start the server from the root account. -After binding to the port and before accepting requests, Apache will change -to a low privileged user as set by the <A HREF="#user">User directive</A>.<P> - -If you cannot use port 80, choose any other unused port. Non-root users -will have to choose a port number higher than 1023, such as 8000.<P> - -SECURITY: if you do start the server as root, be sure -not to set <A HREF="#user">User</A> to root. If you run the server as -root whilst handling connections, your site may be open to a major security -attack.<P><HR> - -<H2><A NAME="require">require directive</A></H2> -<!--%plaintext <?INDEX {\tt require} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> require <EM>entity-name entity entity...</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Override" - REL="Help" -><STRONG>Override:</STRONG></A> AuthConfig<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -This directive selects which authenticated users can access a directory. -The allowed syntaxes are: -<UL> -<LI>require user <EM>userid userid ...</EM><P> -Only the named users can access the directory.<P> -<LI>require group <EM>group-name group-name ...</EM><P> -Only users in the named groups can access the directory.<P> -<LI>require valid-user<P> -All valid users can access the directory. -</UL> -<P> -If <CODE>require</CODE> appears in a <A HREF="#limit"><Limit></A> -section, then it restricts access to the named methods, otherwise -it restricts access for all methods. Example: -<BLOCKQUOTE><CODE> -AuthType Basic<BR> -AuthName somedomain<BR> -AuthUserFile /web/users<BR> -AuthGroupFile /web/groups<BR> -<Limit GET POST><BR> -require group admin<BR> -</Limit> -</CODE></BLOCKQUOTE> - -Require must be accompanied by <A HREF="#authname">AuthName</A> and -<A HREF="#authtype">AuthType</A> directives, and directives such as -<A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and -<A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and -groups) in order to work correctly.<P><HR> - -<H2><A NAME="resourceconfig">ResourceConfig directive</A></H2> -<!--%plaintext <?INDEX {\tt ResourceConfig} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ResourceConfig <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ResourceConfig conf/srm.conf</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The server will read this file for more directives after reading the -httpd.conf file. <EM>Filename</EM> is relative to the -<A HREF="#serverroot">ServerRoot</A>. -This feature can be disabled using: -<BLOCKQUOTE><CODE>ResourceConfig /dev/null</CODE></BLOCKQUOTE> -Historically, this file contained most directives except for server -configuration directives and <A HREF="#directory"><Directory></A> -sections; in fact it can now contain any server directive allowed in the -<EM>server config</EM> context.<P> - -See also <A HREF="#accessconfig">AccessConfig</A>.<P><HR> - -<H2><A NAME="rlimit">RLimitCPU</A> <A NAME="rlimitcpu">directive</A></H2> -<!--%plaintext <?INDEX {\tt RLimitCPU} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitCPU <EM># or 'max'</EM> - <EM>[# or 'max']</EM> -<BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <EM>Unset; uses operating system defaults</EM> -<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> RLimitCPU is only available in Apache 1.2 -and later<P> - -Takes 1 or 2 parameters. The first parameter sets the soft resource limit -for all processes and the second parameter sets the maximum resource limit. -Either parameter can be a number, or <EM>max</EM> to indicate to the server -that the limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the server -is running as root, or in the initial startup phase.<P> - -CPU resource limits are expressed in seconds per process.<P> - -See also <A HREF="#rlimitmem">RLimitMEM</A> or -<A HREF="#rlimitnproc">RLimitNPROC</A>.<P><HR> - -<H2><A NAME="rlimitmem">RLimitMEM directive</A></H2> -<!--%plaintext <?INDEX {\tt RLimitMEM} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitMEM <EM># or 'max'</EM> - <EM>[# or 'max']</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <EM>Unset; uses operating system defaults</EM> -<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> RLimitMEM is only available in Apache 1.2 -and later<P> - -Takes 1 or 2 parameters. The first parameter sets the soft resource limit for -all processes and the second parameter sets the maximum resource limit. Either -parameter can be a number, or <EM>max</EM> to indicate to the server that the -limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the -server is running as root, or in the initial startup phase.<P> - -Memory resource limits are expressed in bytes per process.<P> - -See also <A HREF="#rlimitcpu">RLimitCPU</A> or -<A HREF="#rlimitnproc">RLimitNPROC</A>.<P><HR> - -<H2><A NAME="rlimitnproc">RLimitNPROC directive</A></H2> -<!--%plaintext <?INDEX {\tt RLimitNPROC} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> RLimitNPROC <EM># or 'max'</EM> - <EM>[# or 'max']</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <EM>Unset; uses operating system defaults</EM> -<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> RLimitNPROC is only available in Apache -1.2 and later<P> - -Takes 1 or 2 parameters. The first parameter sets the soft resource limit -for all processes and the second parameter sets the maximum resource limit. -Either parameter can be a number, or <EM>max</EM> to indicate to the server -that the limit should be set to the maximum allowed by the operating system -configuration. Raising the maximum resource limit requires that the server -is running as root, or in the initial startup phase.<P> - -Process limits control the number of processes per user.<P> - -Note: If CGI processes are <STRONG>not</STRONG> running under userids other -than the -web server userid, this directive will limit the number of processes that the -server itself can create. Evidence of this situation will be indicated by -<STRONG><EM>cannot fork</EM></STRONG> messages in the error_log.<P> - -See also <A HREF="#rlimitmem">RLimitMEM</A> or -<A HREF="#rlimitcpu">RLimitCPU</A>. - -<P><HR> - -<H2><A NAME="satisfy">Satisfy directive</A></H2> -<!--%plaintext <?INDEX {\tt Satisfy} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> Satisfy <EM>'any' or 'all'</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> Satisfy all<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Satisfy is only available in Apache 1.2 -and later<P> - -Access policy if both allow and require used. The parameter can be -either <EM>'all'</EM> or <EM>'any'</EM>. This directive is only useful -if access to a particular area is being restricted by both -username/password <EM>and</EM> client host address. In this case the -default behavior ("all") is to require that the client passes the -address access restriction <EM>and</EM> enters a valid username and -password. With the "any" option the client will be granted access if -they either pass the host restriction or enter a valid username and -password. This can be used to password restrict an area, but to let -clients from particular addresses in without prompting for a password. - - -<P><HR> - -<H2><A NAME="scoreboardfile">ScoreBoardFile directive</A></H2> -<!--%plaintext <?INDEX {\tt ScoreBoardFile} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ScoreBoardFile <EM>filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ScoreBoardFile logs/apache_status</CODE> -<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The ScoreBoardFile directive is required on some architectures to place -a file that the server will use to communicate between its children and -the parent. The easiest way to find out if your architecture requires -a scoreboard file is to run Apache and see if it creates the file named -by the directive. If your architecture requires it then you must ensure -that this file is not used at the same time by more than one invocation -of Apache.<P> - -If you have to use a ScoreBoardFile then you may see improved speed by -placing it on a RAM disk. But be careful that you heed the same warnings -about log file placement and -<A HREF="../misc/security_tips.html">security</A>.<P> - -Apache 1.2 and above:<P> - -Linux 1.x users might be able to add -<CODE>-DHAVE_SHMGET -DUSE_SHMGET_SCOREBOARD</CODE> to -the <CODE>EXTRA_CFLAGS</CODE> in your <CODE>Configuration</CODE>. This -might work with some 1.x installations, but won't work with all of -them. (Prior to 1.3b4, <CODE>HAVE_SHMGET</CODE> would have sufficed.)<P> - -SVR4 users should consider adding -<CODE>-DHAVE_SHMGET -DUSE_SHMGET_SCOREBOARD</CODE> to the -<CODE>EXTRA_CFLAGS</CODE> in your <CODE>Configuration</CODE>. This -is believed to work, but we were unable to test it in time for 1.2 -release. (Prior to 1.3b4, <CODE>HAVE_SHMGET</CODE> would have sufficed.)<P> - -<STRONG>See Also</STRONG>: -<A HREF="../stopping.html">Stopping and Restarting Apache</A></P> - -<P><HR> - -<H2><A NAME="scriptinterpretersource">ScriptInterpreterSource directive</A></H2> -<!--%plaintext <?INDEX {\tt ScriptInterpreterSource} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ScriptInterpreterSource <EM>'registry' or 'script'</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ScriptInterpreterSource script</CODE> -<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> directory, .htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core (Windows only)<P> - -This directive is used to control how Apache 1.3.5 and later finds the interpreter -used to run CGI scripts. The default technique is to use the interpreter pointed to by -the #! line in the script. Setting ScriptInterpreterSource registry will cause the -Windows Registry to be searched using the script file extension (e.g., .pl) as a search key. -<P><HR> - -<H2><A NAME="sendbuffersize">SendBufferSize directive</A></H2> -<!--%plaintext <?INDEX {\tt SendBufferSize} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> SendBufferSize <EM>bytes</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The server will set the TCP buffer size to the number of bytes -specified. Very useful to increase past standard OS defaults on high -speed high latency (<EM>i.e.</EM>, 100ms or so, such as transcontinental -fast pipes) -<P><HR> - -<H2><A NAME="serveradmin">ServerAdmin directive</A></H2> -<!--%plaintext <?INDEX {\tt ServerAdmin} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerAdmin <EM>email-address</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The ServerAdmin sets the e-mail address that the server includes in any -error messages it returns to the client.<P> - -It may be worth setting up a dedicated address for this, <EM>e.g.</EM> -<BLOCKQUOTE><CODE>ServerAdmin www-admin@foo.bar.com</CODE></BLOCKQUOTE> -as users do not always mention that they are talking about the server!<P><HR> - -<H2><A NAME="serveralias">ServerAlias directive</A></H2> - -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerAlias <EM>host1 host2 ...</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ServerAlias is only available in Apache -1.1 and later.<P> - -The ServerAlias directive sets the alternate names for a host, for use -with -<A HREF="../vhosts/name-based.html">name-based virtual hosts</A>. - -<P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> - -<HR> - -<H2><A NAME="servername">ServerName directive</A></H2> -<!--%plaintext <?INDEX {\tt ServerName} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerName <EM>fully-qualified domain name</EM> -<BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The ServerName directive sets the hostname of the server; this is only -used when creating redirection URLs. If it is not specified, then the -server attempts to deduce it from its own IP address; however this may -not work reliably, or may not return the preferred hostname. For example: -<BLOCKQUOTE><CODE>ServerName www.wibble.com</CODE></BLOCKQUOTE> -would be used if the canonical (main) name of the actual machine -were <CODE>monster.wibble.com</CODE>.<P> -<P><STRONG>See Also</STRONG>:<BR> -<A HREF="../dns-caveats.html">DNS Issues</A><BR> -<A HREF="#usecanonicalname">UseCanonicalName</A><BR> -</P> -<HR> - -<H2><A NAME="serverpath">ServerPath directive</A></H2> - -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerPath <EM>pathname</EM><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ServerPath is only available in Apache -1.1 and later.<P> - -The ServerPath directive sets the legacy URL pathname for a host, for -use with <A HREF="../vhosts/index.html">name-based virtual hosts</A>. - -<P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A> - -<HR> - -<H2><A NAME="serverroot">ServerRoot directive</A></H2> -<!--%plaintext <?INDEX {\tt ServerRoot} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerRoot <EM>directory-filename</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ServerRoot /usr/local/apache</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The ServerRoot directive sets the directory in which the server lives. -Typically it will contain the subdirectories <CODE>conf/</CODE> and -<CODE>logs/</CODE>. Relative paths for other configuration files are taken -as relative to this directory.<P> - -See also <A HREF="../invoking.html">the <CODE>-d</CODE> option to httpd</A>.<P> -See also <A HREF="../misc/security_tips.html#serverroot">the security tips</A> -for information on how to properly set permissions on the ServerRoot.<P> - -<HR> - -<H2><A NAME="serversignature">ServerSignature directive</A></H2> -<!--%plaintext <?INDEX {\tt ServerSignature} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerSignature <EM>Off | On | EMail</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ServerSignature Off</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host, directory, -.htaccess<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ServerSignature is only available in -Apache -1.3 and later.<P> - -The ServerSignature directive allows the configuration of a trailing -footer line under server-generated documents (error messages, -mod_proxy ftp directory listings, mod_info output, ...). The reason -why you would want to enable such a footer line is that in a chain -of proxies, the user often has no possibility to tell which of the -chained servers actually produced a returned error message.<BR> -The <SAMP>Off</SAMP> setting, which is the default, suppresses the -error line (and is therefore compatible with the behavior of -Apache-1.2 and below). The <SAMP>On</SAMP> setting simply adds a -line with the server version number and <A -HREF="#servername">ServerName</A> of the serving virtual host, and -the <SAMP>EMail</SAMP> setting additionally creates a "mailto:" -reference to the <A HREF="#serveradmin">ServerAdmin</A> of the -referenced document. - -<HR> - -<H2><A NAME="servertokens">ServerTokens directive</A></H2> -<!--%plaintext <?INDEX {\tt ServerTokens} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerTokens <EM>Minimal|OS|Full</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ServerTokens Full</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config <BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> ServerTokens is only available - in Apache 1.3 and later - -<P> -This directive controls whether <SAMP>Server</SAMP> response header -field which is sent back to clients includes a description of the generic -OS-type of the server as well as information about compiled-in modules. -</P> -<DL> - <DT><CODE>ServerTokens Min[imal]</CODE> - </DT> - <DD>Server sends (<EM>e.g.</EM>): <SAMP>Server: Apache/1.3.0</SAMP> - </DD> - <DT><CODE>ServerTokens OS</CODE> - </DT> - <DD>Server sends (<EM>e.g.</EM>): <SAMP>Server: Apache/1.3.0 (Unix)</SAMP> - </DD> - <DT><CODE>ServerTokens Full</CODE> (or not specified) - </DT> - <DD>Server sends (<EM>e.g.</EM>): <SAMP>Server: Apache/1.3.0 (Unix) PHP/3.0 - MyMod/1.2</SAMP> - </DD> -</DL> -<P> -This setting applies to the entire server, and cannot be enabled or -disabled on a virtualhost-by-virtualhost basis. -</P> - -<HR> - -<H2><A NAME="servertype">ServerType directive</A></H2> -<!--%plaintext <?INDEX {\tt ServerType} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ServerType <EM>type</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ServerType standalone</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The ServerType directive sets how the server is executed by the system. -<EM>Type</EM> is one of -<DL> -<DT>inetd -<DD>The server will be run from the system process inetd; the command to start -the server is added to <CODE>/etc/inetd.conf</CODE> -<DT>standalone -<DD>The server will run as a daemon process; the command to start the server -is added to the system startup scripts. (<CODE>/etc/rc.local</CODE> or -<CODE>/etc/rc3.d/...</CODE>.) -</DL> - -Inetd is the lesser used of the two options. For each http -connection received, a new copy of the server is started from scratch; -after the connection is complete, this program exits. There is a high price to -pay per connection, but for security reasons, some admins prefer this option. -<FONT COLOR="red">Inetd mode is no longer recommended and does not always -work properly. Avoid it if at all possible.</FONT> -<P> - -Standalone is the most common setting for ServerType since -it is far more efficient. The server is started once, and services all -subsequent connections. If you intend running Apache to serve a busy site, -standalone will probably be your only option.<P> -<HR> -<H2><A NAME="startservers">StartServers directive</A></H2> -<!--%plaintext <?INDEX {\tt StartServers} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> StartServers <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>StartServers 5</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The StartServers directive sets the number of child server processes created -on startup. As the number of processes is dynamically controlled depending -on the load, there is usually little reason to adjust this parameter.<P> - -<P>When running under Microsoft Windows, this directive has no effect. - There is always one child which handles all requests. Within the - child requests are handled by separate threads. The - <A HREF="#threadsperchild">ThreadsPerChild</A> directive controls - the maximum number of child threads handling requests, which will - have a similar effect to the setting of <SAMP>StartServers</SAMP> - on Unix. - -<P> - -See also <A HREF="#minspareservers">MinSpareServers</A> and -<A HREF="#maxspareservers">MaxSpareServers</A>.<P><HR> - -<H2><A NAME="threadsperchild">ThreadsPerChild</A></H2> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> ThreadsPerChild <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>ThreadsPerChild 50</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core (Windows)<BR> -<STRONG>Compatibility:</STRONG> Available only with Apache 1.3 and later -with Windows - -<P>This directive tells the server how many threads it should use. This - is the maximum number of connections the server can handle at once; be - sure and set this number high enough for your site if you get a lot of - hits. - -<P>This directive has no effect on Unix systems. Unix users should look - at <A HREF="#startservers">StartServers</A> and <A - HREF="#maxrequestsperchild">MaxRequestsPerChild</A>.</P> - -<HR> - -<H2><A NAME="timeout">TimeOut directive</A></H2> -<!--%plaintext <?INDEX {\tt TimeOut} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> TimeOut <EM>number</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>TimeOut 300</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The TimeOut directive currently defines the amount of time Apache will -wait for three things: - -<OL> - <LI>The total amount of time it takes to receive a GET request. - <LI>The amount of time between receipt of TCP packets on a POST or - PUT request. - <LI>The amount of time between ACKs on transmissions of TCP packets - in responses. -</OL> - -We plan on making these separately configurable at some point down the -road. The timer used to default to 1200 before 1.2, but has been -lowered to 300 which is still far more than necessary in most -situations. It is not set any lower by default because there may -still be odd places in the code where the timer is not reset when -a packet is sent. - -<P><HR> - -<H2><A NAME="usecanonicalname">UseCanonicalName directive</A></H2> -<!--%plaintext <?INDEX {\tt UseCanonicalName} directive> --> -<A HREF="directive-dict.html#Syntax" REL="Help"> -<STRONG>Syntax:</STRONG></A> UseCanonicalName <EM>on|off</EM><BR> -<A HREF="directive-dict.html#Default" REL="Help"> -<STRONG>Default:</STRONG></A> <CODE>UseCanonicalName on</CODE><BR> -<A HREF="directive-dict.html#Context" REL="Help"> -<STRONG>Context:</STRONG></A> server config, virtual host, directory, .htaccess -<BR> -<A HREF="directive-dict.html#Override" REL="Help"> -<STRONG>Override:</STRONG></A> Options<BR> -<A HREF="directive-dict.html#Compatibility" REL="Help"> -<STRONG>Compatibility:</STRONG></A> UseCanonicalName is only available in -Apache 1.3 and later<P> - -In many situations Apache has to construct a <EM>self-referential</EM> -URL. That is, a URL which refers back to the same server. -With <CODE>UseCanonicalName on</CODE> (and in all versions prior to -1.3) Apache will use the <A HREF="#servername">ServerName</A> and <A -HREF="#port">Port</A> directives to construct a canonical name for the -server. This name is used in all self-referential URLs, and for the -values of <CODE>SERVER_NAME</CODE> and <CODE>SERVER_PORT</CODE> in CGIs. - -<P>With <CODE>UseCanonicalName off</CODE> Apache will form -self-referential URLs using the hostname and port supplied -by the client if any are supplied (otherwise it will use the -canonical name). These values are the same that are used to -implement <A HREF="../vhosts/name-based.html">name based virtual -hosts</A>, and are available with the same clients. The CGI variables -<CODE>SERVER_NAME</CODE> and <CODE>SERVER_PORT</CODE> will be constructed -from the client supplied values as well. - -<P>An example where this may be useful is on an intranet server where -you have users connecting to the machine using short names such as -<CODE>www</CODE>. You'll notice that if the users type a shortname, -and a URL which is a directory, such as <CODE>http://www/splat</CODE>, -<EM>without the trailing slash</EM> then Apache will redirect them to -<CODE>http://www.domain.com/splat/</CODE>. If you have authentication -enabled, this will cause the user to have to reauthenticate twice (once -for <CODE>www</CODE> and once again for <CODE>www.domain.com</CODE>). -But if <CODE>UseCanonicalName</CODE> is set off, then Apache will redirect -to <CODE>http://www/splat/</CODE>. - -<P><STRONG>Warning:</STRONG> if CGIs make assumptions about the values of -<CODE>SERVER_NAME</CODE> they may be broken by this option. The client -is essentially free to give whatever value they want as a hostname. -But if the CGI is only using <CODE>SERVER_NAME</CODE> to construct -self-referential URLs then it should be just fine. - -<P><STRONG>See also:</STRONG> -<A HREF="#servername">ServerName</A>, -<A HREF="#port">Port</A> - -<P><HR> - -<H2><A NAME="user">User directive</A></H2> -<!--%plaintext <?INDEX {\tt User} directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> User <EM>unix-userid</EM><BR> -<A - HREF="directive-dict.html#Default" - REL="Help" -><STRONG>Default:</STRONG></A> <CODE>User #-1</CODE><BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config, virtual host<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> core<P> - -The User directive sets the userid as which the server will answer requests. -In order to use this directive, the standalone server must be run initially -as root. <EM>Unix-userid</EM> is one of: -<DL> -<DT>A username -<DD>Refers to the given user by name. -<DT># followed by a user number. -<DD>Refers to a user by their number. -</DL> - -The user should have no privileges which result in it being able to access -files which are not intended to be visible to the outside world, and -similarly, the user should not be able to execute code which is not -meant for httpd requests. It is recommended that you set up a new user and -group specifically for running the server. Some admins use user -<CODE>nobody</CODE>, but this is not always possible or desirable. -For example mod_proxy's cache, when enabled, must be accessible to this user -(see the <A HREF="mod_proxy.html#cacheroot"><CODE>CacheRoot</CODE> -directive</A>).<P> - -Notes: If you start the server as a non-root user, it will fail to change -to the lesser privileged user, and will instead continue to run as -that original user. If you do start the server as root, then it is normal -for the parent process to remain running as root.<P> - -Special note: Use of this directive in <VirtualHost> requires a -properly configured <A HREF="../suexec.html">suEXEC wrapper</A>. -When used inside a <VirtualHost> in this manner, only the user -that CGIs are run as is affected. Non-CGI requests are still processed -with the user specified in the main User directive.<P> - -SECURITY: Don't set User (or <A HREF="#group">Group</A>) to -<CODE>root</CODE> unless you know exactly what you are doing, and what the -dangers are.<P><HR> - -<H2><A NAME="virtualhost"><VirtualHost> directive</A></H2> -<!--%plaintext <?INDEX {\tt VirtualHost} section directive> --> -<A - HREF="directive-dict.html#Syntax" - REL="Help" -><STRONG>Syntax:</STRONG></A> <VirtualHost <EM>addr</EM>[:<EM>port</EM>] - ...> ... -</VirtualHost> <BR> -<A - HREF="directive-dict.html#Context" - REL="Help" -><STRONG>Context:</STRONG></A> server config<BR> -<A - HREF="directive-dict.html#Status" - REL="Help" -><STRONG>Status:</STRONG></A> Core.<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Non-IP address-based Virtual Hosting only -available in Apache 1.1 and later.<BR> -<A - HREF="directive-dict.html#Compatibility" - REL="Help" -><STRONG>Compatibility:</STRONG></A> Multiple address support only available in -Apache 1.2 and later.<P> - -<VirtualHost> and </VirtualHost> are used to enclose a group of -directives which will apply only to a particular virtual host. -Any directive which is allowed in a virtual host context may be used. -When the server receives a request for a document on a particular virtual -host, it uses the configuration directives enclosed in the <VirtualHost> -section. <EM>Addr</EM> can be -<MENU> -<LI>The IP address of the virtual host -<LI>A fully qualified domain name for the IP address of the virtual host. -</MENU> Example: -<BLOCKQUOTE> -<CODE> -<VirtualHost 10.1.2.3> <BR> -ServerAdmin webmaster@host.foo.com <BR> -DocumentRoot /www/docs/host.foo.com <BR> -ServerName host.foo.com <BR> -ErrorLog logs/host.foo.com-error_log <BR> -TransferLog logs/host.foo.com-access_log <BR> -</VirtualHost> -</CODE></BLOCKQUOTE> - -Each VirtualHost must correspond to a different IP address, different port -number or a -different host name for the server, in the latter case the server -machine must be configured to accept IP packets for multiple -addresses. (If the machine does not have multiple network interfaces, -then this can be accomplished with the <CODE>ifconfig alias</CODE> -command (if your OS supports it), or with kernel patches like <A -HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<P> - -The special name <CODE>_default_</CODE> can be specified in which case -this virtual host will match any IP address that is not explicitly listed -in another virtual host. In the absence of any _default_ virtual host -the "main" server config, consisting of all those definitions outside -any VirtualHost section, is used when no match occurs.<P> - -You can specify a <CODE>:port</CODE> to change the port that is matched. -If unspecified then it defaults to the same port as the most recent -<CODE><A HREF="#port">Port</A></CODE> statement of the main server. You -may also specify <CODE>:*</CODE> to match all ports on that address. -(This is recommended when used with <CODE>_default_</CODE>.)<P> - -<STRONG>SECURITY</STRONG>: See the -<A HREF="../misc/security_tips.html">security tips</A> -document for details on why your security could be compromised if -the directory where logfiles are stored is writable by anyone other -than the user that starts the server. - -<P><STRONG>NOTE</STRONG>: The use of <VirtualHost> does -<STRONG>not</STRONG> affect what addresses Apache listens on. You may -need to ensure that Apache is listening on the correct addresses using -either <A HREF="#bindaddress">BindAddress</A> or <A -HREF="#listen">Listen</A>. - -<P><STRONG>See also:</STRONG> -<A HREF="../vhosts/index.html">Apache Virtual Host documentation</A><BR> -<STRONG>See also:</STRONG> -<A HREF="../dns-caveats.html">Warnings about DNS and Apache</A><BR> -<STRONG>See also:</STRONG> -<A HREF="../bind.html">Setting which addresses and ports Apache uses</A><BR> -<STRONG>See also</STRONG>: <A HREF="../sections.html">How Directory, -Location and Files sections work</A> for an explanation of how these -different sections are combined when a request is received -</P> - -<!--#include virtual="footer.html" --> -</BODY> -</HTML> - |