1 <?xml version="1.0" encoding="utf-8"?>
2 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3 <?xml-stylesheet type="text/xsl" href="../style/manual.es.xsl"?>
4 <!-- English Revision: 1741251:1777140 (outdated) -->
5 <!-- Translated by Luis Gil de Bernabé Pfeiffer lgilbernabe[AT]apache.org -->
6 <!-- Reviewed by Sergio Ramos-->
8 Licensed to the Apache Software Foundation (ASF) under one or more
9 contributor license agreements. See the NOTICE file distributed with
10 this work for additional information regarding copyright ownership.
11 The ASF licenses this file to You under the Apache License, Version 2.0
12 (the "License"); you may not use this file except in compliance with
13 the License. You may obtain a copy of the License at
15 http://www.apache.org/licenses/LICENSE-2.0
17 Unless required by applicable law or agreed to in writing, software
18 distributed under the License is distributed on an "AS IS" BASIS,
19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20 See the License for the specific language governing permissions and
21 limitations under the License.
24 <modulesynopsis metafile="core.xml.meta">
27 <description>Funcionalides básicas del Servidor HTTP Apache que siempre están presentes.</description>
31 <name>AcceptFilter</name>
32 <description>Configura mejoras para un Protocolo de Escucha de Sockets</description>
33 <syntax>AcceptFilter <var>protocol</var> <var>accept_filter</var></syntax>
34 <contextlist><context>server config</context></contextlist>
38 <p>Esta directiva hace posible mejoras específicas a nivel de sistema operativo
39 y a través del tipo de Protocolo para un socket que escucha.
40 La premisa básica es que el kernel no envíe un socket al servidor
41 hasta que o bien los datos se hayan recibido o bien se haya almacenado
42 en el buffer una Respuesta HTTP completa.
43 Actualmente sólo están soportados
44 <a href="http://www.freebsd.org/cgi/man.cgi?query=accept_filter&sektion=9">
45 Accept Filters</a> sobre FreeBSD, <code>TCP_DEFER_ACCEPT</code> sobre Linux,
46 y AcceptEx() sobre Windows.</p>
48 <p>El uso de <code>none</code> para un argumento desactiva cualquier filtro
49 aceptado para ese protocolo. Esto es útil para protocolos que requieren que un
50 servidor envíe datos primeros, tales como <code>ftp:</code> o <code>nntp</code>:</p>
51 <highlight language="config">
52 AcceptFilter nntp none
55 <p>Los nombres de protocolo por defecto son <code>https</code> para el puerto 443
56 y <code>http</code> para todos los demás puertos. Para especificar que se está
57 utilizando otro protocolo con un puerto a la escucha, añade el argumento <var>protocol</var>
58 a la directiva <directive module="mpm_common">Listen</directive>.</p>
60 <p>Los valores por defecto de FreeBDS son:</p>
61 <highlight language="config">
62 AcceptFilter http httpready
63 AcceptFilter https dataready
66 <p>El filtro <code>httpready</code> almacena en el buffer peticiones HTTP completas
67 a nivel de kernel. Una vez que la petición es recibida, el kernel la envía al servidor.
68 Consulta la página man de
69 <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_http&sektion=9">
70 accf_http(9)</a> para más detalles. Puesto que las peticiones HTTPS
71 están encriptadas, sólo se utiliza el filtro
72 <a href="http://www.freebsd.org/cgi/man.cgi?query=accf_data&sektion=9">accf_data(9)</a>.</p>
74 <p>Los valores por defecto en Linux son:</p>
75 <highlight language="config">
76 AcceptFilter http data
77 AcceptFilter https data
80 <p>En Linux, <code>TCP_DEFER_ACCEPT</code> no soporta el buffering en peticiones http.
81 Cualquier valor además de <code>none</code> habilitará
82 <code>TCP_DEFER_ACCEPT</code> en ese socket. Para más detalles
83 ver la página man de Linux
84 <a href="http://linux.die.net/man/7/tcp">
87 <p>Los valores por defecto en Windows son:</p>
88 <highlight language="config">
89 AcceptFilter http data
90 AcceptFilter https data
93 <p>Sobre Windows mpm_winnt interpreta el argumento AcceptFilter para conmutar la API
94 AcceptEx(), y no soporta el buffering sobre el protocolo http. Hay dos valores
95 que utilizan la API Windows AcceptEx() y que recuperan sockets de red
96 entre conexiones. <code>data</code> espera hasta que los datos han sido
97 transmitidos como se comentaba anteriormente, y el buffer inicial de datos y las
98 direcciones de red son recuperadas a partir de una única llamada AcceptEx().
99 <code>connect</code> utiliza la API AcceptEx() API, y recupera también
100 las direcciones de red, pero a diferencia de <code>none</code>
101 la opción <code>connect</code> no espera a la transmisión inicial de los datos.</p>
103 <p>Sobre Windows, <code>none</code> usa accept() antes que AcceptEx()
104 y no recuperará sockets entre las conexiones. Lo que es útil para los adaptadores de
105 red con un soporte precario de drivers, así como para algunos proveedores de red
106 tales como drivers vpn, o filtros de spam, de virus o de spyware.</p>
109 <seealso><directive module="core">Protocol</directive></seealso>
113 <name>AcceptPathInfo</name>
114 <description>Los recursos aceptan información sobre su ruta</description>
115 <syntax>AcceptPathInfo On|Off|Default</syntax>
116 <default>AcceptPathInfo Default</default>
117 <contextlist><context>server config</context>
118 <context>virtual host</context><context>directory</context>
119 <context>.htaccess</context></contextlist>
120 <override>FileInfo</override>
125 <p>Esta directiva controla si las peticiones que contienen información sobre la ruta
126 que sigue un fichero que existe (o un fichero que no existe pero en un directorio que
127 sí existe) serán aceptadas o denegadas. La información de ruta puede estar disponible
128 para los scripts en la variable de entorno <code>PATH_INFO</code>.</p>
130 <p>Por ejemplo, asumamos que la ubicación <code>/test/</code> apunta a
131 un directorio que contiene únicamente el fichero
132 <code>here.html</code>. Entonces, las peticiones tanto para
133 <code>/test/here.html/more</code> como para
134 <code>/test/nothere.html/more</code> recogen
135 <code>/more</code> como <code>PATH_INFO</code>.</p>
137 <p>Los tres posibles argumentos para la directiva
138 <directive>AcceptPathInfo</directive> son los siguientes:</p>
140 <dt><code>Off</code></dt><dd>Una petición sólo será aceptada si
141 se corresponde con una ruta literal que existe. Por lo tanto, una petición
142 con una información de ruta después del nombre de fichero tal como
143 <code>/test/here.html/more</code> en el ejemplo anterior devolverá
144 un error 404 NOT FOUND.</dd>
146 <dt><code>On</code></dt><dd>Una petición será aceptada si una
147 ruta principal de acceso se corresponde con un fichero que existe. El ejemplo
148 anterior <code>/test/here.html/more</code> será aceptado si
149 <code>/test/here.html</code> corresponde a un fichero válido.</dd>
151 <dt><code>Default</code></dt><dd>La gestión de las peticiones
152 con información de ruta está determinada por el <a
153 href="../handler.html">controlador</a> responsable de la petición.
154 El controlador principal para para ficheros normales rechaza por defecto
155 peticiones <code>PATH_INFO</code>. Los controladores que sirven scripts, tales como <a
156 href="mod_cgi.html">cgi-script</a> e <a
157 href="mod_isapi.html">isapi-handler</a>, normalmente aceptan
158 <code>PATH_INFO</code> por defecto.</dd>
161 <p>El objetivo principal de la directiva <code>AcceptPathInfo</code>
162 es permitirnos sobrescribir la opción del controlador
163 de aceptar o rechazar <code>PATH_INFO</code>. Este tipo de reescritura se necesita,
164 por ejemplo, cuando utilizas un <a href="../filter.html">filtro</a>, tal como
165 <a href="mod_include.html">INCLUDES</a>, para generar contenido
166 basado en <code>PATH_INFO</code>. El controlador principal normalmente rechazaría
167 la petición, de modo que puedes utilizar la siguiente configuración para habilitarla
170 <highlight language="config">
171 <Files "mypaths.shtml">
173 SetOutputFilter INCLUDES
182 <name>AccessFileName</name>
183 <description>Nombre del fichero distribuido de configuración</description>
184 <syntax>AccessFileName <var>filename</var> [<var>filename</var>] ...</syntax>
185 <default>AccessFileName .htaccess</default>
186 <contextlist><context>server config</context><context>virtual host</context>
190 <p>Mientras que procesa una petición el servidor busca
191 el primer fichero de configuración existente dentro de un listado de nombres en
192 cada directorio de la ruta del documento, si los ficheros distribuidos
193 de configuración están <a href="#allowoverride">habilitados para ese
194 directorio</a>. Por ejemplo:</p>
196 <highlight language="config">
200 <p>Antes de servir el documento
201 <code>/usr/local/web/index.html</code>, el servidor leerá
202 <code>/.acl</code>, <code>/usr/.acl</code>,
203 <code>/usr/local/.acl</code> y <code>/usr/local/web/.acl</code>
204 para las directivas, salvo que estén deshabilitadas con:</p>
206 <highlight language="config">
207 <Directory "/">
214 <seealso><directive module="core">AllowOverride</directive></seealso>
215 <seealso><a href="../configuring.html">Ficheros de configuración</a></seealso>
216 <seealso><a href="../howto/htaccess.html">Fichero .htaccess</a></seealso>
220 <name>AddDefaultCharset</name>
221 <description>Juego de casrácteres que se le añade por defecto a una respuesta del tipo
222 contenido "content-type" es <code>text/plain</code> o <code>text/html</code></description>
223 <syntax>AddDefaultCharset On|Off|<var>charset</var></syntax>
224 <default>AddDefaultCharset Off</default>
225 <contextlist><context>server config</context>
226 <context>virtual host</context><context>directory</context>
227 <context>.htaccess</context></contextlist>
228 <override>FileInfo</override>
231 <p>Esta directiva especifica un valor por defecto para el tipo de soporte que
232 se usa como parámetro del juego de carácteres (el nombre de una
233 codificación de carácteres) para ser añadido a una respuesta si y solo si
234 el contenido de "content-type" es o <code>text/plain</code> o
235 <code>text/html</code>. Esto debería sobreescribir cualquier juego de
236 caracteres que se le especifique en el cuerpo de la respuesta mediante un
237 elemento <code>META</code>, aunque el comportamiento exacto depende a menudo
238 de la confuguracion del usuario cliente. Una configuración de
239 <code>AddDefaultCharset Off</code> deshabilita esta funcionalidad.
240 <code>AddDefaultCharset On</code> habilita un conjunto de caracteres por defecto
241 de <code>iso-8859-1</code>. Cualquier otro valor se asume que sea el <var>charset</var>
242 que va a ser usado, que debe ser uno de los juegos de carácteres
243 <a href="http://www.iana.org/assignments/character-sets">registradas por el IANA
244 </a> para su uso en los tipos de medios de Internet (MIME types).
247 <highlight language="config">
248 AddDefaultCharset utf-8
251 <p><directive>AddDefaultCharset</directive> debería ser utilizada sólo cuando
252 se sepa que todo el texto del recurso al que se le aplica se sabe que va a
253 estar en ese juego de caracteres y es inconveniente etiquetar los
254 documentos individualmente. Un ejemplo de ello es añadir el juego de caracteres
255 a recursos con contenido autogenerado, tales como scripts legados de CGI,
256 que pueden ser vulnerables a ataques de tipo XSS (Cross-Site Scripting),
257 debido a datos que incluye el usuario en la salida. Notese, sin embargo
258 una mejor solución es arreglar (o eliminar) dichos scripts, ya que
259 dejar por defecto un juego de carácteres no protege a los usuarios
260 que han habilitado la funcionalidad "auto-detect character encoding" en sus
264 <seealso><directive module="mod_mime">AddCharset</directive></seealso>
267 <name>AllowEncodedSlashes</name>
268 <description>Determina si Determines whether encoded path separators in URLs are allowed to
269 be passed through</description>
270 <syntax>AllowEncodedSlashes On|Off</syntax>
271 <default>AllowEncodedSlashes Off</default>
272 <contextlist><context>server config</context><context>virtual host</context>
274 <compatibility>Available in Apache httpd 2.0.46 and later</compatibility>
277 <p>The <directive>AllowEncodedSlashes</directive> directive allows URLs
278 which contain encoded path separators (<code>%2F</code> for <code>/</code>
279 and additionally <code>%5C</code> for <code>\</code> on according systems)
280 to be used. Normally such URLs are refused with a 404 (Not found) error.</p>
282 <p>Turning <directive>AllowEncodedSlashes</directive> <code>On</code> is
283 mostly useful when used in conjunction with <code>PATH_INFO</code>.</p>
285 <note><title>Note</title>
286 <p>Allowing encoded slashes does <em>not</em> imply <em>decoding</em>.
287 Occurrences of <code>%2F</code> or <code>%5C</code> (<em>only</em> on
288 according systems) will be left as such in the otherwise decoded URL
292 <seealso><directive module="core">AcceptPathInfo</directive></seealso>
296 <name>AllowOverride</name>
297 <description>Types of directives that are allowed in
298 <code>.htaccess</code> files</description>
299 <syntax>AllowOverride All|None|<var>directive-type</var>
300 [<var>directive-type</var>] ...</syntax>
301 <default>AllowOverride None (2.3.9 and later), AllowOverride All (2.3.8 and earlier)</default>
302 <contextlist><context>directory</context></contextlist>
305 <p>When the server finds an <code>.htaccess</code> file (as
306 specified by <directive module="core">AccessFileName</directive>)
307 it needs to know which directives declared in that file can override
308 earlier configuration directives.</p>
310 <note><title>Only available in <Directory> sections</title>
311 <directive>AllowOverride</directive> is valid only in
312 <directive type="section" module="core">Directory</directive>
313 sections specified without regular expressions, not in <directive
314 type="section" module="core">Location</directive>, <directive
315 module="core" type="section">DirectoryMatch</directive> or
316 <directive type="section" module="core">Files</directive> sections.
319 <p>When this directive is set to <code>None</code>, then
320 <a href="#accessfilename">.htaccess</a> files are completely ignored.
321 In this case, the server will not even attempt to read
322 <code>.htaccess</code> files in the filesystem.</p>
324 <p>When this directive is set to <code>All</code>, then any
325 directive which has the .htaccess <a
326 href="directive-dict.html#Context">Context</a> is allowed in
327 <code>.htaccess</code> files.</p>
329 <p>The <var>directive-type</var> can be one of the following
330 groupings of directives.</p>
337 Allow use of the authorization directives (<directive
338 module="mod_authn_dbm">AuthDBMGroupFile</directive>,
339 <directive module="mod_authn_dbm">AuthDBMUserFile</directive>,
340 <directive module="mod_authz_groupfile">AuthGroupFile</directive>,
341 <directive module="mod_authn_core">AuthName</directive>,
342 <directive module="mod_authn_core">AuthType</directive>, <directive
343 module="mod_authn_file">AuthUserFile</directive>, <directive
344 module="mod_authz_core">Require</directive>, <em>etc.</em>).</dd>
349 Allow use of the directives controlling document types
350 (<directive module="core">ErrorDocument</directive>,
351 <directive module="core">ForceType</directive>,
352 <directive module="mod_negotiation">LanguagePriority</directive>,
353 <directive module="core">SetHandler</directive>,
354 <directive module="core">SetInputFilter</directive>,
355 <directive module="core">SetOutputFilter</directive>, and
356 <module>mod_mime</module> Add* and Remove* directives),
357 document meta data (<directive
358 module="mod_headers">Header</directive>, <directive
359 module="mod_headers">RequestHeader</directive>, <directive
360 module="mod_setenvif">SetEnvIf</directive>, <directive
361 module="mod_setenvif">SetEnvIfNoCase</directive>, <directive
362 module="mod_setenvif">BrowserMatch</directive>, <directive
363 module="mod_usertrack">CookieExpires</directive>, <directive
364 module="mod_usertrack">CookieDomain</directive>, <directive
365 module="mod_usertrack">CookieStyle</directive>, <directive
366 module="mod_usertrack">CookieTracking</directive>, <directive
367 module="mod_usertrack">CookieName</directive>),
368 <module>mod_rewrite</module> directives <directive
369 module="mod_rewrite">RewriteEngine</directive>, <directive
370 module="mod_rewrite">RewriteOptions</directive>, <directive
371 module="mod_rewrite">RewriteBase</directive>, <directive
372 module="mod_rewrite">RewriteCond</directive>, <directive
373 module="mod_rewrite">RewriteRule</directive>) and
374 <directive module="mod_actions">Action</directive> from
375 <module>mod_actions</module>.
381 Allow use of the directives controlling directory indexing
383 module="mod_autoindex">AddDescription</directive>,
384 <directive module="mod_autoindex">AddIcon</directive>, <directive
385 module="mod_autoindex">AddIconByEncoding</directive>,
386 <directive module="mod_autoindex">AddIconByType</directive>,
387 <directive module="mod_autoindex">DefaultIcon</directive>, <directive
388 module="mod_dir">DirectoryIndex</directive>, <directive
389 module="mod_autoindex">FancyIndexing</directive>, <directive
390 module="mod_autoindex">HeaderName</directive>, <directive
391 module="mod_autoindex">IndexIgnore</directive>, <directive
392 module="mod_autoindex">IndexOptions</directive>, <directive
393 module="mod_autoindex">ReadmeName</directive>,
399 Allow use of the directives controlling host access (<directive
400 module="mod_authz_host">Allow</directive>, <directive
401 module="mod_authz_host">Deny</directive> and <directive
402 module="mod_authz_host">Order</directive>).</dd>
404 <dt>Options[=<var>Option</var>,...]</dt>
407 Allow use of the directives controlling specific directory
408 features (<directive module="core">Options</directive> and
409 <directive module="mod_include">XBitHack</directive>).
410 An equal sign may be given followed by a comma (but no spaces)
411 separated lists of options that may be set using the <directive
412 module="core">Options</directive> command.</dd>
418 AllowOverride AuthConfig Indexes
421 <p>In the example above all directives that are neither in the group
422 <code>AuthConfig</code> nor <code>Indexes</code> cause an internal
425 <note><p>For security and performance reasons, do not set
426 <code>AllowOverride</code> to anything other than <code>None</code>
427 in your <code><Directory /></code> block. Instead, find (or
428 create) the <code><Directory></code> block that refers to the
429 directory where you're actually planning to place a
430 <code>.htaccess</code> file.</p>
434 <seealso><directive module="core">AccessFileName</directive></seealso>
435 <seealso><a href="../configuring.html">Configuration Files</a></seealso>
436 <seealso><a href="../howto/htaccess.html">.htaccess Files</a></seealso>
440 <name>CGIMapExtension</name>
441 <description>Technique for locating the interpreter for CGI
442 scripts</description>
443 <syntax>CGIMapExtension <var>cgi-path</var> <var>.extension</var></syntax>
444 <contextlist><context>directory</context><context>.htaccess</context>
446 <override>FileInfo</override>
447 <compatibility>NetWare only</compatibility>
450 <p>This directive is used to control how Apache httpd finds the
451 interpreter used to run CGI scripts. For example, setting
452 <code>CGIMapExtension sys:\foo.nlm .foo</code> will
453 cause all CGI script files with a <code>.foo</code> extension to
454 be passed to the FOO interpreter.</p>
459 <name>ContentDigest</name>
460 <description>Enables the generation of <code>Content-MD5</code> HTTP Response
461 headers</description>
462 <syntax>ContentDigest On|Off</syntax>
463 <default>ContentDigest Off</default>
464 <contextlist><context>server config</context><context>virtual host</context>
465 <context>directory</context><context>.htaccess</context>
467 <override>Options</override>
468 <status>Experimental</status>
471 <p>This directive enables the generation of
472 <code>Content-MD5</code> headers as defined in RFC1864
473 respectively RFC2616.</p>
475 <p>MD5 is an algorithm for computing a "message digest"
476 (sometimes called "fingerprint") of arbitrary-length data, with
477 a high degree of confidence that any alterations in the data
478 will be reflected in alterations in the message digest.</p>
480 <p>The <code>Content-MD5</code> header provides an end-to-end
481 message integrity check (MIC) of the entity-body. A proxy or
482 client may check this header for detecting accidental
483 modification of the entity-body in transit. Example header:</p>
486 Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
489 <p>Note that this can cause performance problems on your server
490 since the message digest is computed on every request (the
491 values are not cached).</p>
493 <p><code>Content-MD5</code> is only sent for documents served
494 by the <module>core</module>, and not by any module. For example,
495 SSI documents, output from CGI scripts, and byte range responses
496 do not have this header.</p>
501 <name>DefaultType</name>
502 <description>This directive has no effect other than to emit warnings
503 if the value is not <code>none</code>. In prior versions, DefaultType
504 would specify a default media type to assign to response content for
505 which no other media type configuration could be found.
507 <syntax>DefaultType <var>media-type|none</var></syntax>
508 <default>DefaultType none</default>
509 <contextlist><context>server config</context><context>virtual host</context>
510 <context>directory</context><context>.htaccess</context>
512 <override>FileInfo</override>
513 <compatibility>The argument <code>none</code> is available in Apache httpd 2.2.7 and later. All other choices are DISABLED for 2.3.x and later.</compatibility>
516 <p>This directive has been disabled. For backwards compatibility
517 of configuration files, it may be specified with the value
518 <code>none</code>, meaning no default media type. For example:</p>
524 <p><code>DefaultType None</code> is only available in
525 httpd-2.2.7 and later.</p>
527 <p>Use the mime.types configuration file and the
528 <directive module="mod_mime">AddType</directive> to configure media
529 type assignments via file extensions, or the
530 <directive module="core">ForceType</directive> directive to configure
531 the media type for specific resources. Otherwise, the server will
532 send the response without a Content-Type header field and the
533 recipient may attempt to guess the media type.</p>
539 <description>Define the existence of a variable</description>
540 <syntax>Define <var>parameter-name</var></syntax>
541 <contextlist><context>server config</context></contextlist>
544 <p>Equivalent to passing the <code>-D</code> argument to <program
545 >httpd</program>.</p>
546 <p>This directive can be used to toggle the use of <directive module="core"
547 type="section">IfDefine</directive> sections without needing to alter
548 <code>-D</code> arguments in any startup scripts.</p>
552 <directivesynopsis type="section">
553 <name>Directory</name>
554 <description>Enclose a group of directives that apply only to the
555 named file-system directory, sub-directories, and their contents.</description>
556 <syntax><Directory <var>directory-path</var>>
557 ... </Directory></syntax>
558 <contextlist><context>server config</context><context>virtual host</context>
562 <p><directive type="section">Directory</directive> and
563 <code></Directory></code> are used to enclose a group of
564 directives that will apply only to the named directory,
565 sub-directories of that directory, and the files within the respective
566 directories. Any directive that is allowed
567 in a directory context may be used. <var>Directory-path</var> is
568 either the full path to a directory, or a wild-card string using
569 Unix shell-style matching. In a wild-card string, <code>?</code> matches
570 any single character, and <code>*</code> matches any sequences of
571 characters. You may also use <code>[]</code> character ranges. None
572 of the wildcards match a `/' character, so <code><Directory
573 /*/public_html></code> will not match
574 <code>/home/user/public_html</code>, but <code><Directory
575 /home/*/public_html></code> will match. Example:</p>
578 <Directory /usr/local/httpd/htdocs><br />
580 Options Indexes FollowSymLinks<br />
586 <p>Be careful with the <var>directory-path</var> arguments:
587 They have to literally match the filesystem path which Apache httpd uses
588 to access the files. Directives applied to a particular
589 <code><Directory></code> will not apply to files accessed from
590 that same directory via a different path, such as via different symbolic
594 <p><glossary ref="regex">Regular
595 expressions</glossary> can also be used, with the addition of the
596 <code>~</code> character. For example:</p>
599 <Directory ~ "^/www/.*/[0-9]{3}">
602 <p>would match directories in <code>/www/</code> that consisted of
605 <p>If multiple (non-regular expression) <directive
606 type="section">Directory</directive> sections
607 match the directory (or one of its parents) containing a document,
608 then the directives are applied in the order of shortest match
609 first, interspersed with the directives from the <a
610 href="#accessfilename">.htaccess</a> files. For example,
614 <Directory /><br />
616 AllowOverride None<br />
618 </Directory><br />
620 <Directory /home/><br />
622 AllowOverride FileInfo<br />
627 <p>for access to the document <code>/home/web/dir/doc.html</code>
631 <li>Apply directive <code>AllowOverride None</code>
632 (disabling <code>.htaccess</code> files).</li>
634 <li>Apply directive <code>AllowOverride FileInfo</code> (for
635 directory <code>/home</code>).</li>
637 <li>Apply any <code>FileInfo</code> directives in
638 <code>/home/.htaccess</code>, <code>/home/web/.htaccess</code> and
639 <code>/home/web/dir/.htaccess</code> in that order.</li>
642 <p>Regular expressions are not considered until after all of the
643 normal sections have been applied. Then all of the regular
644 expressions are tested in the order they appeared in the
645 configuration file. For example, with</p>
648 <Directory ~ abc$><br />
650 # ... directives here ...<br />
655 <p>the regular expression section won't be considered until after
656 all normal <directive type="section">Directory</directive>s and
657 <code>.htaccess</code> files have been applied. Then the regular
658 expression will match on <code>/home/abc/public_html/abc</code> and
659 the corresponding <directive type="section">Directory</directive> will
662 <p><strong>Note that the default access for
663 <code><Directory /></code> is <code>Allow from All</code>.
664 This means that Apache httpd will serve any file mapped from an URL. It is
665 recommended that you change this with a block such
669 <Directory /><br />
671 Order Deny,Allow<br />
677 <p><strong>and then override this for directories you
678 <em>want</em> accessible. See the <a
679 href="../misc/security_tips.html">Security Tips</a> page for more
680 details.</strong></p>
682 <p>The directory sections occur in the <code>httpd.conf</code> file.
683 <directive type="section">Directory</directive> directives
684 cannot nest, and cannot appear in a <directive module="core"
685 type="section">Limit</directive> or <directive module="core"
686 type="section">LimitExcept</directive> section.</p>
688 <seealso><a href="../sections.html">How <Directory>,
689 <Location> and <Files> sections work</a> for an
690 explanation of how these different sections are combined when a
691 request is received</seealso>
694 <directivesynopsis type="section">
695 <name>DirectoryMatch</name>
696 <description>Enclose directives that apply to
697 the contents of file-system directories matching a regular expression.</description>
698 <syntax><DirectoryMatch <var>regex</var>>
699 ... </DirectoryMatch></syntax>
700 <contextlist><context>server config</context><context>virtual host</context>
704 <p><directive type="section">DirectoryMatch</directive> and
705 <code></DirectoryMatch></code> are used to enclose a group
706 of directives which will apply only to the named directory (and the files within),
707 the same as <directive module="core" type="section">Directory</directive>.
708 However, it takes as an argument a
709 <glossary ref="regex">regular expression</glossary>. For example:</p>
712 <DirectoryMatch "^/www/(.+/)?[0-9]{3}">
715 <p>would match directories in <code>/www/</code> that consisted of three
718 <note><title>Compatability</title>
719 Prior to 2.3.9, this directive implicitly applied to sub-directories
720 (like <directive module="core" type="section">Directory</directive>) and
721 could not match the end of line symbol ($). In 2.3.9 and later,
722 only directories that match the expression are affected by the enclosed
726 <note><title>Trailing Slash</title>
727 This directive applies to requests for directories that may or may
728 not end in a trailing slash, so expressions that are anchored to the
729 end of line ($) must be written with care.
732 <seealso><directive type="section" module="core">Directory</directive> for
733 a description of how regular expressions are mixed in with normal
734 <directive type="section">Directory</directive>s</seealso>
736 href="../sections.html">How <Directory>, <Location> and
737 <Files> sections work</a> for an explanation of how these different
738 sections are combined when a request is received</seealso>
742 <name>DocumentRoot</name>
743 <description>Directory that forms the main document tree visible
744 from the web</description>
745 <syntax>DocumentRoot <var>directory-path</var></syntax>
746 <default>DocumentRoot /usr/local/apache/htdocs</default>
747 <contextlist><context>server config</context><context>virtual host</context>
751 <p>This directive sets the directory from which <program>httpd</program>
752 will serve files. Unless matched by a directive like <directive
753 module="mod_alias">Alias</directive>, the server appends the
754 path from the requested URL to the document root to make the
755 path to the document. Example:</p>
758 DocumentRoot /usr/web
762 <code>http://www.my.host.com/index.html</code> refers to
763 <code>/usr/web/index.html</code>. If the <var>directory-path</var> is
764 not absolute then it is assumed to be relative to the <directive
765 module="core">ServerRoot</directive>.</p>
767 <p>The <directive>DocumentRoot</directive> should be specified without
768 a trailing slash.</p>
770 <seealso><a href="../urlmapping.html#documentroot">Mapping URLs to Filesystem
771 Locations</a></seealso>
775 <name>EnableMMAP</name>
776 <description>Use memory-mapping to read files during delivery</description>
777 <syntax>EnableMMAP On|Off</syntax>
778 <default>EnableMMAP On</default>
779 <contextlist><context>server config</context><context>virtual host</context>
780 <context>directory</context><context>.htaccess</context>
782 <override>FileInfo</override>
785 <p>This directive controls whether the <program>httpd</program> may use
786 memory-mapping if it needs to read the contents of a file during
787 delivery. By default, when the handling of a request requires
788 access to the data within a file -- for example, when delivering a
789 server-parsed file using <module>mod_include</module> -- Apache httpd
790 memory-maps the file if the OS supports it.</p>
792 <p>This memory-mapping sometimes yields a performance improvement.
793 But in some environments, it is better to disable the memory-mapping
794 to prevent operational problems:</p>
797 <li>On some multiprocessor systems, memory-mapping can reduce the
798 performance of the <program>httpd</program>.</li>
799 <li>Deleting or truncating a file while <program>httpd</program>
800 has it memory-mapped can cause <program>httpd</program> to
801 crash with a segmentation fault.
805 <p>For server configurations that are vulnerable to these problems,
806 you should disable memory-mapping of delivered files by specifying:</p>
812 <p>For NFS mounted files, this feature may be disabled explicitly for
813 the offending files by specifying:</p>
816 <Directory "/path-to-nfs-files">
826 <name>EnableSendfile</name>
827 <description>Use the kernel sendfile support to deliver files to the client</description>
828 <syntax>EnableSendfile On|Off</syntax>
829 <default>EnableSendfile Off</default>
830 <contextlist><context>server config</context><context>virtual host</context>
831 <context>directory</context><context>.htaccess</context>
833 <override>FileInfo</override>
834 <compatibility>Available in version 2.0.44 and later. Default changed to Off in
835 version 2.3.9.</compatibility>
838 <p>This directive controls whether <program>httpd</program> may use the
839 sendfile support from the kernel to transmit file contents to the client.
840 By default, when the handling of a request requires no access
841 to the data within a file -- for example, when delivering a
842 static file -- Apache httpd uses sendfile to deliver the file contents
843 without ever reading the file if the OS supports it.</p>
845 <p>This sendfile mechanism avoids separate read and send operations,
846 and buffer allocations. But on some platforms or within some
847 filesystems, it is better to disable this feature to avoid
848 operational problems:</p>
851 <li>Some platforms may have broken sendfile support that the build
852 system did not detect, especially if the binaries were built on
853 another box and moved to such a machine with broken sendfile
855 <li>On Linux the use of sendfile triggers TCP-checksum
856 offloading bugs on certain networking cards when using IPv6.</li>
857 <li>On Linux on Itanium, sendfile may be unable to handle files
858 over 2GB in size.</li>
859 <li>With a network-mounted <directive
860 module="core">DocumentRoot</directive> (e.g., NFS, SMB, CIFS, FUSE),
861 the kernel may be unable to serve the network file through
865 <p>For server configurations that are not vulnerable to these problems,
866 you may enable this feature by specifying:</p>
872 <p>For network mounted files, this feature may be disabled explicitly
873 for the offending files by specifying:</p>
876 <Directory "/path-to-nfs-files">
882 <p>Please note that the per-directory and .htaccess configuration
883 of <directive>EnableSendfile</directive> is not supported by
884 <module>mod_cache_disk</module>.
885 Only global definition of <directive>EnableSendfile</directive>
886 is taken into account by the module.
893 <description>Abort configuration parsing with a custom error message</description>
894 <syntax>Error <var>message</var></syntax>
895 <contextlist><context>server config</context><context>virtual host</context>
896 <context>directory</context><context>.htaccess</context>
898 <compatibility>2.3.9 and later</compatibility>
901 <p>If an error can be detected within the configuration, this
902 directive can be used to generate a custom error message, and halt
903 configuration parsing. The typical use is for reporting required
904 modules which are missing from the configuration.</p>
906 <example><title>Example</title>
907 # ensure that mod_include is loaded<br />
908 <IfModule !include_module><br />
909 Error mod_include is required by mod_foo. Load it with LoadModule.<br />
910 </IfModule><br />
912 # ensure that exactly one of SSL,NOSSL is defined<br />
913 <IfDefine SSL><br />
914 <IfDefine NOSSL><br />
915 Error Both SSL and NOSSL are defined. Define only one of them.<br />
916 </IfDefine><br />
917 </IfDefine><br />
918 <IfDefine !SSL><br />
919 <IfDefine !NOSSL><br />
920 Error Either SSL or NOSSL must be defined.<br />
921 </IfDefine><br />
922 </IfDefine><br />
929 <name>ErrorDocument</name>
930 <description>What the server will return to the client
931 in case of an error</description>
932 <syntax>ErrorDocument <var>error-code</var> <var>document</var></syntax>
933 <contextlist><context>server config</context><context>virtual host</context>
934 <context>directory</context><context>.htaccess</context>
936 <override>FileInfo</override>
939 <p>In the event of a problem or error, Apache httpd can be configured
940 to do one of four things,</p>
943 <li>output a simple hardcoded error message</li>
945 <li>output a customized message</li>
947 <li>redirect to a local <var>URL-path</var> to handle the
950 <li>redirect to an external <var>URL</var> to handle the
954 <p>The first option is the default, while options 2-4 are
955 configured using the <directive>ErrorDocument</directive>
956 directive, which is followed by the HTTP response code and a URL
957 or a message. Apache httpd will sometimes offer additional information
958 regarding the problem/error.</p>
960 <p>URLs can begin with a slash (/) for local web-paths (relative
961 to the <directive module="core">DocumentRoot</directive>), or be a
962 full URL which the client can resolve. Alternatively, a message
963 can be provided to be displayed by the browser. Examples:</p>
966 ErrorDocument 500 http://foo.example.com/cgi-bin/tester<br />
967 ErrorDocument 404 /cgi-bin/bad_urls.pl<br />
968 ErrorDocument 401 /subscription_info.html<br />
969 ErrorDocument 403 "Sorry can't allow you access today"
972 <p>Additionally, the special value <code>default</code> can be used
973 to specify Apache httpd's simple hardcoded message. While not required
974 under normal circumstances, <code>default</code> will restore
975 Apache httpd's simple hardcoded message for configurations that would
976 otherwise inherit an existing <directive>ErrorDocument</directive>.</p>
979 ErrorDocument 404 /cgi-bin/bad_urls.pl<br /><br />
980 <Directory /web/docs><br />
982 ErrorDocument 404 default<br />
987 <p>Note that when you specify an <directive>ErrorDocument</directive>
988 that points to a remote URL (ie. anything with a method such as
989 <code>http</code> in front of it), Apache HTTP Server will send a redirect to the
990 client to tell it where to find the document, even if the
991 document ends up being on the same server. This has several
992 implications, the most important being that the client will not
993 receive the original error status code, but instead will
994 receive a redirect status code. This in turn can confuse web
995 robots and other clients which try to determine if a URL is
996 valid using the status code. In addition, if you use a remote
997 URL in an <code>ErrorDocument 401</code>, the client will not
998 know to prompt the user for a password since it will not
999 receive the 401 status code. Therefore, <strong>if you use an
1000 <code>ErrorDocument 401</code> directive then it must refer to a local
1001 document.</strong></p>
1003 <p>Microsoft Internet Explorer (MSIE) will by default ignore
1004 server-generated error messages when they are "too small" and substitute
1005 its own "friendly" error messages. The size threshold varies depending on
1006 the type of error, but in general, if you make your error document
1007 greater than 512 bytes, then MSIE will show the server-generated
1008 error rather than masking it. More information is available in
1009 Microsoft Knowledge Base article <a
1010 href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807"
1013 <p>Although most error messages can be overriden, there are certain
1014 circumstances where the internal messages are used regardless of the
1015 setting of <directive module="core">ErrorDocument</directive>. In
1016 particular, if a malformed request is detected, normal request processing
1017 will be immediately halted and the internal error message returned.
1018 This is necessary to guard against security problems caused by
1021 <p>If you are using mod_proxy, you may wish to enable
1022 <directive module="mod_proxy">ProxyErrorOverride</directive> so that you can provide
1023 custom error messages on behalf of your Origin servers. If you don't enable ProxyErrorOverride,
1024 Apache httpd will not generate custom error documents for proxied content.</p>
1027 <seealso><a href="../custom-error.html">documentation of
1028 customizable responses</a></seealso>
1029 </directivesynopsis>
1032 <name>ErrorLog</name>
1033 <description>Location where the server will log errors</description>
1034 <syntax> ErrorLog <var>file-path</var>|syslog[:<var>facility</var>]</syntax>
1035 <default>ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)</default>
1036 <contextlist><context>server config</context><context>virtual host</context>
1040 <p>The <directive>ErrorLog</directive> directive sets the name of
1041 the file to which the server will log any errors it encounters. If
1042 the <var>file-path</var> is not absolute then it is assumed to be
1043 relative to the <directive module="core">ServerRoot</directive>.</p>
1045 <example><title>Example</title>
1046 ErrorLog /var/log/httpd/error_log
1049 <p>If the <var>file-path</var>
1050 begins with a pipe character "<code>|</code>" then it is assumed to be a
1051 command to spawn to handle the error log.</p>
1053 <example><title>Example</title>
1054 ErrorLog "|/usr/local/bin/httpd_errors"
1057 <p>See the notes on <a href="../logs.html#piped">piped logs</a> for
1058 more information.</p>
1060 <p>Using <code>syslog</code> instead of a filename enables logging
1061 via syslogd(8) if the system supports it. The default is to use
1062 syslog facility <code>local7</code>, but you can override this by
1063 using the <code>syslog:<var>facility</var></code> syntax where
1064 <var>facility</var> can be one of the names usually documented in
1065 syslog(1). The facility is effectively global, and if it is changed
1066 in individual virtual hosts, the final facility specified affects the
1069 <example><title>Example</title>
1070 ErrorLog syslog:user
1073 <p>SECURITY: See the <a
1074 href="../misc/security_tips.html#serverroot">security tips</a>
1075 document for details on why your security could be compromised
1076 if the directory where log files are stored is writable by
1077 anyone other than the user that starts the server.</p>
1078 <note type="warning"><title>Note</title>
1079 <p>When entering a file path on non-Unix platforms, care should be taken
1080 to make sure that only forward slashed are used even though the platform
1081 may allow the use of back slashes. In general it is a good idea to always
1082 use forward slashes throughout the configuration files.</p>
1085 <seealso><directive module="core">LogLevel</directive></seealso>
1086 <seealso><a href="../logs.html">Apache HTTP Server Log Files</a></seealso>
1087 </directivesynopsis>
1090 <name>ErrorLogFormat</name>
1091 <description>Format specification for error log entries</description>
1092 <syntax> ErrorLog [connection|request] <var>format</var></syntax>
1093 <contextlist><context>server config</context><context>virtual host</context>
1095 <compatibility>Available in Apache httpd 2.3.9 and later</compatibility>
1098 <p><directive>ErrorLogFormat</directive> allows to specify what
1099 supplementary information is logged in the error log in addition to the
1100 actual log message.</p>
1102 <example><title>Simple example</title>
1103 ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
1106 <p>Specifying <code>connection</code> or <code>request</code> as first
1107 paramter allows to specify additional formats, causing additional
1108 information to be logged when the first message is logged for a specific
1109 connection or request, respectivly. This additional information is only
1110 logged once per connection/request. If a connection or request is processed
1111 without causing any log message, the additional information is not logged
1114 <p>It can happen that some format string items do not produce output. For
1115 example, the Referer header is only present if the log message is
1116 associated to a request and the log message happens at a time when the
1117 Referer header has already been read from the client. If no output is
1118 produced, the default behaviour is to delete everything from the preceeding
1119 space character to the next space character. This means the log line is
1120 implicitly divided into fields on non-whitespace to whitespace transitions.
1121 If a format string item does not produce output, the whole field is
1122 ommitted. For example, if the remote address <code>%a</code> in the log
1123 format <code>[%t] [%l] [%a] %M </code> is not available, the surrounding
1124 brackets are not logged either. Space characters can be escaped with a
1125 backslash to prevent them from delimiting a field. The combination '% '
1126 (percent space) is a zero-witdh field delimiter that does not produce any
1129 <p>The above behaviour can be changed by adding modifiers to the format
1130 string item. A <code>-</code> (minus) modifier causes a minus to be logged if the
1131 respective item does not produce any output. In once-per-connection/request
1132 formats, it is also possible to use the <code>+</code> (plus) modifier. If an
1133 item with the plus modifier does not produce any output, the whole line is
1136 <p>A number as modifier can be used to assign a log severity level to a
1137 format item. The item will only be logged if the severity of the log
1138 message is not higher than the specified log severity level. The number can
1139 range from 1 (alert) over 4 (warn) and 7 (debug) to 15 (trace8).</p>
1141 <p>Some format string items accept additional parameters in braces.</p>
1143 <table border="1" style="zebra">
1144 <columnspec><column width=".2"/><column width=".8"/></columnspec>
1146 <tr><th>Format String</th> <th>Description</th></tr>
1148 <tr><td><code>%%</code></td>
1149 <td>The percent sign</td></tr>
1151 <tr><td><code>%...a</code></td>
1152 <td>Remote IP-address and port</td></tr>
1154 <tr><td><code>%...A</code></td>
1155 <td>Local IP-address and port</td></tr>
1157 <tr><td><code>%...{name}e</code></td>
1158 <td>Request environment variable <code>name</code></td></tr>
1160 <tr><td><code>%...E</code></td>
1161 <td>APR/OS error status code and string</td></tr>
1163 <tr><td><code>%...F</code></td>
1164 <td>Source file name and line number of the log call</td></tr>
1166 <tr><td><code>%...{name}i</code></td>
1167 <td>Request header <code>name</code></td></tr>
1169 <tr><td><code>%...k</code></td>
1170 <td>Number of keep-alive requests on this connection</td></tr>
1172 <tr><td><code>%...l</code></td>
1173 <td>Loglevel of the message</td></tr>
1175 <tr><td><code>%...L</code></td>
1176 <td>Log ID of the request</td></tr>
1178 <tr><td><code>%...{c}L</code></td>
1179 <td>Log ID of the connection</td></tr>
1181 <tr><td><code>%...{C}L</code></td>
1182 <td>Log ID of the connection if used in connection scope, empty otherwise</td></tr>
1184 <tr><td><code>%...m</code></td>
1185 <td>Name of the module logging the message</td></tr>
1187 <tr><td><code>%M</code></td>
1188 <td>The actual log message</td></tr>
1190 <tr><td><code>%...{name}n</code></td>
1191 <td>Request note <code>name</code></td></tr>
1193 <tr><td><code>%...P</code></td>
1194 <td>Process ID of current process</td></tr>
1196 <tr><td><code>%...T</code></td>
1197 <td>Thread ID of current thread</td></tr>
1199 <tr><td><code>%...t</code></td>
1200 <td>The current time</td></tr>
1202 <tr><td><code>%...{u}t</code></td>
1203 <td>The current time including micro-seconds</td></tr>
1205 <tr><td><code>%...{cu}t</code></td>
1206 <td>The current time in compact ISO 8601 format, including
1207 micro-seconds</td></tr>
1209 <tr><td><code>%...v</code></td>
1210 <td>The canonical <directive module="core">ServerName</directive>
1211 of the current server.</td></tr>
1213 <tr><td><code>%...V</code></td>
1214 <td>The server name of the server serving the request according to the
1215 <directive module="core" >UseCanonicalName</directive>
1218 <tr><td><code>\ </code> (backslash space)</td>
1219 <td>Non-field delimiting space</td></tr>
1221 <tr><td><code>% </code> (percent space)</td>
1222 <td>Field delimiter (no output)</td></tr>
1225 <p>The log ID format <code>%L</code> produces a unique id for a connection
1226 or request. This can be used to correlate which log lines belong to the
1227 same connection or request, which request happens on which connection.
1228 A <code>%L</code> format string is also available in
1229 <module>mod_log_config</module>, to allow to correlate access log entries
1230 with error log lines. If <module>mod_unique_id</module> is loaded, its
1231 unique id will be used as log ID for requests.</p>
1233 <example><title>Example (somewhat similar to default format)</title>
1234 ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P] %7F: %E: [client\ %a]
1235 %M% ,\ referer\ %{Referer}i"
1238 <example><title>Example (similar to the 2.2.x format)</title>
1239 ErrorLogFormat "[%t] [%l] %7F: %E: [client\ %a]
1240 %M% ,\ referer\ %{Referer}i"
1243 <example><title>Advanced example with request/connection log IDs</title>
1244 ErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M"<br/>
1245 ErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T"<br/>
1246 ErrorLogFormat request "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'"<br/>
1247 ErrorLogFormat request "[%{uc}t] [R:%L] Referer:'%+{Referer}i'"<br/>
1248 ErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A"<br/>
1252 <seealso><directive module="core">ErrorLog</directive></seealso>
1253 <seealso><directive module="core">LogLevel</directive></seealso>
1254 <seealso><a href="../logs.html">Apache HTTP Server Log Files</a></seealso>
1255 </directivesynopsis>
1258 <name>ExtendedStatus</name>
1259 <description>Keep track of extended status information for each
1260 request</description>
1261 <syntax>ExtendedStatus On|Off</syntax>
1262 <default>ExtendedStatus Off[*]</default>
1263 <contextlist><context>server config</context></contextlist>
1266 <p>This option tracks additional data per worker about the
1267 currently executing request, and a utilization summary; you
1268 can see these variables during runtime by configuring
1269 <module>mod_status</module>. Note that other modules may
1270 rely on this scoreboard.</p>
1272 <p>This setting applies to the entire server, and cannot be
1273 enabled or disabled on a virtualhost-by-virtualhost basis.
1274 The collection of extended status information can slow down
1275 the server. Also note that this setting cannot be changed
1276 during a graceful restart.</p>
1279 <p>Note that loading <module>mod_status</module> will change
1280 the default behavior to ExtendedStatus On, while other
1281 third party modules may do the same. Such modules rely on
1282 collecting detailed information about the state of all workers.
1283 The default is changed by <module>mod_status</module> beginning
1284 with version 2.3.6; the previous default was always Off.</p>
1289 </directivesynopsis>
1292 <name>FileETag</name>
1293 <description>File attributes used to create the ETag
1294 HTTP response header for static files</description>
1295 <syntax>FileETag <var>component</var> ...</syntax>
1296 <default>FileETag INode MTime Size</default>
1297 <contextlist><context>server config</context><context>virtual host</context>
1298 <context>directory</context><context>.htaccess</context>
1300 <override>FileInfo</override>
1304 The <directive>FileETag</directive> directive configures the file
1305 attributes that are used to create the <code>ETag</code> (entity
1306 tag) response header field when the document is based on a static file.
1307 (The <code>ETag</code> value is used in cache management to save
1308 network bandwidth.) The
1309 <directive>FileETag</directive> directive allows you to choose
1310 which of these -- if any -- should be used. The recognized keywords are:
1314 <dt><strong>INode</strong></dt>
1315 <dd>The file's i-node number will be included in the calculation</dd>
1316 <dt><strong>MTime</strong></dt>
1317 <dd>The date and time the file was last modified will be included</dd>
1318 <dt><strong>Size</strong></dt>
1319 <dd>The number of bytes in the file will be included</dd>
1320 <dt><strong>All</strong></dt>
1321 <dd>All available fields will be used. This is equivalent to:
1322 <example>FileETag INode MTime Size</example></dd>
1323 <dt><strong>None</strong></dt>
1324 <dd>If a document is file-based, no <code>ETag</code> field will be
1325 included in the response</dd>
1328 <p>The <code>INode</code>, <code>MTime</code>, and <code>Size</code>
1329 keywords may be prefixed with either <code>+</code> or <code>-</code>,
1330 which allow changes to be made to the default setting inherited
1331 from a broader scope. Any keyword appearing without such a prefix
1332 immediately and completely cancels the inherited setting.</p>
1334 <p>If a directory's configuration includes
1335 <code>FileETag INode MTime Size</code>, and a
1336 subdirectory's includes <code>FileETag -INode</code>,
1337 the setting for that subdirectory (which will be inherited by
1338 any sub-subdirectories that don't override it) will be equivalent to
1339 <code>FileETag MTime Size</code>.</p>
1340 <note type="warning"><title>Warning</title>
1341 Do not change the default for directories or locations that have WebDAV
1342 enabled and use <module>mod_dav_fs</module> as a storage provider.
1343 <module>mod_dav_fs</module> uses <code>INode MTime Size</code>
1344 as a fixed format for <code>ETag</code> comparisons on conditional requests.
1345 These conditional requests will break if the <code>ETag</code> format is
1346 changed via <directive>FileETag</directive>.
1348 <note><title>Server Side Includes</title>
1349 An ETag is not generated for responses parsed by <module>mod_include</module>,
1350 since the response entity can change without a change of the INode, MTime, or Size
1351 of the static file with embedded SSI directives.
1355 </directivesynopsis>
1357 <directivesynopsis type="section">
1359 <description>Contains directives that apply to matched
1360 filenames</description>
1361 <syntax><Files <var>filename</var>> ... </Files></syntax>
1362 <contextlist><context>server config</context><context>virtual host</context>
1363 <context>directory</context><context>.htaccess</context>
1365 <override>All</override>
1368 <p>The <directive type="section">Files</directive> directive
1369 limits the scope of the enclosed directives by filename. It is comparable
1370 to the <directive module="core" type="section">Directory</directive>
1371 and <directive module="core" type="section">Location</directive>
1372 directives. It should be matched with a <code></Files></code>
1373 directive. The directives given within this section will be applied to
1374 any object with a basename (last component of filename) matching the
1375 specified filename. <directive type="section">Files</directive>
1376 sections are processed in the order they appear in the
1377 configuration file, after the <directive module="core"
1378 type="section">Directory</directive> sections and
1379 <code>.htaccess</code> files are read, but before <directive
1380 type="section" module="core">Location</directive> sections. Note
1381 that <directive type="section">Files</directive> can be nested
1382 inside <directive type="section"
1383 module="core">Directory</directive> sections to restrict the
1384 portion of the filesystem they apply to.</p>
1386 <p>The <var>filename</var> argument should include a filename, or
1387 a wild-card string, where <code>?</code> matches any single character,
1388 and <code>*</code> matches any sequences of characters.
1389 <glossary ref="regex">Regular expressions</glossary>
1390 can also be used, with the addition of the
1391 <code>~</code> character. For example:</p>
1394 <Files ~ "\.(gif|jpe?g|png)$">
1397 <p>would match most common Internet graphics formats. <directive
1398 module="core" type="section">FilesMatch</directive> is preferred,
1401 <p>Note that unlike <directive type="section"
1402 module="core">Directory</directive> and <directive type="section"
1403 module="core">Location</directive> sections, <directive
1404 type="section">Files</directive> sections can be used inside
1405 <code>.htaccess</code> files. This allows users to control access to
1406 their own files, at a file-by-file level.</p>
1409 <seealso><a href="../sections.html">How <Directory>, <Location>
1410 and <Files> sections work</a> for an explanation of how these
1411 different sections are combined when a request is received</seealso>
1412 </directivesynopsis>
1414 <directivesynopsis type="section">
1415 <name>FilesMatch</name>
1416 <description>Contains directives that apply to regular-expression matched
1417 filenames</description>
1418 <syntax><FilesMatch <var>regex</var>> ... </FilesMatch></syntax>
1419 <contextlist><context>server config</context><context>virtual host</context>
1420 <context>directory</context><context>.htaccess</context>
1422 <override>All</override>
1425 <p>The <directive type="section">FilesMatch</directive> directive
1426 limits the scope of the enclosed directives by filename, just as the
1427 <directive module="core" type="section">Files</directive> directive
1428 does. However, it accepts a <glossary ref="regex">regular
1429 expression</glossary>. For example:</p>
1432 <FilesMatch "\.(gif|jpe?g|png)$">
1435 <p>would match most common Internet graphics formats.</p>
1438 <seealso><a href="../sections.html">How <Directory>, <Location>
1439 and <Files> sections work</a> for an explanation of how these
1440 different sections are combined when a request is received</seealso>
1441 </directivesynopsis>
1444 <name>ForceType</name>
1445 <description>Forces all matching files to be served with the specified
1446 media type in the HTTP Content-Type header field</description>
1447 <syntax>ForceType <var>media-type</var>|None</syntax>
1448 <contextlist><context>directory</context><context>.htaccess</context>
1450 <override>FileInfo</override>
1451 <compatibility>Moved to the core in Apache httpd 2.0</compatibility>
1454 <p>When placed into an <code>.htaccess</code> file or a
1455 <directive type="section" module="core">Directory</directive>, or
1456 <directive type="section" module="core">Location</directive> or
1457 <directive type="section" module="core">Files</directive>
1458 section, this directive forces all matching files to be served
1459 with the content type identification given by
1460 <var>media-type</var>. For example, if you had a directory full of
1461 GIF files, but did not want to label them all with <code>.gif</code>,
1462 you might want to use:</p>
1468 <p>Note that this directive overrides other indirect media type
1469 associations defined in mime.types or via the
1470 <directive module="mod_mime">AddType</directive>.</p>
1472 <p>You can also override more general
1473 <directive>ForceType</directive> settings
1474 by using the value of <code>None</code>:</p>
1477 # force all files to be image/gif:<br />
1478 <Location /images><br />
1480 ForceType image/gif<br />
1482 </Location><br />
1484 # but normal mime-type associations here:<br />
1485 <Location /images/mixed><br />
1487 ForceType None<br />
1492 <p>This directive primarily overrides the content types generated for
1493 static files served out of the filesystem. For resources other than
1494 static files, where the generator of the response typically specifies
1495 a Content-Type, this directive has no effect.</p>
1498 </directivesynopsis>
1500 <name>GprofDir</name>
1501 <description>Directory to write gmon.out profiling data to. </description>
1502 <syntax>GprofDir <var>/tmp/gprof/</var>|<var>/tmp/gprof/</var>%</syntax>
1503 <contextlist><context>server config</context><context>virtual host</context>
1507 <p>When the server has been compiled with gprof profiling support,
1508 <directive>GprofDir</directive> causes <code>gmon.out</code> files to
1509 be written to the specified directory when the process exits. If the
1510 argument ends with a percent symbol ('%'), subdirectories are created
1511 for each process id.</p>
1513 <p>This directive currently only works with the <module>prefork</module>
1516 </directivesynopsis>
1519 <name>HostnameLookups</name>
1520 <description>Enables DNS lookups on client IP addresses</description>
1521 <syntax>HostnameLookups On|Off|Double</syntax>
1522 <default>HostnameLookups Off</default>
1523 <contextlist><context>server config</context><context>virtual host</context>
1524 <context>directory</context></contextlist>
1527 <p>This directive enables DNS lookups so that host names can be
1528 logged (and passed to CGIs/SSIs in <code>REMOTE_HOST</code>).
1529 The value <code>Double</code> refers to doing double-reverse
1530 DNS lookup. That is, after a reverse lookup is performed, a forward
1531 lookup is then performed on that result. At least one of the IP
1532 addresses in the forward lookup must match the original
1533 address. (In "tcpwrappers" terminology this is called
1534 <code>PARANOID</code>.)</p>
1536 <p>Regardless of the setting, when <module>mod_authz_host</module> is
1537 used for controlling access by hostname, a double reverse lookup
1538 will be performed. This is necessary for security. Note that the
1539 result of this double-reverse isn't generally available unless you
1540 set <code>HostnameLookups Double</code>. For example, if only
1541 <code>HostnameLookups On</code> and a request is made to an object
1542 that is protected by hostname restrictions, regardless of whether
1543 the double-reverse fails or not, CGIs will still be passed the
1544 single-reverse result in <code>REMOTE_HOST</code>.</p>
1546 <p>The default is <code>Off</code> in order to save the network
1547 traffic for those sites that don't truly need the reverse
1548 lookups done. It is also better for the end users because they
1549 don't have to suffer the extra latency that a lookup entails.
1550 Heavily loaded sites should leave this directive
1551 <code>Off</code>, since DNS lookups can take considerable
1552 amounts of time. The utility <program>logresolve</program>, compiled by
1553 default to the <code>bin</code> subdirectory of your installation
1554 directory, can be used to look up host names from logged IP addresses
1557 </directivesynopsis>
1559 <directivesynopsis type="section">
1561 <description>Contains directives that apply only if a condition is
1562 satisfied by a request at runtime</description>
1563 <syntax><If <var>expression</var>> ... </If></syntax>
1564 <contextlist><context>server config</context><context>virtual host</context>
1565 <context>directory</context><context>.htaccess</context>
1567 <override>All</override>
1570 <p>The <directive type="section">If</directive> directive
1571 evaluates an expression at runtime, and applies the enclosed
1572 directives if and only if the expression evaluates to true.
1576 <If "$req{Host} = ''">
1579 <p>would match HTTP/1.0 requests without a <var>Host:</var> header.</p>
1581 <p>You may compare the value of any variable in the request headers
1582 ($req), response headers ($resp) or environment ($env) in your
1585 <p>Apart from <code>=</code>, <code>If</code> can use the <code>IN</code>
1586 operator to compare if the expression is in a given range:</p>
1589 <If %{REQUEST_METHOD} IN GET,HEAD,OPTIONS>
1594 <seealso><a href="../expr.html">Expressions in Apache HTTP Server</a>,
1595 for a complete reference and more examples.</seealso>
1596 <seealso><a href="../sections.html">How <Directory>, <Location>,
1597 <Files> sections work</a> for an explanation of how these
1598 different sections are combined when a request is received.
1599 <directive type="section">If</directive> has the same precedence
1600 and usage as <directive type="section">Files</directive></seealso>
1601 </directivesynopsis>
1603 <directivesynopsis type="section">
1604 <name>IfDefine</name>
1605 <description>Encloses directives that will be processed only
1606 if a test is true at startup</description>
1607 <syntax><IfDefine [!]<var>parameter-name</var>> ...
1608 </IfDefine></syntax>
1609 <contextlist><context>server config</context><context>virtual host</context>
1610 <context>directory</context><context>.htaccess</context>
1612 <override>All</override>
1615 <p>The <code><IfDefine <var>test</var>>...</IfDefine>
1616 </code> section is used to mark directives that are conditional. The
1617 directives within an <directive type="section">IfDefine</directive>
1618 section are only processed if the <var>test</var> is true. If <var>
1619 test</var> is false, everything between the start and end markers is
1622 <p>The <var>test</var> in the <directive type="section"
1623 >IfDefine</directive> section directive can be one of two forms:</p>
1626 <li><var>parameter-name</var></li>
1628 <li><code>!</code><var>parameter-name</var></li>
1631 <p>In the former case, the directives between the start and end
1632 markers are only processed if the parameter named
1633 <var>parameter-name</var> is defined. The second format reverses
1634 the test, and only processes the directives if
1635 <var>parameter-name</var> is <strong>not</strong> defined.</p>
1637 <p>The <var>parameter-name</var> argument is a define as given on the
1638 <program>httpd</program> command line via <code>-D<var>parameter</var>
1639 </code> at the time the server was started or by the <directive
1640 module="core">Define</directive> directive.</p>
1642 <p><directive type="section">IfDefine</directive> sections are
1643 nest-able, which can be used to implement simple
1644 multiple-parameter tests. Example:</p>
1647 httpd -DReverseProxy -DUseCache -DMemCache ...<br />
1650 <IfDefine ReverseProxy><br />
1652 LoadModule proxy_module modules/mod_proxy.so<br />
1653 LoadModule proxy_http_module modules/mod_proxy_http.so<br />
1654 <IfDefine UseCache><br />
1656 LoadModule cache_module modules/mod_cache.so<br />
1657 <IfDefine MemCache><br />
1659 LoadModule mem_cache_module modules/mod_mem_cache.so<br />
1661 </IfDefine><br />
1662 <IfDefine !MemCache><br />
1664 LoadModule cache_disk_module modules/mod_cache_disk.so<br />
1673 </directivesynopsis>
1675 <directivesynopsis type="section">
1676 <name>IfModule</name>
1677 <description>Encloses directives that are processed conditional on the
1678 presence or absence of a specific module</description>
1679 <syntax><IfModule [!]<var>module-file</var>|<var>module-identifier</var>> ...
1680 </IfModule></syntax>
1681 <contextlist><context>server config</context><context>virtual host</context>
1682 <context>directory</context><context>.htaccess</context>
1684 <override>All</override>
1685 <compatibility>Module identifiers are available in version 2.1 and
1686 later.</compatibility>
1689 <p>The <code><IfModule <var>test</var>>...</IfModule></code>
1690 section is used to mark directives that are conditional on the presence of
1691 a specific module. The directives within an <directive type="section"
1692 >IfModule</directive> section are only processed if the <var>test</var>
1693 is true. If <var>test</var> is false, everything between the start and
1694 end markers is ignored.</p>
1696 <p>The <var>test</var> in the <directive type="section"
1697 >IfModule</directive> section directive can be one of two forms:</p>
1700 <li><var>module</var></li>
1702 <li>!<var>module</var></li>
1705 <p>In the former case, the directives between the start and end
1706 markers are only processed if the module named <var>module</var>
1707 is included in Apache httpd -- either compiled in or
1708 dynamically loaded using <directive module="mod_so"
1709 >LoadModule</directive>. The second format reverses the test,
1710 and only processes the directives if <var>module</var> is
1711 <strong>not</strong> included.</p>
1713 <p>The <var>module</var> argument can be either the module identifier or
1714 the file name of the module, at the time it was compiled. For example,
1715 <code>rewrite_module</code> is the identifier and
1716 <code>mod_rewrite.c</code> is the file name. If a module consists of
1717 several source files, use the name of the file containing the string
1718 <code>STANDARD20_MODULE_STUFF</code>.</p>
1720 <p><directive type="section">IfModule</directive> sections are
1721 nest-able, which can be used to implement simple multiple-module
1724 <note>This section should only be used if you need to have one
1725 configuration file that works whether or not a specific module
1726 is available. In normal operation, directives need not be
1727 placed in <directive type="section">IfModule</directive>
1730 </directivesynopsis>
1733 <name>Include</name>
1734 <description>Includes other configuration files from within
1735 the server configuration files</description>
1736 <syntax>Include [<var>optional</var>|<var>strict</var>] <var>file-path</var>|<var>directory-path</var>|<var>wildcard</var></syntax>
1737 <contextlist><context>server config</context><context>virtual host</context>
1738 <context>directory</context>
1740 <compatibility>Wildcard matching available in 2.0.41 and later, directory
1741 wildcard matching available in 2.3.6 and later</compatibility>
1744 <p>This directive allows inclusion of other configuration files
1745 from within the server configuration files.</p>
1747 <p>Shell-style (<code>fnmatch()</code>) wildcard characters can be used
1748 in the filename or directory parts of the path to include several files
1749 at once, in alphabetical order. In addition, if
1750 <directive>Include</directive> points to a directory, rather than a file,
1751 Apache httpd will read all files in that directory and any subdirectory.
1752 However, including entire directories is not recommended, because it is
1753 easy to accidentally leave temporary files in a directory that can cause
1754 <program>httpd</program> to fail. Instead, we encourage you to use the
1755 wildcard syntax shown below, to include files that match a particular
1756 pattern, such as *.conf, for example.</p>
1758 <p>When a wildcard is specified for a <strong>file</strong> component of
1759 the path, and no file matches the wildcard, the
1760 <directive module="core">Include</directive>
1761 directive will be <strong>silently ignored</strong>. When a wildcard is
1762 specified for a <strong>directory</strong> component of the path, and
1763 no directory matches the wildcard, the
1764 <directive module="core">Include</directive> directive will
1765 <strong>fail with an error</strong> saying the directory cannot be found.
1768 <p>For further control over the behaviour of the server when no files or
1769 directories match, prefix the path with the modifiers <var>optional</var>
1770 or <var>strict</var>. If <var>optional</var> is specified, any wildcard
1771 file or directory that does not match will be silently ignored. If
1772 <var>strict</var> is specified, any wildcard file or directory that does
1773 not match at least one file will cause server startup to fail.</p>
1775 <p>When a directory or file component of the path is
1776 specified exactly, and that directory or file does not exist,
1777 <directive module="core">Include</directive> directive will fail with an
1778 error saying the file or directory cannot be found.</p>
1780 <p>The file path specified may be an absolute path, or may be relative
1781 to the <directive module="core">ServerRoot</directive> directory.</p>
1786 Include /usr/local/apache2/conf/ssl.conf<br />
1787 Include /usr/local/apache2/conf/vhosts/*.conf
1790 <p>Or, providing paths relative to your <directive
1791 module="core">ServerRoot</directive> directory:</p>
1794 Include conf/ssl.conf<br />
1795 Include conf/vhosts/*.conf
1798 <p>Wildcards may be included in the directory or file portion of the
1799 path. In the following example, the server will fail to load if no
1800 directories match conf/vhosts/*, but will load successfully if no
1801 files match *.conf.</p>
1804 Include conf/vhosts/*/vhost.conf<br />
1805 Include conf/vhosts/*/*.conf
1808 <p>In this example, the server will fail to load if either
1809 conf/vhosts/* matches no directories, or if *.conf matches no files:</p>
1812 Include strict conf/vhosts/*/*.conf
1815 <p>In this example, the server load successfully if either conf/vhosts/*
1816 matches no directories, or if *.conf matches no files:</p>
1819 Include optional conf/vhosts/*/*.conf
1824 <seealso><program>apachectl</program></seealso>
1825 </directivesynopsis>
1828 <name>KeepAlive</name>
1829 <description>Enables HTTP persistent connections</description>
1830 <syntax>KeepAlive On|Off</syntax>
1831 <default>KeepAlive On</default>
1832 <contextlist><context>server config</context><context>virtual host</context>
1836 <p>The Keep-Alive extension to HTTP/1.0 and the persistent
1837 connection feature of HTTP/1.1 provide long-lived HTTP sessions
1838 which allow multiple requests to be sent over the same TCP
1839 connection. In some cases this has been shown to result in an
1840 almost 50% speedup in latency times for HTML documents with
1841 many images. To enable Keep-Alive connections, set
1842 <code>KeepAlive On</code>.</p>
1844 <p>For HTTP/1.0 clients, Keep-Alive connections will only be
1845 used if they are specifically requested by a client. In
1846 addition, a Keep-Alive connection with an HTTP/1.0 client can
1847 only be used when the length of the content is known in
1848 advance. This implies that dynamic content such as CGI output,
1849 SSI pages, and server-generated directory listings will
1850 generally not use Keep-Alive connections to HTTP/1.0 clients.
1851 For HTTP/1.1 clients, persistent connections are the default
1852 unless otherwise specified. If the client requests it, chunked
1853 encoding will be used in order to send content of unknown
1854 length over persistent connections.</p>
1856 <p>When a client uses a Keep-Alive connection it will be counted
1857 as a single "request" for the <directive module="mpm_common"
1858 >MaxConnectionsPerChild</directive> directive, regardless
1859 of how many requests are sent using the connection.</p>
1862 <seealso><directive module="core">MaxKeepAliveRequests</directive></seealso>
1863 </directivesynopsis>
1866 <name>KeepAliveTimeout</name>
1867 <description>Amount of time the server will wait for subsequent
1868 requests on a persistent connection</description>
1869 <syntax>KeepAliveTimeout <var>num</var>[ms]</syntax>
1870 <default>KeepAliveTimeout 5</default>
1871 <contextlist><context>server config</context><context>virtual host</context>
1873 <compatibility>Specifying a value in milliseconds is available in
1874 Apache httpd 2.3.2 and later</compatibility>
1877 <p>The number of seconds Apache httpd will wait for a subsequent
1878 request before closing the connection. By adding a postfix of ms the
1879 timeout can be also set in milliseconds. Once a request has been
1880 received, the timeout value specified by the
1881 <directive module="core">Timeout</directive> directive applies.</p>
1883 <p>Setting <directive>KeepAliveTimeout</directive> to a high value
1884 may cause performance problems in heavily loaded servers. The
1885 higher the timeout, the more server processes will be kept
1886 occupied waiting on connections with idle clients.</p>
1888 <p>In a name-based virtual host context, the value of the first
1889 defined virtual host (the default host) in a set of <directive
1890 module="core">NameVirtualHost</directive> will be used.
1891 The other values will be ignored.</p>
1893 </directivesynopsis>
1895 <directivesynopsis type="section">
1897 <description>Restrict enclosed access controls to only certain HTTP
1898 methods</description>
1899 <syntax><Limit <var>method</var> [<var>method</var>] ... > ...
1900 </Limit></syntax>
1901 <contextlist><context>directory</context><context>.htaccess</context>
1903 <override>AuthConfig, Limit</override>
1906 <p>Access controls are normally effective for
1907 <strong>all</strong> access methods, and this is the usual
1908 desired behavior. <strong>In the general case, access control
1909 directives should not be placed within a
1910 <directive type="section">Limit</directive> section.</strong></p>
1912 <p>The purpose of the <directive type="section">Limit</directive>
1913 directive is to restrict the effect of the access controls to the
1914 nominated HTTP methods. For all other methods, the access
1915 restrictions that are enclosed in the <directive
1916 type="section">Limit</directive> bracket <strong>will have no
1917 effect</strong>. The following example applies the access control
1918 only to the methods <code>POST</code>, <code>PUT</code>, and
1919 <code>DELETE</code>, leaving all other methods unprotected:</p>
1922 <Limit POST PUT DELETE><br />
1924 Require valid-user<br />
1929 <p>The method names listed can be one or more of: <code>GET</code>,
1930 <code>POST</code>, <code>PUT</code>, <code>DELETE</code>,
1931 <code>CONNECT</code>, <code>OPTIONS</code>,
1932 <code>PATCH</code>, <code>PROPFIND</code>, <code>PROPPATCH</code>,
1933 <code>MKCOL</code>, <code>COPY</code>, <code>MOVE</code>,
1934 <code>LOCK</code>, and <code>UNLOCK</code>. <strong>The method name is
1935 case-sensitive.</strong> If <code>GET</code> is used it will also
1936 restrict <code>HEAD</code> requests. The <code>TRACE</code> method
1937 cannot be limited (see <directive module="core"
1938 >TraceEnable</directive>).</p>
1940 <note type="warning">A <directive type="section"
1941 module="core">LimitExcept</directive> section should always be
1942 used in preference to a <directive type="section">Limit</directive>
1943 section when restricting access, since a <directive type="section"
1944 module="core">LimitExcept</directive> section provides protection
1945 against arbitrary methods.</note>
1947 <p>The <directive type="section">Limit</directive> and
1948 <directive type="section" module="core">LimitExcept</directive>
1949 directives may be nested. In this case, each successive level of
1950 <directive type="section">Limit</directive> or <directive
1951 type="section" module="core">LimitExcept</directive> directives must
1952 further restrict the set of methods to which access controls apply.</p>
1954 <note type="warning">When using
1955 <directive type="section">Limit</directive> or
1956 <directive type="section">LimitExcept</directive> directives with
1957 the <directive module="mod_authz_core">Require</directive> directive,
1958 note that the first <directive module="mod_authz_core">Require</directive>
1959 to succeed authorizes the request, regardless of the presence of other
1960 <directive module="mod_authz_core">Require</directive> directives.</note>
1962 <p>For example, given the following configuration, all users will
1963 be authorized for <code>POST</code> requests, and the
1964 <code>Require group editors</code> directive will be ignored
1968 <LimitExcept GET>
1972 </LimitExcept><br />
1975 Require group editors
1980 </directivesynopsis>
1982 <directivesynopsis type="section">
1983 <name>LimitExcept</name>
1984 <description>Restrict access controls to all HTTP methods
1985 except the named ones</description>
1986 <syntax><LimitExcept <var>method</var> [<var>method</var>] ... > ...
1987 </LimitExcept></syntax>
1988 <contextlist><context>directory</context><context>.htaccess</context>
1990 <override>AuthConfig, Limit</override>
1993 <p><directive type="section">LimitExcept</directive> and
1994 <code></LimitExcept></code> are used to enclose
1995 a group of access control directives which will then apply to any
1996 HTTP access method <strong>not</strong> listed in the arguments;
1997 i.e., it is the opposite of a <directive type="section"
1998 module="core">Limit</directive> section and can be used to control
1999 both standard and nonstandard/unrecognized methods. See the
2000 documentation for <directive module="core"
2001 type="section">Limit</directive> for more details.</p>
2006 <LimitExcept POST GET><br />
2008 Require valid-user<br />
2010 </LimitExcept>
2014 </directivesynopsis>
2017 <name>LimitInternalRecursion</name>
2018 <description>Determine maximum number of internal redirects and nested
2019 subrequests</description>
2020 <syntax>LimitInternalRecursion <var>number</var> [<var>number</var>]</syntax>
2021 <default>LimitInternalRecursion 10</default>
2022 <contextlist><context>server config</context><context>virtual host</context>
2024 <compatibility>Available in Apache httpd 2.0.47 and later</compatibility>
2027 <p>An internal redirect happens, for example, when using the <directive
2028 module="mod_actions">Action</directive> directive, which internally
2029 redirects the original request to a CGI script. A subrequest is Apache httpd's
2030 mechanism to find out what would happen for some URI if it were requested.
2031 For example, <module>mod_dir</module> uses subrequests to look for the
2032 files listed in the <directive module="mod_dir">DirectoryIndex</directive>
2035 <p><directive>LimitInternalRecursion</directive> prevents the server
2036 from crashing when entering an infinite loop of internal redirects or
2037 subrequests. Such loops are usually caused by misconfigurations.</p>
2039 <p>The directive stores two different limits, which are evaluated on
2040 per-request basis. The first <var>number</var> is the maximum number of
2041 internal redirects, that may follow each other. The second <var>number</var>
2042 determines, how deep subrequests may be nested. If you specify only one
2043 <var>number</var>, it will be assigned to both limits.</p>
2045 <example><title>Example</title>
2046 LimitInternalRecursion 5
2049 </directivesynopsis>
2052 <name>LimitRequestBody</name>
2053 <description>Restricts the total size of the HTTP request body sent
2054 from the client</description>
2055 <syntax>LimitRequestBody <var>bytes</var></syntax>
2056 <default>LimitRequestBody 0</default>
2057 <contextlist><context>server config</context><context>virtual host</context>
2058 <context>directory</context><context>.htaccess</context>
2060 <override>All</override>
2063 <p>This directive specifies the number of <var>bytes</var> from 0
2064 (meaning unlimited) to 2147483647 (2GB) that are allowed in a
2065 request body. See the note below for the limited applicability
2066 to proxy requests.</p>
2068 <p>The <directive>LimitRequestBody</directive> directive allows
2069 the user to set a limit on the allowed size of an HTTP request
2070 message body within the context in which the directive is given
2071 (server, per-directory, per-file or per-location). If the client
2072 request exceeds that limit, the server will return an error
2073 response instead of servicing the request. The size of a normal
2074 request message body will vary greatly depending on the nature of
2075 the resource and the methods allowed on that resource. CGI scripts
2076 typically use the message body for retrieving form information.
2077 Implementations of the <code>PUT</code> method will require
2078 a value at least as large as any representation that the server
2079 wishes to accept for that resource.</p>
2081 <p>This directive gives the server administrator greater
2082 control over abnormal client request behavior, which may be
2083 useful for avoiding some forms of denial-of-service
2086 <p>If, for example, you are permitting file upload to a particular
2087 location, and wish to limit the size of the uploaded file to 100K,
2088 you might use the following directive:</p>
2091 LimitRequestBody 102400
2094 <note><p>For a full description of how this directive is interpreted by
2095 proxy requests, see the <module>mod_proxy</module> documentation.</p>
2099 </directivesynopsis>
2102 <name>LimitRequestFields</name>
2103 <description>Limits the number of HTTP request header fields that
2104 will be accepted from the client</description>
2105 <syntax>LimitRequestFields <var>number</var></syntax>
2106 <default>LimitRequestFields 100</default>
2107 <contextlist><context>server config</context><context>virtual host</context></contextlist>
2110 <p><var>Number</var> is an integer from 0 (meaning unlimited) to
2111 32767. The default value is defined by the compile-time
2112 constant <code>DEFAULT_LIMIT_REQUEST_FIELDS</code> (100 as
2115 <p>The <directive>LimitRequestFields</directive> directive allows
2116 the server administrator to modify the limit on the number of
2117 request header fields allowed in an HTTP request. A server needs
2118 this value to be larger than the number of fields that a normal
2119 client request might include. The number of request header fields
2120 used by a client rarely exceeds 20, but this may vary among
2121 different client implementations, often depending upon the extent
2122 to which a user has configured their browser to support detailed
2123 content negotiation. Optional HTTP extensions are often expressed
2124 using request header fields.</p>
2126 <p>This directive gives the server administrator greater
2127 control over abnormal client request behavior, which may be
2128 useful for avoiding some forms of denial-of-service attacks.
2129 The value should be increased if normal clients see an error
2130 response from the server that indicates too many fields were
2131 sent in the request.</p>
2136 LimitRequestFields 50
2139 <note type="warning"><title>Warning</title>
2140 <p> When name-based virtual hosting is used, the value for this
2141 directive is taken from the default (first-listed) virtual host for the
2142 <directive>NameVirtualHost</directive> the connection was mapped to.</p>
2146 </directivesynopsis>
2149 <name>LimitRequestFieldSize</name>
2150 <description>Limits the size of the HTTP request header allowed from the
2151 client</description>
2152 <syntax>LimitRequestFieldSize <var>bytes</var></syntax>
2153 <default>LimitRequestFieldSize 8190</default>
2154 <contextlist><context>server config</context><context>virtual host</context></contextlist>
2157 <p>This directive specifies the number of <var>bytes</var>
2158 that will be allowed in an HTTP request header.</p>
2160 <p>The <directive>LimitRequestFieldSize</directive> directive
2161 allows the server administrator to reduce or increase the limit
2162 on the allowed size of an HTTP request header field. A server
2163 needs this value to be large enough to hold any one header field
2164 from a normal client request. The size of a normal request header
2165 field will vary greatly among different client implementations,
2166 often depending upon the extent to which a user has configured
2167 their browser to support detailed content negotiation. SPNEGO
2168 authentication headers can be up to 12392 bytes.</p>
2170 <p>This directive gives the server administrator greater
2171 control over abnormal client request behavior, which may be
2172 useful for avoiding some forms of denial-of-service attacks.</p>
2177 LimitRequestFieldSize 4094
2180 <note>Under normal conditions, the value should not be changed from
2183 <note type="warning"><title>Warning</title>
2184 <p> When name-based virtual hosting is used, the value for this
2185 directive is taken from the default (first-listed) virtual host for the
2186 <directive>NameVirtualHost</directive> the connection was mapped to.</p>
2190 </directivesynopsis>
2193 <name>LimitRequestLine</name>
2194 <description>Limit the size of the HTTP request line that will be accepted
2195 from the client</description>
2196 <syntax>LimitRequestLine <var>bytes</var></syntax>
2197 <default>LimitRequestLine 8190</default>
2198 <contextlist><context>server config</context><context>virtual host</context></contextlist>
2201 <p>This directive sets the number of <var>bytes</var> that will be
2202 allowed on the HTTP request-line.</p>
2204 <p>The <directive>LimitRequestLine</directive> directive allows
2205 the server administrator to reduce or increase the limit on the allowed size
2206 of a client's HTTP request-line. Since the request-line consists of the
2207 HTTP method, URI, and protocol version, the
2208 <directive>LimitRequestLine</directive> directive places a
2209 restriction on the length of a request-URI allowed for a request
2210 on the server. A server needs this value to be large enough to
2211 hold any of its resource names, including any information that
2212 might be passed in the query part of a <code>GET</code> request.</p>
2214 <p>This directive gives the server administrator greater
2215 control over abnormal client request behavior, which may be
2216 useful for avoiding some forms of denial-of-service attacks.</p>
2221 LimitRequestLine 4094
2224 <note>Under normal conditions, the value should not be changed from
2227 <note type="warning"><title>Warning</title>
2228 <p> When name-based virtual hosting is used, the value for this
2229 directive is taken from the default (first-listed) virtual host for the
2230 <directive>NameVirtualHost</directive> the connection was mapped to.</p>
2234 </directivesynopsis>
2237 <name>LimitXMLRequestBody</name>
2238 <description>Limits the size of an XML-based request body</description>
2239 <syntax>LimitXMLRequestBody <var>bytes</var></syntax>
2240 <default>LimitXMLRequestBody 1000000</default>
2241 <contextlist><context>server config</context><context>virtual host</context>
2242 <context>directory</context><context>.htaccess</context></contextlist>
2243 <override>All</override>
2246 <p>Limit (in bytes) on maximum size of an XML-based request
2247 body. A value of <code>0</code> will disable any checking.</p>
2252 LimitXMLRequestBody 0
2256 </directivesynopsis>
2258 <directivesynopsis type="section">
2259 <name>Location</name>
2260 <description>Applies the enclosed directives only to matching
2262 <syntax><Location
2263 <var>URL-path</var>|<var>URL</var>> ... </Location></syntax>
2264 <contextlist><context>server config</context><context>virtual host</context>
2268 <p>The <directive type="section">Location</directive> directive
2269 limits the scope of the enclosed directives by URL. It is similar to the
2270 <directive type="section" module="core">Directory</directive>
2271 directive, and starts a subsection which is terminated with a
2272 <code></Location></code> directive. <directive
2273 type="section">Location</directive> sections are processed in the
2274 order they appear in the configuration file, after the <directive
2275 type="section" module="core">Directory</directive> sections and
2276 <code>.htaccess</code> files are read, and after the <directive
2277 type="section" module="core">Files</directive> sections.</p>
2279 <p><directive type="section">Location</directive> sections operate
2280 completely outside the filesystem. This has several consequences.
2281 Most importantly, <directive type="section">Location</directive>
2282 directives should not be used to control access to filesystem
2283 locations. Since several different URLs may map to the same
2284 filesystem location, such access controls may by circumvented.</p>
2286 <p>The enclosed directives will be applied to the request if the path component
2287 of the URL meets <em>any</em> of the following criteria:
2290 <li>The specified location matches exactly the path component of the URL.
2292 <li>The specified location, which ends in a forward slash, is a prefix
2293 of the path component of the URL (treated as a context root).
2295 <li>The specified location, with the addition of a trailing slash, is a
2296 prefix of the path component of the URL (also treated as a context root).
2300 In the example below, where no trailing slash is used, requests to
2301 /private1, /private1/ and /private1/file.txt will have the enclosed
2302 directives applied, but /private1other would not.
2305 <Location /private1>
2309 In the example below, where a trailing slash is used, requests to
2310 /private2/ and /private2/file.txt will have the enclosed
2311 directives applied, but /private2 and /private2other would not.
2314 <Location /private2<em>/</em>>
2318 <note><title>When to use <directive
2319 type="section">Location</directive></title>
2321 <p>Use <directive type="section">Location</directive> to apply
2322 directives to content that lives outside the filesystem. For
2323 content that lives in the filesystem, use <directive
2324 type="section" module="core">Directory</directive> and <directive
2325 type="section" module="core">Files</directive>. An exception is
2326 <code><Location /></code>, which is an easy way to
2327 apply a configuration to the entire server.</p>
2330 <p>For all origin (non-proxy) requests, the URL to be matched is a
2331 URL-path of the form <code>/path/</code>. <em>No scheme, hostname,
2332 port, or query string may be included.</em> For proxy requests, the
2333 URL to be matched is of the form
2334 <code>scheme://servername/path</code>, and you must include the
2337 <p>The URL may use wildcards. In a wild-card string, <code>?</code> matches
2338 any single character, and <code>*</code> matches any sequences of
2339 characters. Neither wildcard character matches a / in the URL-path.</p>
2341 <p><glossary ref="regex">Regular expressions</glossary>
2342 can also be used, with the addition of the <code>~</code>
2343 character. For example:</p>
2346 <Location ~ "/(extra|special)/data">
2349 <p>would match URLs that contained the substring <code>/extra/data</code>
2350 or <code>/special/data</code>. The directive <directive
2351 type="section" module="core">LocationMatch</directive> behaves
2352 identical to the regex version of <directive
2353 type="section">Location</directive>, and is preferred, for the
2354 simple reason that <code>~</code> is hard to distinguish from
2355 <code>-</code> in many fonts.</p>
2357 <p>The <directive type="section">Location</directive>
2358 functionality is especially useful when combined with the
2359 <directive module="core">SetHandler</directive>
2360 directive. For example, to enable status requests, but allow them
2361 only from browsers at <code>example.com</code>, you might use:</p>
2364 <Location /status><br />
2366 SetHandler server-status<br />
2367 Require host example.com<br />
2372 <note><title>Note about / (slash)</title>
2373 <p>The slash character has special meaning depending on where in a
2374 URL it appears. People may be used to its behavior in the filesystem
2375 where multiple adjacent slashes are frequently collapsed to a single
2376 slash (<em>i.e.</em>, <code>/home///foo</code> is the same as
2377 <code>/home/foo</code>). In URL-space this is not necessarily true.
2378 The <directive type="section" module="core">LocationMatch</directive>
2379 directive and the regex version of <directive type="section"
2380 >Location</directive> require you to explicitly specify multiple
2381 slashes if that is your intention.</p>
2383 <p>For example, <code><LocationMatch ^/abc></code> would match
2384 the request URL <code>/abc</code> but not the request URL <code>
2385 //abc</code>. The (non-regex) <directive type="section"
2386 >Location</directive> directive behaves similarly when used for
2387 proxy requests. But when (non-regex) <directive type="section"
2388 >Location</directive> is used for non-proxy requests it will
2389 implicitly match multiple slashes with a single slash. For example,
2390 if you specify <code><Location /abc/def></code> and the
2391 request is to <code>/abc//def</code> then it will match.</p>
2394 <seealso><a href="../sections.html">How <Directory>, <Location>
2395 and <Files> sections work</a> for an explanation of how these
2396 different sections are combined when a request is received.</seealso>
2397 <seealso><directive module="core">LocationMatch</directive></seealso>
2398 </directivesynopsis>
2400 <directivesynopsis type="section">
2401 <name>LocationMatch</name>
2402 <description>Applies the enclosed directives only to regular-expression
2403 matching URLs</description>
2404 <syntax><LocationMatch
2405 <var>regex</var>> ... </LocationMatch></syntax>
2406 <contextlist><context>server config</context><context>virtual host</context>
2410 <p>The <directive type="section">LocationMatch</directive> directive
2411 limits the scope of the enclosed directives by URL, in an identical manner
2412 to <directive module="core" type="section">Location</directive>. However,
2413 it takes a <glossary ref="regex">regular expression</glossary>
2414 as an argument instead of a simple string. For example:</p>
2417 <LocationMatch "/(extra|special)/data">
2420 <p>would match URLs that contained the substring <code>/extra/data</code>
2421 or <code>/special/data</code>.</p>
2424 <seealso><a href="../sections.html">How <Directory>, <Location>
2425 and <Files> sections work</a> for an explanation of how these
2426 different sections are combined when a request is received</seealso>
2427 </directivesynopsis>
2430 <name>LogLevel</name>
2431 <description>Controls the verbosity of the ErrorLog</description>
2432 <syntax>LogLevel [<var>module</var>:]<var>level</var>
2433 [<var>module</var>:<var>level</var>] ...
2435 <default>LogLevel warn</default>
2436 <contextlist><context>server config</context><context>virtual host</context>
2437 <context>directory</context>
2439 <compatibility>Per-module and per-directory configuration is available in
2440 Apache HTTP Server 2.3.6 and later</compatibility>
2443 <p><directive>LogLevel</directive> adjusts the verbosity of the
2444 messages recorded in the error logs (see <directive
2445 module="core">ErrorLog</directive> directive). The following
2446 <var>level</var>s are available, in order of decreasing
2450 <columnspec><column width=".2"/><column width=".3"/><column width=".5"/>
2453 <th><strong>Level</strong> </th>
2455 <th><strong>Description</strong> </th>
2457 <th><strong>Example</strong> </th>
2461 <td><code>emerg</code> </td>
2463 <td>Emergencies - system is unusable.</td>
2465 <td>"Child cannot open lock file. Exiting"</td>
2469 <td><code>alert</code> </td>
2471 <td>Action must be taken immediately.</td>
2473 <td>"getpwuid: couldn't determine user name from uid"</td>
2477 <td><code>crit</code> </td>
2479 <td>Critical Conditions.</td>
2481 <td>"socket: Failed to get a socket, exiting child"</td>
2485 <td><code>error</code> </td>
2487 <td>Error conditions.</td>
2489 <td>"Premature end of script headers"</td>
2493 <td><code>warn</code> </td>
2495 <td>Warning conditions.</td>
2497 <td>"child process 1234 did not exit, sending another
2502 <td><code>notice</code> </td>
2504 <td>Normal but significant condition.</td>
2506 <td>"httpd: caught SIGBUS, attempting to dump core in
2511 <td><code>info</code> </td>
2513 <td>Informational.</td>
2515 <td>"Server seems busy, (you may need to increase
2516 StartServers, or Min/MaxSpareServers)..."</td>
2520 <td><code>debug</code> </td>
2522 <td>Debug-level messages</td>
2524 <td>"Opening config file ..."</td>
2527 <td><code>trace1</code> </td>
2529 <td>Trace messages</td>
2531 <td>"proxy: FTP: control connection complete"</td>
2534 <td><code>trace2</code> </td>
2536 <td>Trace messages</td>
2538 <td>"proxy: CONNECT: sending the CONNECT request to the remote proxy"</td>
2541 <td><code>trace3</code> </td>
2543 <td>Trace messages</td>
2545 <td>"openssl: Handshake: start"</td>
2548 <td><code>trace4</code> </td>
2550 <td>Trace messages</td>
2552 <td>"read from buffered SSL brigade, mode 0, 17 bytes"</td>
2555 <td><code>trace5</code> </td>
2557 <td>Trace messages</td>
2559 <td>"map lookup FAILED: map=rewritemap key=keyname"</td>
2562 <td><code>trace6</code> </td>
2564 <td>Trace messages</td>
2566 <td>"cache lookup FAILED, forcing new map lookup"</td>
2569 <td><code>trace7</code> </td>
2571 <td>Trace messages, dumping large amounts of data</td>
2573 <td>"| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"</td>
2576 <td><code>trace8</code> </td>
2578 <td>Trace messages, dumping large amounts of data</td>
2580 <td>"| 0000: 02 23 44 30 13 40 ac 34 df 3d bf 9a 19 49 39 15 |"</td>
2584 <p>When a particular level is specified, messages from all
2585 other levels of higher significance will be reported as well.
2586 <em>E.g.</em>, when <code>LogLevel info</code> is specified,
2587 then messages with log levels of <code>notice</code> and
2588 <code>warn</code> will also be posted.</p>
2590 <p>Using a level of at least <code>crit</code> is
2599 <note><title>Note</title>
2600 <p>When logging to a regular file messages of the level
2601 <code>notice</code> cannot be suppressed and thus are always
2602 logged. However, this doesn't apply when logging is done
2603 using <code>syslog</code>.</p>
2606 <p>Specifying a level without a module name will reset the level
2607 for all modules to that level. Specifying a level with a module
2608 name will set the level for that module only. It is possible to
2609 use the module source file name, the module identifier, or the
2610 module identifier with the trailing <code>_module</code> omitted
2611 as module specification. This means the following three specifications
2615 LogLevel info ssl:warn<br />
2616 LogLevel info mod_ssl.c:warn<br />
2617 LogLevel info ssl_module:warn<br />
2620 <p>It is also possible to change the level per directory:</p>
2624 <Directory /usr/local/apache/htdocs/app><br />
2625 LogLevel debug<br />
2630 Per directory loglevel configuration only affects messages that are
2631 logged after the request has been parsed and that are associated with
2632 the request. Log messages which are associated with the connection or
2633 the server are not affected.
2636 </directivesynopsis>
2639 <name>MaxKeepAliveRequests</name>
2640 <description>Number of requests allowed on a persistent
2641 connection</description>
2642 <syntax>MaxKeepAliveRequests <var>number</var></syntax>
2643 <default>MaxKeepAliveRequests 100</default>
2644 <contextlist><context>server config</context><context>virtual host</context>
2648 <p>The <directive>MaxKeepAliveRequests</directive> directive
2649 limits the number of requests allowed per connection when
2650 <directive module="core" >KeepAlive</directive> is on. If it is
2651 set to <code>0</code>, unlimited requests will be allowed. We
2652 recommend that this setting be kept to a high value for maximum
2653 server performance.</p>
2658 MaxKeepAliveRequests 500
2661 </directivesynopsis>
2665 <description>Configures mutex mechanism and lock file directory for all
2666 or specified mutexes</description>
2667 <syntax>Mutex <var>mechanism</var> [default|<var>mutex-name</var>] ... [OmitPID]</syntax>
2668 <default>Mutex default</default>
2669 <contextlist><context>server config</context></contextlist>
2670 <compatibility>Available in Apache HTTP Server 2.3.4 and later</compatibility>
2673 <p>The <directive>Mutex</directive> directive sets the mechanism,
2674 and optionally the lock file location, that httpd and modules use
2675 to serialize access to resources. Specify <code>default</code> as
2676 the first argument to change the settings for all mutexes; specify
2677 a mutex name (see table below) as the first argument to override
2678 defaults only for that mutex.</p>
2680 <p>The <directive>Mutex</directive> directive is typically used in
2681 the following exceptional situations:</p>
2684 <li>change the mutex mechanism when the default mechanism selected
2685 by <glossary>APR</glossary> has a functional or performance
2688 <li>change the directory used by file-based mutexes when the
2689 default directory does not support locking</li>
2692 <note><title>Supported modules</title>
2693 <p>This directive only configures mutexes which have been registered
2694 with the core server using the <code>ap_mutex_register()</code> API.
2695 All modules bundled with httpd support the <directive>Mutex</directive>
2696 directive, but third-party modules may not. Consult the documentation
2697 of the third-party module, which must indicate the mutex name(s) which
2698 can be configured if this directive is supported.</p>
2701 <p>The following mutex <em>mechanisms</em> are available:</p>
2703 <li><code>default | yes</code>
2704 <p>This selects the default locking implementation, as determined by
2705 <glossary>APR</glossary>. The default locking implementation can
2706 be displayed by running <program>httpd</program> with the
2707 <code>-V</code> option.</p></li>
2709 <li><code>none | no</code>
2710 <p>This effectively disables the mutex, and is only allowed for a
2711 mutex if the module indicates that it is a valid choice. Consult the
2712 module documentation for more information.</p></li>
2714 <li><code>posixsem</code>
2715 <p>This is a mutex variant based on a Posix semaphore.</p>
2717 <note type="warning"><title>Warning</title>
2718 <p>The semaphore ownership is not recovered if a thread in the process
2719 holding the mutex segfaults, resulting in a hang of the web server.</p>
2723 <li><code>sysvsem</code>
2724 <p>This is a mutex variant based on a SystemV IPC semaphore.</p>
2726 <note type="warning"><title>Warning</title>
2727 <p>It is possible to "leak" SysV semaphores if processes crash
2728 before the semaphore is removed.</p>
2731 <note type="warning"><title>Security</title>
2732 <p>The semaphore API allows for a denial of service attack by any
2733 CGIs running under the same uid as the webserver (<em>i.e.</em>,
2734 all CGIs, unless you use something like <program>suexec</program>
2735 or <code>cgiwrapper</code>).</p>
2739 <li><code>sem</code>
2740 <p>This selects the "best" available semaphore implementation, choosing
2741 between Posix and SystemV IPC semaphores, in that order.</p></li>
2743 <li><code>pthread</code>
2744 <p>This is a mutex variant based on cross-process Posix thread
2747 <note type="warning"><title>Warning</title>
2748 <p>On most systems, if a child process terminates abnormally while
2749 holding a mutex that uses this implementation, the server will deadlock
2750 and stop responding to requests. When this occurs, the server will
2751 require a manual restart to recover.</p>
2752 <p>Solaris is a notable exception as it provides a mechanism which
2753 usually allows the mutex to be recovered after a child process
2754 terminates abnormally while holding a mutex.</p>
2755 <p>If your system implements the
2756 <code>pthread_mutexattr_setrobust_np()</code> function, you may be able
2757 to use the <code>pthread</code> option safely.</p>
2761 <li><code>fcntl:/path/to/mutex</code>
2762 <p>This is a mutex variant where a physical (lock-)file and the
2763 <code>fcntl()</code> function are used as the mutex.</p>
2765 <note type="warning"><title>Warning</title>
2766 <p>When multiple mutexes based on this mechanism are used within
2767 multi-threaded, multi-process environments, deadlock errors (EDEADLK)
2768 can be reported for valid mutex operations if <code>fcntl()</code>
2769 is not thread-aware, such as on Solaris.</p>
2773 <li><code>flock:/path/to/mutex</code>
2774 <p>This is similar to the <code>fcntl:/path/to/mutex</code> method
2775 with the exception that the <code>flock()</code> function is used to
2776 provide file locking.</p></li>
2778 <li><code>file:/path/to/mutex</code>
2779 <p>This selects the "best" available file locking implementation,
2780 choosing between <code>fcntl</code> and <code>flock</code>, in that
2784 <p>Most mechanisms are only available on selected platforms, where the
2785 underlying platform and <glossary>APR</glossary> support it. Mechanisms
2786 which aren't available on all platforms are <em>posixsem</em>,
2787 <em>sysvsem</em>, <em>sem</em>, <em>pthread</em>, <em>fcntl</em>,
2788 <em>flock</em>, and <em>file</em>.</p>
2790 <p>With the file-based mechanisms <em>fcntl</em> and <em>flock</em>,
2791 the path, if provided, is a directory where the lock file will be created.
2792 The default directory is httpd's run-time file directory relative to
2793 <directive module="core">ServerRoot</directive>. Always use a local disk
2794 filesystem for <code>/path/to/mutex</code> and never a directory residing
2795 on a NFS- or AFS-filesystem. The basename of the file will be the mutex
2796 type, an optional instance string provided by the module, and unless the
2797 <code>OmitPID</code> keyword is specified, the process id of the httpd
2798 parent process will be appended to to make the file name unique, avoiding
2799 conflicts when multiple httpd instances share a lock file directory. For
2800 example, if the mutex name is <code>mpm-accept</code> and the lock file
2801 directory is <code>/var/httpd/locks</code>, the lock file name for the
2802 httpd instance with parent process id 12345 would be
2803 <code>/var/httpd/locks/mpm-accept.12345</code>.</p>
2805 <note type="warning"><title>Security</title>
2806 <p>It is best to <em>avoid</em> putting mutex files in a world-writable
2807 directory such as <code>/var/tmp</code> because someone could create
2808 a denial of service attack and prevent the server from starting by
2809 creating a lockfile with the same name as the one the server will try
2813 <p>The following table documents the names of mutexes used by httpd
2814 and bundled modules.</p>
2816 <table border="1" style="zebra">
2820 <th>Protected resource</th>
2823 <td><code>mpm-accept</code></td>
2824 <td><module>prefork</module> and <module>worker</module> MPMs</td>
2825 <td>incoming connections, to avoid the thundering herd problem;
2826 for more information, refer to the
2827 <a href="../misc/perf-tuning.html">performance tuning</a>
2831 <td><code>authdigest-client</code></td>
2832 <td><module>mod_auth_digest</module></td>
2833 <td>client list in shared memory</td>
2836 <td><code>authdigest-opaque</code></td>
2837 <td><module>mod_auth_digest</module></td>
2838 <td>counter in shared memory</td>
2841 <td><code>ldap-cache</code></td>
2842 <td><module>mod_ldap</module></td>
2843 <td>LDAP result cache</td>
2846 <td><code>rewrite-map</code></td>
2847 <td><module>mod_rewrite</module></td>
2848 <td>communication with external mapping programs, to avoid
2849 intermixed I/O from multiple requests</td>
2852 <td><code>ssl-cache</code></td>
2853 <td><module>mod_ssl</module></td>
2854 <td>SSL session cache</td>
2857 <td><code>ssl-stapling</code></td>
2858 <td><module>mod_ssl</module></td>
2859 <td>OCSP stapling response cache</td>
2862 <td><code>watchdog-callback</code></td>
2863 <td><module>mod_watchdog</module></td>
2864 <td>callback function of a particular client module</td>
2868 <p>The <code>OmitPID</code> keyword suppresses the addition of the httpd
2869 parent process id from the lock file name.</p>
2871 <p>In the following example, the mutex mechanism for the MPM accept
2872 mutex will be changed from the compiled-in default to <code>fcntl</code>,
2873 with the associated lock file created in directory
2874 <code>/var/httpd/locks</code>. The mutex mechanism for all other mutexes
2875 will be changed from the compiled-in default to <code>sysvsem</code>.</p>
2878 Mutex default sysvsem<br />
2879 Mutex mpm-accept fcntl:/var/httpd/locks
2882 </directivesynopsis>
2885 <name>NameVirtualHost</name>
2886 <description>Designates an IP address for name-virtual
2887 hosting</description>
2888 <syntax>NameVirtualHost <var>addr</var>[:<var>port</var>]</syntax>
2889 <contextlist><context>server config</context></contextlist>
2893 <p>A single <directive>NameVirtualHost</directive> directive
2894 identifies a set of identical virtual hosts on which the server will
2895 further select from on the basis of the <em>hostname</em>
2896 requested by the client. The <directive>NameVirtualHost</directive>
2897 directive is a required directive if you want to configure
2898 <a href="../vhosts/">name-based virtual hosts</a>.</p>
2900 <p>This directive, and the corresponding <directive >VirtualHost</directive>,
2901 <em>must</em> be qualified with a port number if the server supports both HTTP
2902 and HTTPS connections.</p>
2904 <p>Although <var>addr</var> can be a hostname, it is recommended
2905 that you always use an IP address or a wildcard. A wildcard
2906 NameVirtualHost matches only virtualhosts that also have a literal wildcard
2907 as their argument.</p>
2909 <p>In cases where a firewall or other proxy receives the requests and
2910 forwards them on a different IP address to the server, you must specify the
2911 IP address of the physical interface on the machine which will be
2912 servicing the requests. </p>
2914 <p> In the example below, requests received on interface 192.0.2.1 and port 80
2915 will only select among the first two virtual hosts. Requests received on
2916 port 80 on any other interface will only select among the third and fourth
2917 virtual hosts. In the common case where the interface isn't important
2918 to the mapping, only the "*:80" NameVirtualHost and VirtualHost directives
2922 NameVirtualHost 192.0.2.1:80<br />
2923 NameVirtualHost *:80<br /><br />
2925 <VirtualHost 192.0.2.1:80><br />
2926 ServerName namebased-a.example.com<br />
2927 </VirtualHost><br />
2929 <VirtualHost 192.0.2.1:80><br />
2930 Servername namebased-b.example.com<br />
2931 </VirtualHost><br />
2933 <VirtualHost *:80><br />
2934 ServerName namebased-c.example.com <br />
2935 </VirtualHost><br />
2937 <VirtualHost *:80><br />
2938 ServerName namebased-d.example.com <br />
2939 </VirtualHost><br />
2944 <p>If no matching virtual host is found, then the first listed
2945 virtual host that matches the IP address and port will be used.</p>
2948 <p>IPv6 addresses must be enclosed in square brackets, as shown
2949 in the following example:</p>
2952 NameVirtualHost [2001:db8::a00:20ff:fea7:ccea]:8080
2955 <note><title>Argument to <directive type="section">VirtualHost</directive>
2957 <p>Note that the argument to the <directive
2958 type="section">VirtualHost</directive> directive must
2959 exactly match the argument to the <directive
2960 >NameVirtualHost</directive> directive.</p>
2963 NameVirtualHost 192.0.2.2:80<br />
2964 <VirtualHost 192.0.2.2:80><br />
2966 </VirtualHost><br />
2971 <seealso><a href="../vhosts/">Virtual Hosts
2972 documentation</a></seealso>
2974 </directivesynopsis>
2977 <name>Options</name>
2978 <description>Configures what features are available in a particular
2979 directory</description>
2981 [+|-]<var>option</var> [[+|-]<var>option</var>] ...</syntax>
2982 <default>Options All</default>
2983 <contextlist><context>server config</context><context>virtual host</context>
2984 <context>directory</context><context>.htaccess</context>
2986 <override>Options</override>
2989 <p>The <directive>Options</directive> directive controls which
2990 server features are available in a particular directory.</p>
2992 <p><var>option</var> can be set to <code>None</code>, in which
2993 case none of the extra features are enabled, or one or more of
2997 <dt><code>All</code></dt>
2999 <dd>All options except for <code>MultiViews</code>. This is the default
3002 <dt><code>ExecCGI</code></dt>
3005 Execution of CGI scripts using <module>mod_cgi</module>
3008 <dt><code>FollowSymLinks</code></dt>
3012 The server will follow symbolic links in this directory.
3014 <p>Even though the server follows the symlink it does <em>not</em>
3015 change the pathname used to match against <directive type="section"
3016 module="core">Directory</directive> sections.</p>
3017 <p>Note also, that this option <strong>gets ignored</strong> if set
3018 inside a <directive type="section" module="core">Location</directive>
3020 <p>Omitting this option should not be considered a security restriction,
3021 since symlink testing is subject to race conditions that make it
3025 <dt><code>Includes</code></dt>
3028 Server-side includes provided by <module>mod_include</module>
3031 <dt><code>IncludesNOEXEC</code></dt>
3035 Server-side includes are permitted, but the <code>#exec
3036 cmd</code> and <code>#exec cgi</code> are disabled. It is still
3037 possible to <code>#include virtual</code> CGI scripts from
3038 <directive module="mod_alias">ScriptAlias</directive>ed
3041 <dt><code>Indexes</code></dt>
3044 If a URL which maps to a directory is requested, and there
3045 is no <directive module="mod_dir">DirectoryIndex</directive>
3046 (<em>e.g.</em>, <code>index.html</code>) in that directory, then
3047 <module>mod_autoindex</module> will return a formatted listing
3048 of the directory.</dd>
3050 <dt><code>MultiViews</code></dt>
3053 <a href="../content-negotiation.html">Content negotiated</a>
3054 "MultiViews" are allowed using
3055 <module>mod_negotiation</module>.
3056 <note><title>Note</title> <p>This option gets ignored if set
3057 anywhere other than <directive module="core" type="section"
3058 >Directory</directive>, as <module>mod_negotiation</module>
3059 needs real resources to compare against and evaluate from.</p></note>
3062 <dt><code>SymLinksIfOwnerMatch</code></dt>
3064 <dd>The server will only follow symbolic links for which the
3065 target file or directory is owned by the same user id as the
3068 <note><title>Note</title> <p>This option gets ignored if
3069 set inside a <directive module="core"
3070 type="section">Location</directive> section.</p>
3071 <p>This option should not be considered a security restriction,
3072 since symlink testing is subject to race conditions that make it
3073 circumventable.</p></note>
3077 <p>Normally, if multiple <directive>Options</directive> could
3078 apply to a directory, then the most specific one is used and
3079 others are ignored; the options are not merged. (See <a
3080 href="../sections.html#mergin">how sections are merged</a>.)
3081 However if <em>all</em> the options on the
3082 <directive>Options</directive> directive are preceded by a
3083 <code>+</code> or <code>-</code> symbol, the options are
3084 merged. Any options preceded by a <code>+</code> are added to the
3085 options currently in force, and any options preceded by a
3086 <code>-</code> are removed from the options currently in
3089 <note type="warning"><title>Warning</title>
3090 <p>Mixing <directive>Options</directive> with a <code>+</code> or
3091 <code>-</code> with those without is not valid syntax, and is likely
3092 to cause unexpected results.</p>
3095 <p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
3098 <Directory /web/docs><br />
3100 Options Indexes FollowSymLinks<br />
3102 </Directory><br />
3104 <Directory /web/docs/spec><br />
3106 Options Includes<br />
3111 <p>then only <code>Includes</code> will be set for the
3112 <code>/web/docs/spec</code> directory. However if the second
3113 <directive>Options</directive> directive uses the <code>+</code> and
3114 <code>-</code> symbols:</p>
3117 <Directory /web/docs><br />
3119 Options Indexes FollowSymLinks<br />
3121 </Directory><br />
3123 <Directory /web/docs/spec><br />
3125 Options +Includes -Indexes<br />
3130 <p>then the options <code>FollowSymLinks</code> and
3131 <code>Includes</code> are set for the <code>/web/docs/spec</code>
3134 <note><title>Note</title>
3135 <p>Using <code>-IncludesNOEXEC</code> or
3136 <code>-Includes</code> disables server-side includes completely
3137 regardless of the previous setting.</p>
3140 <p>The default in the absence of any other settings is
3141 <code>All</code>.</p>
3143 </directivesynopsis>
3146 <name>Protocol</name>
3147 <description>Protocol for a listening socket</description>
3148 <syntax>Protocol <var>protocol</var></syntax>
3149 <contextlist><context>server config</context><context>virtual host</context></contextlist>
3150 <compatibility>Available in Apache 2.1.5 and later.
3151 On Windows from Apache 2.3.3 and later.</compatibility>
3154 <p>This directive specifies the protocol used for a specific listening socket.
3155 The protocol is used to determine which module should handle a request, and
3156 to apply protocol specific optimizations with the <directive>AcceptFilter</directive>
3159 <p>You only need to set the protocol if you are running on non-standard ports, otherwise <code>http</code> is assumed for port 80 and <code>https</code> for port 443.</p>
3161 <p>For example, if you are running <code>https</code> on a non-standard port, specify the protocol explicitly:</p>
3167 <p>You can also specify the protocol using the <directive module="mpm_common">Listen</directive> directive.</p>
3169 <seealso><directive>AcceptFilter</directive></seealso>
3170 <seealso><directive module="mpm_common">Listen</directive></seealso>
3171 </directivesynopsis>
3175 <name>RLimitCPU</name>
3176 <description>Limits the CPU consumption of processes launched
3177 by Apache httpd children</description>
3178 <syntax>RLimitCPU <var>seconds</var>|max [<var>seconds</var>|max]</syntax>
3179 <default>Unset; uses operating system defaults</default>
3180 <contextlist><context>server config</context><context>virtual host</context>
3181 <context>directory</context><context>.htaccess</context></contextlist>
3182 <override>All</override>
3185 <p>Takes 1 or 2 parameters. The first parameter sets the soft
3186 resource limit for all processes and the second parameter sets
3187 the maximum resource limit. Either parameter can be a number,
3188 or <code>max</code> to indicate to the server that the limit should
3189 be set to the maximum allowed by the operating system
3190 configuration. Raising the maximum resource limit requires that
3191 the server is running as <code>root</code>, or in the initial startup
3194 <p>This applies to processes forked off from Apache httpd children
3195 servicing requests, not the Apache httpd children themselves. This
3196 includes CGI scripts and SSI exec commands, but not any
3197 processes forked off from the Apache httpd parent such as piped
3200 <p>CPU resource limits are expressed in seconds per
3203 <seealso><directive module="core">RLimitMEM</directive></seealso>
3204 <seealso><directive module="core">RLimitNPROC</directive></seealso>
3205 </directivesynopsis>
3208 <name>RLimitMEM</name>
3209 <description>Limits the memory consumption of processes launched
3210 by Apache httpd children</description>
3211 <syntax>RLimitMEM <var>bytes</var>|max [<var>bytes</var>|max]</syntax>
3212 <default>Unset; uses operating system defaults</default>
3213 <contextlist><context>server config</context><context>virtual host</context>
3214 <context>directory</context><context>.htaccess</context></contextlist>
3215 <override>All</override>
3218 <p>Takes 1 or 2 parameters. The first parameter sets the soft
3219 resource limit for all processes and the second parameter sets
3220 the maximum resource limit. Either parameter can be a number,
3221 or <code>max</code> to indicate to the server that the limit should
3222 be set to the maximum allowed by the operating system
3223 configuration. Raising the maximum resource limit requires that
3224 the server is running as <code>root</code>, or in the initial startup
3227 <p>This applies to processes forked off from Apache httpd children
3228 servicing requests, not the Apache httpd children themselves. This
3229 includes CGI scripts and SSI exec commands, but not any
3230 processes forked off from the Apache httpd parent such as piped
3233 <p>Memory resource limits are expressed in bytes per
3236 <seealso><directive module="core">RLimitCPU</directive></seealso>
3237 <seealso><directive module="core">RLimitNPROC</directive></seealso>
3238 </directivesynopsis>
3241 <name>RLimitNPROC</name>
3242 <description>Limits the number of processes that can be launched by
3243 processes launched by Apache httpd children</description>
3244 <syntax>RLimitNPROC <var>number</var>|max [<var>number</var>|max]</syntax>
3245 <default>Unset; uses operating system defaults</default>
3246 <contextlist><context>server config</context><context>virtual host</context>
3247 <context>directory</context><context>.htaccess</context></contextlist>
3248 <override>All</override>
3251 <p>Takes 1 or 2 parameters. The first parameter sets the soft
3252 resource limit for all processes and the second parameter sets
3253 the maximum resource limit. Either parameter can be a number,
3254 or <code>max</code> to indicate to the server that the limit
3255 should be set to the maximum allowed by the operating system
3256 configuration. Raising the maximum resource limit requires that
3257 the server is running as <code>root</code>, or in the initial startup
3260 <p>This applies to processes forked off from Apache httpd children
3261 servicing requests, not the Apache httpd children themselves. This
3262 includes CGI scripts and SSI exec commands, but not any
3263 processes forked off from the Apache httpd parent such as piped
3266 <p>Process limits control the number of processes per user.</p>
3268 <note><title>Note</title>
3269 <p>If CGI processes are <strong>not</strong> running
3270 under user ids other than the web server user id, this directive
3271 will limit the number of processes that the server itself can
3272 create. Evidence of this situation will be indicated by
3273 <strong><code>cannot fork</code></strong> messages in the
3274 <code>error_log</code>.</p>
3277 <seealso><directive module="core">RLimitMEM</directive></seealso>
3278 <seealso><directive module="core">RLimitCPU</directive></seealso>
3279 </directivesynopsis>
3282 <name>ScriptInterpreterSource</name>
3283 <description>Technique for locating the interpreter for CGI
3284 scripts</description>
3285 <syntax>ScriptInterpreterSource Registry|Registry-Strict|Script</syntax>
3286 <default>ScriptInterpreterSource Script</default>
3287 <contextlist><context>server config</context><context>virtual host</context>
3288 <context>directory</context><context>.htaccess</context></contextlist>
3289 <override>FileInfo</override>
3290 <compatibility>Win32 only;
3291 option <code>Registry-Strict</code> is available in Apache HTTP Server 2.0 and
3292 later</compatibility>
3295 <p>This directive is used to control how Apache httpd finds the
3296 interpreter used to run CGI scripts. The default setting is
3297 <code>Script</code>. This causes Apache httpd to use the interpreter pointed to
3298 by the shebang line (first line, starting with <code>#!</code>) in the
3299 script. On Win32 systems this line usually looks like:</p>
3302 #!C:/Perl/bin/perl.exe
3305 <p>or, if <code>perl</code> is in the <code>PATH</code>, simply:</p>
3311 <p>Setting <code>ScriptInterpreterSource Registry</code> will
3312 cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
3313 searched using the script file extension (e.g., <code>.pl</code>) as a
3314 search key. The command defined by the registry subkey
3315 <code>Shell\ExecCGI\Command</code> or, if it does not exist, by the subkey
3316 <code>Shell\Open\Command</code> is used to open the script file. If the
3317 registry keys cannot be found, Apache httpd falls back to the behavior of the
3318 <code>Script</code> option.</p>
3320 <note type="warning"><title>Security</title>
3321 <p>Be careful when using <code>ScriptInterpreterSource
3322 Registry</code> with <directive
3323 module="mod_alias">ScriptAlias</directive>'ed directories, because
3324 Apache httpd will try to execute <strong>every</strong> file within this
3325 directory. The <code>Registry</code> setting may cause undesired
3326 program calls on files which are typically not executed. For
3327 example, the default open command on <code>.htm</code> files on
3328 most Windows systems will execute Microsoft Internet Explorer, so
3329 any HTTP request for an <code>.htm</code> file existing within the
3330 script directory would start the browser in the background on the
3331 server. This is a good way to crash your system within a minute or
3335 <p>The option <code>Registry-Strict</code> which is new in Apache HTTP Server
3336 2.0 does the same thing as <code>Registry</code> but uses only the
3337 subkey <code>Shell\ExecCGI\Command</code>. The
3338 <code>ExecCGI</code> key is not a common one. It must be
3339 configured manually in the windows registry and hence prevents
3340 accidental program calls on your system.</p>
3342 </directivesynopsis>
3345 <name>SeeRequestTail</name>
3346 <description>Determine if mod_status displays the first 63 characters
3347 of a request or the last 63, assuming the request itself is greater than
3348 63 chars.</description>
3349 <syntax>SeeRequestTail On|Off</syntax>
3350 <default>SeeRequestTail Off</default>
3351 <contextlist><context>server config</context></contextlist>
3352 <compatibility>Available in Apache httpd 2.2.7 and later.</compatibility>
3355 <p>mod_status with <code>ExtendedStatus On</code>
3356 displays the actual request being handled.
3357 For historical purposes, only 63 characters of the request
3358 are actually stored for display purposes. This directive
3359 controls whether the 1st 63 characters are stored (the previous
3360 behavior and the default) or if the last 63 characters are. This
3361 is only applicable, of course, if the length of the request is
3362 64 characters or greater.</p>
3364 <p>If Apache httpd is handling <code
3365 >GET /disk1/storage/apache/htdocs/images/imagestore1/food/apples.jpg HTTP/1.1</code
3366 > mod_status displays as follows:
3371 <th>Off (default)</th>
3372 <td>GET /disk1/storage/apache/htdocs/images/imagestore1/food/apples</td>
3376 <td>orage/apache/htdocs/images/imagestore1/food/apples.jpg HTTP/1.1</td>
3381 </directivesynopsis>
3384 <name>ServerAdmin</name>
3385 <description>Email address that the server includes in error
3386 messages sent to the client</description>
3387 <syntax>ServerAdmin <var>email-address</var>|<var>URL</var></syntax>
3388 <contextlist><context>server config</context><context>virtual host</context>
3392 <p>The <directive>ServerAdmin</directive> sets the contact address
3393 that the server includes in any error messages it returns to the
3394 client. If the <code>httpd</code> doesn't recognize the supplied argument
3396 assumes, that it's an <var>email-address</var> and prepends it with
3397 <code>mailto:</code> in hyperlink targets. However, it's recommended to
3398 actually use an email address, since there are a lot of CGI scripts that
3399 make that assumption. If you want to use an URL, it should point to another
3400 server under your control. Otherwise users may not be able to contact you in
3403 <p>It may be worth setting up a dedicated address for this, e.g.</p>
3406 ServerAdmin www-admin@foo.example.com
3408 <p>as users do not always mention that they are talking about the
3411 </directivesynopsis>
3414 <name>ServerAlias</name>
3415 <description>Alternate names for a host used when matching requests
3416 to name-virtual hosts</description>
3417 <syntax>ServerAlias <var>hostname</var> [<var>hostname</var>] ...</syntax>
3418 <contextlist><context>virtual host</context></contextlist>
3421 <p>The <directive>ServerAlias</directive> directive sets the
3422 alternate names for a host, for use with <a
3423 href="../vhosts/name-based.html">name-based virtual hosts</a>. The
3424 <directive>ServerAlias</directive> may include wildcards, if appropriate.</p>
3427 <VirtualHost *:80><br />
3428 ServerName server.domain.com<br />
3429 ServerAlias server server2.domain.com server2<br />
3430 ServerAlias *.example.com<br />
3431 UseCanonicalName Off<br />
3433 </VirtualHost>
3436 <seealso><directive module="core">UseCanonicalName</directive></seealso>
3437 <seealso><a href="../vhosts/">Apache HTTP Server Virtual Host documentation</a></seealso>
3438 </directivesynopsis>
3441 <name>ServerName</name>
3442 <description>Hostname and port that the server uses to identify
3443 itself</description>
3444 <syntax>ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</syntax>
3445 <contextlist><context>server config</context><context>virtual host</context>
3449 <p>The <directive>ServerName</directive> directive sets the
3450 request scheme, hostname and
3451 port that the server uses to identify itself. This is used when
3452 creating redirection URLs.</p>
3454 <p>Additionally, <directive>ServerName</directive> is used (possibly
3455 in conjunction with <directive>ServerAlias</directive>) to uniquely
3456 identify a virtual host, when using <a
3457 href="../vhosts/name-based.html">name-based virtual hosts</a>.</p>
3459 <p>For example, if the name of the
3460 machine hosting the web server is <code>simple.example.com</code>,
3461 but the machine also has the DNS alias <code>www.example.com</code>
3462 and you wish the web server to be so identified, the following
3463 directive should be used:</p>
3466 ServerName www.example.com:80
3469 <p>The <directive>ServerName</directive> directive
3470 may appear anywhere within the definition of a server. However,
3471 each appearance overrides the previous appearance (within that
3474 <p>If no <directive>ServerName</directive> is specified, then the
3475 server attempts to deduce the hostname by performing a reverse
3476 lookup on the IP address. If no port is specified in the
3477 <directive>ServerName</directive>, then the server will use the
3478 port from the incoming request. For optimal reliability and
3479 predictability, you should specify an explicit hostname and port
3480 using the <directive>ServerName</directive> directive.</p>
3482 <p>If you are using <a
3483 href="../vhosts/name-based.html">name-based virtual hosts</a>,
3484 the <directive>ServerName</directive> inside a
3485 <directive type="section" module="core">VirtualHost</directive>
3486 section specifies what hostname must appear in the request's
3487 <code>Host:</code> header to match this virtual host.</p>
3489 <p>Sometimes, the server runs behind a device that processes SSL,
3490 such as a reverse proxy, load balancer or SSL offload
3491 appliance. When this is the case, specify the
3492 <code>https://</code> scheme and the port number to which the
3493 clients connect in the <directive>ServerName</directive> directive
3494 to make sure that the server generates the correct
3495 self-referential URLs.
3498 <p>See the description of the
3499 <directive module="core">UseCanonicalName</directive> and
3500 <directive module="core">UseCanonicalPhysicalPort</directive> directives for
3501 settings which determine whether self-referential URLs (e.g., by the
3502 <module>mod_dir</module> module) will refer to the
3503 specified port, or to the port number given in the client's request.
3506 <note type="warning">
3507 <p>Failure to set <directive>ServerName</directive> to a name that
3508 your server can resolve to an IP address will result in a startup
3509 warning. <code>httpd</code> will then use whatever hostname it can
3510 determine, using the system's <code>hostname</code> command. This
3511 will almost never be the hostname you actually want.</p>
3513 httpd: Could not reliably determine the server's fully qualified domain name, using rocinante.local for ServerName
3519 <seealso><a href="../dns-caveats.html">Issues Regarding DNS and
3520 Apache HTTP Server</a></seealso>
3521 <seealso><a href="../vhosts/">Apache HTTP Server virtual host
3522 documentation</a></seealso>
3523 <seealso><directive module="core">UseCanonicalName</directive></seealso>
3524 <seealso><directive module="core">UseCanonicalPhysicalPort</directive></seealso>
3525 <seealso><directive module="core">NameVirtualHost</directive></seealso>
3526 <seealso><directive module="core">ServerAlias</directive></seealso>
3527 </directivesynopsis>
3530 <name>ServerPath</name>
3531 <description>Legacy URL pathname for a name-based virtual host that
3532 is accessed by an incompatible browser</description>
3533 <syntax>ServerPath <var>URL-path</var></syntax>
3534 <contextlist><context>virtual host</context></contextlist>
3537 <p>The <directive>ServerPath</directive> directive sets the legacy
3538 URL pathname for a host, for use with <a
3539 href="../vhosts/">name-based virtual hosts</a>.</p>
3541 <seealso><a href="../vhosts/">Apache HTTP Server Virtual Host documentation</a></seealso>
3542 </directivesynopsis>
3545 <name>ServerRoot</name>
3546 <description>Base directory for the server installation</description>
3547 <syntax>ServerRoot <var>directory-path</var></syntax>
3548 <default>ServerRoot /usr/local/apache</default>
3549 <contextlist><context>server config</context></contextlist>
3552 <p>The <directive>ServerRoot</directive> directive sets the
3553 directory in which the server lives. Typically it will contain the
3554 subdirectories <code>conf/</code> and <code>logs/</code>. Relative
3555 paths in other configuration directives (such as <directive
3556 module="core">Include</directive> or <directive
3557 module="mod_so">LoadModule</directive>, for example) are taken as
3558 relative to this directory.</p>
3560 <example><title>Example</title>
3561 ServerRoot /home/httpd
3565 <seealso><a href="../invoking.html">the <code>-d</code>
3566 option to <code>httpd</code></a></seealso>
3567 <seealso><a href="../misc/security_tips.html#serverroot">the
3568 security tips</a> for information on how to properly set
3569 permissions on the <directive>ServerRoot</directive></seealso>
3570 </directivesynopsis>
3573 <name>ServerSignature</name>
3574 <description>Configures the footer on server-generated documents</description>
3575 <syntax>ServerSignature On|Off|EMail</syntax>
3576 <default>ServerSignature Off</default>
3577 <contextlist><context>server config</context><context>virtual host</context>
3578 <context>directory</context><context>.htaccess</context>
3580 <override>All</override>
3583 <p>The <directive>ServerSignature</directive> directive allows the
3584 configuration of a trailing footer line under server-generated
3585 documents (error messages, <module>mod_proxy</module> ftp directory
3586 listings, <module>mod_info</module> output, ...). The reason why you
3587 would want to enable such a footer line is that in a chain of proxies,
3588 the user often has no possibility to tell which of the chained servers
3589 actually produced a returned error message.</p>
3591 <p>The <code>Off</code>
3592 setting, which is the default, suppresses the footer line (and is
3593 therefore compatible with the behavior of Apache-1.2 and
3594 below). The <code>On</code> setting simply adds a line with the
3595 server version number and <directive
3596 module="core">ServerName</directive> of the serving virtual host,
3597 and the <code>EMail</code> setting additionally creates a
3598 "mailto:" reference to the <directive
3599 module="core">ServerAdmin</directive> of the referenced
3602 <p>After version 2.0.44, the details of the server version number
3603 presented are controlled by the <directive
3604 module="core">ServerTokens</directive> directive.</p>
3606 <seealso><directive module="core">ServerTokens</directive></seealso>
3607 </directivesynopsis>
3610 <name>ServerTokens</name>
3611 <description>Configures the <code>Server</code> HTTP response
3612 header</description>
3613 <syntax>ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full</syntax>
3614 <default>ServerTokens Full</default>
3615 <contextlist><context>server config</context></contextlist>
3618 <p>This directive controls whether <code>Server</code> response
3619 header field which is sent back to clients includes a
3620 description of the generic OS-type of the server as well as
3621 information about compiled-in modules.</p>
3624 <dt><code>ServerTokens Full</code> (or not specified)</dt>
3626 <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.1
3627 (Unix) PHP/4.2.2 MyMod/1.2</code></dd>
3629 <dt><code>ServerTokens Prod[uctOnly]</code></dt>
3631 <dd>Server sends (<em>e.g.</em>): <code>Server:
3634 <dt><code>ServerTokens Major</code></dt>
3636 <dd>Server sends (<em>e.g.</em>): <code>Server:
3637 Apache/2</code></dd>
3639 <dt><code>ServerTokens Minor</code></dt>
3641 <dd>Server sends (<em>e.g.</em>): <code>Server:
3642 Apache/2.4</code></dd>
3644 <dt><code>ServerTokens Min[imal]</code></dt>
3646 <dd>Server sends (<em>e.g.</em>): <code>Server:
3647 Apache/2.4.1</code></dd>
3649 <dt><code>ServerTokens OS</code></dt>
3651 <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.1
3656 <p>This setting applies to the entire server, and cannot be
3657 enabled or disabled on a virtualhost-by-virtualhost basis.</p>
3659 <p>After version 2.0.44, this directive also controls the
3660 information presented by the <directive
3661 module="core">ServerSignature</directive> directive.</p>
3663 <note>Setting <directive>ServerTokens</directive> to less than
3664 <code>minimal</code> is not recommended because it makes it more
3665 difficult to debug interoperational problems. Also note that
3666 disabling the Server: header does nothing at all to make your
3667 server more secure; the idea of "security through obscurity"
3668 is a myth and leads to a false sense of safety.</note>
3671 <seealso><directive module="core">ServerSignature</directive></seealso>
3672 </directivesynopsis>
3675 <name>SetHandler</name>
3676 <description>Forces all matching files to be processed by a
3677 handler</description>
3678 <syntax>SetHandler <var>handler-name</var>|None</syntax>
3679 <contextlist><context>server config</context><context>virtual host</context>
3680 <context>directory</context><context>.htaccess</context>
3682 <override>FileInfo</override>
3683 <compatibility>Moved into the core in Apache httpd 2.0</compatibility>
3686 <p>When placed into an <code>.htaccess</code> file or a
3687 <directive type="section" module="core">Directory</directive> or
3688 <directive type="section" module="core">Location</directive>
3689 section, this directive forces all matching files to be parsed
3690 through the <a href="../handler.html">handler</a> given by
3691 <var>handler-name</var>. For example, if you had a directory you
3692 wanted to be parsed entirely as imagemap rule files, regardless
3693 of extension, you might put the following into an
3694 <code>.htaccess</code> file in that directory:</p>
3697 SetHandler imap-file
3700 <p>Another example: if you wanted to have the server display a
3701 status report whenever a URL of
3702 <code>http://servername/status</code> was called, you might put
3703 the following into <code>httpd.conf</code>:</p>
3706 <Location /status><br />
3708 SetHandler server-status<br />
3713 <p>You can override an earlier defined <directive>SetHandler</directive>
3714 directive by using the value <code>None</code>.</p>
3715 <p><strong>Note:</strong> because SetHandler overrides default handlers,
3716 normal behaviour such as handling of URLs ending in a slash (/) as
3717 directories or index files is suppressed.</p>
3720 <seealso><directive module="mod_mime">AddHandler</directive></seealso>
3722 </directivesynopsis>
3725 <name>SetInputFilter</name>
3726 <description>Sets the filters that will process client requests and POST
3728 <syntax>SetInputFilter <var>filter</var>[;<var>filter</var>...]</syntax>
3729 <contextlist><context>server config</context><context>virtual host</context>
3730 <context>directory</context><context>.htaccess</context>
3732 <override>FileInfo</override>
3735 <p>The <directive>SetInputFilter</directive> directive sets the
3736 filter or filters which will process client requests and POST
3737 input when they are received by the server. This is in addition to
3738 any filters defined elsewhere, including the
3739 <directive module="mod_mime">AddInputFilter</directive>
3742 <p>If more than one filter is specified, they must be separated
3743 by semicolons in the order in which they should process the
3746 <seealso><a href="../filter.html">Filters</a> documentation</seealso>
3747 </directivesynopsis>
3750 <name>SetOutputFilter</name>
3751 <description>Sets the filters that will process responses from the
3752 server</description>
3753 <syntax>SetOutputFilter <var>filter</var>[;<var>filter</var>...]</syntax>
3754 <contextlist><context>server config</context><context>virtual host</context>
3755 <context>directory</context><context>.htaccess</context>
3757 <override>FileInfo</override>
3760 <p>The <directive>SetOutputFilter</directive> directive sets the filters
3761 which will process responses from the server before they are
3762 sent to the client. This is in addition to any filters defined
3763 elsewhere, including the
3764 <directive module="mod_mime">AddOutputFilter</directive>
3767 <p>For example, the following configuration will process all files
3768 in the <code>/www/data/</code> directory for server-side
3772 <Directory /www/data/><br />
3774 SetOutputFilter INCLUDES<br />
3779 <p>If more than one filter is specified, they must be separated
3780 by semicolons in the order in which they should process the
3783 <seealso><a href="../filter.html">Filters</a> documentation</seealso>
3784 </directivesynopsis>
3787 <name>TimeOut</name>
3788 <description>Amount of time the server will wait for
3789 certain events before failing a request</description>
3790 <syntax>TimeOut <var>seconds</var></syntax>
3791 <default>TimeOut 60</default>
3792 <contextlist><context>server config</context><context>virtual host</context></contextlist>
3795 <p>The <directive>TimeOut</directive> directive defines the length
3796 of time Apache httpd will wait for I/O in various circumstances:</p>
3799 <li>When reading data from the client, the length of time to
3800 wait for a TCP packet to arrive if the read buffer is
3803 <li>When writing data to the client, the length of time to wait
3804 for an acknowledgement of a packet if the send buffer is
3807 <li>In <module>mod_cgi</module>, the length of time to wait for
3808 output from a CGI script.</li>
3810 <li>In <module>mod_ext_filter</module>, the length of time to
3811 wait for output from a filtering process.</li>
3813 <li>In <module>mod_proxy</module>, the default timeout value if
3814 <directive module="mod_proxy">ProxyTimeout</directive> is not
3819 </directivesynopsis>
3822 <name>TraceEnable</name>
3823 <description>Determines the behaviour on <code>TRACE</code> requests</description>
3824 <syntax>TraceEnable <var>[on|off|extended]</var></syntax>
3825 <default>TraceEnable on</default>
3826 <contextlist><context>server config</context></contextlist>
3827 <compatibility>Available in Apache HTTP Server 1.3.34, 2.0.55 and later</compatibility>
3830 <p>This directive overrides the behavior of <code>TRACE</code> for both
3831 the core server and <module>mod_proxy</module>. The default
3832 <code>TraceEnable on</code> permits <code>TRACE</code> requests per
3833 RFC 2616, which disallows any request body to accompany the request.
3834 <code>TraceEnable off</code> causes the core server and
3835 <module>mod_proxy</module> to return a <code>405</code> (Method not
3836 allowed) error to the client.</p>
3838 <p>Finally, for testing and diagnostic purposes only, request
3839 bodies may be allowed using the non-compliant <code>TraceEnable
3840 extended</code> directive. The core (as an origin server) will
3841 restrict the request body to 64k (plus 8k for chunk headers if
3842 <code>Transfer-Encoding: chunked</code> is used). The core will
3843 reflect the full headers and all chunk headers with the response
3844 body. As a proxy server, the request body is not restricted to 64k.</p>
3846 </directivesynopsis>
3849 <name>UnDefine</name>
3850 <description>Undefine the existence of a variable</description>
3851 <syntax>UnDefine <var>parameter-name</var></syntax>
3852 <contextlist><context>server config</context></contextlist>
3855 <p>Undoes the effect of a <directive module="core">Define</directive> or
3856 of passing a <code>-D</code> argument to <program>httpd</program>.</p>
3857 <p>This directive can be used to toggle the use of <directive module="core"
3858 type="section">IfDefine</directive> sections without needing to alter
3859 <code>-D</code> arguments in any startup scripts.</p>
3861 </directivesynopsis>
3864 <name>UseCanonicalName</name>
3865 <description>Configures how the server determines its own name and
3867 <syntax>UseCanonicalName On|Off|DNS</syntax>
3868 <default>UseCanonicalName Off</default>
3869 <contextlist><context>server config</context><context>virtual host</context>
3870 <context>directory</context></contextlist>
3873 <p>In many situations Apache httpd must construct a <em>self-referential</em>
3874 URL -- that is, a URL that refers back to the same server. With
3875 <code>UseCanonicalName On</code> Apache httpd will use the hostname and port
3876 specified in the <directive module="core">ServerName</directive>
3877 directive to construct the canonical name for the server. This name
3878 is used in all self-referential URLs, and for the values of
3879 <code>SERVER_NAME</code> and <code>SERVER_PORT</code> in CGIs.</p>
3881 <p>With <code>UseCanonicalName Off</code> Apache httpd will form
3882 self-referential URLs using the hostname and port supplied by
3883 the client if any are supplied (otherwise it will use the
3884 canonical name, as defined above). These values are the same
3885 that are used to implement <a
3886 href="../vhosts/name-based.html">name-based virtual hosts</a>,
3887 and are available with the same clients. The CGI variables
3888 <code>SERVER_NAME</code> and <code>SERVER_PORT</code> will be
3889 constructed from the client supplied values as well.</p>
3891 <p>An example where this may be useful is on an intranet server
3892 where you have users connecting to the machine using short
3893 names such as <code>www</code>. You'll notice that if the users
3894 type a shortname, and a URL which is a directory, such as
3895 <code>http://www/splat</code>, <em>without the trailing
3896 slash</em> then Apache httpd will redirect them to
3897 <code>http://www.domain.com/splat/</code>. If you have
3898 authentication enabled, this will cause the user to have to
3899 authenticate twice (once for <code>www</code> and once again
3900 for <code>www.domain.com</code> -- see <a
3901 href="http://httpd.apache.org/docs/misc/FAQ.html#prompted-twice">the
3902 FAQ on this subject for more information</a>). But if
3903 <directive>UseCanonicalName</directive> is set <code>Off</code>, then
3904 Apache httpd will redirect to <code>http://www/splat/</code>.</p>
3906 <p>There is a third option, <code>UseCanonicalName DNS</code>,
3907 which is intended for use with mass IP-based virtual hosting to
3908 support ancient clients that do not provide a
3909 <code>Host:</code> header. With this option Apache httpd does a
3910 reverse DNS lookup on the server IP address that the client
3911 connected to in order to work out self-referential URLs.</p>
3913 <note type="warning"><title>Warning</title>
3914 <p>If CGIs make assumptions about the values of <code>SERVER_NAME</code>
3915 they may be broken by this option. The client is essentially free
3916 to give whatever value they want as a hostname. But if the CGI is
3917 only using <code>SERVER_NAME</code> to construct self-referential URLs
3918 then it should be just fine.</p>
3921 <seealso><directive module="core">UseCanonicalPhysicalPort</directive></seealso>
3922 <seealso><directive module="core">ServerName</directive></seealso>
3923 <seealso><directive module="mpm_common">Listen</directive></seealso>
3924 </directivesynopsis>
3927 <name>UseCanonicalPhysicalPort</name>
3928 <description>Configures how the server determines its own name and
3930 <syntax>UseCanonicalPhysicalPort On|Off</syntax>
3931 <default>UseCanonicalPhysicalPort Off</default>
3932 <contextlist><context>server config</context><context>virtual host</context>
3933 <context>directory</context></contextlist>
3936 <p>In many situations Apache httpd must construct a <em>self-referential</em>
3937 URL -- that is, a URL that refers back to the same server. With
3938 <code>UseCanonicalPhysicalPort On</code> Apache httpd will, when
3939 constructing the canonical port for the server to honor
3940 the <directive module="core">UseCanonicalName</directive> directive,
3941 provide the actual physical port number being used by this request
3942 as a potential port. With <code>UseCanonicalPhysicalPort Off</code>
3943 Apache httpd will not ever use the actual physical port number, instead
3944 relying on all configured information to construct a valid port number.</p>
3946 <note><title>Note</title>
3947 <p>The ordering of when the physical port is used is as follows:<br /><br />
3948 <code>UseCanonicalName On</code></p>
3950 <li>Port provided in <code>Servername</code></li>
3951 <li>Physical port</li>
3952 <li>Default port</li>
3954 <code>UseCanonicalName Off | DNS</code>
3956 <li>Parsed port from <code>Host:</code> header</li>
3957 <li>Physical port</li>
3958 <li>Port provided in <code>Servername</code></li>
3959 <li>Default port</li>
3962 <p>With <code>UseCanonicalPhysicalPort Off</code>, the
3963 physical ports are removed from the ordering.</p>
3967 <seealso><directive module="core">UseCanonicalName</directive></seealso>
3968 <seealso><directive module="core">ServerName</directive></seealso>
3969 <seealso><directive module="mpm_common">Listen</directive></seealso>
3970 </directivesynopsis>
3972 <directivesynopsis type="section">
3973 <name>VirtualHost</name>
3974 <description>Contains directives that apply only to a specific
3975 hostname or IP address</description>
3976 <syntax><VirtualHost
3977 <var>addr</var>[:<var>port</var>] [<var>addr</var>[:<var>port</var>]]
3978 ...> ... </VirtualHost></syntax>
3979 <contextlist><context>server config</context></contextlist>
3982 <p><directive type="section">VirtualHost</directive> and
3983 <code></VirtualHost></code> are used to enclose a group of
3984 directives that will apply only to a particular virtual host. Any
3985 directive that is allowed in a virtual host context may be
3986 used. When the server receives a request for a document on a
3987 particular virtual host, it uses the configuration directives
3988 enclosed in the <directive type="section">VirtualHost</directive>
3989 section. <var>Addr</var> can be:</p>
3992 <li>The IP address of the virtual host;</li>
3994 <li>A fully qualified domain name for the IP address of the
3995 virtual host (not recommended);</li>
3997 <li>The character <code>*</code>, which is used only in combination with
3998 <code>NameVirtualHost *</code> to match all IP addresses; or</li>
4000 <li>The string <code>_default_</code>, which is used only
4001 with IP virtual hosting to catch unmatched IP addresses.</li>
4004 <example><title>Example</title>
4005 <VirtualHost 10.1.2.3><br />
4007 ServerAdmin webmaster@host.example.com<br />
4008 DocumentRoot /www/docs/host.example.com<br />
4009 ServerName host.example.com<br />
4010 ErrorLog logs/host.example.com-error_log<br />
4011 TransferLog logs/host.example.com-access_log<br />
4013 </VirtualHost>
4017 <p>IPv6 addresses must be specified in square brackets because
4018 the optional port number could not be determined otherwise. An
4019 IPv6 example is shown below:</p>
4022 <VirtualHost [2001:db8::a00:20ff:fea7:ccea]><br />
4024 ServerAdmin webmaster@host.example.com<br />
4025 DocumentRoot /www/docs/host.example.com<br />
4026 ServerName host.example.com<br />
4027 ErrorLog logs/host.example.com-error_log<br />
4028 TransferLog logs/host.example.com-access_log<br />
4030 </VirtualHost>
4033 <p>Each Virtual Host must correspond to a different IP address,
4034 different port number or a different host name for the server,
4035 in the former case the server machine must be configured to
4036 accept IP packets for multiple addresses. (If the machine does
4037 not have multiple network interfaces, then this can be
4038 accomplished with the <code>ifconfig alias</code> command -- if
4039 your OS supports it).</p>
4041 <note><title>Note</title>
4042 <p>The use of <directive type="section">VirtualHost</directive> does
4043 <strong>not</strong> affect what addresses Apache httpd listens on. You
4044 may need to ensure that Apache httpd is listening on the correct addresses
4045 using <directive module="mpm_common">Listen</directive>.</p>
4048 <p>When using IP-based virtual hosting, the special name
4049 <code>_default_</code> can be specified in
4050 which case this virtual host will match any IP address that is
4051 not explicitly listed in another virtual host. In the absence
4052 of any <code>_default_</code> virtual host the "main" server config,
4053 consisting of all those definitions outside any VirtualHost
4054 section, is used when no IP-match occurs.</p>
4056 <p>You can specify a <code>:port</code> to change the port that is
4057 matched. If unspecified then it defaults to the same port as the
4058 most recent <directive module="mpm_common">Listen</directive>
4059 statement of the main server. You may also specify <code>:*</code>
4060 to match all ports on that address. (This is recommended when used
4061 with <code>_default_</code>.)</p>
4063 <p>A <directive module="core">ServerName</directive> should be
4064 specified inside each <directive
4065 type="section">VirtualHost</directive> block. If it is absent, the
4066 <directive module="core">ServerName</directive> from the "main"
4067 server configuration will be inherited.</p>
4069 <p>If no matching virtual host is found, then the first listed
4070 virtual host that matches the IP address will be used. As a
4071 consequence, the first listed virtual host is the default virtual
4074 <note type="warning"><title>Security</title>
4075 <p>See the <a href="../misc/security_tips.html">security tips</a>
4076 document for details on why your security could be compromised if the
4077 directory where log files are stored is writable by anyone other
4078 than the user that starts the server.</p>
4081 <seealso><a href="../vhosts/">Apache HTTP Server Virtual Host documentation</a></seealso>
4082 <seealso><a href="../dns-caveats.html">Issues Regarding DNS and
4083 Apache HTTP Server</a></seealso>
4084 <seealso><a href="../bind.html">Setting
4085 which addresses and ports Apache HTTP Server uses</a></seealso>
4086 <seealso><a href="../sections.html">How <Directory>, <Location>
4087 and <Files> sections work</a> for an explanation of how these
4088 different sections are combined when a request is received</seealso>
4089 </directivesynopsis>