<div id="page-header">
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p>
<p class="apache">Apache HTTP Server Version 2.5</p>
-<img alt="" src="../images/feather.gif" /></div>
+<img alt="" src="../images/feather.png" /></div>
<div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div>
<div id="path">
<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
<li><img alt="" src="../images/down.gif" /> <a href="#asyncfilter">AsyncFilter</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cgimapextension">CGIMapExtension</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#cgipassauth">CGIPassAuth</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#cgivar">CGIVar</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#contentdigest">ContentDigest</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#defaultruntimedir">DefaultRuntimeDir</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#defaulttype">DefaultType</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#forcetype">ForceType</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#gprofdir">GprofDir</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#hostnamelookups">HostnameLookups</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#httpprotocoloptions">HttpProtocolOptions</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#if"><If></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ifdefine"><IfDefine></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#ifmodule"><IfModule></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#protocol">Protocol</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#protocols">Protocols</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#protocolshonororder">ProtocolsHonorOrder</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#qualifyredirecturl">QualifyRedirectURL</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#registerhttpmethod">RegisterHttpMethod</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#rlimitcpu">RLimitCPU</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#rlimitmem">RLimitMEM</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#virtualhost"><VirtualHost></a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#warning">Warning</a></li>
</ul>
-<ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
+<h3>Bugfix checklist</h3><ul class="seealso"><li><a href="https://www.apache.org/dist/httpd/CHANGES_2.4">httpd changelog</a></li><li><a href="https://bz.apache.org/bugzilla/buglist.cgi?bug_status=__open__&list_id=144532&product=Apache%20httpd-2&query_format=specific&order=changeddate%20DESC%2Cpriority%2Cbug_severity&component=core">Known issues</a></li><li><a href="https://bz.apache.org/bugzilla/enter_bug.cgi?product=Apache%20httpd-2&component=core">Report a bug</a></li></ul><h3>See also</h3>
+<ul class="seealso">
+<li><a href="#comments_section">Comments</a></li></ul></div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AcceptFilter" id="AcceptFilter">AcceptFilter</a> <a name="acceptfilter" id="acceptfilter">Directive</a></h2>
<dt>Nonfatal=[Override|Unknown|All]</dt>
<dd>
- Allow use of AllowOverride option to treat syntax errors in
+ Allow use of AllowOverride option to treat invalid (unrecognized
+ or disallowed) directives in
.htaccess as nonfatal. Instead of causing an Internal Server
Error, disallowed or unrecognised directives will be ignored
and a warning logged:
<li><strong>Nonfatal=All</strong> treats both the above as nonfatal.</li>
</ul>
<p>Note that a syntax error in a valid directive will still cause
- an internal server error.</p>
+ an Internal Server Error.</p>
<div class="warning"><h3>Security</h3>
Nonfatal errors may have security implications for .htaccess users.
For example, if AllowOverride disallows AuthConfig, users'
<p>In the example above, only the <code>Redirect</code> and
<code>RedirectMatch</code> directives are allowed. All others will
- cause an internal server error.</p>
+ cause an Internal Server Error.</p>
<p>Example:</p>
</a></code> grants permission to the <code>AuthConfig</code>
directive grouping and <code class="directive">AllowOverrideList</code> grants
permission to only two directives from the <code>FileInfo</code> directive
- grouping. All others will cause an internal server error.</p>
+ grouping. All others will cause an Internal Server Error.</p>
<h3>See also</h3>
<ul>
use <code>ap_add_common_vars()</code> may choose to respect the setting
as well.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="CGIVar" id="CGIVar">CGIVar</a> <a name="cgivar" id="cgivar">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls how some CGI variables are set</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>CGIVar <var>variable</var> <var>rule</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache HTTP Server 2.4.21 and later</td></tr>
+</table>
+ <p>This directive controls how some CGI variables are set.</p>
+
+ <p><strong>REQUEST_URI</strong> rules:</p>
+ <dl>
+ <dt><code>original-uri</code> (default)</dt>
+ <dd>The value is taken from the original request line, and will not
+ reflect internal redirects or subrequests which change the requested
+ resource.</dd>
+ <dt><code>current-uri</code></dt>
+ <dd>The value reflects the resource currently being processed,
+ which may be different than the original request from the client
+ due to internal redirects or subrequests.</dd>
+ </dl>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="ContentDigest" id="ContentDigest">ContentDigest</a> <a name="contentdigest" id="contentdigest">Directive</a></h2>
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>. In order to prevent confusion, numbered
(unnamed) backreferences are ignored. Use named groups instead.</p>
-<pre class="prettyprint lang-config"><DirectoryMatch "^/var/www/combined/(?<sitename>[^/]+)">
+ <pre class="prettyprint lang-config"><DirectoryMatch "^/var/www/combined/(?<sitename>[^/]+)">
Require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
</DirectoryMatch></pre>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory that forms the main document tree visible
from the web</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>DocumentRoot <var>directory-path</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>DocumentRoot /usr/local/apache/htdocs</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>DocumentRoot "/usr/local/apache/htdocs"</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
whether the parameter is an URL, a path or a message is performed
before any expression is parsed. Examples:</p>
- <pre class="prettyprint lang-config">ErrorDocument 500 http://foo.example.com/cgi-bin/tester
-ErrorDocument 404 /cgi-bin/bad_urls.pl
+ <pre class="prettyprint lang-config">ErrorDocument 500 http://example.com/cgi-bin/server-error.cgi
+ErrorDocument 404 /errors/bad_urls.php
ErrorDocument 401 /subscription_info.html
-ErrorDocument 403 "Sorry can't allow you access today"
+ErrorDocument 403 "Sorry, can't allow you access today"
ErrorDocument 403 Forbidden!
-ErrorDocument 403 /cgi-bin/forbidden.pl?referrer=%{escape:%{HTTP_REFERER}}</pre>
+ErrorDocument 403 /errors/forbidden.py?referrer=%{escape:%{HTTP_REFERER}}</pre>
<p>Additionally, the special value <code>default</code> can be used
<p>This would result in error messages such as:</p>
- <div class="example"><p><code>
+ <div class="example"><p><code>
[Thu May 12 08:28:57.652118 2011] [core:error] [pid 8777:tid 4326490112] [client ::1:58619] File does not exist: /usr/local/apache2/htdocs/favicon.ico
</code></p></div>
does. However, it accepts a <a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular
expression</a>. For example:</p>
-<pre class="prettyprint lang-config"><FilesMatch ".+\.(gif|jpe?g|png)$">
+ <pre class="prettyprint lang-config"><FilesMatch ".+\.(gif|jpe?g|png)$">
# ...
</FilesMatch></pre>
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>. In order to prevent confusion, numbered
(unnamed) backreferences are ignored. Use named groups instead.</p>
-<pre class="prettyprint lang-config"><FilesMatch "^(?<sitename>[^/]+)">
+ <pre class="prettyprint lang-config"><FilesMatch "^(?<sitename>[^/]+)">
require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
</FilesMatch></pre>
directives</a>, a hostname lookup will be performed regardless of
the setting of <code>HostnameLookups</code>.</p>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="HttpProtocolOptions" id="HttpProtocolOptions">HttpProtocolOptions</a> <a name="httpprotocoloptions" id="httpprotocoloptions">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Modify restrictions on HTTP Request Messages</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>HttpProtocolOptions [Strict|Unsafe] [StrictURL|UnsafeURL]
+ [RegisteredMethods|LenientMethods] [Allow0.9|Require1.0]</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>HttpProtocolOptions Strict StrictURL LenientMethods Allow0.9</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.2.32 or 2.4.24 and later</td></tr>
+</table>
+ <p>This directive changes the rules applied to the HTTP Request Line
+ (<a href="https://tools.ietf.org/html/rfc7230#section-3.1.1">RFC 7230 §3.1.1</a>) and the HTTP Request Header Fields
+ (<a href="https://tools.ietf.org/html/rfc7230#section-3.2">RFC 7230 §3.2</a>), which are now applied by default or using
+ the <code>Strict</code> option. Due to legacy modules, applications or
+ custom user-agents which must be deperecated, <code>Unsafe</code>
+ and <code>UnsafeURL</code> options have been added to revert to the legacy
+ behaviors. These rules are applied prior to request processing, so must be
+ configured at the global or default (first) matching virtual host section,
+ by IP/port interface and not by name, to be honored.</p>
+
+ <p>Prior to the introduction of this directive, the Apache HTTP Server
+ request message parsers were tolerant of a number of forms of input
+ which did not conform to the protocol.
+ <a href="https://tools.ietf.org/html/rfc7230#section-9.4">RFC 7230 §9.4 Request Splitting</a> and
+ <a href="https://tools.ietf.org/html/rfc7230#section-9.5">§9.5 Response Smuggling</a> call out only two of the potential
+ risks of accepting non-conformant request messages, while
+ <a href="https://tools.ietf.org/html/rfc7230#section-3.5">RFC 7230 §3.5</a> "Message Parsing Robustness" identify the
+ risks of accepting obscure whitespace and request message formatting.
+ As of the introduction of this directive, all grammer rules of the
+ specification are enforced in the default <code>Strict</code> operating
+ mode, and the strict whitespace suggested by section 3.5 is enforced
+ and cannot be relaxed.</p>
+
+ <p><a href="https://tools.ietf.org/html/rfc3986#section-2.2">RFC 3986 §2.2 and 2.3</a> define "Reserved Characters" and
+ "Unreserved Characters". All other character octets are required to
+ be %XX encoded under this spec, and RFC7230 defers to these requirements.
+ By default the <code>StrictURI</code> option will reject all requests
+ containing invalid characters. This rule can be relaxed with the
+ <code>UnsafeURI</code> option to support badly written user-agents.</p>
+
+ <p>Users are strongly cautioned against toggling the <code>Unsafe</code>
+ or <code>UnsafeURI</code> modes of operation, particularly on
+ outward-facing, publicly accessible server deployments.
+ If an interface is required for faulty monitoring or other custom service
+ consumers running on an intranet, users should toggle only those Unsafe
+ options which are necessary, and only on a specific virtual host configured
+ to service only their internal private network.</p>
+
+ <p>Reviewing the messages logged to the <code class="directive">ErrorLog</code>,
+ configured with <code class="directive">LogLevel</code> <code>debug</code> level,
+ can help identify such faulty requests along with their origin.
+ Users should pay particular attention to the 400 responses in the access
+ log for invalid requests which were unexpectedly rejected.</p>
+
+ <p><a href="https://tools.ietf.org/html/rfc7231#section-4.1">RFC 7231 §4.1</a> "Request Methods" "Overview" requires that
+ origin servers shall respond with an error when an unsupported method
+ is encountered in the request line. This already happens when the
+ <code>LenientMethods</code> option is used, but administrators may wish
+ to toggle the <code>RegisteredMethods</code> option and register any
+ non-standard methods using the <code class="directive">RegisterHttpMethod</code>
+ directive, particularly if the <code>Unsafe</code> option has been toggled.
+ The <code>RegisteredMethods</code> option should <strong>not</strong>
+ be toggled for forward proxy hosts, as the methods supported by the
+ origin servers are unknown to the proxy server.</p>
+
+ <p><a href="https://tools.ietf.org/html/rfc2616#section-19.6">RFC 2616 §19.6</a> "Compatibility With Previous Versions" had
+ encouraged HTTP servers to support legacy HTTP/0.9 requests. RFC 7230
+ superceeds this with "The expectation to support HTTP/0.9 requests has
+ been removed" and offers additional comments in
+ <a href="https://tools.ietf.org/html/rfc7230#appendix-A">RFC 7230 Appendix A</a>. The <code>Require1.0</code> option allows
+ the user to remove support of the default <code>Allow0.9</code> option's
+ behavior.</p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="If" id="If"><If></a> <a name="if" id="if">Directive</a></h2>
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>. In order to prevent confusion, numbered
(unnamed) backreferences are ignored. Use named groups instead.</p>
-<pre class="prettyprint lang-config"><LocationMatch "^/combined/(?<sitename>[^/]+)">
+ <pre class="prettyprint lang-config"><LocationMatch "^/combined/(?<sitename>[^/]+)">
require ldap-group cn=%{env:MATCH_SITENAME},ou=combined,o=Example
</LocationMatch></pre>
holding a mutex that uses this implementation, the server will deadlock
and stop responding to requests. When this occurs, the server will
require a manual restart to recover.</p>
- <p>Solaris is a notable exception as it provides a mechanism which
+ <p>Solaris and Linux are notable exceptions as they provide a mechanism which
usually allows the mutex to be recovered after a child process
terminates abnormally while holding a mutex.</p>
- <p>If your system implements the
+ <p>If your system is POSIX compliant or if it implements the
<code>pthread_mutexattr_setrobust_np()</code> function, you may be able
to use the <code>pthread</code> option safely.</p>
</div>
<p>Normally, if multiple <code class="directive">Options</code> could
apply to a directory, then the most specific one is used and
- others are ignored; the options are not merged. (See <a href="../sections.html#mergin">how sections are merged</a>.)
+ others are ignored; the options are not merged. (See <a href="../sections.html#merging">how sections are merged</a>.)
However if <em>all</em> the options on the
<code class="directive">Options</code> directive are preceded by a
<code>+</code> or <code>-</code> symbol, the options are
<ul>
<li><code class="directive"><a href="#protocols">Protocols</a></code></li>
</ul>
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="QualifyRedirectURL" id="QualifyRedirectURL">QualifyRedirectURL</a> <a name="qualifyredirecturl" id="qualifyredirecturl">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Controls whether the REDIRECT_URL environment variable is
+ fully qualified</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>QualifyRedirectURL ON|OFF</code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>QualifyRedirectURL OFF</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Directive supported in 2.4.18 and later. 2.4.17 acted
+as if 'QualifyRedirectURL ON' was configured.</td></tr>
+</table>
+ <p>This directive controls whether the server will ensure that the
+ REDIRECT_URL environment variable is fully qualified. By default,
+ the variable contains the verbatim URL requested by the client,
+ such as "/index.html". With <code class="directive"><a href="#qualifyredirecturl on">QualifyRedirectURL ON</a></code>, the same request would result in a
+ value such as "http://www.example.com/index.html".</p>
+ <p>Even without this directive set, when a request is issued against a
+ fully qualified URL, REDIRECT_URL will remain fully qualified.
+ </p>
+
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="RegisterHttpMethod" id="RegisterHttpMethod">RegisterHttpMethod</a> <a name="registerhttpmethod" id="registerhttpmethod">Directive</a></h2>
in the order they appear in the configuration. The first matching <code class="directive"><a href="#servername">ServerName</a></code> or <code class="directive"><a href="#serveralias">ServerAlias</a></code> is used, with no different precedence for wildcards
(nor for ServerName vs. ServerAlias). </p>
- <p>The complete list of names in the <code class="directive">VirtualHost</code>
+ <p>The complete list of names in the <code class="directive"><a href="#virtualhost"><VirtualHost></a></code>
directive are treated just like a (non wildcard)
<code class="directive">ServerAlias</code>.</p>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Hostname and port that the server uses to identify
itself</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ServerName [<var>scheme</var>://]<var>fully-qualified-domain-name</var>[:<var>port</var>]</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>ServerName [<var>scheme</var>://]<var>domain-name</var>|<var>ip-address</var>[:<var>port</var>]</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
</table>
<p>The <code class="directive">ServerName</code> directive sets the
- request scheme, hostname and
- port that the server uses to identify itself. This is used when
- creating redirection URLs.</p>
+ request scheme, hostname and port that the server uses to identify itself.
+ </p>
- <p>Additionally, <code class="directive">ServerName</code> is used (possibly
- in conjunction with <code class="directive">ServerAlias</code>) to uniquely
+ <p><code class="directive">ServerName</code> is used (possibly
+ in conjunction with <code class="directive"><a href="#serveralias">ServerAlias</a></code>) to uniquely
identify a virtual host, when using <a href="../vhosts/name-based.html">name-based virtual hosts</a>.</p>
+ <p>Additionally, this is used when
+ creating self-referential redirection URLs when
+ <code class="directive"><a href="#usecanonicalname">UseCanonicalName</a></code> is set to a non-default
+ value.</p>
+
<p>For example, if the name of the
machine hosting the web server is <code>simple.example.com</code>,
but the machine also has the DNS alias <code>www.example.com</code>
each appearance overrides the previous appearance (within that
server).</p>
- <p>If no <code class="directive">ServerName</code> is specified, then the
- server attempts to deduce the client visible hostname by performing a
- reverse lookup on an IP address of the systems hostname.</p>
+ <p>If no <code class="directive">ServerName</code> is specified, the
+ server attempts to deduce the client visible hostname by first asking
+ the operating system for the system hostname, and if that fails,
+ performing a reverse lookup on an IP address present on the system.</p>
<p>If no port is specified in the
<code class="directive">ServerName</code>, then the server will use the
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Forces all matching files to be processed by a
handler</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SetHandler <var>handler-name</var>|None</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>SetHandler <var>handler-name</var>|none|<var>expression</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>FileInfo</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Core</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>core</td></tr>
+<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>2.5 and later</td></tr>
</table>
<p>When placed into an <code>.htaccess</code> file or a
<code class="directive"><a href="#directory"><Directory></a></code> or
</FilesMatch></pre>
+ <p>String-valued expressions can be used to reference per-request
+ variables, including backreferences to named regular expressions:</p>
+
+ <pre class="prettyprint lang-config"><LocationMatch ^/app/(?<sub>[^/]+)/>
+ SetHandler "proxy:unix:/var/run/app_%{env:MATCH_sub}.sock|fcgi://localhost:8080"
+</LocationMatch></pre>
+
+
<p>You can override an earlier defined <code class="directive">SetHandler</code>
directive by using the value <code>None</code>.</p>
<p>The <code class="directive">TimeOut</code> directive defines the length
of time Apache httpd will wait for I/O in various circumstances:</p>
- <ol>
- <li>When reading data from the client, the length of time to
+ <ul>
+ <li><p>When reading data from the client, the length of time to
wait for a TCP packet to arrive if the read buffer is
- empty.</li>
+ empty.</p>
+ <p> For initial data on a new connection, this directive doesn't
+ take effect until after any configured <code class="directive"><a href="#acceptfilter">
+ AcceptFilter</a></code> has passed the new connection to the server.</p>
+ </li>
<li>When writing data to the client, the length of time to wait
for an acknowledgement of a packet if the send buffer is
<li>In <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code>, the default timeout value if
<code class="directive"><a href="../mod/mod_proxy.html#proxytimeout">ProxyTimeout</a></code> is not
configured.</li>
- </ol>
+ </ul>
</div>
<p>Finally, for testing and diagnostic purposes only, request
bodies may be allowed using the non-compliant <code>TraceEnable
extended</code> directive. The core (as an origin server) will
- restrict the request body to 64k (plus 8k for chunk headers if
+ restrict the request body to 64Kb (plus 8Kb for chunk headers if
<code>Transfer-Encoding: chunked</code> is used). The core will
reflect the full headers and all chunk headers with the response
- body. As a proxy server, the request body is not restricted to 64k.</p>
+ body. As a proxy server, the request body is not restricted to 64Kb.</p>
<div class="note"><h3>Note</h3>
- <p>Despite claims to the contrary, <code>TRACE</code> is not
- a security vulnerability, and there is no viable reason for
- it to be disabled. Doing so necessarily makes your server
- noncompliant.</p>
+
+ <p>Despite claims to the contrary, enabling the <code>TRACE</code>
+ method does not expose any security vulnerability in Apache httpd.
+ The <code>TRACE</code> method is defined by the HTTP/1.1
+ specification and implementations are expected to support it.</p>
+
</div>
</div>
}
})(window, document);
//--><!]]></script></div><div id="footer">
-<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2016 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--
if (typeof(prettyPrint) !== 'undefined') {
prettyPrint();