X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=docs%2Fmanual%2Fmod%2Fcore.html.en;h=270e9e9868b88a7aaaa65f8ef6cae892b083e219;hb=655875eb8c2fadc85aacdc1700c6e7ea99c8fc7d;hp=40053607b93342bcbcdfd0984e11d0f7df144cbe;hpb=9e03d7e1afc50863089be42ba92a40b316126e99;p=apache diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index 40053607b9..270e9e9868 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -8,16 +8,19 @@
Apache HTTP Server Version 2.3
+ +Apache HTTP Server Version 2.5
This directive enables operating system specific optimizations for a
- listening socket by the Using The default protocol names are The default values on FreeBSD are: The Protocol
type.
+ listening socket by the Protocol
type.
The basic premise is for the kernel to not send a socket to the server
process until either data is received or an entire HTTP Request is buffered.
Only
@@ -131,7 +141,10 @@ On Windows from Apache httpd 2.3.3 and later.
none
for an argument will disable any accept filters
for that protocol. This is useful for protocols that require a server
send data first, such as ftp:
or nntp
:AcceptFilter nntp none
+ AcceptFilter nntp none
+
+
https
for port 443
and http
for all other ports. To specify another protocol
@@ -140,10 +153,11 @@ On Windows from Apache httpd 2.3.3 and later.
directive.
- AcceptFilter http httpready
- AcceptFilter https dataready
-
+AcceptFilter http httpready
+AcceptFilter https dataready
+
+
httpready
accept filter buffers entire HTTP requests at
the kernel level. Once an entire request is received, the kernel then
@@ -154,10 +168,11 @@ On Windows from Apache httpd 2.3.3 and later.
accf_data(9)
The default values on Linux are:
-
- AcceptFilter http data
- AcceptFilter https data
-
+AcceptFilter http data +AcceptFilter https data ++
Linux's TCP_DEFER_ACCEPT
does not support buffering http
requests. Any value besides none
will enable
@@ -167,10 +182,11 @@ On Windows from Apache httpd 2.3.3 and later.
tcp(7) man page.
The default values on Windows are:
-
- AcceptFilter http data
- AcceptFilter https data
-
+AcceptFilter http data +AcceptFilter https data ++
Window's mpm_winnt interprets the AcceptFilter to toggle the AcceptEx() API, and does not support http protocol buffering. There are two values @@ -192,7 +208,7 @@ On Windows from Apache httpd 2.3.3 and later.
Protocol
Protocol
- <Files "mypaths.shtml">
-
- Options +Includes
- SetOutputFilter INCLUDES
- AcceptPathInfo On
-
- </Files>
-
+<Files "mypaths.shtml"> + Options +Includes + SetOutputFilter INCLUDES + AcceptPathInfo On +</Files> ++
- AccessFileName .acl
-
AccessFileName .acl+
before returning the document
/usr/local/web/index.html
, the server will read
@@ -290,13 +304,12 @@ On Windows from Apache httpd 2.3.3 and later.
/usr/local/.acl
and /usr/local/web/.acl
for directives, unless they have been disabled with
- <Directory />
-
- AllowOverride None
-
- </Directory>
-
+<Directory /> + AllowOverride None +</Directory> ++
text/plain
or text/html
charset values for use in Internet media types (MIME types).
For example:
-
- AddDefaultCharset utf-8
-
AddDefaultCharset utf-8+
AddDefaultCharset
should only be used when all
of the text resources to which it applies are known to be in that
@@ -416,10 +428,10 @@ NoDecode option available in 2.3.12 and later.
<Files>
sections.
-
When this directive is set to None
, then
- .htaccess files are completely ignored.
- In this case, the server will not even attempt to read
- .htaccess
files in the filesystem.
When this directive is set to None
and AllowOverrideList
is set to
+ None
.htaccess files are
+ completely ignored. In this case, the server will not even attempt
+ to read .htaccess
files in the filesystem.
When this directive is set to All
, then any
directive which has the .htaccess Context is allowed in
@@ -433,7 +445,7 @@ NoDecode option available in 2.3.12 and later.
AuthDBMGroupFile
,
+ Allow use of the authorization directives (AuthDBMGroupFile
,
AuthDBMUserFile
,
AuthGroupFile
,
AuthName
,
@@ -451,7 +463,8 @@ NoDecode option available in 2.3.12 and later.
SetOutputFilter
, and
mod_mime
Add* and Remove* directives),
document meta data (Header
, RequestHeader
, SetEnvIf
, SetEnvIfNoCase
, BrowserMatch
, CookieExpires
, CookieDomain
, CookieStyle
, CookieTracking
, CookieName
),
- mod_rewrite
directives RewriteEngine
, RewriteOptions
, RewriteBase
, RewriteCond
, RewriteRule
) and
+ mod_rewrite
directives (RewriteEngine
, RewriteOptions
, RewriteBase
, RewriteCond
, RewriteRule
),
+ mod_alias
directives (Redirect
, RedirectTemp
, RedirectPermanent
, RedirectMatch
), and
Action
from
mod_actions
.
AddDescription
,
AddIcon
, AddIconByEncoding
,
AddIconByType
,
- DefaultIcon
, DirectoryIndex
, FancyIndexing
, HeaderName
, IndexIgnore
, IndexOptions
, ReadmeName
,
+ DefaultIcon
, DirectoryIndex
, , FallbackResource
,FancyIndexing
, HeaderName
, IndexIgnore
, IndexOptions
, ReadmeName
,
etc.).
Allow
, Deny
and Order
).Allow
, Deny
and Order
).
+
+
+
+
+ Note that a syntax error in a valid directive will still cause + an internal server error.
+Options
and
XBitHack
).
An equal sign may be given followed by a comma (but no spaces)
- separated lists of options that may be set using the Options
command.
+ separated lists of options that may be set using the Options
command.
+
+ Even though the list of options that may be used in .htaccess files
+ can be limited with this directive, as long as any Options
directive is allowed any
+ other inherited option can be disabled by using the non-relative
+ syntax. In other words, this mechanism cannot force a specific option
+ to remain set while allowing any others to be set.
+
+ AllowOverride Options=Indexes,MultiViews
+
Example:
-
- AllowOverride AuthConfig Indexes
-
AllowOverride AuthConfig Indexes+
In the example above all directives that are neither in the group
AuthConfig
nor Indexes
cause an internal
@@ -502,6 +554,70 @@ NoDecode option available in 2.3.12 and later.
Description: | Individual directives that are allowed in
+.htaccess files |
---|---|
Syntax: | AllowOverrideList None|directive
+[directive-type] ... |
Default: | AllowOverrideList None |
Context: | directory |
Status: | Core |
Module: | core |
When the server finds an .htaccess
file (as
+ specified by AccessFileName
)
+ it needs to know which directives declared in that file can override
+ earlier configuration directives.
AllowOverrideList
is valid only in
+ <Directory>
+ sections specified without regular expressions, not in <Location>
, <DirectoryMatch>
or
+ <Files>
sections.
+ When this directive is set to None
and AllowOverride
is set to None
,
+ then .htaccess files are completely
+ ignored. In this case, the server will not even attempt to read
+ .htaccess
files in the filesystem.
Example:
+ ++AllowOverride None +AllowOverrideList Redirect RedirectMatch ++ + +
In the example above only the Redirect
and
+ RedirectMatch
directives are allowed. All others will
+ cause an internal server error.
Example:
+ ++AllowOverride AuthConfig +AllowOverrideList CookieTracking CookieName ++ + +
In the example above AllowOverride
+
grants permission to the AuthConfig
+ directive grouping and AllowOverrideList
grants
+ permission to only two directives from the FileInfo
directive
+ grouping. All others will cause an internal server error.
Description: | Base directory for the server run-time files |
---|---|
Syntax: | DefaultRuntimeDir directory-path |
Default: | DefaultRuntimeDir DEFAULT_REL_RUNTIMEDIR (logs/) |
Context: | server config |
Status: | Core |
Module: | core |
The DefaultRuntimeDir
directive sets the
+ directory in which the server will create various run-time files
+ (shared memory, locks, etc.). If set as a relative path, the full path
+ will be relative to ServerRoot
.
Example
++DefaultRuntimeDir scratch/ ++ + +
The default location of DefaultRuntimeDir
may be
+ modified by changing the DEFAULT_REL_RUNTIMEDIR
#define
+ at build time.
Note: ServerRoot
should be specified before this
+ directive is used, otherwise the default value of ServerRoot
+ would be used to set the base directory.
ServerRoot
none
, meaning no default media type. For example:
-
- DefaultType None
-
DefaultType None+
DefaultType None
is only available in
httpd-2.2.7 and later.
${VAR}
syntax. The variable is always globally defined
and not limited to the scope of the surrounding config section.
-
- <IfDefine TEST>
- Define servername test.example.com
- </IfDefine>
- <IfDefine !TEST>
- Define servername www.example.com
- Define SSL
- </IfDefine>
-
+<IfDefine TEST> + Define servername test.example.com +</IfDefine> +<IfDefine !TEST> + Define servername www.example.com + Define SSL +</IfDefine> + + DocumentRoot /var/www/${servername}/htdocs ++
Variable names may not contain colon ":" characters, to avoid clashes
with RewriteMap
's syntax.
/home/user/public_html
, but <Directory
/home/*/public_html>
will match. Example:
-
- <Directory /usr/local/httpd/htdocs>
-
- Options Indexes FollowSymLinks
-
- </Directory>
-
+<Directory "/usr/local/httpd/htdocs"> + Options Indexes FollowSymLinks +</Directory> ++
Be careful with the directory-path arguments:
@@ -683,9 +837,12 @@ named file-system directory, sub-directories, and their contents.
expressions can also be used, with the addition of the
~
character. For example:
- <Directory ~ "^/www/.*/[0-9]{3}">
-
+<Directory ~ "^/www/[0-9]{3}"> + +</Directory> ++
would match directories in /www/
that consisted of
three numbers.
- <Directory />
-
- AllowOverride None
-
- </Directory>
-
- <Directory /home>
-
- AllowOverride FileInfo
-
- </Directory>
-
+<Directory /> + AllowOverride None +</Directory> + +<Directory "/home"> + AllowOverride FileInfo +</Directory> ++
for access to the document /home/web/dir/doc.html
the steps are:
- <Directory ~ abc$>
-
- # ... directives here ...
-
- </Directory>
-
+<Directory ~ "abc$"> + # ... directives here ... +</Directory> ++
the regular expression section won't be considered until after
all normal <Directory>
s and
@@ -751,13 +904,12 @@ named file-system directory, sub-directories, and their contents.
recommended that you change this with a block such
as
- <Directory />
-
- Require all denied
-
- </Directory>
-
+<Directory /> + Require all denied +</Directory> ++
and then override this for directories you want accessible. See the Security Tips page for more @@ -793,9 +945,12 @@ the contents of file-system directories matching a regular expression. However, it takes as an argument a regular expression. For example:
-
- <DirectoryMatch "^/www/(.+/)?[0-9]{3}">
-
+<DirectoryMatch "^/www/(.+/)?[0-9]{3}"> + # ... +</DirectoryMatch> ++
would match directories in /www/
that consisted of three
numbers.
- DocumentRoot /usr/web
-
DocumentRoot "/usr/web"+
then an access to
http://my.example.com/index.html
refers to
@@ -878,14 +1032,15 @@ satisfied by a request at runtime
in the same scope has not been applied.
For example: In
- <If "-z req('Host')">
- ...
- </If>
- <Else>
- ...
- </Else>
-
+<If "-z req('Host')"> + # ... +</If> +<Else> + # ... +</Else> ++
The <If>
would match HTTP/1.0
requests without a Host: header and the
@@ -925,17 +1080,18 @@ satisfied
<ElseIf>
section in the same scope has
not been applied. For example: In
- <If "-R '10.1.0.0/16'">
- ...
- </If>
- <ElseIf "-R '10.0.0.0/8'">
- ...
- </ElseIf>
- <Else>
- ...
- </Else>
-
+<If "-R '10.1.0.0/16'"> + #... +</If> +<ElseIf "-R '10.0.0.0/8'"> + #... +</ElseIf> +<Else> + #... +</Else> ++
The <ElseIf>
would match if
the remote address of a request belongs to the subnet 10.0.0.0/8 but
@@ -990,20 +1146,18 @@ for a complete reference and more examples.
For server configurations that are vulnerable to these problems, you should disable memory-mapping of delivered files by specifying:
-
- EnableMMAP Off
-
EnableMMAP Off+
For NFS mounted files, this feature may be disabled explicitly for the offending files by specifying:
-
- <Directory "/path-to-nfs-files">
-
- EnableMMAP Off
-
- </Directory>
-
+<Directory "/path-to-nfs-files"> + EnableMMAP Off +</Directory> ++
For server configurations that are not vulnerable to these problems, you may enable this feature by specifying:
-
- EnableSendfile On
-
EnableSendfile On+
For network mounted files, this feature may be disabled explicitly for the offending files by specifying:
-
- <Directory "/path-to-nfs-files">
-
- EnableSendfile Off
-
- </Directory>
-
+<Directory "/path-to-nfs-files"> + EnableSendfile Off +</Directory> ++
Please note that the per-directory and .htaccess configuration
of EnableSendfile
is not supported by
mod_cache_disk
.
@@ -1085,24 +1237,26 @@ version 2.3.9.
configuration parsing. The typical use is for reporting required
modules which are missing from the configuration.
- # ensure that mod_include is loaded
- <IfModule !include_module>
- Error mod_include is required by mod_foo. Load it with LoadModule.
- </IfModule>
-
- # ensure that exactly one of SSL,NOSSL is defined
- <IfDefine SSL>
- <IfDefine NOSSL>
- Error Both SSL and NOSSL are defined. Define only one of them.
- </IfDefine>
- </IfDefine>
- <IfDefine !SSL>
- <IfDefine !NOSSL>
- Error Either SSL or NOSSL must be defined.
- </IfDefine>
- </IfDefine>
-
+# Example +# ensure that mod_include is loaded +<IfModule !include_module> + Error "mod_include is required by mod_foo. Load it with LoadModule." +</IfModule> + +# ensure that exactly one of SSL,NOSSL is defined +<IfDefine SSL> +<IfDefine NOSSL> + Error "Both SSL and NOSSL are defined. Define only one of them." +</IfDefine> +</IfDefine> +<IfDefine !SSL> +<IfDefine !NOSSL> + Error "Either SSL or NOSSL must be defined." +</IfDefine> +</IfDefine> ++
- ErrorDocument 500 http://foo.example.com/cgi-bin/tester
- ErrorDocument 404 /cgi-bin/bad_urls.pl
- ErrorDocument 401 /subscription_info.html
- ErrorDocument 403 "Sorry can't allow you access today"
-
+ErrorDocument 500 http://foo.example.com/cgi-bin/tester +ErrorDocument 404 /cgi-bin/bad_urls.pl +ErrorDocument 401 /subscription_info.html +ErrorDocument 403 "Sorry can't allow you access today" +ErrorDocument 403 Forbidden! ++
Additionally, the special value default
can be used
to specify Apache httpd's simple hardcoded message. While not required
@@ -1156,14 +1312,14 @@ in case of an error
Apache httpd's simple hardcoded message for configurations that would
otherwise inherit an existing ErrorDocument
.
- ErrorDocument 404 /cgi-bin/bad_urls.pl
- <Directory /web/docs>
-
- ErrorDocument 404 default
-
- </Directory>
-
+ErrorDocument 404 /cgi-bin/bad_urls.pl + +<Directory /web/docs> + ErrorDocument 404 default +</Directory> ++
Note that when you specify an ErrorDocument
that points to a remote URL (ie. anything with a method such as
@@ -1189,7 +1345,7 @@ in case of an error
error rather than masking it. More information is available in
Microsoft Knowledge Base article Q294807.
Although most error messages can be overriden, there are certain +
Although most error messages can be overridden, there are certain
circumstances where the internal messages are used regardless of the
setting of ErrorDocument
. In
particular, if a malformed request is detected, normal request processing
@@ -1223,17 +1379,15 @@ in case of an error
the file-path is not absolute then it is assumed to be
relative to the ServerRoot
.
- ErrorLog /var/log/httpd/error_log
-
ErrorLog "/var/log/httpd/error_log"+
If the file-path
begins with a pipe character "|
" then it is assumed to be a
command to spawn to handle the error log.
- ErrorLog "|/usr/local/bin/httpd_errors"
-
ErrorLog "|/usr/local/bin/httpd_errors"+
See the notes on piped logs for more information.
@@ -1247,9 +1401,8 @@ in case of an error in individual virtual hosts, the final facility specified affects the entire server. -
- ErrorLog syslog:user
-
ErrorLog syslog:user+
SECURITY: See the security tips document for details on why your security could be compromised @@ -1272,7 +1425,7 @@ in case of an error
Description: | Format specification for error log entries |
---|---|
Syntax: | ErrorLog [connection|request] format |
Syntax: | ErrorLogFormat [connection|request] format |
Context: | server config, virtual host |
Status: | Core |
Module: | core |
Modified Token | Meaning |
---|---|
%-{Referer}i |
+ Logs a - if Referer is not set. |
+
%+{Referer}i |
+ Omits the entire line if Referer is not set. |
+
%4{Referer}i |
+ Logs the Referer only if the log message severity
+ is higher than 4. |
+
Some format string items accept additional parameters in braces.
Format String | Description |
---|---|
%% |
The percent sign |
%...a |
- Remote IP-address and port |
%...A |
+|
%a |
+ Client IP address and port of the request |
%{c}a |
+ Underlying peer IP address and port of the connection (see the
+ mod_remoteip module) |
%A |
Local IP-address and port |
%...{name}e |
- Request environment variable name |
%...E |
+|
%{name}e |
+ Request environment variable name |
%E |
APR/OS error status code and string |
%...F |
+|
%F |
Source file name and line number of the log call |
%...{name}i |
- Request header name |
%...k |
+|
%{name}i |
+ Request header name |
%k |
Number of keep-alive requests on this connection |
%...l |
+|
%l |
Loglevel of the message |
%...L |
+|
%L |
Log ID of the request |
%...{c}L |
+|
%{c}L |
Log ID of the connection |
%...{C}L |
+|
%{C}L |
Log ID of the connection if used in connection scope, empty otherwise |
%...m |
+|
%m |
Name of the module logging the message |
%M |
+|
%M |
The actual log message |
%...{name}n |
- Request note name |
%...P |
+|
%{name}n |
+ Request note name |
%P |
Process ID of current process |
%...T |
+|
%T |
Thread ID of current thread |
%...t |
+|
%{g}T |
+ System unique thread ID of current thread (the same ID as
+ displayed by e.g. top ; currently Linux only) |
%t |
The current time |
%...{u}t |
+|
%{u}t |
The current time including micro-seconds |
%...{cu}t |
+|
%{cu}t |
The current time in compact ISO 8601 format, including micro-seconds |
%...v |
+|
%v |
The canonical ServerName
of the current server. |
%...V |
+|
%V |
The server name of the server serving the request according to the
UseCanonicalName
setting. |
Description: | File attributes used to create the ETag HTTP response header for static files |
Syntax: | FileETag component ... |
Default: | FileETag INode MTime Size |
Default: | FileETag MTime Size |
Context: | server config, virtual host, directory, .htaccess |
Override: | FileInfo |
Status: | Core |
Module: | core |
Compatibility: | The default used to be "INode MTime Size" in 2.3.14 and +earlier. |
The FileETag
directive configures the file
@@ -1477,7 +1673,8 @@ HTTP response header for static files
FileETag INode MTime Size
FileETag INode MTime Size+
ETag
field will be
included in the responsemod_dav_fs
as a storage provider.
- mod_dav_fs
uses INode MTime Size
+ mod_dav_fs
uses MTime Size
as a fixed format for ETag
comparisons on conditional requests.
These conditional requests will break if the ETag
format is
changed via FileETag
.
@@ -1539,14 +1736,27 @@ filenames
The filename argument should include a filename, or
a wild-card string, where ?
matches any single character,
- and *
matches any sequences of characters.
- Regular expressions
+ and *
matches any sequences of characters.
+<Files "cat.html"> + # Insert stuff that applies to cat.html here +</Files> + +<Files "?at.*"> + # This would apply to cat.html, bat.html, hat.php and so on. +</Files> ++ +
Regular expressions
can also be used, with the addition of the
~
character. For example:
- <Files ~ "\.(gif|jpe?g|png)$">
-
+<Files ~ "\.(gif|jpe?g|png)$"> + #... +</Files> ++
would match most common Internet graphics formats. <FilesMatch>
is preferred,
however.
- <FilesMatch "\.(gif|jpe?g|png)$">
-
+<FilesMatch "\.(gif|jpe?g|png)$"> + # ... +</FilesMatch> ++
would match most common Internet graphics formats.
@@ -1615,9 +1828,8 @@ media type in the HTTP Content-Type header field GIF files, but did not want to label them all with.gif
,
you might want to use:
-
- ForceType image/gif
-
ForceType image/gif+
Note that this directive overrides other indirect media type
associations defined in mime.types or via the
@@ -1627,21 +1839,18 @@ media type in the HTTP Content-Type header field
ForceType
settings
by using the value of None
:
- # force all files to be image/gif:
- <Location /images>
-
- ForceType image/gif
-
- </Location>
-
- # but normal mime-type associations here:
- <Location /images/mixed>
-
- ForceType None
-
- </Location>
-
+# force all files to be image/gif: +<Location /images> + ForceType image/gif +</Location> + +# but normal mime-type associations here: +<Location /images/mixed> + ForceType None +</Location> ++
This directive primarily overrides the content types generated for static files served out of the filesystem. For resources other than @@ -1659,7 +1868,7 @@ media type in the HTTP Content-Type header field
When the server has been compiled with gprof profiling suppport, +
When the server has been compiled with gprof profiling support,
GprofDir
causes gmon.out
files to
be written to the specified directory when the process exits. If the
argument ends with a percent symbol ('%'), subdirectories are created
@@ -1709,6 +1918,10 @@ media type in the HTTP Content-Type header field
directory, can be used to look up host names from logged IP addresses
offline.
Finally, if you have hostname-based Require
+ directives, a hostname lookup will be performed regardless of
+ the setting of HostnameLookups
.
- <If "-z req('Host')">
-
<If "-z req('Host')">+
would match HTTP/1.0 requests without a Host: header.
Expressions may contain various shell-like operators for string
@@ -1737,9 +1949,8 @@ satisfied by a request at runtime
and others (-n
, -z
, -f
, ...).
It is also possible to use regular expressions,
- <If "%{QUERY_STRING =~ /(delete|commit)=.*?elem/">
-
<If "%{QUERY_STRING} =~ /(delete|commit)=.*?elem/">+
shell-like pattern matches and many other operations. These operations
can be done on request headers (req
), environment variables
@@ -1803,32 +2014,23 @@ if a test is true at startup
nest-able, which can be used to implement simple
multiple-parameter tests. Example:
- httpd -DReverseProxy -DUseCache -DMemCache ...
-
- # httpd.conf
- <IfDefine ReverseProxy>
-
- LoadModule proxy_module modules/mod_proxy.so
- LoadModule proxy_http_module modules/mod_proxy_http.so
- <IfDefine UseCache>
-
- LoadModule cache_module modules/mod_cache.so
- <IfDefine MemCache>
-
- LoadModule mem_cache_module modules/mod_mem_cache.so
-
- </IfDefine>
- <IfDefine !MemCache>
-
- LoadModule cache_disk_module modules/mod_cache_disk.so
-
- </IfDefine>
-
- </IfDefine>
-
- </IfDefine>
-
httpd -DReverseProxy -DUseCache -DMemCache ...
+<IfDefine ReverseProxy> + LoadModule proxy_module modules/mod_proxy.so + LoadModule proxy_http_module modules/mod_proxy_http.so + <IfDefine UseCache> + LoadModule cache_module modules/mod_cache.so + <IfDefine MemCache> + LoadModule mem_cache_module modules/mod_mem_cache.so + </IfDefine> + <IfDefine !MemCache> + LoadModule cache_disk_module modules/mod_cache_disk.so + </IfDefine> + </IfDefine> +</IfDefine> ++
Description: | Includes other configuration files from within the server configuration files |
---|---|
Syntax: | Include [optional|strict] file-path|directory-path|wildcard |
Syntax: | Include file-path|directory-path|wildcard |
Context: | server config, virtual host, directory |
Status: | Core |
Module: | core |
Description: | Includes other configuration files from within +the server configuration files |
---|---|
Syntax: | IncludeOptional file-path|directory-path|wildcard |
Context: | server config, virtual host, directory |
Status: | Core |
Module: | core |
Compatibility: | Available in 2.3.6 and later |
This directive allows inclusion of other configuration files
+ from within the server configuration files. It works identically to the
+ Include
directive, with the
+ exception that if wildcards do not match any file or directory, the
+ IncludeOptional
directive will be
+ silently ignored instead of causing an error.
POST
, PUT
, and
DELETE
, leaving all other methods unprotected:
-
- <Limit POST PUT DELETE>
-
- Require valid-user
-
- </Limit>
-
+<Limit POST PUT DELETE> + Require valid-user +</Limit> ++
The method names listed can be one or more of: GET
,
POST
, PUT
, DELETE
,
@@ -2114,18 +2314,15 @@ methods
Require group editors
directive will be ignored
in all cases:
- <LimitExcept GET>
-
- Require valid-user
-
- </LimitExcept>
- <Limit POST>
-
- Require group editors
-
- </Limit>
-
+<LimitExcept GET> + Require valid-user +</LimitExcept> +<Limit POST> + Require group editors +</Limit> ++ @@ -2150,13 +2347,12 @@ except the named ones
For example:
-
- <LimitExcept POST GET>
-
- Require valid-user
-
- </LimitExcept>
-
+<LimitExcept POST GET> + Require valid-user +</LimitExcept> ++ @@ -2189,9 +2385,8 @@ subrequests determines, how deep subrequests may be nested. If you specify only one number, it will be assigned to both limits. -
- LimitInternalRecursion 5
-
LimitInternalRecursion 5+ @@ -2233,9 +2428,8 @@ from the client location, and wish to limit the size of the uploaded file to 100K, you might use the following directive: -
- LimitRequestBody 102400
-
LimitRequestBody 102400+
For a full description of how this directive is interpreted by
proxy requests, see the mod_proxy
documentation.
For example:
-
- LimitRequestFields 50
-
LimitRequestFields 50+
When name-based virtual hosting is used, the value for this directive is taken from the default (first-listed) virtual host for the - local IP and port combination
. + local IP and port combination.The LimitRequestFieldSize
directive
- allows the server administrator to reduce or increase the limit
+ allows the server administrator to set the limit
on the allowed size of an HTTP request header field. A server
needs this value to be large enough to hold any one header field
from a normal client request. The size of a normal request header
@@ -2321,16 +2514,15 @@ client
For example:
-
- LimitRequestFieldSize 4094
-
LimitRequestFieldSize 4094+
When name-based virtual hosting is used, the value for this - directive is taken from the default (first-listed) virtual host best + directive is taken from the default (first-listed) virtual host best matching the current IP address and port combination.
The LimitRequestLine
directive allows
- the server administrator to reduce or increase the limit on the allowed size
+ the server administrator to set the limit on the allowed size
of a client's HTTP request-line. Since the request-line consists of the
HTTP method, URI, and protocol version, the
LimitRequestLine
directive places a
@@ -2365,16 +2557,16 @@ from the client
For example:
-
- LimitRequestLine 4094
-
LimitRequestLine 4094+
When name-based virtual hosting is used, the value for this - directive is taken from the default (first-listed) virtual host best + directive is taken from the default (first-listed) virtual host best matching the current IP address and port combination.
Example:
-
- LimitXMLRequestBody 0
-
LimitXMLRequestBody 0+ @@ -2446,19 +2637,23 @@ URLs /private1, /private1/ and /private1/file.txt will have the enclosed directives applied, but /private1other would not. -
- <Location /private1>
- ...
-
+<Location /private1> + # ... +</Location> ++
In the example below, where a trailing slash is used, requests to /private2/ and /private2/file.txt will have the enclosed directives applied, but /private2 and /private2other would not.
-
- <Location /private2/>
- ...
-
+<Location /private2/> + # ... +</Location> ++
<Location>
~
character. For example:
-
- <Location ~ "/(extra|special)/data">
-
+<Location ~ "/(extra|special)/data"> + #... +</Location> ++
would match URLs that contained the substring /extra/data
or /special/data
. The directive <LocationMatch>
behaves
@@ -2500,14 +2698,13 @@ URLs
directive. For example, to enable status requests, but allow them
only from browsers at example.com
, you might use:
- <Location /status>
-
- SetHandler server-status
- Require host example.com
-
- </Location>
-
+<Location /status> + SetHandler server-status + Require host example.com +</Location> ++
The slash character has special meaning depending on where in a @@ -2553,9 +2750,12 @@ matching URLs it takes a regular expression as an argument instead of a simple string. For example:
-
- <LocationMatch "/(extra|special)/data">
-
+<LocationMatch "/(extra|special)/data"> + # ... +</LocationMatch> ++
would match URLs that contained the substring /extra/data
or /special/data
.
For example:
-
- LogLevel notice
-
LogLevel notice+
When logging to a regular file messages of the level @@ -2750,20 +2949,22 @@ matching URLs as module specification. This means the following three specifications are equivalent:
-
- LogLevel info ssl:warn
- LogLevel info mod_ssl.c:warn
- LogLevel info ssl_module:warn
-
+LogLevel info ssl:warn +LogLevel info mod_ssl.c:warn +LogLevel info ssl_module:warn ++
It is also possible to change the level per directory:
-
- LogLevel info
- <Directory /usr/local/apache/htdocs/app>
- LogLevel debug
- </Files>
-
+LogLevel info +<Directory "/usr/local/apache/htdocs/app"> + LogLevel debug +</Directory> ++
For example:
-
- MaxKeepAliveRequests 500
-
MaxKeepAliveRequests 500+ + +
Description: | Number of overlapping ranges (eg: 100-200,150-300 ) allowed before returning the complete
+ resource |
---|---|
Syntax: | MaxRangeOverlaps default | unlimited | none | number-of-ranges |
Default: | MaxRangeOverlaps 20 |
Context: | server config, virtual host, directory |
Status: | Core |
Module: | core |
Compatibility: | Available in Apache HTTP Server 2.3.15 and later |
The MaxRangeOverlaps
directive
+ limits the number of overlapping HTTP ranges the server is willing to
+ return to the client. If more overlapping ranges then permitted are requested,
+ the complete resource is returned instead.
Description: | Number of range reversals (eg: 100-200,50-70 ) allowed before returning the complete
+ resource |
---|---|
Syntax: | MaxRangeReversals default | unlimited | none | number-of-ranges |
Default: | MaxRangeReversals 20 |
Context: | server config, virtual host, directory |
Status: | Core |
Module: | core |
Compatibility: | Available in Apache HTTP Server 2.3.15 and later |
The MaxRangeReversals
directive
+ limits the number of HTTP Range reversals the server is willing to
+ return to the client. If more ranges reversals then permitted are requested,
+ the complete resource is returned instead.
Description: | Number of ranges allowed before returning the complete +resource |
---|---|
Syntax: | MaxRanges default | unlimited | none | number-of-ranges |
Default: | MaxRanges 200 |
Context: | server config, virtual host, directory |
Status: | Core |
Module: | core |
Compatibility: | Available in Apache HTTP Server 2.3.15 and later |
The MaxRanges
directive
+ limits the number of HTTP ranges the server is willing to
+ return to the client. If more ranges then permitted are requested,
+ the complete resource is returned instead.
With the file-based mechanisms fcntl and flock,
the path, if provided, is a directory where the lock file will be created.
- The default directory is httpd's run-time file directory relative to
- ServerRoot
. Always use a local disk
- filesystem for /path/to/mutex
and never a directory residing
+ The default directory is httpd's run-time file directory,
+ DefaultRuntimeDir
. If a relative
+ path is provided, it is relative to
+ DefaultRuntimeDir
. Always use a local
+ disk filesystem for /path/to/mutex
and never a directory residing
on a NFS- or AFS-filesystem. The basename of the file will be the mutex
type, an optional instance string provided by the module, and unless the
OmitPID
keyword is specified, the process id of the httpd
@@ -3013,16 +3317,17 @@ or specified mutexes
/var/httpd/locks
. The mutex mechanism for all other mutexes
will be changed from the compiled-in default to sysvsem
.
- Mutex default sysvsem
- Mutex mpm-accept fcntl:/var/httpd/locks
-
+Mutex sysvsem default +Mutex fcntl:/var/httpd/locks mpm-accept ++
Description: | Designates an IP address for name-virtual + |
---|---|
Description: | DEPRECATED: Designates an IP address for name-virtual hosting |
Syntax: | NameVirtualHost addr[:port] |
Context: | server config |
Description: | Register non-standard HTTP methods |
---|---|
Syntax: | RegisterHttpMethod method [method [...]] |
Context: | server config |
Status: | Core |
Module: | core |
HTTP Methods that are not conforming to the relvant RFCs are normally
+rejected by request processing in Apache HTTPD. To avoid this, modules
+can register non-standard HTTP methods they support.
+The RegisterHttpMethod
allows to register such
+methods manually. This can be useful for if such methods are forwared
+for external processing, e.g. to a CGI script.
#!
) in the
script. On Win32 systems this line usually looks like:
-
- #!C:/Perl/bin/perl.exe
-
#!C:/Perl/bin/perl.exe+
or, if perl
is in the PATH
, simply:
- #!perl
-
#!perl+
Setting ScriptInterpreterSource Registry
will
cause the Windows Registry tree HKEY_CLASSES_ROOT
to be
@@ -3479,9 +3797,8 @@ messages sent to the client
It may be worth setting up a dedicated address for this, e.g.
-
- ServerAdmin www-admin@foo.example.com
-
ServerAdmin www-admin@foo.example.com+
as users do not always mention that they are talking about the server!
@@ -3500,15 +3817,25 @@ to name-virtual hosts alternate names for a host, for use with name-based virtual hosts. TheServerAlias
may include wildcards, if appropriate.
-
- <VirtualHost *:80>
- ServerName server.example.com
- ServerAlias server server2.example.com server2
- ServerAlias *.example.com
- UseCanonicalName Off
- # ...
- </VirtualHost>
-
+<VirtualHost *:80> + ServerName server.example.com + ServerAlias server server2.example.com server2 + ServerAlias *.example.com + UseCanonicalName Off + # ... +</VirtualHost> ++ + +
Name-based virtual hosts for the best-matching set of <virtualhost>
s are processed
+ in the order they appear in the configuration. The first matching ServerName
or ServerAlias
is used, with no different precedence for wildcards
+ (nor for ServerName vs. ServerAlias).
The complete list of names in the VirtualHost
+ directive are treated just like a (non wildcard)
+ ServerAlias
.
- ServerName www.example.com
-
ServerName www.example.com+
The ServerName
directive
may appear anywhere within the definition of a server. However,
@@ -3638,9 +3964,14 @@ is accessed by an incompatible browser
paths in other configuration directives (such as Include
or LoadModule
, for example) are taken as
relative to this directory.
- ServerRoot /home/httpd
-
ServerRoot "/home/httpd"+ + +
The default location of ServerRoot
may be
+ modified by using the --prefix
argument to
+ configure
, and
+ most third-party distributions of the server have a different
+ default location from the one listed above.
ServerTokens Full
(or not specified)Server: Apache/2.4.1
+ - Server sends (e.g.):
Server: Apache/2.4.2
(Unix) PHP/4.2.2 MyMod/1.2
ServerTokens Prod[uctOnly]
@@ -3728,11 +4059,11 @@ header
ServerTokens Min[imal]
- Server sends (e.g.):
Server:
- Apache/2.4.1
+ Apache/2.4.2
ServerTokens OS
Server: Apache/2.4.1
+ - Server sends (e.g.):
Server: Apache/2.4.2
(Unix)
.htaccess
file in that directory:
-
- SetHandler imap-file
-
SetHandler imap-file+
Another example: if you wanted to have the server display a
status report whenever a URL of
http://servername/status
was called, you might put
the following into httpd.conf
:
- <Location /status>
-
- SetHandler server-status
-
- </Location>
-
+<Location "/status"> + SetHandler server-status +</Location> ++ + +
You could also use this directive to configure a particular + handler for files with a particular file extension. For example:
+ ++<FilesMatch \.php$> + SetHandler application/x-httpd-php +</FilesMatch> ++
You can override an earlier defined SetHandler
directive by using the value None
.
Because SetHandler
overrides default handlers,
- normal behaviour such as handling of URLs ending in a slash (/) as
+ normal behavior such as handling of URLs ending in a slash (/) as
directories or index files is suppressed.
/www/data/
directory for server-side
includes.
-
- <Directory /www/data/>
-
- SetOutputFilter INCLUDES
-
- </Directory>
-
+<Directory "/www/data/"> + SetOutputFilter INCLUDES +</Directory> ++
If more than one filter is specified, they must be separated by semicolons in the order in which they should process the @@ -3880,7 +4218,7 @@ server
TimeOut seconds
TimeOut 300
TimeOut 60
Description: | Determines the behaviour on TRACE requests |
---|---|
Description: | Determines the behavior on TRACE requests |
Syntax: | TraceEnable [on|off|extended] |
Default: | TraceEnable on |
Context: | server config, virtual host |