variable <code>rate-limit</code>.</p>
<example><title>Example Configuration</title>
-<Location /downloads><br />
-<indent>
-SetOutputFilter RATE_LIMIT<br />
-SetEnv rate-limit 400 <br />
-</indent>
+<highlight language="config">
+<Location /downloads>
+ SetOutputFilter RATE_LIMIT
+ SetEnv rate-limit 400
</Location>
+</highlight>
</example>
</summary>
<dd>Pass the request body through the DEFLATE filter to compress the
body. This request requires a Content-Encoding request header containing
"gzip" for the filter to return compressed data.
- <example>
- <Location /compress><br/>
- SetHandler reflector<br/>
- SetOutputFilter DEFLATE<br/>
- </Location>
- </example>
+ <highlight language="config">
+<Location /compress>
+ SetHandler reflector
+ SetOutputFilter DEFLATE
+</Location>
+ </highlight>
</dd>
<dt>Image downsampling service</dt>
<dd>Pass the request body through an image downsampling filter, and reflect
the results to the caller.
- <example>
- <Location /downsample><br/>
- SetHandler reflector<br/>
- SetOutputFilter DOWNSAMPLE<br/>
- </Location>
- </example>
+ <highlight language="config">
+<Location /downsample>
+ SetHandler reflector
+ SetOutputFilter DOWNSAMPLE
+</Location>
+ </highlight>
</dd>
</dl>
</section>
hosts presenting a <directive>RemoteIPHeader</directive> IP value.</p>
<example><title>Internal (Load Balancer) Example</title>
+ <highlight language="config">
RemoteIPHeader X-Client-IP
+ </highlight>
</example>
<example><title>Proxy Example</title>
+ <highlight language="config">
RemoteIPHeader X-Forwarded-For
+ </highlight>
</example>
</usage>
</directivesynopsis>
trusted when passed from these proxies.</p>
<example><title>Internal (Load Balancer) Example</title>
- RemoteIPHeader X-Client-IP<br/>
- RemoteIPTrustedProxy 10.0.2.0/24<br/>
- RemoteIPTrustedProxy gateway.localdomain
+ <highlight language="config">
+RemoteIPHeader X-Client-IP
+RemoteIPInternalProxy 10.0.2.0/24
+RemoteIPInternalProxy gateway.localdomain
+ </highlight>
</example>
</usage>
</directivesynopsis>
the <directive>RemoteIPInternalProxy</directive> directive.</p>
<example><title>Internal (Load Balancer) Example</title>
- RemoteIPHeader X-Client-IP<br/>
- RemoteIPTrustedProxyList conf/trusted-proxies.lst
+ <highlight language="config">
+RemoteIPHeader X-Client-IP
+RemoteIPInternalProxyList conf/trusted-proxies.lst
+ </highlight>
</example>
<example><title>conf/trusted-proxies.lst contents</title>
- # Our internally trusted proxies;<br/>
- 10.0.2.0/24 #Everyone in the testing group<br/>
- gateway.localdomain #The front end balancer
+ <example><pre>
+# Our internally trusted proxies;
+10.0.2.0/24 #Everyone in the testing group
+gateway.localdomain #The front end balancer
+ </pre></example>
</example>
</usage>
</directivesynopsis>
<directive>RemoteIPInternalProxy</directive> addresses are discarded.</p>
<example><title>Example</title>
- RemoteIPHeader X-Forwarded-For<br/>
- RemoteIPProxiesHeader X-Forwarded-By
+ <highlight language="config">
+RemoteIPHeader X-Forwarded-For
+RemoteIPProxiesHeader X-Forwarded-By
+ </highlight>
</example>
</usage>
</directivesynopsis>
<directive>RemoteIPHeader</directive> header's value.</p>
<example><title>Trusted (Load Balancer) Example</title>
- RemoteIPHeader X-Forwarded-For<br/>
- RemoteIPTrustedProxy 10.0.2.16/28<br/>
- RemoteIPTrustedProxy proxy.example.com
+ <highlight language="config">
+RemoteIPHeader X-Forwarded-For
+RemoteIPTrustedProxy 10.0.2.16/28
+RemoteIPTrustedProxy proxy.example.com
+ </highlight>
</example>
</usage>
</directivesynopsis>
to trust as presenting a valid RemoteIPHeader value of the useragent IP.</p>
<p>The '<code>#</code>' hash character designates a comment line, otherwise
- each whitespace or newline seperated entry is processed identically to
+ each whitespace or newline separated entry is processed identically to
the <directive>RemoteIPTrustedProxy</directive> directive.</p>
<example><title>Trusted (Load Balancer) Example</title>
- RemoteIPHeader X-Forwarded-For<br/>
- RemoteIPTrustedProxyList conf/trusted-proxies.lst
+ <highlight language="config">
+RemoteIPHeader X-Forwarded-For
+RemoteIPTrustedProxyList conf/trusted-proxies.lst
+ </highlight>
</example>
<example><title>conf/trusted-proxies.lst contents</title>
Allow 10 seconds to receive the request including the headers and
30 seconds for receiving the request body:
- <example>
+ <highlight language="config">
RequestReadTimeout header=10 body=30
- </example>
+ </highlight>
</li>
<li>
Allow at least 10 seconds to receive the request body.
If the client sends data, increase the timeout by 1 second for every
- 1000 bytes received, with no upper limit for the timeout (exept for
+ 1000 bytes received, with no upper limit for the timeout (except for
the limit given indirectly by
<directive module="core">LimitRequestBody</directive>):
- <example>
+ <highlight language="config">
RequestReadTimeout body=10,MinRate=1000
- </example>
+ </highlight>
</li>
<li>
500 bytes received. But do not allow more than 30 seconds for the
request including the headers:
- <example>
+ <highlight language="config">
RequestReadTimeout header=10-30,MinRate=500
- </example>
+ </highlight>
</li>
<li>
If a common configuration is used for http and https virtual hosts, the
timeouts should not be set too low:
- <example>
+ <highlight language="config">
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
- </example>
+ </highlight>
</li>
</ol>
</note>
<example><title>Example</title>
+ <highlight language="config">
LogLevel alert rewrite:trace3
+ </highlight>
</example>
<note><title>RewriteLog</title>
<p>For example, you might define a
<directive>RewriteMap</directive> as:</p>
- <example>
+ <highlight language="config">
RewriteMap examplemap txt:/path/to/file/map.txt
- </example>
+ </highlight>
<p>You would then be able to use this map in a
<directive>RewriteRule</directive> as follows:</p>
- <example>
+ <highlight language="config">
RewriteRule ^/ex/(.*) ${examplemap:$1}
- </example>
+ </highlight>
<p>The following combinations for <em>MapType</em> and
<em>MapSource</em> can be used:</p>
<override>FileInfo</override>
<usage>
- <p>The <directive>RewriteBase</directive> directive explicitly
- sets the base URL-path (not filesystem directory path!) for per-directory rewrites
- that result in the substitution of a relative path.
- When you use a <directive module="mod_rewrite">RewriteRule</directive>
- in a <code>.htaccess</code> file, <module>mod_rewrite</module> strips off
- the local directory prefix before processing, then rewrites the rest of
- the URL. When the rewrite is completed, <module>mod_rewrite</module>
- automatically adds the local directory prefix (or the
- <directive>RewriteBase</directive> when set) back on to the substitution
- before handing it back to the core of the server as if it were the original
- URL.</p>
-
- <p>This directive is <em>required</em> for per-directory rewrites whose context
- is a directory made available via the <directive module="mod_alias">Alias</directive>
- directive, when the substitution uses a relative path.</p>
-
- <p>If your URL path does not exist verbatim on the filesystem,
- or isn't directly under your <directive module="core">DocumentRoot</directive>,
- you must use <directive>RewriteBase</directive> in every
- <code>.htaccess</code> file where you want to use <directive
- module="mod_rewrite">RewriteRule</directive> directives.</p>
-
- <p>The example below demonstrates how to map
- http://example.com/myapp/index.html to
- /home/www/example/newsite.html, in a <code>.htaccess</code> file. This
- assumes that the content available at
- http://example.com/ is on disk at /home/www/example/</p>
-<example>
-<pre>
-RewriteEngine On
-# The URL-path used to get to this context, not the filesystem path
-RewriteBase /myapp/
-RewriteRule ^index\.html$ newsite.html
-</pre>
-</example>
+ <p>The <directive>RewriteBase</directive> directive specifies the
+ URL prefix to be used for per-directory (htaccess)
+ <directive>RewriteRule</directive> directives that substitute a relative
+ path.</p>
+ <p> This directive is <em>required</em> when you use a relative path
+ in a substitution in per-directory (htaccess) context unless either
+ of the following conditions are true:</p>
+ <ul>
+ <li> The original request, and the substitution, are underneath the
+ <directive module="core">DocumentRoot</directive>
+ (as opposed to reachable by other means, such as
+ <directive module="mod_alias">Alias</directive>).</li>
+ <li> The <em>filesystem</em> path to the directory containing the
+ <directive>RewriteRule</directive>, suffixed by the relative
+ substitution is also valid as a URL path on the server
+ (this is rare).</li>
+ </ul>
+<p> In the example below, <directive>RewriteBase</directive> is necessary
+ to avoid rewriting to http://example.com/opt/myapp-1.2.3/welcome.html
+ since the resource was not relative to the document root. This
+ misconfiguration would normally cause the server to look for an "opt"
+ directory under the document root.</p>
+<highlight language="config">
+DocumentRoot /var/www/example.com
+Alias /myapp /opt/myapp-1.2.3
+<Directory /opt/myapp-1.2.3>
+ RewriteEngine On
+ RewriteBase /myapp/
+ RewriteRule ^index\.html$ welcome.html
+</Directory>
+</highlight>
</usage>
</directivesynopsis>
to block unwanted hotlinking.
</p>
- <example>
+ <highlight language="config">
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"<br />
RewriteRule ^/images - [F]
- </example>
+ </highlight>
</li>
<li>You can also set special flags for
Use this to combine rule conditions with a local OR
instead of the implicit AND. Typical example:
-<example>
-<pre>
+<highlight language="config">
RewriteCond %{REMOTE_HOST} ^host1 [OR]
RewriteCond %{REMOTE_HOST} ^host2 [OR]
RewriteCond %{REMOTE_HOST} ^host3
RewriteRule ...some special stuff for any of these hosts...
-</pre>
-</example>
+</highlight>
Without this flag you would have to write the condition/rule
pair three times.
``<code>User-Agent:</code>'' header of the request, you can
use the following: </p>
-<example>
-<pre>
+<highlight language="config">
RewriteCond %{HTTP_USER_AGENT} ^Mozilla
RewriteRule ^/$ /homepage.max.html [L]
RewriteRule ^/$ /homepage.min.html [L]
RewriteRule ^/$ /homepage.std.html [L]
-</pre>
-</example>
+</highlight>
<p>Explanation: If you use a browser which identifies itself
as 'Mozilla' (including Netscape Navigator, Mozilla etc), then you
<p><a id="patterns" name="patterns"><em>Pattern</em></a> is
a perl compatible <a id="regexp" name="regexp">regular
- expression</a>. On the first RewriteRule it is applied to the (%-decoded)
- <a href="./directive-dict.html#Syntax">URL-path</a> of the request;
- subsequent patterns are applied to the output of the last matched
- RewriteRule.</p>
+ expression</a>. On the first RewriteRule, it is matched against
+ the (%-decoded) <a href="./directive-dict.html#Syntax">URL-path</a> (or
+ <a href="./directive-dict.html#Syntax">file-path</a>, depending
+ on the context) of the request. Subsequent patterns are matched against the
+ output of the last matching RewriteRule.</p>
<note><title><a id="what_is_matched" name="what_is_matched">What is matched?</a></title>
<p>In <directive module="core">VirtualHost</directive> context,
<p>In <directive module="core">Directory</directive> and htaccess context,
the <em>Pattern</em> will initially be matched against the
- <em>filesystem</em> path, after removing the prefix that lead the server
+ <em>filesystem</em> path, after removing the prefix that led the server
to the current <directive>RewriteRule</directive> (e.g. "app1/index.html"
or "index.html" depending on where the directives are defined).</p>
slash or protocol name) substitution encounters the end of a rule set.
See the <directive module="mod_rewrite">RewriteBase</directive>
directive for more information regarding what prefix will be added back to
-relative substitions.</li>
+relative substitutions.</li>
<li> If you wish to match against the full URL-path in a per-directory
(htaccess) RewriteRule, use the <code>%{REQUEST_URI}</code> variable in
to be delivered to the client. Substitutions are only
treated as a file-system path when the rule is configured in
server (virtualhost) context and the first component of the
- path in the substitution is exists in the file-system</dd>
+ path in the substitution exists in the file-system</dd>
<dt>URL-path</dt>
</dl>
- <p>In addition to plain text, the <em>Substition</em> string can include</p>
+ <p>In addition to plain text, the <em>Substitution</em> string can include</p>
<ol>
<li>back-references (<code>$N</code>) to the RewriteRule
<p>Rewrite rules are applied to the results of previous rewrite
rules, in the order in which they are defined
- in the config file. The UR
I or file path (see <a
+ in the config file. The UR
L-path or file-system path (see <a
href="#what_is_matched">"What is matched?"</a>, above) is <strong>completely
replaced</strong> by the <em>Substitution</em> and the
rewriting process continues until all rules have been applied,
<section id="sampleconf"><title>Sample Configuration</title>
<example><title>Adding an output filter </title>
- # In the following example, the sed filter will change the string<br />
- # "monday" to "MON" and the string "sunday" to SUN in html documents<br />
- # before sending to the client.<br />
- <indent>
- <Directory "/var/www/docs/sed"> <br />
- <indent>
- AddOutputFilter Sed html <br />
- OutputSed "s/monday/MON/g" <br />
- OutputSed "s/sunday/SUN/g" <br />
- </indent>
- </Directory> <br />
- </indent>
+ <highlight language="config">
+# In the following example, the sed filter will change the string
+# "monday" to "MON" and the string "sunday" to SUN in html documents
+# before sending to the client.
+<Directory "/var/www/docs/sed">
+ AddOutputFilter Sed html
+ OutputSed "s/monday/MON/g"
+ OutputSed "s/sunday/SUN/g"
+</Directory>
+ </highlight>
</example>
<example><title>Adding an input filter </title>
- # In the following example, the sed filter will change the string<br />
- # "monday" to "MON" and the string "sunday" to SUN in the POST data<br />
- # sent to PHP.<br />
- <indent>
- <Directory "/var/www/docs/sed"> <br />
- <indent>
- AddInputFilter Sed php <br />
- InputSed "s/monday/MON/g" <br />
- InputSed "s/sunday/SUN/g" <br />
- </indent>
- </Directory> <br />
- </indent>
+ <highlight language="config">
+# In the following example, the sed filter will change the string
+# "monday" to "MON" and the string "sunday" to SUN in the POST data
+# sent to PHP.
+<Directory "/var/www/docs/sed">
+ AddInputFilter Sed php
+ InputSed "s/monday/MON/g"
+ InputSed "s/sunday/SUN/g"
+</Directory>
+ </highlight>
</example>
</section>
<section id="sed_commands"><title>Sed Commands</title>
stored on the browser, in a cookie called <code>session</code>.</p>
<example><title>Browser based session</title>
- Session On<br />
- SessionCookieName session path=/<br />
+ <highlight language="config">
+Session On
+SessionCookieName session path=/
+ </highlight>
</example>
<p>The session is not useful unless it can be written to or read from. The
<code>X-Replace-Session</code>.</p>
<example><title>Writing to a session</title>
- Session On<br />
- SessionCookieName session path=/<br />
- SessionHeader X-Replace-Session<br />
+ <highlight language="config">
+Session On
+SessionCookieName session path=/
+SessionHeader X-Replace-Session
+ </highlight>
</example>
<p>The header should contain name value pairs expressed in the same format
empty string has the effect of removing that key from the session.</p>
<example><title>CGI to write to a session</title>
- #!/bin/bash<br />
- echo "Content-Type: text/plain"<br />
- echo "X-Replace-Session: key1=foo&key2=&key3=bar"<br />
- echo<br />
- env<br />
+ <highlight language="sh">
+#!/bin/bash
+echo "Content-Type: text/plain"
+echo "X-Replace-Session: key1=foo&key2=&key3=bar"
+echo
+env
+ </highlight>
</example>
<p>If configured, the session can be read back from the HTTP_SESSION
<directive module="mod_session">SessionEnv</directive> directive.</p>
<example><title>Read from a session</title>
- Session On<br />
- SessionEnv On<br />
- SessionCookieName session path=/<br />
- SessionHeader X-Replace-Session<br />
+ <highlight language="config">
+Session On
+SessionEnv On
+SessionCookieName session path=/
+SessionHeader X-Replace-Session
+ </highlight>
</example>
<p>Once read, the CGI variable <code>HTTP_SESSION</code> should contain
module.</p>
<example><title>Browser based encrypted session</title>
- Session On<br />
- SessionCryptoPassphrase secret<br />
- SessionCookieName session path=/<br />
+ <highlight language="config">
+Session On
+SessionCryptoPassphrase secret
+SessionCookieName session path=/
+ </highlight>
</example>
<p>The session will be automatically decrypted on load, and encrypted on
as in the example below.</p>
<example><title>Setting cookie parameters</title>
- Session On<br />
- SessionCryptoPassphrase secret<br />
- SessionCookieName session path=/private;domain=example.com;httponly;secure;<br />
+ <highlight language="config">
+Session On
+SessionCryptoPassphrase secret
+SessionCookieName session path=/private;domain=example.com;httponly;secure;
+ </highlight>
</example>
<p>In cases where the Apache server forms the frontend for backend origin servers,
the session.</p>
<example><title>Form based authentication</title>
- Session On<br />
- SessionCryptoPassphrase secret<br />
- SessionCookieName session path=/<br />
- AuthFormProvider file<br />
- AuthUserFile conf/passwd<br />
- AuthType form<br />
- AuthName realm<br />
- ...<br />
+ <highlight language="config">
+Session On
+SessionCryptoPassphrase secret
+SessionCookieName session path=/
+AuthFormProvider file
+AuthUserFile conf/passwd
+AuthType form
+AuthName realm
+#...
+ </highlight>
</example>
<p>See the <module>mod_auth_form</module> module for documentation and complete
<var>session</var>, configure the session as follows:</p>
<example><title>Browser based session</title>
- Session On<br />
- SessionCookieName session path=/<br />
+ <highlight language="config">
+Session On
+SessionCookieName session path=/
+ </highlight>
</example>
<p>For more examples on how the session can be configured to be read
</p>
<example><title>Cookie with attributes</title>
- Session On<br />
- SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;<br />
+ <highlight language="config">
+Session On
+SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;
+ </highlight>
</example>
</usage>
</p>
<example><title>Cookie2 with attributes</title>
- Session On<br />
- SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;<br />
+ <highlight language="config">
+Session On
+SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
+ </highlight>
</example>
</usage>
<var>session</var>, configure the session as follows:</p>
<example><title>Browser based encrypted session</title>
- Session On<br />
- SessionCookieName session path=/<br />
- SessionCryptoPassphrase secret
+ <highlight language="config">
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret
+ </highlight>
</example>
<p>The session will be encrypted with the given key. Different servers can
which are specified as parameters with optional values after the driver name.</p>
<example><title>NSS without a certificate database</title>
+ <highlight language="config">
SessionCryptoDriver nss
+ </highlight>
</example>
<example><title>NSS with certificate database</title>
+ <highlight language="config">
SessionCryptoDriver nss dir=certs
+ </highlight>
</example>
<example><title>NSS with certificate database and parameters</title>
+ <highlight language="config">
SessionCryptoDriver nss dir=certs key3=key3.db cert7=cert7.db secmod=secmod
+ </highlight>
</example>
<example><title>NSS with paths containing spaces</title>
+ <highlight language="config">
SessionCryptoDriver nss "dir=My Certs" key3=key3.db cert7=cert7.db secmod=secmod
+ </highlight>
</example>
<p>The <var>NSS</var> crypto driver might have already been configured by another
To avoid this warning, use the noinit parameter as follows.</p>
<example><title>NSS with certificate database</title>
+ <highlight language="config">
SessionCryptoDriver nss noinit
+ </highlight>
</example>
<p>To prevent confusion, ensure that all modules requiring NSS are configured with
the engine to be used for encryption.</p>
<example><title>OpenSSL with engine support</title>
+ <highlight language="config">
SessionCryptoDriver openssl engine=name
+ </highlight>
</example>
</usage>
session. These queries are configured as per the example below.</p>
<example><title>Sample DBD configuration</title>
- DBDriver pgsql<br />
- DBDParams "dbname=apachesession user=apache password=xxxxx host=localhost"<br />
- DBDPrepareSQL "delete from session where key = %s" deletesession<br />
- DBDPrepareSQL "update session set value = %s, expiry = %lld where key = %s" updatesession<br />
- DBDPrepareSQL "insert into session (value, expiry, key) values (%s, %lld, %s)" insertsession<br />
- DBDPrepareSQL "select value from session where key = %s and (expiry = 0 or expiry > %lld)" selectsession<br />
- DBDPrepareSQL "delete from session where expiry != 0 and expiry < %lld" cleansession<br />
+ <highlight language="config">
+DBDriver pgsql
+DBDParams "dbname=apachesession user=apache password=xxxxx host=localhost"
+DBDPrepareSQL "delete from session where key = %s" deletesession
+DBDPrepareSQL "update session set value = %s, expiry = %lld where key = %s" updatesession
+DBDPrepareSQL "insert into session (value, expiry, key) values (%s, %lld, %s)" insertsession
+DBDPrepareSQL "select value from session where key = %s and (expiry = 0 or expiry > %lld)" selectsession
+DBDPrepareSQL "delete from session where expiry != 0 and expiry < %lld" cleansession
+ </highlight>
</example>
</section>
called <var>session</var>, configure the session as follows:</p>
<example><title>SQL based anonymous session</title>
- Session On<br />
- SessionDBDCookieName session path=/<br />
+ <highlight language="config">
+Session On
+SessionDBDCookieName session path=/
+ </highlight>
</example>
<p>For more examples on how the session can be configured to be read
userid, configure the session as follows:</p>
<example><title>SQL based per user session</title>
- Session On<br />
- SessionDBDPerUser On<br />
+ <highlight language="config">
+Session On
+SessionDBDPerUser On
+ </highlight>
</example>
</section>
</p>
<example><title>Cookie with attributes</title>
- Session On<br />
- SessionDBDCookieName session path=/private;domain=example.com;httponly;secure;version=1;<br />
+ <highlight language="config">
+Session On
+SessionDBDCookieName session path=/private;domain=example.com;httponly;secure;version=1;
+ </highlight>
</example>
</usage>
</p>
<example><title>Cookie2 with attributes</title>
- Session On<br />
- SessionDBDCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;<br />
+ <highlight language="config">
+Session On
+SessionDBDCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
+ </highlight>
</example>
</usage>
such as this example, which sets <code>netscape</code> if the
browser is mozilla but not MSIE.</p>
-<example>
- BrowserMatch ^Mozilla netscape<br />
- BrowserMatch MSIE !netscape<br />
-</example>
+<highlight language="config">
+BrowserMatch ^Mozilla netscape
+BrowserMatch MSIE !netscape
+</highlight>
</summary>
<seealso><a href="../env.html">Environment Variables in Apache HTTP Server</a></seealso>
sets environment variables conditional on the
<code>User-Agent</code> HTTP request header. The following two
lines have the same effect:</p>
-<example>
- BrowserMatchNoCase Robot is_a_robot<br />
- SetEnvIfNoCase User-Agent Robot is_a_robot<br />
-</example>
+<highlight language="config">
+BrowserMatchNoCase Robot is_a_robot
+SetEnvIfNoCase User-Agent Robot is_a_robot
+</highlight>
<p>Some additional examples:</p>
-<example>
- BrowserMatch ^Mozilla forms jpeg=yes browser=netscape<br />
- BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript<br />
- BrowserMatch MSIE !javascript<br />
-</example>
+<highlight language="config">
+BrowserMatch ^Mozilla forms jpeg=yes browser=netscape
+BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript
+BrowserMatch MSIE !javascript
+</highlight>
</usage>
</directivesynopsis>
module="mod_setenvif">BrowserMatch</directive> directive.
However, it provides for case-insensitive matching. For
example:</p>
-<example>
- BrowserMatchNoCase mac platform=macintosh<br />
- BrowserMatchNoCase win platform=windows<br />
-</example>
+<highlight language="config">
+BrowserMatchNoCase mac platform=macintosh
+BrowserMatchNoCase win platform=windows
+</highlight>
<p>The <directive>BrowserMatch</directive> and
<directive>BrowserMatchNoCase</directive> directives are special cases of
the <directive module="mod_setenvif">SetEnvIf</directive> and <directive
module="mod_setenvif">SetEnvIfNoCase</directive>
directives. The following two lines have the same effect:</p>
-<example>
- BrowserMatchNoCase Robot is_a_robot<br />
- SetEnvIfNoCase User-Agent Robot is_a_robot<br />
-</example>
+<highlight language="config">
+BrowserMatchNoCase Robot is_a_robot
+SetEnvIfNoCase User-Agent Robot is_a_robot
+</highlight>
</usage>
</directivesynopsis>
<var>value</var> and replace them by parenthesized subexpressions
of <var>regex</var>.</p>
-<example>
-<title>Example:</title>
- SetEnvIf Request_URI "\.gif$" object_is_image=gif<br />
- SetEnvIf Request_URI "\.jpg$" object_is_image=jpg<br />
- SetEnvIf Request_URI "\.xbm$" object_is_image=xbm<br />
- :<br />
- SetEnvIf Referer www\.mydomain\.example\.com intra_site_referral<br />
- :<br />
- SetEnvIf object_is_image xbm XBIT_PROCESSING=1<br />
- :<br />
- SetEnvIf ^TS ^[a-z] HAVE_TS<br />
-</example>
+<highlight language="config">
+SetEnvIf Request_URI "\.gif$" object_is_image=gif
+SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
+SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
+
+SetEnvIf Referer www\.mydomain\.example\.com intra_site_referral
+
+SetEnvIf object_is_image xbm XBIT_PROCESSING=1
+
+SetEnvIf ^TS ^[a-z] HAVE_TS
+</highlight>
<p>The first three will set the environment variable
<code>object_is_image</code> if the request was for an image
and applied <em>env-variable</em> in the same fashion as <directive
>SetEnvIf</directive>.</p>
-<example>
+<highlight language="config">
SetEnvIfExpr "tolower(req('X-Sendfile')) == 'd:\images\very_big.iso')" iso_delivered
-</example>
+</highlight>
<p>This would set the environment variable <code>iso_delivered</code>
every time our application attempts to send it via <code>X-Sendfile</code></p>
<p>A more useful example would be to set the variable rfc1918 if the
remote IP address is a private address according to RFC 1918:</p>
-<example>
+<highlight language="config">
SetEnvIfExpr "-R '10.0.0.0/8' || -R '172.16.0.0/12' || -R '192.168.0.0/16'" rfc1918
-</example>
+</highlight>
</usage>
<seealso><a href="../expr.html">Expressions in Apache HTTP Server</a>,
the <directive module="mod_setenvif">SetEnvIf</directive> directive,
and differs only in that the regular expression matching is
performed in a case-insensitive manner. For example:</p>
-<example>
+<highlight language="config">
SetEnvIfNoCase Host Example\.Org site=example
-</example>
+</highlight>
<p>This will cause the <code>site</code> environment variable
to be set to "<code>example</code>" if the HTTP request header
<p>For example:</p>
- <example>LoadFile libexec/libxmlparse.so</example>
+ <highlight language="config">LoadFile libexec/libxmlparse.so</highlight>
</usage>
</directivesynopsis>
href="module-dict.html#ModuleIdentifier">Module Identifier</a>
in the module documentation. Example:</p>
- <example>
+ <highlight language="config">
LoadModule status_module modules/mod_status.so
- </example>
+ </highlight>
<p>loads the named module from the modules subdirectory of the
ServerRoot.</p>
provided. Information about this function is provided in the <a
href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
<example><title>Example</title>
-CustomLog logs/ssl_request_log \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+<highlight language="config">
+CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+</highlight>
</example>
</section>
encrypted with SSL. This is similar to the
<directive>SSLRequireSSL</directive> directive.</p>
- <example>
+ <highlight language="config">
Require ssl
- </example>
+ </highlight>
</section>
<p>The following example grants access if the user is authenticated
either with a client certificate or by username and password.</p>
- <example>
+ <highlight language="config">
Require ssl-verify-client<br/>
Require valid-user
- </example>
+ </highlight>
</section>
program is called only once per unique Pass Phrase.</p></li>
</ul>
<example><title>Example</title>
+<highlight language="config">
SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
+</highlight>
</example>
</usage>
</directivesynopsis>
can take a long time). Here using an existing <code>/dev/urandom</code> is
better, because it never blocks and actually gives the amount of requested
data. The drawback is just that the quality of the received data may not
- be the best.</p>
- <p>
- On some platforms like FreeBSD one can even control how the entropy is
- actually generated, i.e. by which system interrupts. More details one can
- find under <em>rndcontrol(8)</em> on those platforms. Alternatively, when
- your system lacks such a random device, you can use tool
- like <a href="http://www.lothar.com/tech/crypto/">EGD</a>
- (Entropy Gathering Daemon) and run it's client program with the
- <code>exec:/path/to/program/</code> variant (see below) or use
- <code>egd:/path/to/egd-socket</code> (see below).</p></li>
+ be the best.</p></li>
<li><code>exec:/path/to/program</code>
<p>
on your platform.</p></li>
</ul>
<example><title>Example</title>
-SSLRandomSeed startup builtin<br />
-SSLRandomSeed startup file:/dev/random<br />
-SSLRandomSeed startup file:/dev/urandom 1024<br />
-SSLRandomSeed startup exec:/usr/local/bin/truerand 16<br />
-SSLRandomSeed connect builtin<br />
-SSLRandomSeed connect file:/dev/random<br />
-SSLRandomSeed connect file:/dev/urandom 1024<br />
+<highlight language="config">
+SSLRandomSeed startup builtin
+SSLRandomSeed startup file:/dev/random
+SSLRandomSeed startup file:/dev/urandom 1024
+SSLRandomSeed startup exec:/usr/local/bin/truerand 16
+SSLRandomSeed connect builtin
+SSLRandomSeed connect file:/dev/random
+SSLRandomSeed connect file:/dev/urandom 1024
+</highlight>
</example>
</usage>
</directivesynopsis>
</ul>
<example><title>Examples</title>
-SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data<br />
+<highlight language="config">
+SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)
+</highlight>
</example>
<p>The <code>ssl-cache</code> mutex is used to serialize access to
It can be set as low as 15 for testing, but should be set to higher
values like 300 in real life.</p>
<example><title>Example</title>
+<highlight language="config">
SSLSessionCacheTimeout 600
+</highlight>
</example>
</usage>
</directivesynopsis>
that virtual host. By default the SSL/TLS Protocol Engine is
disabled for both the main server and all configured virtual hosts.</p>
<example><title>Example</title>
-<VirtualHost _default_:443><br />
-SSLEngine on<br />
-...<br />
+<highlight language="config">
+<VirtualHost _default_:443>
+SSLEngine on
+#...
</VirtualHost>
+</highlight>
</example>
<p>In Apache 2.1 and later, <directive>SSLEngine</directive> can be set to
<code>optional</code>. This enables support for
``<code>+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2</code>, respectively.</p></li>
</ul>
<example><title>Example</title>
+<highlight language="config">
SSLProtocol TLSv1
+</highlight>
</example>
</usage>
</directivesynopsis>
-v</code>'' command which provides a nice way to successively create the
correct <em>cipher-spec</em> string. The default <em>cipher-spec</em> string
depends on the version of the OpenSSL libraries used. Let's suppose it is
-``<code>ALL:!aNULL:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP</code>'' which
-means the following: first, remove from consideration any ciphers that do not
-authenticate, i.e. for SSL the Anonymous Diffie-Hellman ciphers. Next,
-use ciphers using RC4 and RSA. Next include the high, medium and then the low
-security ciphers. Finally <em>pull</em> all SSLv2 and export ciphers to the
-end of the list.</p>
+``<code>RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5</code>'' which
+means the following: Put <code>RC4-SHA</code> and <code>AES128-SHA</code> at
+the beginning. We do this, because these ciphers offer a good compromise
+between speed and security. Next, include high and medium security ciphers.
+Finally, remove all ciphers which do not authenticate, i.e. for SSL the
+Anonymous Diffie-Hellman ciphers, as well as all ciphers which use
+<code>MD5</code> as hash algorithm, because it has been proven insufficient.</p>
<example>
<pre>
-$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
-NULL-SHA SSLv3 Kx=RSA Au=RSA Enc=None Mac=SHA1
-NULL-MD5 SSLv3 Kx=RSA Au=RSA Enc=None Mac=MD5
-EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
+$ openssl ciphers -v 'RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5'
+RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
+AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
+DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1
... ... ... ... ...
-EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
-EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
-EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
+SEED-SHA SSLv3 Kx=RSA Au=RSA Enc=SEED(128) Mac=SHA1
+PSK-RC4-SHA SSLv3 Kx=PSK Au=PSK Enc=RC4(128) Mac=SHA1
+KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
</pre>
</example>
<p>The complete list of particular RSA & DH ciphers for SSL is given in <a
href="#table2">Table 2</a>.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
+</highlight>
</example>
<table border="1">
<columnspec><column width=".3"/><column width=".1"/><column width=".13"/>
two times (referencing different filenames) when both a RSA and a DSA based
server certificate is used in parallel.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
+</highlight>
</example>
</usage>
</directivesynopsis>
(referencing different filenames) when both a RSA and a DSA based
private key is used in parallel.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
+</highlight>
</example>
</usage>
</directivesynopsis>
certificates use the <em>same</em> certificate chain. Else the browsers will be
confused in this situation.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt
+</highlight>
</example>
</usage>
</directivesynopsis>
<em>hash-value</em><code>.N</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/
+</highlight>
</example>
</usage>
</directivesynopsis>
preference. This can be used alternatively and/or additionally to
<directive module="mod_ssl">SSLCACertificatePath</directive>.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt
+</highlight>
</example>
</usage>
</directivesynopsis>
PEM-encoded CA certificates.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCADNRequestFile /usr/local/apache2/conf/ca-names.crt
+</highlight>
</example>
</usage>
</directivesynopsis>
<em>hash-value</em><code>.N</code>. And you should always make sure
this directory contains the appropriate symbolic links.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCADNRequestPath /usr/local/apache2/conf/ca-names.crt/
+</highlight>
</example>
</usage>
</directivesynopsis>
<em>hash-value</em><code>.rN</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCARevocationPath /usr/local/apache2/conf/ssl.crl/
+</highlight>
</example>
</usage>
</directivesynopsis>
used alternatively and/or additionally to <directive
module="mod_ssl">SSLCARevocationPath</directive>.</p>
<example><title>Example</title>
+<highlight language="config">
SSLCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-client.crl
+</highlight>
</example>
</usage>
</directivesynopsis>
</p>
</note>
<example><title>Example</title>
+<highlight language="config">
SSLCARevocationCheck chain
+</highlight>
</example>
</usage>
</directivesynopsis>
<strong>optional_no_ca</strong> is actually against the idea of
authentication (but can be used to establish SSL test pages, etc.)</p>
<example><title>Example</title>
+<highlight language="config">
SSLVerifyClient require
+</highlight>
</example>
</usage>
</directivesynopsis>
known to the server (i.e. the CA's certificate is under
<directive module="mod_ssl">SSLCACertificatePath</directive>), etc.</p>
<example><title>Example</title>
+<highlight language="config">
SSLVerifyDepth 10
+</highlight>
</example>
</usage>
</directivesynopsis>
</li>
</ul>
<example><title>Example</title>
-SSLOptions +FakeBasicAuth -StrictRequire<br />
-<Files ~ "\.(cgi|shtml)$"><br />
- SSLOptions +StdEnvVars -ExportCertData<br />
+<highlight language="config">
+SSLOptions +FakeBasicAuth -StrictRequire
+<Files ~ "\.(cgi|shtml)$">
+ SSLOptions +StdEnvVars -ExportCertData
<Files>
+</highlight>
</example>
</usage>
</directivesynopsis>
stuff that should be protected. When this directive is present all requests
are denied which are not using SSL.</p>
<example><title>Example</title>
+<highlight language="config">
SSLRequireSSL
+</highlight>
</example>
</usage>
</directivesynopsis>
request processing.</p>
<example><title>Example</title>
-<pre>SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
+<highlight language="config">
+SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
- or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/</pre>
+ or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+</highlight>
</example>
<p>The <code>PeerExtList(<em>object-ID</em>)</code> function expects
extension must match).</p>
<example><title>Example</title>
+<highlight language="config">
SSLRequire "foobar" in PeerExtList("1.2.3.4.5.6")
+</highlight>
</example>
<note><title>Notes on the PeerExtList function</title>
</ul>
</note>
-
</usage>
<seealso><a href="../env.html">Environment Variables in Apache HTTP Server</a>,
for additional examples.
</p></note>
<example><title>Example</title>
+<highlight language="config">
SSLRenegBufferSize 262144
+</highlight>
</example>
</usage>
</directivesynopsis>
</p></note>
<example><title>Example</title>
+<highlight language="config">
SSLStrictSNIVHostCheck on
+</highlight>
</example>
</usage>
</directivesynopsis>
<p>Currently there is no support for encrypted private keys</p>
</note>
<example><title>Example</title>
+<highlight language="config">
SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
+</highlight>
</example>
</usage>
</directivesynopsis>
<p>Currently there is no support for encrypted private keys</p>
</note>
<example><title>Example</title>
+<highlight language="config">
SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
+</highlight>
</example>
</usage>
</directivesynopsis>
SSLProxyCACertificateFile</directive>.</p>
</note>
<example><title>Example</title>
+<highlight language="config">
SSLProxyMachineCertificateChainFile /usr/local/apache2/conf/ssl.crt/proxyCA.pem
+</highlight>
</example>
</usage>
</directivesynopsis>
<strong>optional_no_ca</strong> is actually against the idea of
authentication (but can be used to establish SSL test pages, etc.)</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyVerify require
+</highlight>
</example>
</usage>
</directivesynopsis>
which is directly known to the server (i.e. the CA's certificate is under
<directive module="mod_ssl">SSLProxyCACertificatePath</directive>), etc.</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyVerifyDepth 10
+</highlight>
</example>
</usage>
</directivesynopsis>
sent.
</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCheckPeerExpire on
+</highlight>
</example>
</usage>
</directivesynopsis>
a 502 status code (Bad Gateway) is sent.
</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCheckPeerCN on
+</highlight>
</example>
</usage>
</directivesynopsis>
usage in a particular virtual host. By default the SSL/TLS Protocol Engine is
disabled for proxy image both for the main server and all configured virtual hosts.</p>
<example><title>Example</title>
-<VirtualHost _default_:443><br />
-SSLProxyEngine on<br />
-...<br />
+<highlight language="config">
+<VirtualHost _default_:443>
+ SSLProxyEngine on
+ #...
</VirtualHost>
+</highlight>
</example>
</usage>
</directivesynopsis>
<em>hash-value</em><code>.N</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/
+</highlight>
</example>
</usage>
</directivesynopsis>
preference. This can be used alternatively and/or additionally to
<directive module="mod_ssl">SSLProxyCACertificatePath</directive>.</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-remote-server.crt
+</highlight>
</example>
</usage>
</directivesynopsis>
<em>hash-value</em><code>.rN</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCARevocationPath /usr/local/apache2/conf/ssl.crl/
+</highlight>
</example>
</usage>
</directivesynopsis>
used alternatively and/or additionally to <directive
module="mod_ssl">SSLProxyCARevocationPath</directive>.</p>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-remote-server.crl
+</highlight>
</example>
</usage>
</directivesynopsis>
</p>
</note>
<example><title>Example</title>
+<highlight language="config">
SSLProxyCARevocationCheck chain
+</highlight>
</example>
</usage>
</directivesynopsis>
href="#ssloptions">SSLOptions</a>).</p>
<example><title>Example</title>
+<highlight language="config">
SSLUserName SSL_CLIENT_S_DN_CN
+</highlight>
</example>
</usage>
</directivesynopsis>
the client's preference is used. If this directive is enabled, the
server's preference will be used instead.</p>
<example><title>Example</title>
+<highlight language="config">
SSLHonorCipherOrder on
+</highlight>
</example>
</usage>
</directivesynopsis>
"<code>openssl engine</code>".</p>
<example><title>Example</title>
-# For a Broadcom accelerator:<br />
+<highlight language="config">
+# For a Broadcom accelerator:
SSLCryptoDevice ubsec
+</highlight>
</example>
</usage>
</directivesynopsis>
directives.</p>
<example><title>Example</title>
-SSLVerifyClient on<br/>
-SSLOCSPEnable on<br/>
-SSLOCSPDefaultResponder http://responder.example.com:8888/responder<br/>
+<highlight language="config">
+SSLVerifyClient on
+SSLOCSPEnable on
+SSLOCSPDefaultResponder http://responder.example.com:8888/responder
SSLOCSPOverrideResponder on
+</highlight>
</example>
</usage>
</directivesynopsis>
</note>
<example><title>Example</title>
+<highlight language="config">
SSLInsecureRenegotiation on
+</highlight>
</example>
<p>The <code>SSL_SECURE_RENEG</code> environment variable can be used
<p>To enable status reports only for browsers from the example.com
domain add this code to your <code>httpd.conf</code>
configuration file</p>
-<example>
- <Location /server-status><br />
- <indent>
- SetHandler server-status<br />
-<br />
- Require host example.com<br />
- </indent>
- </Location>
-</example>
+<highlight language="config">
+<Location /server-status>
+ SetHandler server-status
+ Require host example.com
+</Location>
+</highlight>
<p>You can now access server statistics by using a Web browser
to access the page
</dl>
<example><title>Example</title>
- <Location />
- <indent>
- AddOutputFilterByType SUBSTITUTE text/html<br />
- Substitute s/foo/bar/ni<br />
- </indent>
- </Location>
+ <highlight language="config">
+<Location />
+ AddOutputFilterByType SUBSTITUTE text/html
+ Substitute s/foo/bar/ni
+</Location>
+ </highlight>
</example>
<p>If either the pattern or the substitution contain a slash
character then an alternative delimiter should be used:</p>
<example><title>Example of using an alternate delimiter</title>
- <Location />
- <indent>
- AddOutputFilterByType SUBSTITUTE text/html<br />
- Substitute "s|<BR */?>|<br />|i"
- </indent>
- </Location>
+ <highlight language="config">
+<Location />
+ AddOutputFilterByType SUBSTITUTE text/html
+ Substitute "s|<BR */?>|<br />|i"
+</Location>
+ </highlight>
</example>
<p>Backreferences can be used in the comparison and in the substitution,
when regular expressions are used, as illustrated in the following example: </p>
<example><title>Example of using backreferences and captures</title>
- <Location />
- <indent>
- AddOutputFilterByType SUBSTITUTE text/html<br />
- # "foo=k,bar=k" -> "foo/bar=k" <br />
- Substitute "s|foo=(\w+),bar=\1|foo/bar=$1"
- </indent>
- </Location>
+ <highlight language="config">
+<Location />
+ AddOutputFilterByType SUBSTITUTE text/html
+ # "foo=k,bar=k" -> "foo/bar=k"
+ Substitute "s|foo=(\w+),bar=\1|foo/bar=$1"
+</Location>
+ </highlight>
</example>
<p>A common use scenario for <code>mod_substitute</code> is the
those URLs into something that will work from the front end:</p>
<example><title>Rewriting URLs embedded in proxied content</title>
- ProxyPass /blog/ http://internal.blog.example.com<br />
- ProxyPassReverse /blog/ http://internal.blog.example.com/<br />
- <br />
- Substitute "s|http://internal.blog.example.com/|http://www.example.com/blog/|i"
+ <highlight language="config">
+ProxyPass /blog/ http://internal.blog.example.com
+ProxyPassReverse /blog/ http://internal.blog.example.com/
+
+Substitute "s|http://internal.blog.example.com/|http://www.example.com/blog/|i"
+ </highlight>
</example>
<p><directive module="mod_proxy">ProxyPassReverse</directive>
<example>
<title>Example</title>
+ <highlight language="config">
SuexecUserGroup nobody nogroup
+ </highlight>
</example>
<p>In Apache httpd 2.3.9 and later, startup will fail if this
projects / apache / commitdiff