main server what addresses and ports to listen to. If no
<VirtualHost> directives are used, the server will behave the
same for all accepted requests. However, <VirtualHost> can be
-used to specify a different behavour for one or more of the addresses
+used to specify a different behavior for one or more of the addresses
and ports. To implement a VirtualHost, the server must first be told
to listen to the address and port to be used. Then a
<VirtualHost> section should be created for a specified address
<a href="dns-caveats.html">DNS Issues</a>
and
<a href="mod/core.html#virtualhost"><VirtualHost> section</a>.
-</ul>
<!--#include virtual="footer.html" -->
</BODY>
main server what addresses and ports to listen to. If no
<VirtualHost> directives are used, the server will behave the
same for all accepted requests. However, <VirtualHost> can be
-used to specify a different behavour for one or more of the addresses
+used to specify a different behavior for one or more of the addresses
and ports. To implement a VirtualHost, the server must first be told
to listen to the address and port to be used. Then a
<VirtualHost> section should be created for a specified address
<a href="dns-caveats.html">DNS Issues</a>
and
<a href="mod/core.html#virtualhost"><VirtualHost> section</a>.
-</ul>
<!--#include virtual="footer.html" -->
</BODY>
<p>As implemented in Apache 1.1.1 and earlier versions, the method
Apache used to create PATH_INFO in the CGI environment was
-counterintiutive, and could result in crashes in certain cases. In
+counterintuitive, and could result in crashes in certain cases. In
Apache 1.2 and beyond, this behavior has changed. Although this
results in some compatibility problems with certain legacy CGI
applications, the Apache 1.2 behavior is still compatible with the
example, PATH_INFO would be set to "<code>/script</code>", and
SCRIPT_NAME to "<code>/cgi-ralph</code>". This makes sense and results
in no server behavior problems. It also permits the script to be
-gauranteed that
+guaranteed that
"<code>http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO</code>"
-will always be an accessable URL that points to the current script,
-something which was not neccessarily true with previous versions of
+will always be an accessible URL that points to the current script,
+something which was not necessarily true with previous versions of
Apache.
<p>However, the "<code>/ralph</code>"
<h2><a name="compat">Compatibility with Previous Servers</a></h2>
-<p>It may be neccessary for a script that was designed for earlier
+<p>It may be necessary for a script that was designed for earlier
versions of Apache or other servers to need the information that the
old PATH_INFO variable provided. For this purpose, Apache 1.2 (1.2b3
and later) sets an additional variable, FILEPATH_INFO. This
with Apache 1.1.1.</p>
<p>A script that wishes to work with both Apache 1.2 and earlier
-versions can simply test for the existance of FILEPATH_INFO, and use
+versions can simply test for the existence of FILEPATH_INFO, and use
it if available. Otherwise, it can use PATH_INFO. For example, in
Perl, one might use:
<pre>
<p>As implemented in Apache 1.1.1 and earlier versions, the method
Apache used to create PATH_INFO in the CGI environment was
-counterintiutive, and could result in crashes in certain cases. In
+counterintuitive, and could result in crashes in certain cases. In
Apache 1.2 and beyond, this behavior has changed. Although this
results in some compatibility problems with certain legacy CGI
applications, the Apache 1.2 behavior is still compatible with the
example, PATH_INFO would be set to "<code>/script</code>", and
SCRIPT_NAME to "<code>/cgi-ralph</code>". This makes sense and results
in no server behavior problems. It also permits the script to be
-gauranteed that
+guaranteed that
"<code>http://$SERVER_NAME:$SERVER_PORT$SCRIPT_NAME$PATH_INFO</code>"
-will always be an accessable URL that points to the current script,
-something which was not neccessarily true with previous versions of
+will always be an accessible URL that points to the current script,
+something which was not necessarily true with previous versions of
Apache.
<p>However, the "<code>/ralph</code>"
<h2><a name="compat">Compatibility with Previous Servers</a></h2>
-<p>It may be neccessary for a script that was designed for earlier
+<p>It may be necessary for a script that was designed for earlier
versions of Apache or other servers to need the information that the
old PATH_INFO variable provided. For this purpose, Apache 1.2 (1.2b3
and later) sets an additional variable, FILEPATH_INFO. This
with Apache 1.1.1.</p>
<p>A script that wishes to work with both Apache 1.2 and earlier
-versions can simply test for the existance of FILEPATH_INFO, and use
+versions can simply test for the existence of FILEPATH_INFO, and use
it if available. Otherwise, it can use PATH_INFO. For example, in
Perl, one might use:
<pre>
As an example of a more complex request, this browser has been
configured to accept French and English, but prefer French, and to
accept various media types, preferring HTML over plain text or other
-text types, and prefering GIF or jpeg over other media types, but also
+text types, and preferring GIF or JPEG over other media types, but also
allowing any other media type as a last resort:
<pre>
<code>image/gif</code>, <code>text/plain</code>, or
<code>text/html; level=3</code>.
<dt> <code>Content-language:</code>
- <dd> The languages of the variant, specified as an internet standard
+ <dd> The languages of the variant, specified as an Internet standard
language code (e.g., <code>en</code> for English,
<code>kr</code> for Korean, etc.).
<dt> <code>Content-encoding:</code>
applies a algorithm to decide on the 'best' variant to return, if
any. To do this it calculates a quality value for each variant in each
of the dimensions of variance. It is not necessary to know any of the
-details of how negotaion actually takes place in order to use Apache's
-content negotation features. However the rest of this document
+details of how negotiation actually takes place in order to use Apache's
+content negotiation features. However the rest of this document
explains in detail the algorithm used for those interested. <p>
In some circumstances, Apache can 'fiddle' the quality factor of a
-particular dimension to achive a better result. The ways Apache can
+particular dimension to achieve a better result. The ways Apache can
fiddle quality factors is explained in more detail below.
-<h3>Dimensions of Negotation</h3>
+<h3>Dimensions of Negotiation</h3>
<table>
<tr><th>Dimension
can have an associated quality factor. Variant description can also
have a quality factor.
<tr><td>Language
-<td>Browser indicates preferneces on Accept-Language: header. Each
+<td>Browser indicates preferences on Accept-Language: header. Each
item
can have a quality factor. Variants can be associated with none, one
or more languages.
<li>The algorithm has now selected one 'best' variant, so return
it as the response. The HTTP response header Vary is set to indicate the
- dimensions of negotation (browsers and caches can use this
+ dimensions of negotiation (browsers and caches can use this
information when caching the resource). End.
<li>To get here means no variant was selected (because non are acceptable
If the Accept: header contains <i>no</i> q factors at all, Apache sets
the q value of "*/*", if present, to 0.01 to emulate the desired
-behaviour. It also sets the q value of wildcards of the format
+behavior. It also sets the q value of wildcards of the format
"type/*" to 0.02 (so these are preferred over matches against
"*/*". If any media type on the Accept: header contains a q factor,
these special values are <i>not</i> applied, so requests from browsers
hits could return the wrong response. To prevent this,
Apache normally marks all responses that are returned after content negotiation
as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1
-protocol features to allow cach
eing of negotiated responses. <P>
+protocol features to allow caching of negotiated responses. <P>
For requests which come from a HTTP/1.0 compliant client (either a
browser or a cache), the directive <tt>CacheNegotiatedDocs</tt> can be
As an example of a more complex request, this browser has been
configured to accept French and English, but prefer French, and to
accept various media types, preferring HTML over plain text or other
-text types, and prefering GIF or jpeg over other media types, but also
+text types, and preferring GIF or JPEG over other media types, but also
allowing any other media type as a last resort:
<pre>
<code>image/gif</code>, <code>text/plain</code>, or
<code>text/html; level=3</code>.
<dt> <code>Content-language:</code>
- <dd> The languages of the variant, specified as an internet standard
+ <dd> The languages of the variant, specified as an Internet standard
language code (e.g., <code>en</code> for English,
<code>kr</code> for Korean, etc.).
<dt> <code>Content-encoding:</code>
applies a algorithm to decide on the 'best' variant to return, if
any. To do this it calculates a quality value for each variant in each
of the dimensions of variance. It is not necessary to know any of the
-details of how negotaion actually takes place in order to use Apache's
-content negotation features. However the rest of this document
+details of how negotiation actually takes place in order to use Apache's
+content negotiation features. However the rest of this document
explains in detail the algorithm used for those interested. <p>
In some circumstances, Apache can 'fiddle' the quality factor of a
-particular dimension to achive a better result. The ways Apache can
+particular dimension to achieve a better result. The ways Apache can
fiddle quality factors is explained in more detail below.
-<h3>Dimensions of Negotation</h3>
+<h3>Dimensions of Negotiation</h3>
<table>
<tr><th>Dimension
can have an associated quality factor. Variant description can also
have a quality factor.
<tr><td>Language
-<td>Browser indicates preferneces on Accept-Language: header. Each
+<td>Browser indicates preferences on Accept-Language: header. Each
item
can have a quality factor. Variants can be associated with none, one
or more languages.
<li>The algorithm has now selected one 'best' variant, so return
it as the response. The HTTP response header Vary is set to indicate the
- dimensions of negotation (browsers and caches can use this
+ dimensions of negotiation (browsers and caches can use this
information when caching the resource). End.
<li>To get here means no variant was selected (because non are acceptable
If the Accept: header contains <i>no</i> q factors at all, Apache sets
the q value of "*/*", if present, to 0.01 to emulate the desired
-behaviour. It also sets the q value of wildcards of the format
+behavior. It also sets the q value of wildcards of the format
"type/*" to 0.02 (so these are preferred over matches against
"*/*". If any media type on the Accept: header contains a q factor,
these special values are <i>not</i> applied, so requests from browsers
hits could return the wrong response. To prevent this,
Apache normally marks all responses that are returned after content negotiation
as non-cacheable by HTTP/1.0 clients. Apache also supports the HTTP/1.1
-protocol features to allow cach
eing of negotiated responses. <P>
+protocol features to allow caching of negotiated responses. <P>
For requests which come from a HTTP/1.0 compliant client (either a
browser or a cache), the directive <tt>CacheNegotiatedDocs</tt> can be
Let's begin with handlers. In order to handle the CGI scripts, the
module declares a response handler for them. Because of
<code>ScriptAlias</code>, it also has handlers for the name
-translation phase (to recognise <code>ScriptAlias</code>ed URIs), the
+translation phase (to recognize <code>ScriptAlias</code>ed URIs), the
type-checking phase (any <code>ScriptAlias</code>ed request is typed
as a CGI script).<p>
<p>In order for Apache to function properly it absolutely needs
to have two pieces of information about each virtual host: the
<a href="mod/core.html#servername"><code>ServerName</code></a>
-and at least one ip address that the server
-responds to. This example does not include the ip address, so Apache
+and at least one IP address that the server
+responds to. This example does not include the IP address, so Apache
must use DNS to find the address of <code>www.abc.dom</code>. If for
some reason DNS is not available at the time your server is parsing its
config file, then this virtual host <b>will not be configured</b>. It
for this virtualhost. If that reverse lookup fails then it will partially
disable the virtualhost (prior to Apache version 1.2 the server would not
even boot). If the virtual host is name-based then it will effectively
-be totally disabled, but if it is ip-based then it will mostly work.
+be totally disabled, but if it is IP-based then it will mostly work.
However if Apache should ever have to generate a full URL for the server
which includes the server name then it will fail to generate a valid URL.
<h3>The _default_ Address</h3>
<p>Any address that happens to go to your webserver which doesn't match
-the ip address of any of the webservers will be served from the "main" or
+the IP address of any of the webservers will be served from the "main" or
"default" server configurations. The "main" server configuration consists
of all those definitions appearing outside of any VirtualHost section.
You may want instead to define a <code><VirtualHost _default></code>
which returns 403 or 404 for all hits.
-<a name="tips"><h3>Tips to Avoid these problems</h3></a>
+<h3><a name="tips">Tips to Avoid these problems</a></h3>
<ul>
-<li> use ip addresses in <code><VirtualHost></code>
-<li> use ip addresses in <code>Listen</code>
-<li> use ip addresses in <code>BindAddress</code>
+<li> use IP addresses in <code><VirtualHost></code>
+<li> use IP addresses in <code>Listen</code>
+<li> use IP addresses in <code>BindAddress</code>
<li> ensure all virtual hosts have an explicit <code>ServerName</code>
<li> create a <code><VirtualHost _default_></code> server that
has no pages to serve
<p>The situation regarding DNS is highly undesirable. For Apache
1.2 we've attempted to make the server at least continue booting
in the event of failed DNS, but it might not be the best we
-can do. In any event requiring the use of explicit ip addresses in
+can do. In any event requiring the use of explicit IP addresses in
configuration files is highly undesirable in today's Internet where <a
href="http://www.ietf.org/html.charters/pier-charter.html">renumbering
</a> is a necessity.
<p>As HTTP/1.1 is deployed and browsers and proxies start issuing the
<code>Host</code> header it will become possible to avoid the use of
-ip-based virtual hosts entirely. In this event a webserver has no requirement
+IP-based virtual hosts entirely. In this event a webserver has no requirement
to do DNS lookups during configuration. But as of March 1997 these
features have not been deployed widely enough to be put into use on
critical webservers.
<BODY>
<!--#include virtual="header.html" -->
<h1>Special Purpose Environment Variables</h1>
-<P>Interoperability problems have led to the introduction of mechanisms to modify
-the way Apache behaves when talking to particular clients. To make these
-mechanisms as flexible as possible, they are invoked by defining environment
-variables, typically with <A HREF=mod/mod_browser.html#browsermatch>BrowserMatch</A>, though <A HREF=mod/mod_env.html#setenv>SetEnv</A> and
-<A HREF=mod/mod_env.html#passenv>PassEnv</A> could also be used, for example.</P>
+<P>Interoperability problems have led to the introduction of
+mechanisms to modify the way Apache behaves when talking to particular
+clients. To make these mechanisms as flexible as possible, they
+are invoked by defining environment variables, typically with
+<A HREF="mod/mod_browser.html#browsermatch">BrowserMatch</A>, though
+<A HREF="mod/mod_env.html#setenv">SetEnv</A> and
+<A HREF="mod/mod_env.html#passenv">PassEnv</A> could also be used, for
+example.</P>
+
<H2>nokeepalive</H2>
-This disables <A HREF=mod/core.html#keepalive>KeepAlive</A> when set. Because
+This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set. Because
of problems with Netscape 2.x and KeepAlive, we recommend the following
directive be used:
<BLOCKQUOTE><CODE>
<BODY>
<!--#include virtual="header.html" -->
<h1>Special Purpose Environment Variables</h1>
-<P>Interoperability problems have led to the introduction of mechanisms to modify
-the way Apache behaves when talking to particular clients. To make these
-mechanisms as flexible as possible, they are invoked by defining environment
-variables, typically with <A HREF=mod/mod_browser.html#browsermatch>BrowserMatch</A>, though <A HREF=mod/mod_env.html#setenv>SetEnv</A> and
-<A HREF=mod/mod_env.html#passenv>PassEnv</A> could also be used, for example.</P>
+<P>Interoperability problems have led to the introduction of
+mechanisms to modify the way Apache behaves when talking to particular
+clients. To make these mechanisms as flexible as possible, they
+are invoked by defining environment variables, typically with
+<A HREF="mod/mod_browser.html#browsermatch">BrowserMatch</A>, though
+<A HREF="mod/mod_env.html#setenv">SetEnv</A> and
+<A HREF="mod/mod_env.html#passenv">PassEnv</A> could also be used, for
+example.</P>
+
<H2>nokeepalive</H2>
-This disables <A HREF=mod/core.html#keepalive>KeepAlive</A> when set. Because
+This disables <A HREF="mod/core.html#keepalive">KeepAlive</A> when set. Because
of problems with Netscape 2.x and KeepAlive, we recommend the following
directive be used:
<BLOCKQUOTE><CODE>
<H1>Compiling and Installing Apache 1.2</H1>
-If you wish to download and install an earlier version of Apache please
+<P>If you wish to download and install an earlier version of Apache please
read <A HREF="install_1_1.html">Compiling and Installing Apache 1.1</A>.</P>
UnixWare users will want to consult <A HREF="unixware.html">build notes</A>
If all goes well this will return to the command prompt almost
immediately. This indicates that the server is now up and running. If
-anything goes wrong during the initiallisation of the server you will
+anything goes wrong during the initialization of the server you will
see an error message on the screen.
If the server started ok, you can now use your browser to
<H1>Compiling and Installing Apache 1.2</H1>
-If you wish to download and install an earlier version of Apache please
+<P>If you wish to download and install an earlier version of Apache please
read <A HREF="install_1_1.html">Compiling and Installing Apache 1.1</A>.</P>
UnixWare users will want to consult <A HREF="unixware.html">build notes</A>
If all goes well this will return to the command prompt almost
immediately. This indicates that the server is now up and running. If
-anything goes wrong during the initiallisation of the server you will
+anything goes wrong during the initialization of the server you will
see an error message on the screen.
If the server started ok, you can now use your browser to
Let's begin with handlers. In order to handle the CGI scripts, the
module declares a response handler for them. Because of
<code>ScriptAlias</code>, it also has handlers for the name
-translation phase (to recognise <code>ScriptAlias</code>ed URIs), the
+translation phase (to recognize <code>ScriptAlias</code>ed URIs), the
type-checking phase (any <code>ScriptAlias</code>ed request is typed
as a CGI script).<p>
<p>However, HTTP/1.1 requires several things of POST and PUT request
handlers that did not fit into this module, and all existing modules
have to be rewritten. The API calls for handling this have been
-furthur abstracted, so that future HTTP protocol changes can be
+further abstracted, so that future HTTP protocol changes can be
accomplished while remaining backwards-compatible.</p>
<hr>
<ol>
<li>Call <code>setup_client_block()</code> near the beginning of the request
- handler. This will set up all the neccessary properties, and
+ handler. This will set up all the necessary properties, and
will return either OK, or an error code. If the latter,
the module should return that error code. The second parameter
selects the policy to apply if the request message indicates a
<li>Finally, call <code>get_client_block</code> in a loop. Pass it a
buffer and its
- size. It will put data into the buffer (not neccessarily the full
+ size. It will put data into the buffer (not necessarily the full
buffer, in the case of chunked inputs), and return the length of
the input block. When it is done reading, it will
return 0 if EOF, or -1 if there was an error.
versions of NCSA httpd and Apache, you could use a filename
relative to the .htaccess file. This could be a major security hole,
as it made it trivially easy to make a ".htpass" file in the a
- directory easily accessable by the world. We recommend you store
+ directory easily accessible by the world. We recommend you store
your passwords outside your document tree.
<P>
<P>
- <LI><Limit> sillyness - in the old Apache 0.6.5, a
+ <LI><Limit> silliness - in the old Apache 0.6.5, a
directive of <Limit GET> would also restrict POST methods - Apache 0.8.8's new
core is correct in not presuming a limit on a GET is the same limit on a POST,
so if you are relying on that behavior you need to change your access configurations
<H1>Connections in the FIN_WAIT_2 state and Apache</H1>
<OL>
-<H2><LI>What is the FIN_WAIT_2 state?</H2>
+<LI><H2>What is the FIN_WAIT_2 state?</H2>
Starting with the Apache 1.2 betas, people are reporting many more
connections in the FIN_WAIT_2 state (as reported by
<code>netstat</code>) than they saw using older versions. When the
the kernel. The connections in FIN_WAIT_2 do not tie up an httpd
process.<P>
-<H2><LI>But why does it happen?</H2>
+<LI><H2>But why does it happen?</H2>
There are several reasons for it happening, and not all of them are
fully understood by the Apache team yet. What is known follows.<P>
If you have any information to add to this page, please contact me at
<A HREF="mailto:marc@apache.org">marc@apache.org</A>.<P>
-<H2><A NAME="appendix"><LI>Appendix</H2>
+<H2><A NAME="appendix"><LI>Appendix</A></H2>
<P>
Below is a message from Roy Fielding, one of the authors of HTTP/1.1.
HREF="perf-bsd44.html"
>Performance Notes (BSD 4.4)</A>
</DT>
- <DD>Some notes about ways to improve/optimise Apache performance on
+ <DD>Some notes about ways to improve/optimize Apache performance on
BSD 4.4 systems
</DD>
<DT><A
HREF="perf-dec.html"
>Performance Notes (Digital UNIX)</A>
</DT>
- <DD>Extracts of USENET postings describing how to optimise Apache
+ <DD>Extracts of USENET postings describing how to optimize Apache
performance on Digital UNIX systems
</DD>
<DT><A
<menu>
<li>*
<li>An IP address
-<li>A fully-qualified internet domain name
+<li>A fully-qualified Internet domain name
</menu>
If the value is *, then the server will listen for connections on
every IP address, otherwise it will only listen on the IP address
since every request requires one of these lookups to be performed. When
firewalls are involved each lookup might possibly fail and add 30 seconds
of latency to each hit. So in general this is not very useful on public
-servers accessible from the internet.
+servers accessible from the Internet.
<p><hr>
<A NAME="ifmodule"><H2><IfModule></H2></A>
allowed per connection when <a href="#keepalive">KeepAlive</a> is
on. If it is set to "<code>0</code>", unlimited requests will be
allowed. We recommend that this setting be kept to a high value for
-maximum server peformance.
+maximum server performance.
<A name="maxrequestsperchild"><h2>MaxRequestsPerChild directive</h2></A>
<!--%plaintext <?INDEX {\tt MaxRequestsPerChild} directive> -->
for a list of some defined ports; the standard port for the http protocol
is 80.<p>
-The Port directive has two behaviours, the first of which is necessary for
+The Port directive has two behaviors, the first of which is necessary for
NCSA backwards compatibility (and which is confusing in the context of
Apache).<p>
<A name="satisfy"><h2>Satisfy</h2></A>
<!--%plaintext <?INDEX {\tt Satisfy} directive> -->
<strong>Syntax:</strong> Satisfy <em>'any' or 'all'</em><br>
-<strong>Default:</strong> Satisy all<br>
+<strong>Default:</strong> Satisfy all<br>
<strong>Context:</strong> directory, .htaccess<br>
<strong>Status:</strong> core<br>
<strong>Compatibility:</strong> Satisfy is only available in Apache 1.2 and later<p>
HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p>
The special name <code>_default_</code> can be specified in which case
-this virtual host will match any ip address that is not explicitly listed
+this virtual host will match any IP address that is not explicitly listed
in another virtual host. In the absence of any _default_ virtual host
the "main" server config, consisting of all those definitions outside
any VirtualHost section, is used when no match occurs.<p>
<strong>Compatibility:</strong> Apache 1.2 and above<p>
The allow from env directive controls access to a directory by the
-existance (or non-existance) of an environment variable.
+existence (or non-existence) of an environment variable.
Example:<blockquote><pre>
BrowserMatch ^KnockKnock/2.0 let_me_in
<strong>Compatibility:</strong> Apache 1.2 and above<p>
The deny from env directive controls access to a directory by the
-existance (or non-existance) of an environment variable.
+existence (or non-existence) of an environment variable.
Example:<blockquote><pre>
BrowserMatch ^BadRobot/0.9 go_away
<strong>Module:</strong> mod_auth<p>
Setting the AuthAuthoritative directive explicitly to <b>'off'</b>
-allows for both authentification and authorization to be passed on to
+allows for both authentication and authorization to be passed on to
lower level modules (as defined in the <code>Configuration</code> and
<code>modules.c</code> files) if there is <b>no userID</b> or
<b>rule</b> matching the supplied userID. If there is a userID and/or
<p>
-A common use for this is in conjection with one of the database
+A common use for this is in conjunction with one of the database
modules; such as <a
href="mod_auth_db.html"><code>mod_auth_db.c</code></a>, <a
href="mod_auth_dbm.html"><code>mod_auth_dbm.c</code></a>, <a
<p>
-<b>Default:</b> By default; control is not passed on; and an unkown
+<b>Default:</b> By default; control is not passed on; and an unknown
userID or rule will result in an Authorization Required reply. Not
setting it thus keeps the system secure; and forces an NSCA compliant
behaviour.
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
-Setting the AuthDBAuthoritative directive explicitly to <b>'off'</b> allows for both authentification and authorization to be passed on to lower level modules (as defined in the <code>Configuration</code> and <code>modules.c</code> file if there is <b>no userID</b> or <b>rule</b> matching the supplied userID. If there is a userID and/or rule specified; the usual password and access checks will be applied and a failure will give an Authorization Required reply.
+Setting the AuthDBAuthoritative directive explicitly to <b>'off'</b>
+allows for both authentication and authorization to be passed on
+to lower level modules (as defined in the <code>Configuration</code>
+and <code>modules.c</code> file if there is <b>no userID</b> or
+<b>rule</b> matching the supplied userID. If there is a userID
+and/or rule specified; the usual password and access checks will
+be applied and a failure will give an Authorization Required reply.
<p>
-So if a userID appears in the database of more than one module; or if a valid require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthAuthoritative setting.
-<p>
-A common use for this is in conjection with one of the basic auth modules; such
-as <a href="mod_auth.html"><code>mod_auth.c</code></a>. Whereas this DB module supplies the bulk of the user credential checking; a few (administrator) related accesses fall through to a lower level with a well protected .htpasswd file.
-<p>
-<b>Default:</b> By default; control is not passed on; and an unkown userID or rule will result in an Authorization Required reply. Not setting it thus keeps the system secure; and forces an NSCA compliant behaviour.
-<p>
-Security: Do consider the implications of allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database which might have more access interfaces.
+So if a userID appears in the database of more than one module; or
+if a valid require directive applies to more than one module; then
+the first module will verify the credentials; and no access is
+passed on; regardless of the AuthAuthoritative setting. <p>
+
+A common use for this is in conjunction with one of the basic auth
+modules; such as <a href="mod_auth.html"><code>mod_auth.c</code></a>.
+Whereas this DB module supplies the bulk of the user credential
+checking; a few (administrator) related accesses fall through to
+a lower level with a well protected .htpasswd file. <p>
+
+<b>Default:</b> By default; control is not passed on; and an unknown
+userID or rule will result in an Authorization Required reply. Not
+setting it thus keeps the system secure; and forces an NSCA compliant
+behaviour. <p>
+Security: Do consider the implications of allowing a user to allow
+fall-through in his .htaccess file; and verify that this is really
+what you want; Generally it is easier to just secure a single
+.htpasswd file, than it is to secure a database which might have
+more access interfaces.
<p>
See also <A HREF="core.html#authname">AuthName</A>,
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_auth<p>
-Setting the AuthDBMAuthoritative directive explicitly to <b>'off'</b> allows for both authentification and authorization to be passed on to lower level modules (as defined in the <code>Configuration</code> and <code>modules.c</code> file if there is <b>no userID</b> or <b>rule</b> matching the supplied userID. If there is a userID and/or rule specified; the usual password and access checks will be applied and a failure will give an Authorization Required reply.
+Setting the AuthDBMAuthoritative directive explicitly to <b>'off'</b>
+allows for both authentication and authorization to be passed on
+to lower level modules (as defined in the <code>Configuration</code>
+and <code>modules.c</code> file if there is <b>no userID</b> or
+<b>rule</b> matching the supplied userID. If there is a userID
+and/or rule specified; the usual password and access checks will
+be applied and a failure will give an Authorization Required reply.
<p>
-So if a userID appears in the database of more than one module; or if a valid require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthAuthoritative setting.
-<p>
-A common use for this is in conjection with one of the basic auth modules; such
-as <a href="mod_auth.html"><code>mod_auth.c</code></a>. Whereas this DBM module supplies the bulk of the user credential checking; a few (administrator) related accesses fall through to a lower level with a well protected .htpasswd file.
-<p>
-<b>Default:</b> By default; control is not passed on; and an unkown userID or rule will result in an Authorization Required reply. Not setting it thus keeps the system secure; and forces an NSCA compliant behaviour.
-<p>
-Security: Do consider the implications of allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database which might have more access interfaces.
+So if a userID appears in the database of more than one module; or
+if a valid require directive applies to more than one module; then
+the first module will verify the credentials; and no access is
+passed on; regardless of the AuthAuthoritative setting. <p>
+
+A common use for this is in conjunction with one of the basic auth
+modules; such as <a href="mod_auth.html"><code>mod_auth.c</code></a>.
+Whereas this DBM module supplies the bulk of the user credential
+checking; a few (administrator) related accesses fall through to
+a lower level with a well protected .htpasswd file. <p>
+
+<b>Default:</b> By default; control is not passed on; and an unknown
+userID or rule will result in an Authorization Required reply. Not
+setting it thus keeps the system secure; and forces an NSCA compliant
+behaviour. <p>
+
+Security: Do consider the implications of allowing a user to allow
+fall-through in his .htaccess file; and verify that this is really
+what you want; Generally it is easier to just secure a single
+.htpasswd file, than it is to secure a database which might have
+more access interfaces.
<p>
See also <A HREF="core.html#authname">AuthName</A>,
<hr>
-<A name="metadir"><h2>MetaDir</h2></A>
+<h2><A name="metadir">MetaDir</A></h2>
<strong>Syntax:</strong> MetaDir <em>directory name</em><br>
<strong>Default:</strong> <code>MetaDir .web</code><br>
<strong>Context:</strong> server config<br>
accessed. Set to "<code>.</code>" to look in the same directory as the
file.
-<A name="metasuffix"><h2>MetaSuffix</h2></A>
+<h2><A name="metasuffix">MetaSuffix</A></h2>
<strong>Syntax:</strong> MetaSuffix <em>suffix</em><br>
<strong>Default:</strong> <code>MetaSuffix .meta</code><br>
<strong>Context:</strong> server config<br>
<hr>
-<a name="cgi_debug"><h2>CGI Debugging</h2></a>
+<h2><a name="cgi_debug">CGI Debugging</a></h2>
Debugging CGI scripts has traditionally been difficult, mainly because
it has
<h2>Directives</h2>
-<a name="scriptlog"><h3>ScriptLog</h3></a>
+<h3><a name="scriptlog">ScriptLog</a></h3>
<b>Syntax:</b> ScriptLog <i>filename</i><br>
<b>Default:</b> none<br>
have security problems if used in a manner other than that for which
it was designed.</p>
-<a name="scriptloglength"><h3>ScriptLogLength</h3></a>
+<h3><a name="scriptloglength">ScriptLogLength</a></h3>
<b>Syntax:</b> ScriptLogLength <i>size</i><br>
<b>Default:</b> 10385760<br>
be used to set an maximum file-size for the CGI logfile. If the file
exceeds this size, no more information will be written to it.
-<a name="scriptlogbuffer"><h3>ScriptLogBuffer</h3></a>
+<h3><a name="scriptlogbuffer">ScriptLogBuffer</a></h3>
<b>Syntax:</b> ScriptLogBuffer <i>size</i><br>
<b>Default:</b> 1024<br>
<hr>
-<A name="passenv"><h2>PassEnv</h2></A>
+<h2><A name="passenv">PassEnv</A></h2>
<strong>Syntax:</strong> PassEnv <em>variable variable ...</em><br>
<strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> Base<br>
<HR>
-<A name="setenv"><h2>SetEnv</h2></A>
+<h2><A name="setenv">SetEnv</A></h2>
<strong>Syntax:</strong> SetEnv <em>variable value</em><br>
<strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> Base<br>
<hr>
-<A name="unsetenv"><h2>UnsetEnv</h2></A>
+<h2><A name="unsetenv">UnsetEnv</A></h2>
<strong>Syntax:</strong> UnsetEnv <em>variable variable ...</em><br>
<strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> Base<br>
</UL>
</P>
<HR>
- <A NAME="example">
- <H2>Example</H2>
- </A>
+ <H2><A NAME="example">
+ Example
+ </A></H2>
<P>
<STRONG>Syntax:</STRONG> Example
<BR>
</LI>
</MENU>
<HR>
- <A NAME="expiresactive">
- <H2>ExpiresActive directive</H2>
- </A>
+ <H2><A NAME="expiresactive">
+ ExpiresActive directive
+ </A></H2>
<!--%plaintext <?INDEX {\tt ExpiresActive} directive> -->
<P>
<STRONG>Syntax:</STRONG> ExpiresActive <EM>boolean</EM>
directive wasn't even specified.
</P>
<HR>
- <A NAME="expiresbytype">
- <H2>ExpiresByType directive</H2>
- </A>
+ <H2><A NAME="expiresbytype">
+ ExpiresByType directive
+ </A></H2>
<!--%plaintext <?INDEX {\tt ExpiresByType} directive> -->
<P>
<STRONG>Syntax:</STRONG> ExpiresByType <EM>mime-type <code>seconds</EM>
directive.
</P>
<HR>
- <A NAME="expiresdefault">
- <H2>ExpiresDefault directive</H2>
- </A>
+ <H2><A NAME="expiresdefault">
+ ExpiresDefault directive
+ </A></H2>
<!--%plaintext <?INDEX {\tt ExpiresDefault} directive> -->
<P>
<STRONG>Syntax:</STRONG> ExpiresDefault <EM><code>seconds</EM>
<hr>
-<A name="header"><h2>Header</h2></A>
+<h2><A name="header">Header</A></h2>
<strong>Syntax:</strong> Header [ set | append | add ] <em>header</em> <em>value</em><br>
<strong>Syntax:</strong> Header unset <em>header</em><br>
<strong>Context:</strong> server config, virtual host, access.conf, .htaccess<br>
<p>
-<A name="imapmenu"><h3>ImapMenu</h3></A>
+<h3><A name="imapmenu">ImapMenu</A></h3>
<strong>Syntax:</strong> ImapMenu <code>{none, formatted, semi-formatted,
unformatted}</code><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<p>
-<A name="imapdefault"><h3>ImapDefault</h3></A>
+<h3><A name="imapdefault">ImapDefault</A></h3>
<strong>Syntax:</strong> ImapDefault <code>{error, nocontent,
map, referer, URL}</code><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<p>
-<A name="imapbase"><h3>ImapBase</h3></A>
+<h3><A name="imapbase">ImapBase</A></h3>
<strong>Syntax:</strong> ImapBase <code>{map, referer, URL}</code><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<Strong>Override:</strong> Indexes<br>
<DD>true if either <I>test_condition1</I> or <I>test_condition2</I> is true
</DL>
-<P> "<I>=</I>" and "</I>!=</I>" bind more tightly than "<I>&&</I>" and "<I>||</I>".
+<P> "<I>=</I>" and "<I>!=</I>" bind more tightly than "<I>&&</I>" and "<I>||</I>".
"<I>!</I>" binds most tightly. Thus, the following are equivalent:
<PRE>
<hr>
-<A name="xbithack"><h2>XBitHack</h2></A>
+<h2><A name="xbithack">XBitHack</A></h2>
<!--%plaintext <?INDEX {\tt XBitHack} directive> -->
<strong>Syntax:</strong> XBitHack <em>status</em><br>
<strong>Default:</strong> <code>XBitHack off</code><br>
<hr>
-<A name="agentlog"><h2>AgentLog</h2></A>
+<h2><A name="agentlog">AgentLog</A></h2>
<!--%plaintext <?INDEX {\tt AgentLog} directive> -->
<strong>Syntax:</strong> AgentLog <em>file-pipe</em><br>
<strong>Default:</strong> <code>AgentLog logs/agent_log</code><br>
any headers.
</dl>
-<A NAME="formats"><h3>Custom Log Formats</h3></A>
+<h3><A NAME="formats">Custom Log Formats</A></h3>
The format argument to the <code>LogFormat</code> and
<code>CustomLog</code> is a string. This string is logged to the log
%...P: The process ID of the child that serviced the request.
%...r: First line of request
%...s: Status. For requests that got internally redirected, this
- is status of the *original* request --- %...>s for the last.
+ is status of the *original* request --- %...>s for the last.
%...t: Time, in common log format time format
%...{format}t: The time, in the form given by format, which should
be in strftime(3) format.
extending for format if desired (e.g. to add extra fields at the end).
NCSA's extended/combined log format would be <code>"%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\""</code>.
-<h2>Using Multiple Log Files</h3>
+<h2>Using Multiple Log Files</h2>
The <code>TransferLog</code> and <code>CustomLog</code> directives can
be given more than once to log requests to multiple log files. Each
<hr>
-<A name="cookielog"><h2>CookieLog</h2></A>
+<h2><A name="cookielog">CookieLog</A></h2>
<!--%plaintext <?INDEX {\tt CookieLog} directive> -->
<strong>Syntax:</strong> CookieLog <em>filename</em><br>
<Strong>Context:</strong> server config, virtual host<br>
href="mod_cookies.html">mod_cookies</a>, and is deprecated.
<p>
-<A NAME="customlog"><H2>CustomLog</H2></A>
+<H2><A NAME="customlog">CustomLog</A></H2>
<STRONG>Syntax:</STRONG> CustomLog <em>file-pipe</em> <em>format</em><BR>
<STRONG>Context:</STRONG> server config, virtual host<BR>
<STRONG>Status:</STRONG> Base<BR>
includes any spaces (which it will do in almost all cases) it
should be enclosed in double quotes.
-<A name="logformat"><h2>LogFormat</h2></A>
+<h2><A name="logformat">LogFormat</A></h2>
<!--%plaintext <?INDEX {\tt LogFormat} directive> -->
<strong>Syntax:</strong> LogFormat <em>string</em><br>
<strong>Default:</strong> <code>LogFormat "%h %l %u %t \"%r\"
Custom Log Formats</A> for details on the format arguments.<p><hr>
-<A name="transferlog"><h2>TransferLog</h2></A>
+<h2><A name="transferlog">TransferLog</A></h2>
<!--%plaintext <?INDEX {\tt TransferLog} directive> -->
<strong>Syntax:</strong> TransferLog <em>file-pipe</em><br>
<strong>Default:</strong> <code>TransferLog logs/transfer_log</code><br>
<h2>Log file format</h2>
The log file contains a separate line for each refer. Each line has the
format
-<blockquote><em>uri</em> <code>-></code> <em>document</em></blockquote>
+<blockquote><em>uri</em> <code>-></code> <em>document</em></blockquote>
where <em>uri</em> is the (%-escaped) URI for the document that references
the one requested by the client, and <em>document</em> is the (%-decoded)
local URL to the document being referred to.
<hr>
-<A name="refererignore"><h2>RefererIgnore</h2></A>
+<h2><A name="refererignore">RefererIgnore</A></h2>
<!--%plaintext <?INDEX {\tt RefererIgnore} directive> -->
<strong>Syntax:</strong> RefererIgnore <em>string string ...</em><br>
<Strong>Context:</strong> server config, virtual host<br>
<p><hr>
-<A name="refererlog"><h2>RefererLog</h2></A>
+<h2><A name="refererlog">RefererLog</A></h2>
<!--%plaintext <?INDEX {\tt RefererLog} directive> -->
<strong>Syntax:</strong> RefererLog <em>file-pipe</em><br>
<strong>Default:</strong> <code>RefererLog logs/referer_log</code><br>
<hr>
-<A name="addencoding"><h2>AddEncoding</h2></A>
+<h2><A name="addencoding">AddEncoding</A></h2>
<!--%plaintext <?INDEX {\tt AddEncoding} directive> -->
<strong>Syntax:</strong> AddEncoding <em>mime-enc extension extension...</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
program.</p>
-<A name="addlanguage"><h2>AddLanguage</h2></A>
+<h2><A name="addlanguage">AddLanguage</A></h2>
<!--%plaintext <?INDEX {\tt AddLanguage} directive> -->
<strong>Syntax:</strong> AddLanguage <em>mime-lang extension extension...</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
is more useful for content negotiation, where the server returns one
from several documents based on the client's language preference.<p><hr>
-<A name="addtype"><h2>AddType</h2></A>
+<h2><A name="addtype">AddType</A></h2>
<!--%plaintext <?INDEX {\tt AddType} directive> -->
<strong>Syntax:</strong> AddType <em>mime-type extension extension...</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
</pre>
-<A name="typesconfig"><h2>TypesConfig</h2></A>
+<h2><A name="typesconfig">TypesConfig</A></h2>
<!--%plaintext <?INDEX {\tt TypesConfig} directive> -->
<strong>Syntax:</strong> TypesConfig <em>filename</em><br>
<strong>Default:</strong> <code>TypesConfig conf/mime.types</code><br>
<hr>
-<A name="cachenegotiateddocs"><h2>CacheNegotiatedDocs</h2></A>
+<h2><A name="cachenegotiateddocs">CacheNegotiatedDocs</A></h2>
<strong>Syntax:</strong> CacheNegotiatedDocs<br>
<Strong>Context:</strong> server config<br>
<strong>Status:</strong> Base<br>
-<A name="languagepriority"><h2>LanguagePriority</h2></A>
+<h2><A name="languagepriority">LanguagePriority</A></h2>
<!--%plaintext <?INDEX {\tt LanguagePriority} directive> -->
<strong>Syntax:</strong> LanguagePriority <em>mime-lang mime-lang...</em><br>
<Strong>Context:</strong> server config, virtual host, directory, .htaccess<br>
<A name="cachemaxexpire"><h2>CacheMaxExpire</h2></A>
<strong>Syntax:</strong> CacheMaxExpire <em><time></em><br>
-<strong>Default:</strong> </code>CacheMaxExpire 24</code><br>
+<strong>Default:</strong> <code>CacheMaxExpire 24</code><br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_proxy<br>
<A name="cachelastmodifiedfactor"><h2>CacheLastModifiedFactor</h2></A>
<strong>Syntax:</strong> CacheLastModifiedFactor <em><factor></em><br>
-<strong>Default:</strong> </code>CacheLastModifiedFactor 0.1</code><br>
+<strong>Default:</strong> <code>CacheLastModifiedFactor 0.1</code><br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_proxy<br>
<A name="cachedirlevels"><h2>CacheDirLevels</h2></A>
<strong>Syntax:</strong> CacheDirLevels <em><levels></em><br>
-<strong>Default:</strong> </code>CacheDirLevels 3</code><br>
+<strong>Default:</strong> <code>CacheDirLevels 3</code><br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_proxy<br>
<A name="cachedirlength"><h2>CacheDirLength</h2></A>
<strong>Syntax:</strong> CacheDirLength <em><length></em><br>
-<strong>Default:</strong> </code>CacheDirLength 1</code><br>
+<strong>Default:</strong> <code>CacheDirLength 1</code><br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_proxy<br>
<A name="cachedefaultexpire"><h2>CacheDefaultExpire</h2></A>
<strong>Syntax:</strong> CacheDefaultExpire <em><time></em><br>
-<strong>Default:</strong> </code>CacheDefaultExpire 1</code><br>
+<strong>Default:</strong> <code>CacheDefaultExpire 1</code><br>
<strong>Context:</strong> server config<br>
<strong>Status:</strong> Base<br>
<strong>Module:</strong> mod_proxy<br>
<li><a href="#socks">Can I use the Apache proxy module with my SOCKS proxy?</a>
</ul>
-<a name="access"><h2>Controlling access to your proxy</h2>
+<h2><a name="access">Controlling access to your proxy</a></h2>
You can control who can access your proxy via the normal <Directory>
control block using the following example:<p>
</Directory>
</pre><p>
-<a name="shortname"><h2>Using Netscape hostname shortcuts</h2>
+<h2><a name="shortname">Using Netscape hostname shortcuts</a></h2>
There is an optional patch to the proxy module to allow Netscape-like
hostname shortcuts to be used. It's available
<a href="http://www.apache.org/dist/contrib/patches/1.2/netscapehost.patch">
here</a>.<p>
-<a name="mimetypes"><h2>Why doesn't file type <i>xxx</i> download via FTP?</h2>
+<h2><a name="mimetypes">Why doesn't file type <i>xxx</i> download via FTP?</a></h2>
You probably don't have that particular file type defined as
<i>application/octet-stream</i> in your proxy's mime.types configuration
application/octet-stream bin dms lha lzh exe class tgz taz
</pre>
-<a name="startup"><h2>Why does Apache start more slowly when using the
- proxy module?</h2>
+<h2><a name="startup">Why does Apache start more slowly when using the
+ proxy module?</a></h2>
If you're using the <code>ProxyBlock</code> or <code>NoCache</code>
directives, hostnames' IP addresses are looked up and cached during
startup for later match test. This may take a few seconds (or more)
depending on the speed with which the hostname lookups occur.<p>
-<a name="socks"><h2>Can I use the Apache proxy module with my SOCKS proxy?</h2>
+<h2><a name="socks">Can I use the Apache proxy module with my SOCKS proxy?</a></h2>
Yes. Just build Apache with the rule <code>SOCKS4=yes</code> in your
<i>Configuration</i> file, and follow the instructions there. SOCKS5
<p>
<li>There is the special format: <tt>%{LA-U:url}</tt>
-for look-aheads like <tt>-U</tt>. This performans a internal sub-request to
+for look-aheads like <tt>-U</tt>. This performs a internal sub-request to
look-ahead for the final value of <i>url</i>.
<p>
<li>There is the special format: <tt>%{LA-F:file}</tt>
-for look-aheads like <tt>-F</tt>. This performans a internal sub-request to
+for look-aheads like <tt>-F</tt>. This performs a internal sub-request to
look-ahead for the final value of <i>file</i>.
</ol>
<hr>
-<A name="userdir"><h2>UserDir</h2></A>
+<h2><A name="userdir">UserDir</A></h2>
<!--%plaintext <?INDEX {\tt UserDir} directive> -->
<strong>Syntax:</strong> UserDir <em>directory/filename</em><br>
<strong>Default:</strong> <code>UserDir public_html</code><br>
<hr>
-<a name="cookieexpires"><h2>CookieExpires</h2></A>
+<h2><a name="cookieexpires">CookieExpires</A></h2>
<strong>Syntax:</strong> CookieExpires <em>expiry-period</em><br>
<strong>Context:</strong> server config, virtual host<br>
<strong>Status:</strong> optional<br>
<p>If this directive is not used, cookies last only for the current
browser session.</p>
-<a name="cookietracking"><h2>CookieTracking</h2></A>
+<h2><a name="cookietracking">CookieTracking</A></h2>
<strong>Syntax:</strong> CookieTracking <em>on | off</em><br>
<strong>Context:</strong> server config, virtual host, directory,
.htaccess<br>
+<HTML>
<HEAD>
<TITLE>Performance Tuning Tips for Digital Unix</TITLE>
</HEAD>
<HR>
<H2>Update</H2>
-From: Jeffrey Mogul <mogul@pa.dec.com><BR>
+From: Jeffrey Mogul <mogul@pa.dec.com><BR>
Date: Fri, 28 Jun 96 16:07:56 MDT<BR>
<OL>
won't work on these releases, but such use is not officially
supported by Digital. This patch kit will not be needed for
V3.2G when it is released.
-</UL>
-
+</OL>
<HR>
<HR>
-<A NAME="AUX">
-<H3>A/UX (Apple's UNIX)</H3>
-</A>
+<H3><A NAME="AUX">
+A/UX (Apple's UNIX)
+</A></H3>
If you are running Apache on A/UX, a page that gives some helpful
performance hints (concerning the <I>listen()</I> queue and using
<P><HR>
-<A NAME="BSD">
-<H3>BSD-based (BSDI, FreeBSD, etc)</H3>
-</A>
+<H3><A NAME="BSD">
+BSD-based (BSDI, FreeBSD, etc)
+</A></H3>
<A HREF="perf-bsd44.html#initial">Quick</A> and
<A HREF="perf-bsd44.html#detail">detailed</A>
<P><HR>
-<A NAME="DEC">
-<H3>Digital UNIX</H3>
-</A>
+<H3><A NAME="DEC">
+Digital UNIX
+</A></H3>
We have some <A HREF="perf-dec.html">newsgroup postings</A> on how to
tune Digital UNIX 3.2 and 4.0.
<P><HR>
-<A NAME="HP">
-<H3>Hewlett-Packard</H3>
-</A>
+<H3><A NAME="HP">
+Hewlett-Packard
+</A></H3>
Some documentation on tuning HP machines can be found at <A
HREF="http://www.software.hp.com/internet/perf/tuning.html">http://www.software.hp.com/internet/perf/tuning.html</A>.
<P><HR>
-<A NAME="Linux">
-<H3>Linux</H3>
-</A>
+<H3><A NAME="Linux">
+Linux
+</A></H3>
The most common problem on Linux shows up on heavily-loaded systems
where the whole server will appear to freeze for a couple of minutes
<P><HR>
-<A NAME="SGI">
-<H3>SGI</H3>
+<H3><A NAME="SGI">
+SGI
+</A></H3>
<UL>
<LI><A HREF="http://www.sgi.com/Products/WebFORCE/Resources/res_TuningGuide.html">
<P><HR>
-<A NAME="Solaris">
-<H3>Solaris 2.4</H3>
-</A>
+<H3><A NAME="Solaris">
+Solaris 2.4
+</A></H3>
The Solaris 2.4 TCP implementation has a few inherent limitations that
only became apparent under heavy loads. This has been fixed to some
<P><HR>
-<A NAME="SunOS">
-<H3>SunOS 4.x</H3>
-</A>
+<H3><A NAME="SunOS">
+SunOS 4.x
+</A></H3>
More information on tuning SOMAXCONN on SunOS can be found at
<A HREF="http://www.islandnet.com/~mark/somaxconn.html">
<PRE>
MinSpareServers 5
MaxSpareServers 10
-StartServers 10
+StartServers 5
</PRE>
-There is a compile-time limit of 150 absolute maximum number of
-simultaneous children that will be allowed, which can be overruled by
-"MaxClients", though we don't recommend changing that number unless
+There is an absolute maximum number of simultaneous children defined
+by a compile-time limit which defaults to 256 and a "MaxClients"
+directive which specifies the number of simultaneous children that
+will be allowed. MaxClients can be adjusted up to the compile-time
+limit (HARD_SERVER_LIMIT, defined in httpd.h). If you need more
+than 256 simultaneous children, you need to modify both HARD_SERVER_LIMIT
+and MaxClients.<P>
+
+In versions before 1.2, HARD_SERVER_LIMIT defaulted to 150.<P>
+
+We do not recommend changing either of these values unless:
<OL>
<LI>You know you have the server resources to handle more
the intent that it will only be installed by users determined to use it and
is not part of the normal install/compile process.<p>
-<ul>
<h3>Configuring the suEXEC wrapper</h3>
From the top-level of the Apache source tree, type: <b><code>cd support [ENTER]</code></b><p>
Edit the <code>suexec.h</code> file and change the following macros to match your
<b><code>chmod 4711 /usr/local/etc/httpd/sbin/suexec [ENTER]</code></b><p>
<i>Change the path to the suEXEC wrapper to match your system installation.</i>
-</ul>
<hr>
-<a name="model"></a>
-<h3>Security Model of suEXEC</h3>
+<h3><a name="model">Security Model of suEXEC</a></h3>
The <b>suEXEC</b> wrapper supplied with Apache performs the following security
checks before it will execute any program passed to it for execution.
<ol>
<li>The command being executed <b>cannot be a <em>setuid</em> or <em>setgid</em> program</b>.
<li>The target UID and GID <b>must be a valid user and group on this system</b>.
<li>The target UID and GID to execute as, <b>must match the UID and GID of the directory</b>.
-<li>The target execution UID and GID <b>must not be the privledged ID 0</b>.
+<li>The target execution UID and GID <b>must not be the privileged ID 0</b>.
</ol>
If any of these issues are too restrictive, or do not seem restrictive enough, you are
welcome to install your own version of the wrapper. We've given you the rope, now go
the intent that it will only be installed by users determined to use it and
is not part of the normal install/compile process.<p>
-<ul>
<h3>Configuring the suEXEC wrapper</h3>
From the top-level of the Apache source tree, type: <b><code>cd support [ENTER]</code></b><p>
Edit the <code>suexec.h</code> file and change the following macros to match your
<b><code>chmod 4711 /usr/local/etc/httpd/sbin/suexec [ENTER]</code></b><p>
<i>Change the path to the suEXEC wrapper to match your system installation.</i>
-</ul>
<hr>
-<a name="model"></a>
-<h3>Security Model of suEXEC</h3>
+<h3><a name="model">Security Model of suEXEC</a></h3>
The <b>suEXEC</b> wrapper supplied with Apache performs the following security
checks before it will execute any program passed to it for execution.
<ol>
<li>The command being executed <b>cannot be a <em>setuid</em> or <em>setgid</em> program</b>.
<li>The target UID and GID <b>must be a valid user and group on this system</b>.
<li>The target UID and GID to execute as, <b>must match the UID and GID of the directory</b>.
-<li>The target execution UID and GID <b>must not be the privledged ID 0</b>.
+<li>The target execution UID and GID <b>must not be the privileged ID 0</b>.
</ol>
If any of these issues are too restrictive, or do not seem restrictive enough, you are
welcome to install your own version of the wrapper. We've given you the rope, now go
projects / apache / commitdiff