<p>Using <code>none</code> for an argument will disable any accept filters
for that protocol. This is useful for protocols that require a server
send data first, such as <code>ftp:</code> or <code>nntp</code>:</p>
- <example>AcceptFilter nntp none</example>
+ <highlight language="config">
+ AcceptFilter nntp none
+ </highlight>
<p>The default protocol names are <code>https</code> for port 443
and <code>http</code> for all other ports. To specify another protocol
directive.</p>
<p>The default values on FreeBSD are:</p>
- <example>
- AcceptFilter http httpready <br/>
- AcceptFilter https dataready
- </example>
+ <highlight language="config">
+AcceptFilter http httpready
+AcceptFilter https dataready
+ </highlight>
<p>The <code>httpready</code> accept filter buffers entire HTTP requests at
the kernel level. Once an entire request is received, the kernel then
accf_data(9)</a> filter is used.</p>
<p>The default values on Linux are:</p>
- <example>
- AcceptFilter http data <br/>
- AcceptFilter https data
- </example>
+ <highlight language="config">
+AcceptFilter http data
+AcceptFilter https data
+ </highlight>
<p>Linux's <code>TCP_DEFER_ACCEPT</code> does not support buffering http
requests. Any value besides <code>none</code> will enable
tcp(7)</a> man page.</p>
<p>The default values on Windows are:</p>
- <example>
- AcceptFilter http data <br/>
- AcceptFilter https data
- </example>
+ <highlight language="config">
+AcceptFilter http data
+AcceptFilter https data
+ </highlight>
<p>Window's mpm_winnt interprets the AcceptFilter to toggle the AcceptEx()
API, and does not support http protocol buffering. There are two values
filters.</p>
</usage>
-<seealso><directive>Protocol</directive></seealso>
+<seealso><directive module="core">Protocol</directive></seealso>
</directivesynopsis>
<directivesynopsis>
the request, so you can use the following configuration to enable
such a script:</p>
- <example>
- <Files "mypaths.shtml"><br />
- <indent>
- Options +Includes<br />
- SetOutputFilter INCLUDES<br />
- AcceptPathInfo On<br />
- </indent>
- </Files>
- </example>
+ <highlight language="config">
+<Files "mypaths.shtml">
+ Options +Includes
+ SetOutputFilter INCLUDES
+ AcceptPathInfo On
+</Files>
+ </highlight>
</usage>
</directivesynopsis>
configuration files are <a href="#allowoverride">enabled for that
directory</a>. For example:</p>
- <example>
- AccessFileName .acl
- </example>
+ <highlight language="config">AccessFileName .acl</highlight>
<p>before returning the document
<code>/usr/local/web/index.html</code>, the server will read
<code>/usr/local/.acl</code> and <code>/usr/local/web/.acl</code>
for directives, unless they have been disabled with</p>
- <example>
- <Directory /><br />
- <indent>
- AllowOverride None<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory />
+ AllowOverride None
+</Directory>
+ </highlight>
</usage>
<seealso><directive module="core">AllowOverride</directive></seealso>
<seealso><a href="../configuring.html">Configuration Files</a></seealso>
charset values</a> for use in Internet media types (MIME types).
For example:</p>
- <example>
- AddDefaultCharset utf-8
- </example>
+ <highlight language="config">AddDefaultCharset utf-8</highlight>
<p><directive>AddDefaultCharset</directive> should only be used when all
of the text resources to which it applies are known to be in that
<p>Example:</p>
- <example>
- AllowOverride AuthConfig Indexes
- </example>
+ <highlight language="config">AllowOverride AuthConfig Indexes</highlight>
<p>In the example above all directives that are neither in the group
<code>AuthConfig</code> nor <code>Indexes</code> cause an internal
<p>Example:</p>
- <example>
- AllowOverride None<br />
- AllowOverrideList Redirect RedirectMatch
- </example>
+ <highlight language="config">
+AllowOverride None
+AllowOverrideList Redirect RedirectMatch
+ </highlight>
<p>In the example above only the <code>Redirect</code> and
<code>RedirectMatch</code> directives are allowed. All others will
<p>Example:</p>
- <example>
- AllowOverride AuthConfig<br />
- AllowOverrideList CookieTracking CookieName
- </example>
+ <highlight language="config">
+AllowOverride AuthConfig
+AllowOverrideList CookieTracking CookieName
+ </highlight>
<p>In the example above <directive module="core">AllowOverride
</directive> grants permission to the <code>AuthConfig</code>
(shared memory, locks, etc.). If set as a relative path, the full path
will be relative to <directive>ServerRoot</directive></p>
- <example><title>Example</title>
- DefaultRuntimeDir scratch/
- </example>
+ <p><strong>Example</strong></p>
+ <highlight language="config">
+DefaultRuntimeDir scratch/
+ </highlight>
<p>The default location of <directive>DefaultRuntimeDir</directive> may be
modified by changing the <code>DEFAULT_REL_RUNTIMEDIR</code> #define
of configuration files, it may be specified with the value
<code>none</code>, meaning no default media type. For example:</p>
- <example>
- DefaultType None
- </example>
+ <highlight language="config">DefaultType None</highlight>
<p><code>DefaultType None</code> is only available in
httpd-2.2.7 and later.</p>
the <code>${VAR}</code> syntax. The variable is always globally defined
and not limited to the scope of the surrounding config section.</p>
- <example>
- <IfDefine TEST><br/>
- Define servername test.example.com<br/>
- </IfDefine><br/>
- <IfDefine !TEST><br/>
- Define servername www.example.com<br/>
- Define SSL<br/>
- </IfDefine><br/>
- </example>
+ <highlight language="config">
+<IfDefine TEST>
+ Define servername test.example.com
+</IfDefine>
+<IfDefine !TEST>
+ Define servername www.example.com
+ Define SSL
+</IfDefine>
+ </highlight>
<p>Variable names may not contain colon ":" characters, to avoid clashes
with <directive module="mod_rewrite">RewriteMap</directive>'s syntax.</p>
<code>/home/user/public_html</code>, but <code><Directory
/home/*/public_html></code> will match. Example:</p>
- <example>
- <Directory /usr/local/httpd/htdocs><br />
- <indent>
- Options Indexes FollowSymLinks<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory "/usr/local/httpd/htdocs">
+ Options Indexes FollowSymLinks
+</Directory>
+ </highlight>
<note>
<p>Be careful with the <var>directory-path</var> arguments:
expressions</glossary> can also be used, with the addition of the
<code>~</code> character. For example:</p>
- <example>
- <Directory ~ "^/www/.*/[0-9]{3}">
- </example>
+ <highlight language="config">
+<Directory ~ "^/www/.*/[0-9]{3}">
+
+</Directory>
+</highlight>
<p>would match directories in <code>/www/</code> that consisted of
three numbers.</p>
href="#accessfilename">.htaccess</a> files. For example,
with</p>
- <example>
- <Directory /><br />
- <indent>
- AllowOverride None<br />
- </indent>
- </Directory><br />
- <br />
- <Directory /home><br />
- <indent>
- AllowOverride FileInfo<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory />
+ AllowOverride None
+</Directory>
+
+<Directory "/home">
+ AllowOverride FileInfo
+</Directory>
+ </highlight>
<p>for access to the document <code>/home/web/dir/doc.html</code>
the steps are:</p>
expressions are tested in the order they appeared in the
configuration file. For example, with</p>
- <example>
- <Directory ~ abc$><br />
- <indent>
- # ... directives here ...<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory ~ "abc$">
+ # ... directives here ...
+</Directory>
+ </highlight>
<p>the regular expression section won't be considered until after
all normal <directive type="section">Directory</directive>s and
recommended that you change this with a block such
as</strong></p>
- <example>
- <Directory /><br />
- <indent>
- Require all denied<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory />
+ Require all denied
+</Directory>
+ </highlight>
<p><strong>and then override this for directories you
<em>want</em> accessible. See the <a
However, it takes as an argument a
<glossary ref="regex">regular expression</glossary>. For example:</p>
- <example>
- <DirectoryMatch "^/www/(.+/)?[0-9]{3}">
- </example>
+ <highlight language="config">
+<DirectoryMatch "^/www/(.+/)?[0-9]{3}">
+ # ...
+</DirectoryMatch>
+</highlight>
<p>would match directories in <code>/www/</code> that consisted of three
numbers.</p>
path from the requested URL to the document root to make the
path to the document. Example:</p>
- <example>
- DocumentRoot /usr/web
- </example>
+ <highlight language="config">DocumentRoot "/usr/web"</highlight>
<p>then an access to
<code>http://my.example.com/index.html</code> refers to
in the same scope has not been applied.
For example: In </p>
- <example>
- <If "-z req('Host')"><br/>
- ...<br/>
- </If><br/>
- <Else><br/>
- ...<br/>
- </Else><br/>
- </example>
+ <highlight language="config">
+<If "-z req('Host')">
+ # ...
+</If>
+<Else>
+ # ...
+</Else>
+ </highlight>
<p> The <directive type="section">If</directive> would match HTTP/1.0
requests without a <var>Host:</var> header and the
<directive type="section">ElseIf</directive> section in the same scope has
not been applied. For example: In </p>
- <example>
- <If "-R '10.1.0.0/16'"><br/>
- ...<br/>
- </If><br/>
- <ElseIf "-R '10.0.0.0/8'"><br/>
- ...<br/>
- </ElseIf><br/>
- <Else><br/>
- ...<br/>
- </Else><br/>
- </example>
+ <highlight language="config">
+<If "-R '10.1.0.0/16'">
+ #...
+</If>
+<ElseIf "-R '10.0.0.0/8'">
+ #...
+</ElseIf>
+<Else>
+ #...
+</Else>
+ </highlight>
<p>The <directive type="section">ElseIf</directive> would match if
the remote address of a request belongs to the subnet 10.0.0.0/8 but
<p>For server configurations that are vulnerable to these problems,
you should disable memory-mapping of delivered files by specifying:</p>
- <example>
- EnableMMAP Off
- </example>
+ <highlight language="config">EnableMMAP Off</highlight>
<p>For NFS mounted files, this feature may be disabled explicitly for
the offending files by specifying:</p>
- <example>
- <Directory "/path-to-nfs-files">
- <indent>
- EnableMMAP Off
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory "/path-to-nfs-files">
+ EnableMMAP Off
+</Directory>
+ </highlight>
</usage>
</directivesynopsis>
<p>For server configurations that are not vulnerable to these problems,
you may enable this feature by specifying:</p>
- <example>
- EnableSendfile On
- </example>
+ <highlight language="config">EnableSendfile On</highlight>
<p>For network mounted files, this feature may be disabled explicitly
for the offending files by specifying:</p>
- <example>
- <Directory "/path-to-nfs-files">
- <indent>
- EnableSendfile Off
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory "/path-to-nfs-files">
+ EnableSendfile Off
+</Directory>
+ </highlight>
<p>Please note that the per-directory and .htaccess configuration
of <directive>EnableSendfile</directive> is not supported by
<module>mod_cache_disk</module>.
configuration parsing. The typical use is for reporting required
modules which are missing from the configuration.</p>
- <example><title>Example</title>
- # ensure that mod_include is loaded<br />
- <IfModule !include_module><br />
- Error mod_include is required by mod_foo. Load it with LoadModule.<br />
- </IfModule><br />
- <br />
- # ensure that exactly one of SSL,NOSSL is defined<br />
- <IfDefine SSL><br />
- <IfDefine NOSSL><br />
- Error Both SSL and NOSSL are defined. Define only one of them.<br />
- </IfDefine><br />
- </IfDefine><br />
- <IfDefine !SSL><br />
- <IfDefine !NOSSL><br />
- Error Either SSL or NOSSL must be defined.<br />
- </IfDefine><br />
- </IfDefine><br />
- </example>
+ <highlight language="config">
+# Example
+# ensure that mod_include is loaded
+<IfModule !include_module>
+ Error "mod_include is required by mod_foo. Load it with LoadModule."
+</IfModule>
+
+# ensure that exactly one of SSL,NOSSL is defined
+<IfDefine SSL>
+<IfDefine NOSSL>
+ Error "Both SSL and NOSSL are defined. Define only one of them."
+</IfDefine>
+</IfDefine>
+<IfDefine !SSL>
+<IfDefine !NOSSL>
+ Error "Either SSL or NOSSL must be defined."
+</IfDefine>
+</IfDefine>
+ </highlight>
</usage>
</directivesynopsis>
full URL which the client can resolve. Alternatively, a message
can be provided to be displayed by the browser. Examples:</p>
- <example>
- ErrorDocument 500 http://foo.example.com/cgi-bin/tester<br />
- ErrorDocument 404 /cgi-bin/bad_urls.pl<br />
- ErrorDocument 401 /subscription_info.html<br />
- ErrorDocument 403 "Sorry can't allow you access today"<br />
- ErrorDocument 403 Forbidden!
- </example>
+ <highlight language="config">
+ErrorDocument 500 http://foo.example.com/cgi-bin/tester
+ErrorDocument 404 /cgi-bin/bad_urls.pl
+ErrorDocument 401 /subscription_info.html
+ErrorDocument 403 "Sorry can't allow you access today"
+ErrorDocument 403 Forbidden!
+ </highlight>
<p>Additionally, the special value <code>default</code> can be used
to specify Apache httpd's simple hardcoded message. While not required
Apache httpd's simple hardcoded message for configurations that would
otherwise inherit an existing <directive>ErrorDocument</directive>.</p>
- <example>
- ErrorDocument 404 /cgi-bin/bad_urls.pl<br /><br />
- <Directory /web/docs><br />
- <indent>
- ErrorDocument 404 default<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+ErrorDocument 404 /cgi-bin/bad_urls.pl
+
+<Directory /web/docs>
+ ErrorDocument 404 default
+</Directory>
+ </highlight>
<p>Note that when you specify an <directive>ErrorDocument</directive>
that points to a remote URL (ie. anything with a method such as
href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807"
>Q294807</a>.</p>
- <p>Although most error messages can be overriden, there are certain
+ <p>Although most error messages can be overridden, there are certain
circumstances where the internal messages are used regardless of the
setting of <directive module="core">ErrorDocument</directive>. In
particular, if a malformed request is detected, normal request processing
the <var>file-path</var> is not absolute then it is assumed to be
relative to the <directive module="core">ServerRoot</directive>.</p>
- <example><title>Example</title>
- ErrorLog /var/log/httpd/error_log
- </example>
+ <highlight language="config">ErrorLog "/var/log/httpd/error_log"</highlight>
<p>If the <var>file-path</var>
begins with a pipe character "<code>|</code>" then it is assumed to be a
command to spawn to handle the error log.</p>
- <example><title>Example</title>
- ErrorLog "|/usr/local/bin/httpd_errors"
- </example>
+ <highlight language="config">ErrorLog "|/usr/local/bin/httpd_errors"</highlight>
<p>See the notes on <a href="../logs.html#piped">piped logs</a> for
more information.</p>
in individual virtual hosts, the final facility specified affects the
entire server.</p>
- <example><title>Example</title>
- ErrorLog syslog:user
- </example>
+ <highlight language="config">ErrorLog syslog:user</highlight>
<p>SECURITY: See the <a
href="../misc/security_tips.html#serverroot">security tips</a>
supplementary information is logged in the error log in addition to the
actual log message.</p>
- <example><title>Simple example</title>
- ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
- </example>
+ <highlight language="config">
+#Simple example
+ErrorLogFormat "[%t] [%l] [pid %P] %F: %E: [client %a] %M"
+ </highlight>
<p>Specifying <code>connection</code> or <code>request</code> as first
parameter allows to specify additional formats, causing additional
example, the Referer header is only present if the log message is
associated to a request and the log message happens at a time when the
Referer header has already been read from the client. If no output is
- produced, the default behavior is to delete everything from the preceeding
+ produced, the default behavior is to delete everything from the preceding
space character to the next space character. This means the log line is
implicitly divided into fields on non-whitespace to whitespace transitions.
If a format string item does not produce output, the whole field is
- ommitted. For example, if the remote address <code>%a</code> in the log
+ omitted. For example, if the remote address <code>%a</code> in the log
format <code>[%t] [%l] [%a] %M </code> is not available, the surrounding
brackets are not logged either. Space characters can be escaped with a
backslash to prevent them from delimiting a field. The combination '% '
respective item does not produce any output. In once-per-connection/request
formats, it is also possible to use the <code>+</code> (plus) modifier. If an
item with the plus modifier does not produce any output, the whole line is
- ommitted.</p>
+ omitted.</p>
<p>A number as modifier can be used to assign a log severity level to a
format item. The item will only be logged if the severity of the log
with error log lines. If <module>mod_unique_id</module> is loaded, its
unique id will be used as log ID for requests.</p>
- <example><title>Example (default format)</title>
- ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a]
- %M% ,\ referer\ %{Referer}i"
- </example>
+ <highlight language="config">
+#Example (default format)
+ErrorLogFormat "[%{u}t] [%-m:%l] [pid %P:tid %T] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
+ </highlight>
<p>This would result in error messages such as:</p>
- <example>
+ <example>
[Thu May 12 08:28:57.652118 2011] [core:error] [pid 8777:tid 4326490112] [client ::1:58619] File does not exist: /usr/local/apache2/htdocs/favicon.ico
</example>
- <p>Notice that, as discussed above, some fields are ommitted
+ <p>Notice that, as discussed above, some fields are omitted
entirely because they are not defined.</p>
- <example><title>Example (similar to the 2.2.x format)</title>
- ErrorLogFormat "[%t] [%l] %7F: %E: [client\ %a]
- %M% ,\ referer\ %{Referer}i"
- </example>
+ <highlight language="config">
+#Example (similar to the 2.2.x format)
+ErrorLogFormat "[%t] [%l] %7F: %E: [client\ %a] %M% ,\ referer\ %{Referer}i"
+ </highlight>
- <example><title>Advanced example with request/connection log IDs</title>
- ErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M"<br/>
- ErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T"<br/>
- ErrorLogFormat request "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'"<br/>
- ErrorLogFormat request "[%{uc}t] [R:%L] Referer:'%+{Referer}i'"<br/>
- ErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A"<br/>
- </example>
+ <highlight language="config">
+#Advanced example with request/connection log IDs
+ErrorLogFormat "[%{uc}t] [%-m:%-l] [R:%L] [C:%{C}L] %7F: %E: %M"
+ErrorLogFormat request "[%{uc}t] [R:%L] Request %k on C:%{c}L pid:%P tid:%T"
+ErrorLogFormat request "[%{uc}t] [R:%L] UA:'%+{User-Agent}i'"
+ErrorLogFormat request "[%{uc}t] [R:%L] Referer:'%+{Referer}i'"
+ErrorLogFormat connection "[%{uc}t] [C:%{c}L] local\ %a remote\ %A"
+ </highlight>
</usage>
<seealso><directive module="core">ErrorLog</directive></seealso>
<dd>The number of bytes in the file will be included</dd>
<dt><strong>All</strong></dt>
<dd>All available fields will be used. This is equivalent to:
- <example>FileETag INode MTime Size</example></dd>
+ <highlight language="config">FileETag INode MTime Size</highlight></dd>
<dt><strong>None</strong></dt>
<dd>If a document is file-based, no <code>ETag</code> field will be
included in the response</dd>
can also be used, with the addition of the
<code>~</code> character. For example:</p>
- <example>
- <Files ~ "\.(gif|jpe?g|png)$">
- </example>
+ <highlight language="config">
+<Files ~ "\.(gif|jpe?g|png)$">
+ #...
+</Files>
+</highlight>
<p>would match most common Internet graphics formats. <directive
module="core" type="section">FilesMatch</directive> is preferred,
does. However, it accepts a <glossary ref="regex">regular
expression</glossary>. For example:</p>
- <example>
- <FilesMatch "\.(gif|jpe?g|png)$">
- </example>
+<highlight language="config">
+<FilesMatch "\.(gif|jpe?g|png)$">
+ # ...
+</FilesMatch>
+</highlight>
<p>would match most common Internet graphics formats.</p>
</usage>
GIF files, but did not want to label them all with <code>.gif</code>,
you might want to use:</p>
- <example>
- ForceType image/gif
- </example>
+ <highlight language="config">ForceType image/gif</highlight>
<p>Note that this directive overrides other indirect media type
associations defined in mime.types or via the
<directive>ForceType</directive> settings
by using the value of <code>None</code>:</p>
- <example>
- # force all files to be image/gif:<br />
- <Location /images><br />
- <indent>
- ForceType image/gif<br />
- </indent>
- </Location><br />
- <br />
- # but normal mime-type associations here:<br />
- <Location /images/mixed><br />
- <indent>
- ForceType None<br />
- </indent>
- </Location>
- </example>
+ <highlight language="config">
+# force all files to be image/gif:
+<Location /images>
+ ForceType image/gif
+</Location>
+
+# but normal mime-type associations here:
+<Location /images/mixed>
+ ForceType None
+</Location>
+ </highlight>
<p>This directive primarily overrides the content types generated for
static files served out of the filesystem. For resources other than
</contextlist>
<usage>
- <p>When the server has been compiled with gprof profiling suppport,
+ <p>When the server has been compiled with gprof profiling support,
<directive>GprofDir</directive> causes <code>gmon.out</code> files to
be written to the specified directory when the process exits. If the
argument ends with a percent symbol ('%'), subdirectories are created
directives if and only if the expression evaluates to true.
For example:</p>
- <example>
- <If "-z req('Host')">
- </example>
+ <highlight language="config"><If "-z req('Host')"></highlight>
<p>would match HTTP/1.0 requests without a <var>Host:</var> header.
Expressions may contain various shell-like operators for string
and others (<code>-n</code>, <code>-z</code>, <code>-f</code>, ...).
It is also possible to use regular expressions, </p>
- <example>
- <If "%{QUERY_STRING} =~ /(delete|commit)=.*?elem/">
- </example>
+ <highlight language="config"><If "%{QUERY_STRING} =~ /(delete|commit)=.*?elem/"></highlight>
<p>shell-like pattern matches and many other operations. These operations
can be done on request headers (<code>req</code>), environment variables
nest-able, which can be used to implement simple
multiple-parameter tests. Example:</p>
- <example>
- httpd -DReverseProxy -DUseCache -DMemCache ...<br />
- <br />
- # httpd.conf<br />
- <IfDefine ReverseProxy><br />
- <indent>
- LoadModule proxy_module modules/mod_proxy.so<br />
- LoadModule proxy_http_module modules/mod_proxy_http.so<br />
- <IfDefine UseCache><br />
- <indent>
- LoadModule cache_module modules/mod_cache.so<br />
- <IfDefine MemCache><br />
- <indent>
- LoadModule mem_cache_module modules/mod_mem_cache.so<br />
- </indent>
- </IfDefine><br />
- <IfDefine !MemCache><br />
- <indent>
- LoadModule cache_disk_module modules/mod_cache_disk.so<br />
- </indent>
- </IfDefine>
- </indent>
- </IfDefine>
- </indent>
- </IfDefine>
- </example>
+ <example>httpd -DReverseProxy -DUseCache -DMemCache ...</example>
+ <highlight language="config">
+<IfDefine ReverseProxy>
+ LoadModule proxy_module modules/mod_proxy.so
+ LoadModule proxy_http_module modules/mod_proxy_http.so
+ <IfDefine UseCache>
+ LoadModule cache_module modules/mod_cache.so
+ <IfDefine MemCache>
+ LoadModule mem_cache_module modules/mod_mem_cache.so
+ </IfDefine>
+ <IfDefine !MemCache>
+ LoadModule cache_disk_module modules/mod_cache_disk.so
+ </IfDefine>
+ </IfDefine>
+</IfDefine>
+ </highlight>
</usage>
</directivesynopsis>
<p>Examples:</p>
- <example>
- Include /usr/local/apache2/conf/ssl.conf<br />
- Include /usr/local/apache2/conf/vhosts/*.conf
- </example>
+ <highlight language="config">
+Include /usr/local/apache2/conf/ssl.conf
+Include /usr/local/apache2/conf/vhosts/*.conf
+ </highlight>
<p>Or, providing paths relative to your <directive
module="core">ServerRoot</directive> directory:</p>
- <example>
- Include conf/ssl.conf<br />
- Include conf/vhosts/*.conf
- </example>
+ <highlight language="config">
+Include conf/ssl.conf
+Include conf/vhosts/*.conf
+ </highlight>
<p>Wildcards may be included in the directory or file portion of the
path. This example will fail if there is no subdirectory in conf/vhosts
that contains at least one *.conf file:</p>
- <example>
- Include conf/vhosts/*/*.conf
- </example>
+ <highlight language="config">Include conf/vhosts/*/*.conf</highlight>
<p>Alternatively, the following command will just be ignored in case of
missing files or directories:</p>
- <example>
- IncludeOptional conf/vhosts/*/*.conf
- </example>
+ <highlight language="config">IncludeOptional conf/vhosts/*/*.conf</highlight>
</usage>
only to the methods <code>POST</code>, <code>PUT</code>, and
<code>DELETE</code>, leaving all other methods unprotected:</p>
- <example>
- <Limit POST PUT DELETE><br />
- <indent>
- Require valid-user<br />
- </indent>
- </Limit>
- </example>
+ <highlight language="config">
+<Limit POST PUT DELETE>
+ Require valid-user
+</Limit>
+ </highlight>
<p>The method names listed can be one or more of: <code>GET</code>,
<code>POST</code>, <code>PUT</code>, <code>DELETE</code>,
<code>Require group editors</code> directive will be ignored
in all cases:</p>
- <example>
- <LimitExcept GET>
- <indent>
- Require valid-user
- </indent>
- </LimitExcept><br />
- <Limit POST>
- <indent>
- Require group editors
- </indent>
- </Limit>
- </example>
+ <highlight language="config">
+<LimitExcept GET>
+ Require valid-user
+</LimitExcept>
+<Limit POST>
+ Require group editors
+</Limit>
+ </highlight>
</usage>
</directivesynopsis>
<p>For example:</p>
- <example>
- <LimitExcept POST GET><br />
- <indent>
- Require valid-user<br />
- </indent>
- </LimitExcept>
- </example>
+ <highlight language="config">
+<LimitExcept POST GET>
+ Require valid-user
+</LimitExcept>
+ </highlight>
</usage>
</directivesynopsis>
determines, how deep subrequests may be nested. If you specify only one
<var>number</var>, it will be assigned to both limits.</p>
- <example><title>Example</title>
- LimitInternalRecursion 5
- </example>
+ <highlight language="config">LimitInternalRecursion 5</highlight>
</usage>
</directivesynopsis>
location, and wish to limit the size of the uploaded file to 100K,
you might use the following directive:</p>
- <example>
- LimitRequestBody 102400
- </example>
+ <highlight language="config">LimitRequestBody 102400</highlight>
<note><p>For a full description of how this directive is interpreted by
proxy requests, see the <module>mod_proxy</module> documentation.</p>
<p>For example:</p>
- <example>
- LimitRequestFields 50
- </example>
+ <highlight language="config">LimitRequestFields 50</highlight>
<note type="warning"><title>Warning</title>
<p> When name-based virtual hosting is used, the value for this
<p>For example:</p>
- <example>
- LimitRequestFieldSize 4094
- </example>
+ <highlight language="config">LimitRequestFieldSize 4094</highlight>
<note>Under normal conditions, the value should not be changed from
the default. Also, you can't set this higher than 8190 without
<p>For example:</p>
- <example>
- LimitRequestLine 4094
- </example>
+ <highlight language="config">LimitRequestLine 4094</highlight>
<note>Under normal conditions, the value should not be changed from
the default. Also, you can't set this higher than 8190 without
<p>Example:</p>
- <example>
- LimitXMLRequestBody 0
- </example>
+ <highlight language="config">LimitXMLRequestBody 0</highlight>
</usage>
</directivesynopsis>
/private1, /private1/ and /private1/file.txt will have the enclosed
directives applied, but /private1other would not.
</p>
- <example>
- <Location /private1>
- ...
- </example>
+ <highlight language="config">
+<Location /private1>
+ # ...
+</Location>
+ </highlight>
<p>
In the example below, where a trailing slash is used, requests to
/private2/ and /private2/file.txt will have the enclosed
directives applied, but /private2 and /private2other would not.
</p>
- <example>
- <Location /private2<em>/</em>>
- ...
- </example>
+ <highlight language="config">
+<Location /private2<em>/</em>>
+ # ...
+</Location>
+ </highlight>
<note><title>When to use <directive
type="section">Location</directive></title>
can also be used, with the addition of the <code>~</code>
character. For example:</p>
- <example>
- <Location ~ "/(extra|special)/data">
- </example>
+ <highlight language="config">
+<Location ~ "/(extra|special)/data">
+ #...
+</Location>
+</highlight>
<p>would match URLs that contained the substring <code>/extra/data</code>
or <code>/special/data</code>. The directive <directive
directive. For example, to enable status requests, but allow them
only from browsers at <code>example.com</code>, you might use:</p>
- <example>
- <Location /status><br />
- <indent>
- SetHandler server-status<br />
- Require host example.com<br />
- </indent>
- </Location>
- </example>
+ <highlight language="config">
+<Location /status>
+ SetHandler server-status
+ Require host example.com
+</Location>
+ </highlight>
<note><title>Note about / (slash)</title>
<p>The slash character has special meaning depending on where in a
it takes a <glossary ref="regex">regular expression</glossary>
as an argument instead of a simple string. For example:</p>
- <example>
- <LocationMatch "/(extra|special)/data">
- </example>
+ <highlight language="config">
+<LocationMatch "/(extra|special)/data">
+ # ...
+</LocationMatch>
+</highlight>
<p>would match URLs that contained the substring <code>/extra/data</code>
or <code>/special/data</code>.</p>
<p>For example:</p>
- <example>
- LogLevel notice
- </example>
+ <highlight language="config">LogLevel notice</highlight>
<note><title>Note</title>
<p>When logging to a regular file messages of the level
as module specification. This means the following three specifications
are equivalent:</p>
- <example>
- LogLevel info ssl:warn<br />
- LogLevel info mod_ssl.c:warn<br />
- LogLevel info ssl_module:warn<br />
- </example>
+ <highlight language="config">
+LogLevel info ssl:warn
+LogLevel info mod_ssl.c:warn
+LogLevel info ssl_module:warn
+ </highlight>
<p>It is also possible to change the level per directory:</p>
- <example>
- LogLevel info<br />
- <Directory /usr/local/apache/htdocs/app><br />
- LogLevel debug<br />
- </Files>
- </example>
+ <highlight language="config">
+LogLevel info
+<Directory "/usr/local/apache/htdocs/app">
+ LogLevel debug
+</Directory>
+ </highlight>
<note>
Per directory loglevel configuration only affects messages that are
<p>For example:</p>
- <example>
- MaxKeepAliveRequests 500
- </example>
+ <highlight language="config">MaxKeepAliveRequests 500</highlight>
</usage>
</directivesynopsis>
<code>/var/httpd/locks</code>. The mutex mechanism for all other mutexes
will be changed from the compiled-in default to <code>sysvsem</code>.</p>
- <example>
- Mutex sysvsem default<br />
- Mutex fcntl:/var/httpd/locks mpm-accept
- </example>
+ <highlight language="config">
+Mutex sysvsem default
+Mutex fcntl:/var/httpd/locks mpm-accept
+ </highlight>
</usage>
</directivesynopsis>
<p>For example, without any <code>+</code> and <code>-</code> symbols:</p>
- <example>
- <Directory /web/docs><br />
- <indent>
- Options Indexes FollowSymLinks<br />
- </indent>
- </Directory><br />
- <br />
- <Directory /web/docs/spec><br />
- <indent>
- Options Includes<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory "/web/docs">
+ Options Indexes FollowSymLinks
+</Directory>
+
+<Directory "/web/docs/spec">
+ Options Includes
+</Directory>
+ </highlight>
<p>then only <code>Includes</code> will be set for the
<code>/web/docs/spec</code> directory. However if the second
<directive>Options</directive> directive uses the <code>+</code> and
<code>-</code> symbols:</p>
- <example>
- <Directory /web/docs><br />
- <indent>
- Options Indexes FollowSymLinks<br />
- </indent>
- </Directory><br />
- <br />
- <Directory /web/docs/spec><br />
- <indent>
- Options +Includes -Indexes<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory "/web/docs">
+ Options Indexes FollowSymLinks
+</Directory>
+
+<Directory "/web/docs/spec">
+ Options +Includes -Indexes
+</Directory>
+ </highlight>
<p>then the options <code>FollowSymLinks</code> and
<code>Includes</code> are set for the <code>/web/docs/spec</code>
<p>For example, if you are running <code>https</code> on a non-standard port, specify the protocol explicitly:</p>
- <example>
- Protocol https
- </example>
+ <highlight language="config">Protocol https</highlight>
<p>You can also specify the protocol using the <directive module="mpm_common">Listen</directive> directive.</p>
</usage>
-<seealso><directive>AcceptFilter</directive></seealso>
+<seealso><directive module="core">AcceptFilter</directive></seealso>
<seealso><directive module="mpm_common">Listen</directive></seealso>
</directivesynopsis>
by the shebang line (first line, starting with <code>#!</code>) in the
script. On Win32 systems this line usually looks like:</p>
- <example>
- #!C:/Perl/bin/perl.exe
- </example>
+ <highlight language="perl">#!C:/Perl/bin/perl.exe</highlight>
<p>or, if <code>perl</code> is in the <code>PATH</code>, simply:</p>
- <example>
- #!perl
- </example>
+ <highlight language="perl">#!perl</highlight>
<p>Setting <code>ScriptInterpreterSource Registry</code> will
cause the Windows Registry tree <code>HKEY_CLASSES_ROOT</code> to be
<p>It may be worth setting up a dedicated address for this, e.g.</p>
- <example>
- ServerAdmin www-admin@foo.example.com
- </example>
+ <highlight language="config">ServerAdmin www-admin@foo.example.com</highlight>
<p>as users do not always mention that they are talking about the
server!</p>
</usage>
href="../vhosts/name-based.html">name-based virtual hosts</a>. The
<directive>ServerAlias</directive> may include wildcards, if appropriate.</p>
- <example>
- <VirtualHost *:80><br />
- ServerName server.example.com<br />
- ServerAlias server server2.example.com server2<br />
- ServerAlias *.example.com<br />
- UseCanonicalName Off<br />
- # ...<br />
- </VirtualHost>
- </example>
+ <highlight language="config">
+<VirtualHost *:80>
+ ServerName server.example.com
+ ServerAlias server server2.example.com server2
+ ServerAlias *.example.com
+ UseCanonicalName Off
+ # ...
+</VirtualHost>
+ </highlight>
<p>Name-based virtual hosts for the best-matching set of <directive
- type="section" module="core">virtualhost</directive>s are processsed
+ type="section" module="core">virtualhost</directive>s are processed
in the order they appear in the configuration. The first matching <directive
module="core">ServerName</directive> or <directive module="core"
>ServerAlias</directive> is used, with no different precedence for wildcards
and you wish the web server to be so identified, the following
directive should be used:</p>
- <example>
- ServerName www.example.com
- </example>
+ <highlight language="config">ServerName www.example.com</highlight>
<p>The <directive>ServerName</directive> directive
may appear anywhere within the definition of a server. However,
module="mod_so">LoadModule</directive>, for example) are taken as
relative to this directory.</p>
- <example><title>Example</title>
- ServerRoot /home/httpd
- </example>
+ <highlight language="config">ServerRoot "/home/httpd"</highlight>
<p>The default location of <directive>ServerRoot</directive> may be
modified by using the <code>--prefix</code> argument to
<dl>
<dt><code>ServerTokens Full</code> (or not specified)</dt>
- <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.1
+ <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.2
(Unix) PHP/4.2.2 MyMod/1.2</code></dd>
<dt><code>ServerTokens Prod[uctOnly]</code></dt>
<dt><code>ServerTokens Min[imal]</code></dt>
<dd>Server sends (<em>e.g.</em>): <code>Server:
- Apache/2.4.1</code></dd>
+ Apache/2.4.2</code></dd>
<dt><code>ServerTokens OS</code></dt>
- <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.1
+ <dd>Server sends (<em>e.g.</em>): <code>Server: Apache/2.4.2
(Unix)</code></dd>
</dl>
of extension, you might put the following into an
<code>.htaccess</code> file in that directory:</p>
- <example>
- SetHandler imap-file
- </example>
+ <highlight language="config">SetHandler imap-file</highlight>
<p>Another example: if you wanted to have the server display a
status report whenever a URL of
<code>http://servername/status</code> was called, you might put
the following into <code>httpd.conf</code>:</p>
- <example>
- <Location /status><br />
- <indent>
- SetHandler server-status<br />
- </indent>
- </Location>
- </example>
+ <highlight language="config">
+<Location "/status">
+ SetHandler server-status
+</Location>
+ </highlight>
<p>You can override an earlier defined <directive>SetHandler</directive>
directive by using the value <code>None</code>.</p>
in the <code>/www/data/</code> directory for server-side
includes.</p>
- <example>
- <Directory /www/data/><br />
- <indent>
- SetOutputFilter INCLUDES<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory "/www/data/">
+ SetOutputFilter INCLUDES
+</Directory>
+ </highlight>
<p>If more than one filter is specified, they must be separated
by semicolons in the order in which they should process the
authentication enabled, this will cause the user to have to
authenticate twice (once for <code>www</code> and once again
for <code>www.example.com</code> -- see <a
- href="http://httpd.apache.org/docs/misc/FAQ.html#prompted-twice">the
- FAQ on this subject for more information</a>). But if
+ href="http://wiki.apache.org/httpd/FAQ#Why_does_Apache_ask_for_my_password_twice_before_serving_a_file.3F">
+ the FAQ on this subject for more information</a>). But if
<directive>UseCanonicalName</directive> is set <code>Off</code>, then
Apache httpd will redirect to <code>http://www/splat/</code>.</p>
</ul>
- <example><title>Example</title>
- <VirtualHost 10.1.2.3:80><br />
- <indent>
- ServerAdmin webmaster@host.example.com<br />
- DocumentRoot /www/docs/host.example.com<br />
- ServerName host.example.com<br />
- ErrorLog logs/host.example.com-error_log<br />
- TransferLog logs/host.example.com-access_log<br />
- </indent>
- </VirtualHost>
- </example>
+ <highlight language="config">
+<VirtualHost 10.1.2.3:80>
+ ServerAdmin webmaster@host.example.com
+ DocumentRoot /www/docs/host.example.com
+ ServerName host.example.com
+ ErrorLog logs/host.example.com-error_log
+ TransferLog logs/host.example.com-access_log
+</VirtualHost>
+ </highlight>
<p>IPv6 addresses must be specified in square brackets because
the optional port number could not be determined otherwise. An
IPv6 example is shown below:</p>
- <example>
- <VirtualHost [2001:db8::a00:20ff:fea7:ccea]:80><br />
- <indent>
- ServerAdmin webmaster@host.example.com<br />
- DocumentRoot /www/docs/host.example.com<br />
- ServerName host.example.com<br />
- ErrorLog logs/host.example.com-error_log<br />
- TransferLog logs/host.example.com-access_log<br />
- </indent>
- </VirtualHost>
- </example>
+ <highlight language="config">
+<VirtualHost [2001:db8::a00:20ff:fea7:ccea]:80>
+ ServerAdmin webmaster@host.example.com
+ DocumentRoot /www/docs/host.example.com
+ ServerName host.example.com
+ ErrorLog logs/host.example.com-error_log
+ TransferLog logs/host.example.com-access_log
+</VirtualHost>
+ </highlight>
<p>Each Virtual Host must correspond to a different IP address,
different port number or a different host name for the server,
<dt>A (partial) domain-name</dt>
<dd>
- <example><title>Example:</title>
- Allow from example.org<br />
- Allow from .net example.edu
- </example>
+ <highlight language="config">
+Allow from example.org
+Allow from .net example.edu
+ </highlight>
<p>Hosts whose names match, or end in, this string are allowed
access. Only complete components are matched, so the above
example will match <code>foo.example.org</code> but it will not
<dt>A full IP address</dt>
<dd>
- <example><title>Example:</title>
- Allow from 10.1.2.3<br />
- Allow from 192.168.1.104 192.168.1.205
- </example>
+ <highlight language="config">
+Allow from 10.1.2.3
+Allow from 192.168.1.104 192.168.1.205
+ </highlight>
<p>An IP address of a host allowed access</p></dd>
<dt>A partial IP address</dt>
<dd>
- <example><title>Example:</title>
- Allow from 10.1<br />
- Allow from 10 172.20 192.168.2
- </example>
+ <highlight language="config">
+Allow from 10.1
+Allow from 10 172.20 192.168.2
+ </highlight>
<p>The first 1 to 3 bytes of an IP address, for subnet
restriction.</p></dd>
<dt>A network/netmask pair</dt>
<dd>
- <example><title>Example:</title>
+ <highlight language="config">
Allow from 10.1.0.0/255.255.0.0
- </example>
+ </highlight>
<p>A network a.b.c.d, and a netmask w.x.y.z. For more
fine-grained subnet restriction.</p></dd>
<dt>A network/nnn CIDR specification</dt>
<dd>
- <example><title>Example:</title>
+ <highlight language="config">
Allow from 10.1.0.0/16
- </example>
+ </highlight>
<p>Similar to the previous case, except the netmask consists of
nnn high-order 1 bits.</p></dd>
</dl>
<p>IPv6 addresses and IPv6 subnets can be specified as shown
below:</p>
- <example>
- Allow from 2001:db8::a00:20ff:fea7:ccea<br />
- Allow from 2001:db8::a00:20ff:fea7:ccea/10
- </example>
+ <highlight language="config">
+Allow from 2001:db8::a00:20ff:fea7:ccea
+Allow from 2001:db8::a00:20ff:fea7:ccea/10
+ </highlight>
<p>The third format of the arguments to the
<directive>Allow</directive> directive allows access to the server
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
- <example><title>Example:</title>
- SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br />
- <Directory /docroot><br />
- <indent>
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from env=let_me_in<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+<Directory /docroot>
+ Order Deny,Allow
+ Deny from all
+ Allow from env=let_me_in
+</Directory>
+ </highlight>
<p>In this case, browsers with a user-agent string beginning
with <code>KnockKnock/2.0</code> will be allowed access, and all
<p>In the following example, all hosts in the example.org domain
are allowed access; all other hosts are denied access.</p>
- <example>
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from example.org
- </example>
+ <highlight language="config">
+Order Deny,Allow
+Deny from all
+Allow from example.org
+ </highlight>
<p>In the next example, all hosts in the example.org domain are
allowed access, except for the hosts which are in the
state is to <directive module="mod_access_compat">Deny</directive>
access to the server.</p>
- <example>
- Order Allow,Deny<br />
- Allow from example.org<br />
- Deny from foo.example.org
- </example>
+ <highlight language="config">
+Order Allow,Deny
+Allow from example.org
+Deny from foo.example.org
+ </highlight>
<p>On the other hand, if the <directive>Order</directive> in the
last example is changed to <code>Deny,Allow</code>, all hosts will
directives because of its effect on the default access state. For
example,</p>
- <example>
- <Directory /www><br />
- <indent>
- Order Allow,Deny<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /www>
+ Order Allow,Deny
+</Directory>
+ </highlight>
<p>will Deny all access to the <code>/www</code> directory
because the default access state is set to
people outside of your network provide a password, you could use a
configuration similar to the following:</p>
- <example>
- Require valid-user<br />
- Allow from 192.168.1<br />
- Satisfy Any
- </example>
+ <highlight language="config">
+Require valid-user
+Allow from 192.168.1
+Satisfy Any
+ </highlight>
<p>
Another frequent use of the <directive>Satisfy</directive> directive
is to relax access restrictions for a subdirectory:
</p>
- <example>
- <Directory /var/www/private><br />
- Require valid-user<br />
- </Directory><br />
- <br />
- <Directory /var/www/private/public><br />
- Allow from all<br />
- Satisfy Any<br />
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /var/www/private>
+ Require valid-user
+</Directory>
+
+<Directory /var/www/private/public>
+ Allow from all
+ Satisfy Any
+</Directory>
+ </highlight>
<p>In the above example, authentication will be required for the
<code>/var/www/private</code> directory, but will not be required
is passed using the <code>REDIRECT_HANDLER</code> variable.</p>
<example><title>Example: MIME type</title>
- # Requests for files of a particular MIME content type:<br />
- Action image/gif /cgi-bin/images.cgi<br />
- <br />
+ <highlight language="config">
+# Requests for files of a particular MIME content type:
+Action image/gif /cgi-bin/images.cgi
+ </highlight>
</example>
<p>In this example, requests for files with a MIME content
type of <code>image/gif</code> will be handled by the
specified cgi script <code>/cgi-bin/images.cgi</code>.</p>
- <example><title>Example: File extension</title>
- # Files of a particular file extension<br />
- AddHandler my-file-type .xyz<br />
- Action my-file-type /cgi-bin/program.cgi<br />
+ <example>
+ <title>Example: File extension</title>
+ <highlight language="config">
+# Files of a particular file extension
+AddHandler my-file-type .xyz
+Action my-file-type /cgi-bin/program.cgi
+ </highlight>
</example>
-
<p>In this example, requests for files with a file extension of
<code>.xyz</code> are handled by the specified cgi script
<code>/cgi-bin/program.cgi</code>.</p>
if you want to use the <directive>Action</directive> directive in
virtual locations.</p>
- <example><title>Example</title>
- <Location /news><br />
- <indent>
- SetHandler news-handler<br />
- Action news-handler /cgi-bin/news.cgi virtual<br />
- </indent>
- </Location>
- </example>
+ <highlight language="config">
+<Location /news>
+ SetHandler news-handler
+ Action news-handler /cgi-bin/news.cgi virtual
+</Location>
+ </highlight>
</usage>
<seealso><directive module="mod_mime">AddHandler</directive></seealso>
(<em>e.g.</em>, foo.html?hi). Otherwise, the request will
proceed normally.</p>
- <example><title>Examples</title>
- # All GET requests go here<br />
- Script GET /cgi-bin/search<br />
- <br />
- # A CGI PUT handler<br />
- Script PUT /~bob/put.cgi<br />
- </example>
+ <highlight language="config">
+# All GET requests go here
+Script GET /cgi-bin/search
+
+# A CGI PUT handler
+Script PUT /~bob/put.cgi
+ </highlight>
</usage>
</directivesynopsis>
all the directives to have an effect. For example, the following
configuration will work as expected:</p>
- <example>
- Alias /foo/bar /baz<br />
- Alias /foo /gaq
- </example>
+ <highlight language="config">
+Alias /foo/bar /baz
+Alias /foo /gaq
+ </highlight>
<p>But if the above two directives were reversed in order, the
<code>/foo</code> <directive module="mod_alias">Alias</directive>
<var>URL-path</var> is case-sensitive, even on case-insensitive
file systems.</p>
- <example><title>Example:</title>
+ <highlight language="config">
Alias /image /ftp/pub/image
- </example>
+ </highlight>
<p>A request for <code>http://example.com/image/foo.gif</code> would cause
the server to return the file <code>/ftp/pub/image/foo.gif</code>. Only
module="core">DocumentRoot</directive>, you may need to explicitly
permit access to the target directory.</p>
- <example><title>Example:</title>
- Alias /image /ftp/pub/image<br />
- <Directory /ftp/pub/image><br />
- <indent>
- Require all granted<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+Alias /image /ftp/pub/image
+<Directory /ftp/pub/image>
+ Require all granted
+</Directory>
+ </highlight>
</usage>
</directivesynopsis>
example, to activate the <code>/icons</code> directory, one might
use:</p>
- <example>
+ <highlight language="config">
AliasMatch ^/icons(.*) /usr/local/apache/icons$1
- </example>
+ </highlight>
<p>The full range of <glossary ref="regex">regular expression</glossary>
power is available. For example,
it is possible to construct an alias with case-insensitive
matching of the URL-path:</p>
- <example>
+ <highlight language="config">
AliasMatch (?i)^/image(.*) /ftp/pub/image$1
- </example>
+ </highlight>
<p>One subtle difference
between <directive module="mod_alias">Alias</directive>
<p>For example, suppose you want to replace this with AliasMatch:</p>
- <example>
+ <highlight language="config">
Alias /image/ /ftp/pub/image/
- </example>
+ </highlight>
<p>This is NOT equivalent - don't do this! This will send all
requests that have /image/ anywhere in them to /ftp/pub/image/:</p>
- <example>
+ <highlight language="config">
AliasMatch /image/ /ftp/pub/image/
- </example>
+ </highlight>
<p>This is what you need to get the same effect:</p>
- <example>
+ <highlight language="config">
AliasMatch ^/image/(.*)$ /ftp/pub/image/$1
- </example>
+ </highlight>
<p>Of course, there's no point in
using <directive module="mod_alias">AliasMatch</directive>
you do more complicated things. For example, you could
serve different kinds of files from different directories:</p>
- <example>
+ <highlight language="config">
AliasMatch ^/image/(.*)\.jpg$ /files/jpg.images/$1.jpg<br/>
AliasMatch ^/image/(.*)\.gif$ /files/gif.images/$1.gif
- </example>
+ </highlight>
</usage>
</directivesynopsis>
<em>URL</em>. Additional path information beyond the matched
<em>URL-Path</em> will be appended to the target URL.</p>
- <example><title>Example:</title>
- # Redirect to a URL on a different host<br />
- Redirect /service http://foo2.example.com/service<br />
- <br />
- # Redirect to a URL on the same host<br />
- Redirect /one /two
- </example>
+ <highlight language="config">
+# Redirect to a URL on a different host
+Redirect /service http://foo2.example.com/service
+
+# Redirect to a URL on the same host
+Redirect /one /two
+ </highlight>
<p>If the client requests <code>http://example.com/service/foo.txt</code>,
it will be told to access
HTTP status code, known to the Apache HTTP Server (see the function
<code>send_error_response</code> in http_protocol.c).</p>
- <example><title>Example:</title>
- Redirect permanent /one http://example.com/two<br />
- Redirect 303 /three http://example.com/other
- </example>
+ <highlight language="config">
+Redirect permanent /one http://example.com/two
+Redirect 303 /three http://example.com/other
+ </highlight>
</usage>
</directivesynopsis>
example, to redirect all GIF files to like-named JPEG files on
another server, one might use:</p>
- <example>
+ <highlight language="config">
RedirectMatch (.*)\.gif$ http://other.example.com$1.jpg
- </example>
+ </highlight>
<p>The considerations related to the difference between
<directive module="mod_alias">Alias</directive> and
to scripts beginning with the second argument, which is a full
pathname in the local filesystem.</p>
- <example><title>Example:</title>
+ <highlight language="config">
ScriptAlias /cgi-bin/ /web/cgi-bin/
- </example>
+ </highlight>
<p>A request for <code>http://example.com/cgi-bin/foo</code> would cause the
server to run the script <code>/web/cgi-bin/foo</code>. This configuration
is essentially equivalent to:</p>
- <example>
- Alias /cgi-bin/ /web/cgi-bin/<br />
- <Location /cgi-bin ><br />
- <indent>
- SetHandler cgi-script<br />
- Options +ExecCGI<br />
- </indent>
- </Location>
- </example>
+ <highlight language="config">
+Alias /cgi-bin/ /web/cgi-bin/
+<Location /cgi-bin >
+ SetHandler cgi-script
+ Options +ExecCGI
+</Location>
+ </highlight>
<p><directive>ScriptAlias</directive> can also be used in conjunction with
a script or handler you have. For example:</p>
- <example>
+ <highlight language="config">
ScriptAlias /cgi-bin/ /web/cgi-handler.pl
- </example>
+ </highlight>
<p>In this scenario all files requested in <code>/cgi-bin/</code> will be
handled by the file you have configured, this allows you to use your own custom
module="core" type="section">Directory</directive>, <directive
module="core">SetHandler</directive>, and <directive
module="core">Options</directive> as in:
- <example>
- <Directory /usr/local/apache2/htdocs/cgi-bin ><br />
- <indent>
- SetHandler cgi-script<br />
- Options ExecCGI<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /usr/local/apache2/htdocs/cgi-bin >
+ SetHandler cgi-script
+ Options ExecCGI
+</Directory>
+ </highlight>
This is necessary since multiple <var>URL-paths</var> can map
to the same filesystem location, potentially bypassing the
<directive>ScriptAlias</directive> and revealing the source code
example, to activate the standard <code>/cgi-bin</code>, one
might use:</p>
- <example>
+ <highlight language="config">
ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
- </example>
+ </highlight>
<p>As for AliasMatch, the full range of <glossary ref="rexex">regular
expression</glossary> power is available.
For example, it is possible to construct an alias with case-insensitive
matching of the URL-path:</p>
- <example>
+ <highlight language="config">
ScriptAliasMatch (?i)^/cgi-bin(.*) /usr/local/apache/cgi-bin$1
- </example>
+ </highlight>
<p>The considerations related to the difference between
<directive module="mod_alias">Alias</directive> and
<p>This module makes it easy to restrict what HTTP methods can
used on an server. The most common configuration would be:</p>
-<example><title>Example</title>
-<Location /><br />
-<indent>
- AllowMethods GET POST OPTIONS<br />
-</indent>
+<highlight language="config">
+<Location />
+ AllowMethods GET POST OPTIONS
</Location>
-</example>
+</highlight>
</summary>
equivalent. The <code>reset</code> keyword can be used
turn off <module>mod_allowmethods</module> in a deeper nested context:</p>
-<example><title>Example</title>
-<Location /svn><br />
-<indent>
- AllowMethods reset<br />
-</indent>
+<highlight language="config">
+<Location /svn>
+ AllowMethods reset
</Location>
-</example>
+</highlight>
<note><title>Caution</title>
<p>The TRACE method can not be denied by this module,
<p>In the server configuration file, associate files with the
<code>send-as-is</code> handler <em>e.g.</em></p>
- <example>AddHandler send-as-is asis</example>
+ <highlight language="config">AddHandler send-as-is asis</highlight>
<p>The contents of any file with a <code>.asis</code> extension
will then be sent by Apache httpd to the client with almost no
The default <code>file</code> provider is implemented
by the <module>mod_authn_file</module> module. Make sure
that the chosen provider module is present in the server.</p>
-
<example><title>Example</title>
- <Location /secure><br />
- <indent>
- AuthType basic<br />
- AuthName "private area"<br />
- AuthBasicProvider dbm<br />
- AuthDBMType SDBM<br />
- AuthDBMUserFile /www/etc/dbmpasswd<br />
- Require valid-user<br />
- </indent>
- </Location>
+ <highlight language="config">
+<Location /secure>
+ AuthType basic
+ AuthName "private area"
+ AuthBasicProvider dbm
+ AuthDBMType SDBM
+ AuthDBMUserFile /www/etc/dbmpasswd
+ Require valid-user
+</Location>
+ </highlight>
</example>
-
<p> Providers are queried in order until a provider finds a match
for the requested username, at which point this sole provider will
attempt to check the password. A failure to verify the password does
<program>htdigest</program> tool.</p>
<example><title>Example:</title>
- <Location /private/><br />
- <indent>
- AuthType Digest<br />
- AuthName "private area"<br />
- AuthDigestDomain /private/ http://mirror.my.dom/private2/<br />
- <br />
- AuthDigestProvider file<br />
- AuthUserFile /web/auth/.digest_pw<br />
- Require valid-user<br />
- </indent>
- </Location>
+ <highlight language="config">
+<Location /private/>
+ AuthType Digest
+ AuthName "private area"
+ AuthDigestDomain /private/ http://mirror.my.dom/private2/
+
+ AuthDigestProvider file
+ AuthUserFile /web/auth/.digest_pw
+ Require valid-user
+</Location>
+ </highlight>
</example>
<note><title>Note</title>
method would look similar to the following.</p>
<example><title>Using Digest Authentication with MSIE:</title>
- BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
+ <highlight language="config">
+ BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
+ </highlight>
</example>
<p>This workaround is not necessary for MSIE 7, though enabling it does
express your value as KBytes or MBytes. For example, the following
directives are all equivalent:</p>
- <example>
- AuthDigestShmemSize 1048576<br />
- AuthDigestShmemSize 1024K<br />
- AuthDigestShmemSize 1M
- </example>
+<highlight language="config">
+AuthDigestShmemSize 1048576
+AuthDigestShmemSize 1024K
+AuthDigestShmemSize 1M
+ </highlight>
</usage>
</directivesynopsis>
the user will be redirected to the form login page.</p>
<example><title>Basic example</title>
- AuthFormProvider file<br />
- AuthUserFile conf/passwd<br />
- AuthType form<br />
- AuthName realm<br />
- AuthFormLoginRequiredLocation http://example.com/login.html<br />
- Session On<br />
- SessionCookieName session path=/<br />
- SessionCryptoPassphrase secret<br />
+ <highlight language="config">
+AuthFormProvider file
+AuthUserFile conf/passwd
+AuthType form
+AuthName realm
+AuthFormLoginRequiredLocation http://example.com/login.html
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret
+ </highlight>
</example>
<p>The directive <directive module="mod_authn_core">AuthType</directive> will enable
Apache httpd as follows:</p>
<example><title>Form login handler example</title>
- <Location /dologin.html>
- <indent>
- SetHandler form-login-handler<br />
- AuthFormLoginRequiredLocation http://example.com/login.html<br />
- AuthFormLoginSuccessLocation http://example.com/success.html<br />
- AuthFormProvider file<br />
- AuthUserFile conf/passwd<br />
- AuthType form<br />
- AuthName realm<br />
- Session On<br />
- SessionCookieName session path=/<br />
- SessionCryptoPassphrase secret<br />
- </indent>
- </Location>
+ <highlight language="config">
+<Location /dologin.html>
+ SetHandler form-login-handler
+ AuthFormLoginRequiredLocation http://example.com/login.html
+ AuthFormLoginSuccessLocation http://example.com/success.html
+ AuthFormProvider file
+ AuthUserFile conf/passwd
+ AuthType form
+ AuthName realm
+ Session On
+ SessionCookieName session path=/
+ SessionCryptoPassphrase secret
+</Location>
+ </highlight>
</example>
<p>The URLs specified by the
containing the login form, as follows:</p>
<example><title>Basic inline example</title>
- AuthFormProvider file<br />
- <strong>ErrorDocument 401 /login.shtml</strong><br />
- AuthUserFile conf/passwd<br />
- AuthType form<br />
- AuthName realm<br />
- AuthFormLoginRequiredLocation http://example.com/login.html<br />
- Session On<br />
- SessionCookieName session path=/<br />
- SessionCryptoPassphrase secret<br />
+ <highlight language="config">
+AuthFormProvider file
+ErrorDocument 401 /login.shtml
+AuthUserFile conf/passwd
+AuthType form
+AuthName realm
+AuthFormLoginRequiredLocation http://example.com/login.html
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret
+ </highlight>
</example>
<p>The error document page should contain a login form with an empty action property,
technology.</p>
<example><title>CGI example</title>
- AuthFormProvider file<br />
- <strong>ErrorDocument 401 /cgi-bin/login.cgi</strong><br />
- ...<br />
+ <highlight language="config">
+ AuthFormProvider file
+ <strong>ErrorDocument 401 /cgi-bin/login.cgi</strong>
+ ...
+ </highlight>
</example>
</section>
give the user the option to log in again.</p>
<example><title>Basic logout example</title>
- SetHandler form-logout-handler<br />
- AuthName realm<br />
- AuthFormLogoutLocation http://example.com/loggedout.html<br />
- Session On<br />
- SessionCookieName session path=/<br />
- SessionCryptoPassphrase secret<br />
+ <highlight language="config">
+SetHandler form-logout-handler
+AuthName realm
+AuthFormLogoutLocation http://example.com/loggedout.html
+Session On
+SessionCookieName session path=/
+SessionCryptoPassphrase secret
+ </highlight>
</example>
<p>Note that logging a user out does not delete the session; it merely removes
</p>
<example><title>Basic session expiry example</title>
- SetHandler form-logout-handler<br />
- AuthFormLogoutLocation http://example.com/loggedout.html<br />
- Session On<br />
- SessionMaxAge 1<br />
- SessionCookieName session path=/<br />
- SessionCryptoPassphrase secret<br />
+ <highlight language="config">
+SetHandler form-logout-handler
+AuthFormLogoutLocation http://example.com/loggedout.html
+Session On
+SessionMaxAge 1
+SessionCookieName session path=/
+SessionCryptoPassphrase secret
+ </highlight>
</example>
</section>
that the chosen provider module is present in the server.</p>
<example><title>Example</title>
- <Location /secure><br />
- <indent>
- AuthType form<br />
- AuthName "private area"<br />
- AuthFormProvider dbm<br />
- AuthDBMType SDBM<br />
- AuthDBMUserFile /www/etc/dbmpasswd<br />
- Require valid-user<br />
- ...<br />
- </indent>
- </Location>
+ <highlight language="config">
+<Location /secure>
+ AuthType form
+ AuthName "private area"
+ AuthFormProvider dbm
+ AuthDBMType SDBM
+ AuthDBMUserFile /www/etc/dbmpasswd
+ Require valid-user
+ #...
+</Location>
+ </highlight>
</example>
<p>Providers are implemented by <module>mod_authn_dbm</module>,
the page specified by this directive will be shown to the end user. For example:</p>
<example><title>Example</title>
- <Location /logout><br />
- <indent>
- SetHandler form-logout-handler<br />
- AuthFormLogoutLocation http://example.com/loggedout.html<br />
- Session on<br />
- ...
- </indent>
- </Location>
+ <highlight language="config">
+<Location /logout>
+ SetHandler form-logout-handler
+ AuthFormLogoutLocation http://example.com/loggedout.html
+ Session on
+ #...
+</Location>
+ </highlight>
</example>
<p>An attempt to access the URI <var>/logout/</var> will result in the user being logged
</ul>
<example><title>Example</title>
- <Directory /var/www/html/private>
- <indent>
- AuthName "Use 'anonymous' & Email address for guest entry"<br />
- AuthType Basic<br />
- AuthBasicProvider file anon<br />
- AuthUserFile /path/to/your/.htpasswd<br />
- <br />
- Anonymous_NoUserID off<br />
- Anonymous_MustGiveEmail on<br />
- Anonymous_VerifyEmail on<br />
- Anonymous_LogEmail on<br />
- Anonymous anonymous guest www test welcome<br />
- <br />
- Require all granted<br />
- <br />
- Require valid-user<br />
- </indent>
- </Directory>
+ <highlight language="config">
+<Directory /var/www/html/private>
+ AuthName "Use 'anonymous' & Email address for guest entry"
+ AuthType Basic
+ AuthBasicProvider file anon
+ AuthUserFile /path/to/your/.htpasswd
+
+ Anonymous_NoUserID off
+ Anonymous_MustGiveEmail on
+ Anonymous_VerifyEmail on
+ Anonymous_LogEmail on
+ Anonymous anonymous guest www test welcome
+
+ Require valid-user
+</Directory>
+ </highlight>
</example>
</section>
userIDs.</p>
<example><title>Example:</title>
+ <highlight language="config">
Anonymous anonymous "Not Registered" "I don't know"
+ </highlight>
</example>
<p>This would allow the user to enter without password
files.</p>
<example><title>Checking multiple text password files</title>
-
- # Check here first<br />
- <AuthnProviderAlias file file1><br />
- <indent>
- AuthUserFile /www/conf/passwords1<br />
- </indent>
- </AuthnProviderAlias><br />
- <br />
- # Then check here<br />
- <AuthnProviderAlias file file2> <br />
- <indent>
- AuthUserFile /www/conf/passwords2<br />
- </indent>
- </AuthnProviderAlias><br />
- <br />
- <Directory /var/web/pages/secure><br />
- <indent>
- AuthBasicProvider file1 file2<br />
- <br />
- AuthType Basic<br />
- AuthName "Protected Area"<br />
- Require valid-user<br />
- </indent>
- </Directory><br />
+ <highlight language="config">
+# Check here first
+<AuthnProviderAlias file file1>
+ AuthUserFile /www/conf/passwords1
+</AuthnProviderAlias>
+
+# Then check here
+<AuthnProviderAlias file file2>
+ AuthUserFile /www/conf/passwords2
+</AuthnProviderAlias>
+
+<Directory /var/web/pages/secure>
+ AuthBasicProvider file1 file2
+
+ AuthType Basic
+ AuthName "Protected Area"
+ Require valid-user
+</Directory>
+ </highlight>
</example>
<p>The example below creates two different ldap authentication
hosts:</p>
<example><title>Checking multiple LDAP servers</title>
- <AuthnProviderAlias ldap ldap-alias1><br />
- <indent>
- AuthLDAPBindDN cn=youruser,o=ctx<br />
- AuthLDAPBindPassword yourpassword<br />
- AuthLDAPURL ldap://ldap.host/o=ctx<br />
- </indent>
- </AuthnProviderAlias><br /><br />
- <AuthnProviderAlias ldap ldap-other-alias><br />
- <indent>
- AuthLDAPBindDN cn=yourotheruser,o=dev<br />
- AuthLDAPBindPassword yourotherpassword<br />
- AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br />
- </indent>
- </AuthnProviderAlias><br /><br />
-
- Alias /secure /webpages/secure<br />
- <Directory /webpages/secure><br />
- <indent>
- Order deny,allow<br />
- Allow from all<br /><br />
-
- AuthBasicProvider ldap-other-alias ldap-alias1<br /><br />
-
- AuthType Basic<br />
- AuthName LDAP_Protected_Place<br />
- Require valid-user<br />
- </indent>
- </Directory><br />
+ <highlight language="config">
+<AuthnProviderAlias ldap ldap-alias1>
+ AuthLDAPBindDN cn=youruser,o=ctx
+ AuthLDAPBindPassword yourpassword
+ AuthLDAPURL ldap://ldap.host/o=ctx
+ </AuthnProviderAlias>
+ <AuthnProviderAlias ldap ldap-other-alias>
+ AuthLDAPBindDN cn=yourotheruser,o=dev
+ AuthLDAPBindPassword yourotherpassword
+ AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+</AuthnProviderAlias>
+
+Alias /secure /webpages/secure
+<Directory /webpages/secure>
+ Order deny,allow
+ Allow from all
+
+ AuthBasicProvider ldap-other-alias ldap-alias1
+
+ AuthType Basic
+ AuthName LDAP_Protected_Place
+ Require valid-user
+</Directory>
+ </highlight>
</example>
</section>
<p>For example:</p>
- <example>
+ <highlight language="config">
AuthName "Top Secret"
- </example>
+ </highlight>
<p>The string provided for the <code>AuthName</code> is what will
appear in the password dialog provided by most browsers.</p>
in the following example, clients may access the
<code>/www/docs/public</code> directory without authenticating:</p>
- <example>
- <Directory /www/docs>
- <indent>
- AuthType Basic<br />
- AuthName Documents<br />
- AuthBasicProvider file<br />
- AuthUserFile /usr/local/apache/passwd/passwords<br />
- Require valid-user
- </indent>
- </Directory><br />
- <br />
- <Directory /www/docs/public>
- <indent>
- AuthType None<br />
- Require all granted
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /www/docs>
+ AuthType Basic
+ AuthName Documents
+ AuthBasicProvider file
+ AuthUserFile /usr/local/apache/passwd/passwords
+ Require valid-user
+</Directory>
+
+<Directory /www/docs/public>
+ AuthType None
+ Require all granted
+</Directory>
+ </highlight>
<note>When disabling authentication, note that clients which have
already authenticated against another portion of the server's document
<title>Configuration Example</title>
<p>This simple example shows use of this module in the context of
the Authentication and DBD frameworks.</p>
-<example><pre>
+<highlight language="config">
# mod_dbd configuration
# UPDATED to include authentication cacheing
DBDriver pgsql
Require valid-user
# mod_authn_dbd SQL query to authenticate a user
- AuthDBDUserPWQuery \
- "SELECT password FROM authn WHERE user = %s"
+ AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
</Directory>
-</pre></example>
+</highlight>
</section>
<section id="exposed">
will be passed as a single string parameter when the SQL query is
executed. It may be referenced within the query statement using
a <code>%s</code> format specifier.</p>
- <example><title>Example</title><pre>
-AuthDBDUserPWQuery \
- "SELECT password FROM authn WHERE user = %s"
-</pre></example>
+ <highlight language="config">
+AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
+</highlight>
<p>The first column value of the first row returned by the query
statement should be a string containing the encrypted password.
Subsequent rows will be ignored. If no rows are returned, the user
The user's ID and the realm, in that order, will be passed as string
parameters when the SQL query is executed. They may be referenced
within the query statement using <code>%s</code> format specifiers.</p>
- <example><title>Example</title><pre>
-AuthDBDUserRealmQuery \
- "SELECT password FROM authn WHERE user = %s AND realm = %s"
-</pre></example>
+ <highlight language="config">
+AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s"
+</highlight>
<p>The first column value of the first row returned by the query
statement should be a string containing the encrypted password.
Subsequent rows will be ignored. If no rows are returned, the user
</ol>
<p>A simple usage example to accelerate <module>mod_authn_dbd</module>
using dbm as a cache engine:</p>
- <example><pre>
- <Directory /usr/www/myhost/private>
- AuthType Basic
- AuthName "Cached Authentication Example"
- AuthBasicProvider socache dbd
- AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
- AuthnCacheProvideFor dbd
- AuthnCacheContext dbd-authn-example
- AuthnCacheSOCache dbm
- Require valid-user
- </Directory>
- </pre></example>
+ <highlight language="config">
+<Directory /usr/www/myhost/private>
+ AuthType Basic
+ AuthName "Cached Authentication Example"
+ AuthBasicProvider socache dbd
+ AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
+ AuthnCacheProvideFor dbd
+ AuthnCacheContext dbd-authn-example
+ AuthnCacheSOCache dbm
+ Require valid-user
+</Directory>
+ </highlight>
</section>
<section id="dev"><title>Cacheing with custom modules</title>
<p>For example, to cache credentials found by <module>mod_authn_dbd</module>
or by a custom provider <var>myprovider</var>, but leave those looked
up by lightweight providers like file or dbm lookup alone:</p>
- <example>
- AuthnCacheProvideFor dbd myprovider
- </example>
+ <highlight language="config">
+AuthnCacheProvideFor dbd myprovider
+ </highlight>
</usage>
</directivesynopsis>
<code>ldap://ldap/o=Example?cn</code> (i.e., <code>cn</code> is
used for searches), the following Require directives could be used
to restrict access:</p>
-<example>
-Require ldap-user "Barbara Jenson"<br />
-Require ldap-user "Fred User"<br />
-Require ldap-user "Joe Manager"<br />
-</example>
+<highlight language="config">
+Require ldap-user "Barbara Jenson"
+Require ldap-user "Fred User"
+Require ldap-user "Joe Manager"
+</highlight>
<p>Because of the way that <module>mod_authnz_ldap</module> handles this
directive, Barbara Jenson could sign on as <em>Barbara
<p>If the <code>uid</code> attribute was used instead of the
<code>cn</code> attribute in the URL above, the above three lines
could be condensed to</p>
-<example>Require ldap-user bjenson fuser jmanager</example>
+<highlight language="config">Require ldap-user bjenson fuser jmanager</highlight>
</section>
<section id="reqgroup"><title>Require ldap-group</title>
group. Note: Do not surround the group name with quotes.
For example, assume that the following entry existed in
the LDAP directory:</p>
-<example>
-dn: cn=Administrators, o=Example<br />
-objectClass: groupOfUniqueNames<br />
-uniqueMember: cn=Barbara Jenson, o=Example<br />
-uniqueMember: cn=Fred User, o=Example<br />
-</example>
+<example><pre>
+dn: cn=Administrators, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Barbara Jenson, o=Example
+uniqueMember: cn=Fred User, o=Example
+</pre></example>
<p>The following directive would grant access to both Fred and
Barbara:</p>
-<example>Require ldap-group cn=Administrators, o=Example</example>
+<highlight language="config">Require ldap-group cn=Administrators, o=Example</highlight>
<p>Members can also be found within sub-groups of a specified LDAP group
if <directive module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive>
is set to a value greater than 0. For example, assume the following entries
exist in the LDAP directory:</p>
-<example>
-dn: cn=Employees, o=Example<br />
-objectClass: groupOfUniqueNames<br />
-uniqueMember: cn=Managers, o=Example<br />
-uniqueMember: cn=Administrators, o=Example<br />
-uniqueMember: cn=Users, o=Example<br />
-<br />
-dn: cn=Managers, o=Example<br />
-objectClass: groupOfUniqueNames<br />
-uniqueMember: cn=Bob Ellis, o=Example<br />
-uniqueMember: cn=Tom Jackson, o=Example<br />
-<br />
-dn: cn=Administrators, o=Example<br />
-objectClass: groupOfUniqueNames<br />
-uniqueMember: cn=Barbara Jenson, o=Example<br />
-uniqueMember: cn=Fred User, o=Example<br />
-<br />
-dn: cn=Users, o=Example<br />
-objectClass: groupOfUniqueNames<br />
-uniqueMember: cn=Allan Jefferson, o=Example<br />
-uniqueMember: cn=Paul Tilley, o=Example<br />
-uniqueMember: cn=Temporary Employees, o=Example<br />
-<br />
-dn: cn=Temporary Employees, o=Example<br />
-objectClass: groupOfUniqueNames<br />
-uniqueMember: cn=Jim Swenson, o=Example<br />
-uniqueMember: cn=Elliot Rhodes, o=Example<br />
-</example>
+<example><pre>
+dn: cn=Employees, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Managers, o=Example
+uniqueMember: cn=Administrators, o=Example
+uniqueMember: cn=Users, o=Example
+
+dn: cn=Managers, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Bob Ellis, o=Example
+uniqueMember: cn=Tom Jackson, o=Example
+
+dn: cn=Administrators, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Barbara Jenson, o=Example
+uniqueMember: cn=Fred User, o=Example
+
+dn: cn=Users, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Allan Jefferson, o=Example
+uniqueMember: cn=Paul Tilley, o=Example
+uniqueMember: cn=Temporary Employees, o=Example
+
+dn: cn=Temporary Employees, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Jim Swenson, o=Example
+uniqueMember: cn=Elliot Rhodes, o=Example
+</pre></example>
<p>The following directives would allow access for Bob Ellis, Tom Jackson,
Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not
allow access for Jim Swenson, or Elliot Rhodes (since they are at a
sub-group depth of 2):</p>
-<example>
-Require ldap-group cn=Employees, o-Example<br />
-AuthLDAPSubGroupDepth 1<br />
-</example>
+<highlight language="config">
+Require ldap-group cn=Employees, o-Example
+AuthLDAPSubGroupDepth 1
+</highlight>
<p>Behavior of this directive is modified by the <directive
module="mod_authnz_ldap">AuthLDAPGroupAttribute</directive>, <directive
<p>The following directive would grant access to a specific
DN:</p>
-<example>Require ldap-dn cn=Barbara Jenson, o=Example</example>
+<highlight language="config">Require ldap-dn cn=Barbara Jenson, o=Example</highlight>
<p>Behavior of this directive is modified by the <directive
module="mod_authnz_ldap">AuthLDAPCompareDNOnServer</directive>
<p>The following directive would grant access to anyone with
the attribute employeeType = active</p>
- <example>Require ldap-attribute employeeType=active</example>
+ <highlight language="config">Require ldap-attribute employeeType=active</highlight>
<p>Multiple attribute/value pairs can be specified on the same line
separated by spaces or they can be specified in multiple
<p>The following directive would grant access to anyone with
the city attribute equal to "San Jose" or status equal to "Active"</p>
- <example>Require ldap-attribute city="San Jose" status=active</example>
+ <highlight language="config">Require ldap-attribute city="San Jose" status=active</highlight>
</section>
<p>The following directive would grant access to anyone having a cell phone
and is in the marketing department</p>
- <example>Require ldap-filter &(cell=*)(department=marketing)</example>
+ <highlight language="config">Require ldap-filter &(cell=*)(department=marketing)</highlight>
<p>The difference between the <code>Require ldap-filter</code> directive and the
<code>Require ldap-attribute</code> directive is that <code>ldap-filter</code>
<li>
Grant access to anyone who exists in the LDAP directory,
using their UID for searches.
-<example>
-AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)"<br />
+<highlight language="config">
+AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)"
Require valid-user
-</example>
+</highlight>
</li>
<li>
The next example is the same as above; but with the fields
that have useful defaults omitted. Also, note the use of a
redundant LDAP server.
-<example>AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example"<br />
+<highlight language="config">AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example"
Require valid-user
-</example>
+</highlight>
</li>
<li>
this approach is not recommended: it's a better idea to
choose an attribute that is guaranteed unique in your
directory, such as <code>uid</code>.
-<example>
-AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn"<br />
+<highlight language="config">
+AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn"
Require valid-user
-</example>
+</highlight>
</li>
<li>
Grant access to anybody in the Administrators group. The
users must authenticate using their UID.
-<example>
-AuthLDAPURL ldap://ldap.example.com/o=Example?uid<br />
+<highlight language="config">
+AuthLDAPURL ldap://ldap.example.com/o=Example?uid
Require ldap-group cn=Administrators, o=Example
-</example>
+</highlight>
</li>
<li>
of <code>qpagePagerID</code>. The example will grant access
only to people (authenticated via their UID) who have
alphanumeric pagers:
-<example>
-AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*)<br />
+<highlight language="config">
+AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*)
Require valid-user
-</example>
+</highlight>
</li>
<li>
a pager, plus grant access to Joe Manager, who doesn't
have a pager, but does need to access the same
resource:</p>
-<example>
-AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(|(qpagePagerID=*)(uid=jmanager))<br />
+<highlight language="config">
+AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(|(qpagePagerID=*)(uid=jmanager))
Require valid-user
-</example>
+</highlight>
<p>This last may look confusing at first, so it helps to
evaluate what the search filter will look like based on who
subtree search for the attribute <em>userPrincipalName</em>, with
an empty search root, like so:</p>
-<example>
-AuthLDAPBindDN apache@example.com<br />
-AuthLDAPBindPassword password<br />
+<highlight language="config">
+AuthLDAPBindDN apache@example.com
+AuthLDAPBindPassword password
AuthLDAPURL ldap://10.0.0.1:3268/?userPrincipalName?sub
-</example>
+</highlight>
<p>Users will need to enter their User Principal Name as a login, in
the form <em>somebody@nz.example.com</em>.</p>
authentication to it is a matter of adding the following
directives to <em>every</em> <code>.htaccess</code> file
that gets created in the web</p>
-<example><pre>
+<highlight language="config">
AuthLDAPURL "the url"
AuthGroupFile <em>mygroupfile</em>
Require group <em>mygroupfile</em>
-</pre></example>
+</highlight>
<section id="howitworks"><title>How It Works</title>
<directive module="mod_authnz_ldap">AuthLDAPBindDN</directive>.
</p>
- <example> AuthLDAPInitialBindPattern (.+) $1@example.com </example>
- <example> AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com</example>
+ <highlight language="config"> AuthLDAPInitialBindPattern (.+) $1@example.com </highlight>
+ <highlight language="config"> AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com</highlight>
<note><title>Not available with authorization-only</title>
This directive can only be used if this module authenticates the user, and
to use. The syntax of the URL is</p>
<example>ldap://host:port/basedn?attribute?scope?filter</example>
<p>If you want to specify more than one LDAP URL that Apache should try in turn, the syntax is:</p>
-<example>AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."</example>
+<highlight language="config">AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."</highlight>
<p><em><strong>Caveat: </strong>If you specify multiple servers, you need to enclose the entire URL string in quotes;
otherwise you will get an error: "AuthLDAPURL takes one argument, URL to define LDAP connection.." </em>
You can of course use search parameters on each of these.</p>
multiple ldap hosts:
</p>
- <example><title>Example</title>
- <AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx><br />
- <indent>
- AuthLDAPBindDN cn=youruser,o=ctx<br />
- AuthLDAPBindPassword yourpassword<br />
- AuthLDAPURL ldap://ldap.host/o=ctx<br />
- </indent>
- </AuthzProviderAlias><br /><br />
- <AuthzProviderAlias ldap-group ldap-group-alias2
- cn=my-other-group,o=dev><br />
- <indent>
- AuthLDAPBindDN cn=yourotheruser,o=dev<br />
- AuthLDAPBindPassword yourotherpassword<br />
- AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br />
- </indent>
- </AuthzProviderAlias><br /><br />
-
- Alias /secure /webpages/secure<br />
- <Directory /webpages/secure><br />
- <indent>
- Require all granted<br /><br />
-
- AuthBasicProvider file<br /><br />
-
- AuthType Basic<br />
- AuthName LDAP_Protected_Place<br /><br />
-
- #implied OR operation<br />
- Require ldap-group-alias1<br />
- Require ldap-group-alias2<br />
- </indent> </Directory><br />
- </example>
+ <highlight language="config">
+<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
+ AuthLDAPBindDN cn=youruser,o=ctx
+ AuthLDAPBindPassword yourpassword
+ AuthLDAPURL ldap://ldap.host/o=ctx
+</AuthzProviderAlias>
+
+<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev>
+ AuthLDAPBindDN cn=yourotheruser,o=dev
+ AuthLDAPBindPassword yourotherpassword
+ AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+</AuthzProviderAlias>
+
+Alias /secure /webpages/secure
+<Directory /webpages/secure>
+ Require all granted
+
+ AuthBasicProvider file
+
+ AuthType Basic
+ AuthName LDAP_Protected_Place
+
+ #implied OR operation
+ Require ldap-group-alias1
+ Require ldap-group-alias2
+</Directory>
+ </highlight>
</section>
</section>
not belong to either the <code>temps</code> group or the
LDAP group <code>Temporary Employees</code>.</p>
- <example>
- <Directory /www/mydocs>
- <indent>
+ <highlight language="config">
+<Directory /www/mydocs>
+ <RequireAll>
+ <RequireAny>
+ Require user superadmin
<RequireAll>
- <indent>
+ Require group admins
+ Require ldap-group cn=Administrators,o=Airius
<RequireAny>
- <indent>
- Require user superadmin<br />
- <RequireAll>
- <indent>
- Require group admins<br />
- Require ldap-group cn=Administrators,o=Airius<br />
- <RequireAny>
- <indent>
- Require group sales<br />
- Require ldap-attribute dept="sales"
- </indent>
- </RequireAny>
- </indent>
- </RequireAll>
- </indent>
- </RequireAny><br />
- <RequireNone>
- <indent>
- Require group temps<br />
- Require ldap-group cn=Temporary Employees,o=Airius
- </indent>
- </RequireNone>
- </indent>
+ Require group sales
+ Require ldap-attribute dept="sales"
+ </RequireAny>
</RequireAll>
- </indent>
- </Directory>
- </example>
+ </RequireAny>
+ <RequireNone>
+ Require group temps
+ Require ldap-group cn=Temporary Employees,o=Airius
+ </RequireNone>
+ </RequireAll>
+</Directory>
+ </highlight>
</section>
<section id="requiredirectives"><title>The Require Directives</title>
<code>User-Agent</code> (browser type), <code>Referer</code>, or
other HTTP request header fields.</p>
- <example><title>Example:</title>
- SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in<br />
- <Directory /docroot><br />
- <indent>
- Require env let_me_in<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+<Directory /docroot>
+ Require env let_me_in
+</Directory>
+ </highlight>
<p>In this case, browsers with a user-agent string beginning
with <code>KnockKnock/2.0</code> will be allowed access, and all
'granted' or 'denied'. The following examples will grant or deny
access to all requests.</p>
- <example>
- Require all granted<br />
- </example>
+ <highlight language="config">
+ Require all granted
+ </highlight>
- <example>
- Require all denied<br />
- </example>
+ <highlight language="config">
+ Require all denied
+ </highlight>
</section>
<p>The following example will only allow GET, HEAD, POST, and OPTIONS
requests:</p>
- <example>
- Require method GET POST OPTIONS<br />
- </example>
+ <highlight language="config">
+ Require method GET POST OPTIONS
+ </highlight>
<p>The following example will allow GET, HEAD, POST, and OPTIONS
requests without authentication, and require a valid user for all other
methods:</p>
- <example>
- <RequireAny><br />
- Require method GET POST OPTIONS<br />
- Require valid-user<br />
- </RequireAny><br />
- </example>
+ <highlight language="config">
+<RequireAny>
+ Require method GET POST OPTIONS
+ Require valid-user
+</RequireAny>
+ </highlight>
</section>
<p>The <code>expr</code> provider allows to base authorization
decisions on arbitrary expressions.</p>
- <example>
- Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17 <br />
- </example>
+ <highlight language="config">
+ Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17
+ </highlight>
<p>The syntax is described in the <a href="../expr.html">ap_expr</a>
documentation.</p>
and <directive module="mod_authz_groupfile">AuthGroupFile</directive> (to
define users and groups) in order to work correctly. Example:</p>
- <example>
- AuthType Basic<br />
- AuthName "Restricted Resource"<br />
- AuthBasicProvider file<br />
- AuthUserFile /web/users<br />
- AuthGroupFile /web/groups<br />
- Require group admin
- </example>
+ <highlight language="config">
+AuthType Basic
+AuthName "Restricted Resource"
+AuthBasicProvider file
+AuthUserFile /web/users
+AuthGroupFile /web/groups
+Require group admin
+ </highlight>
<p>Access controls which are applied in this way are effective for
<strong>all</strong> methods. <strong>This is what is normally
and <code>beta</code> groups are authorized, except for those who
are also in the <code>reject</code> group.</p>
- <example>
- <Directory /www/docs>
- <indent>
- <RequireAll>
- <indent>
- Require group alpha beta<br />
- Require not group reject
- </indent>
- </RequireAll>
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /www/docs>
+ <RequireAll>
+ Require group alpha beta
+ Require not group reject
+ </RequireAll>
+</Directory>
+ </highlight>
<p>When multiple <directive>Require</directive> directives are
used in a single
preceding sections. Thus only users belong to the group
<code>gamma</code> may access <code>/www/docs/ab/gamma</code>.</note>
- <example>
- <Directory /www/docs>
- <indent>
- AuthType Basic<br />
- AuthName Documents<br />
- AuthBasicProvider file<br />
- AuthUserFile /usr/local/apache/passwd/passwords<br />
- Require group alpha
- </indent>
- </Directory><br />
- <br />
- <Directory /www/docs/ab>
- <indent>
- AuthMerging Or<br />
- Require group beta
- </indent>
- </Directory><br />
- <br />
- <Directory /www/docs/ab/gamma>
- <indent>
- Require group gamma
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /www/docs>
+ AuthType Basic
+ AuthName Documents
+ AuthBasicProvider file
+ AuthUserFile /usr/local/apache/passwd/passwords
+ Require group alpha
+</Directory>
+
+<Directory /www/docs/ab>
+ AuthMerging Or
+ Require group beta
+</Directory>
+
+<Directory /www/docs/ab/gamma>
+ Require group gamma
+</Directory>
+ </highlight>
</usage>
</directivesynopsis>
</section>
<section id="example">
-<title>Configuration Example</title>
-<example><pre>
+<title>Configuration example</title>
+<highlight language="config">
# mod_dbd configuration
DBDriver pgsql
DBDParams "dbname=apacheauth user=apache pass=xxxxxx"
<Files login.html>
# don't require user to already be logged in!
- AuthDBDUserPWQuery \
- "SELECT password FROM authn WHERE user = %s"
+ AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
# dbd-login action executes a statement to log user in
Require dbd-login
- AuthzDBDQuery \
- "UPDATE authn SET login = 'true' WHERE user = %s"
+ AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"
# return user to referring page (if any) after
# successful login
<Files logout.html>
# dbd-logout action executes a statement to log user out
Require dbd-logout
- AuthzDBDQuery \
- "UPDATE authn SET login = 'false' WHERE user = %s"
+ AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s"
</Files>
</Directory>
-</pre></example>
+</highlight>
</section>
<directivesynopsis>
The first column value of each row returned by the query statement
should be a string containing a group name. Zero, one, or more rows
may be returned.
- <example><title>Example</title><pre>
+ <highlight language="config">
Require dbd-group
-AuthzDBDQuery \
- "SELECT group FROM groups WHERE user = %s"
-</pre></example>
+AuthzDBDQuery "SELECT group FROM groups WHERE user = %s"
+</highlight>
</li>
<li>When used with a <code>Require dbd-login</code> or
<code>Require dbd-logout</code> directive, it will never deny access,
but will instead execute a SQL statement designed to log the user
in or out. The user must already be authenticated with
<module>mod_authn_dbd</module>.
- <example><title>Example</title><pre>
+ <highlight language="config">
Require dbd-login
-AuthzDBDQuery \
- "UPDATE authn SET login = 'true' WHERE user = %s"
-</pre></example>
+AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"
+</highlight>
</li>
</ul>
<p>In all cases, the user's ID will be passed as a single string
specific to the user. The user's ID will be passed as a single string
parameter when the SQL query is executed. It may be referenced within
the query statement using a <code>%s</code> format specifier.</p>
- <example><title>Example</title><pre>
-AuthzDBDRedirectQuery \
- "SELECT userpage FROM userpages WHERE user = %s"
-</pre></example>
+ <highlight language="config">
+AuthzDBDRedirectQuery "SELECT userpage FROM userpages WHERE user = %s"
+</highlight>
<p>The first column value of the first row returned by the query
statement should be a string containing a URL to which to redirect
the client. Subsequent rows will be ignored. If no rows are returned,
accomplished by first setting the group and password files to
point to the same DBM:</p>
- <example>
- AuthDBMGroupFile /www/userbase<br />
- AuthDBMUserFile /www/userbase
- </example>
+ <highlight language="config">
+AuthDBMGroupFile /www/userbase
+AuthDBMUserFile /www/userbase
+ </highlight>
<p>The key for the single DBM is the username. The value consists
of</p>
<p>A full IP address:</p>
- <example>
- Require ip 10.1.2.3<br />
- Require ip 192.168.1.104 192.168.1.205
- </example>
+ <highlight language="config">
+Require ip 10.1.2.3
+Require ip 192.168.1.104 192.168.1.205
+ </highlight>
<p>An IP address of a host allowed access</p>
<p>A partial IP address:</p>
- <example>
- Require ip 10.1<br />
- Require ip 10 172.20 192.168.2
- </example>
+ <highlight language="config">
+Require ip 10.1
+Require ip 10 172.20 192.168.2
+ </highlight>
<p>The first 1 to 3 bytes of an IP address, for subnet
restriction.</p>
<p>A network/netmask pair:</p>
- <example>
+ <highlight language="config">
Require ip 10.1.0.0/255.255.0.0
- </example>
+ </highlight>
<p>A network a.b.c.d, and a netmask w.x.y.z. For more
fine-grained subnet restriction.</p>
<p>A network/nnn CIDR specification:</p>
- <example>
+ <highlight language="config">
Require ip 10.1.0.0/16
- </example>
+ </highlight>
<p>Similar to the previous case, except the netmask consists of
nnn high-order 1 bits.</p>
<p>IPv6 addresses and IPv6 subnets can be specified as shown
below:</p>
- <example>
- Require ip 2001:db8::a00:20ff:fea7:ccea<br />
- Require ip 2001:db8::a00:20ff:fea7:ccea/10
- </example>
+ <highlight language="config">
+Require ip 2001:db8::a00:20ff:fea7:ccea
+Require ip 2001:db8::a00:20ff:fea7:ccea/10
+ </highlight>
</section>
<p>A (partial) domain-name</p>
- <example>
- Require host example.org<br />
- Require host .net example.edu
- </example>
+ <highlight language="config">
+Require host example.org
+Require host .net example.edu
+ </highlight>
<p>Hosts whose names match, or end in, this string are allowed
access. Only complete components are matched, so the above
<p>This allows a convenient way to match connections that originate from
the local host:</p>
- <example>
+ <highlight language="config">
Require local
- </example>
+ </highlight>
</section>
</section>
files in <code>/home/smith/public_html/private</code> unless they
were owned by <code>jones</code> instead of <code>smith</code>.</p>
- <example>
- <Directory /home/*/public_html/private><br />
- <indent>
- AuthType Basic<br />
- AuthName MyPrivateFiles<br />
- AuthBasicProvider dbm<br />
- AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all<br />
- Require file-owner<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /home/*/public_html/private>
+ AuthType Basic
+ AuthName MyPrivateFiles
+ AuthBasicProvider dbm
+ AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+ Require file-owner
+</Directory>
+ </highlight>
</section>
<section id="examples.file-group"><title>Require file-group</title>
authorized to access the <code>project-foo</code> directories of
each other.</p>
- <example>
- <Directory /home/*/public_html/project-foo><br />
- <indent>
- AuthType Basic<br />
- AuthName "Project Foo Files"<br />
- AuthBasicProvider dbm<br />
- <br />
- # combined user/group database<br />
- AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all<br />
- AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all<br />
- <br />
- Satisfy All<br />
- Require file-group<br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /home/*/public_html/project-foo>
+ AuthType Basic
+ AuthName "Project Foo Files"
+ AuthBasicProvider dbm
+
+ # combined user/group database
+ AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+ AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
+
+ Satisfy All
+ Require file-group
+</Directory>
+ </highlight>
</section>
</section>
same header repeatedly toggles between ascending and descending
order. These column header links are suppressed with the
<directive module="mod_autoindex">IndexOptions</directive> directive's
- <code><a href="#indexoptions.suppresscolumnsorting">SuppressColumnSorting</a></code> option.</p>
+ <code><a href="#indexoptions.suppresscolumnsorting">SuppressColumnSorting</a></code>
+ option.</p>
<p>Note that when the display is sorted by "Size", it's the
<em>actual</em> size of the files that's used, not the
is displayed if the client is image-incapable, has image loading
disabled, or fails to retrieve the icon.</p>
- <example><title>Examples</title>
- AddAlt "PDF file" *.pdf<br />
- AddAlt Compressed *.gz *.zip *.Z
- </example>
+ <highlight language="config">
+AddAlt "PDF file" *.pdf
+AddAlt Compressed *.gz *.zip *.Z
+ </highlight>
</usage>
</directivesynopsis>
This alternate text is displayed if the client is image-incapable,
has image loading disabled, or fails to retrieve the icon.</p>
- <example><title>Example</title>
+ <highlight language="config">
AddAltByEncoding gzip x-gzip
- </example>
+ </highlight>
</usage>
</directivesynopsis>
This alternate text is displayed if the client is image-incapable,
has image loading disabled, or fails to retrieve the icon.</p>
- <example><title>Example</title>
+ <highlight language="config">
AddAltByType 'plain text' text/plain
- </example>
+ </highlight>
</usage>
</directivesynopsis>
expression or full filename for files to describe.
<var>String</var> is enclosed in double quotes (<code>"</code>).</p>
- <example><title>Example</title>
- AddDescription "The planet Mars" mars.gif <br/>
- AddDescription "My friend Marshall" friends/mars.gif
- </example>
+ <highlight language="config">
+AddDescription "The planet Mars" mars.gif
+AddDescription "My friend Marshall" friends/mars.gif
+ </highlight>
<p>The typical, default description field is 23 bytes wide. 6
more bytes are added by the <code><a href="#indexoptions.suppressicon"
is unnecessary if you're using <code>IndexOptions
HTMLTable</code>.</p>
- <example><title>Examples</title>
- AddIcon (IMG,/icons/image.png) .gif .jpg .png<br />
- AddIcon /icons/dir.png ^^DIRECTORY^^<br />
- AddIcon /icons/backup.png *~
- </example>
+ <highlight language="config">
+#Examples
+AddIcon (IMG,/icons/image.png) .gif .jpg .png
+AddIcon /icons/dir.png ^^DIRECTORY^^
+AddIcon /icons/backup.png *~
+ </highlight>
<p><directive module="mod_autoindex">AddIconByType</directive>
should be used in preference to <directive>AddIcon</directive>,
<p><var>MIME-encoding</var> is a valid content-encoding, such as
<code>x-compress</code>.</p>
- <example><title>Example</title>
+ <highlight language="config">
AddIconByEncoding /icons/compress.png x-compress
- </example>
+ </highlight>
</usage>
</directivesynopsis>
<p><var>MIME-type</var> is a wildcard expression matching
required the mime types.</p>
- <example><title>Example</title>
+ <highlight language="config">
AddIconByType (IMG,/icons/image.png) image/*
- </example>
+ </highlight>
</usage>
</directivesynopsis>
<var>Url-path</var> is a (%-escaped) relative URL to the icon,
or a fully qualified remote URL.</p>
- <example><title>Example</title>
+ <highlight language="config">
DefaultIcon /icon/unknown.png
- </example>
+ </highlight>
</usage>
</directivesynopsis>
of the file that will be inserted at the top of the index
listing. <var>Filename</var> is the name of the file to include.</p>
- <example><title>Example</title>
+ <highlight language="config">
HeaderName HEADER.html
- </example>
+ </highlight>
<note>
<p>Both HeaderName and <directive
with a slash, it will be taken to be relative to the <directive
module="core">DocumentRoot</directive>.</p>
- <example><title>Example</title>
+ <highlight language="config">
HeaderName /include/HEADER.html
- </example>
+ </highlight>
<p><var>Filename</var> must resolve to a document with a major
content type of <code>text/*</code> (<em>e.g.</em>,
actual file type (as opposed to its output) is marked as
<code>text/html</code> such as with a directive like:</p>
- <example>
+ <highlight language="config">
AddType text/html .cgi
- </example>
+ </highlight>
<p><a href="../content-negotiation.html">Content negotiation</a>
will be performed if <directive module="core">Options</directive>
files. By default, the list contains <code>.</code> (the current
directory).</p>
- <example>
+ <highlight language="config">
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
- </example>
+ </highlight>
<note><title>Regular Expressions</title>
<p>This directive does not currently work in configuration sections
any files ignored by <directive>IndexIgnore</directive> otherwise
inherited from other configuration sections. </p>
- <example>
- <Directory /var/www>
- IndexIgnore *.bak .??* *~ *# HEADER* README* RCS CVS *,v *,t
- </Directory>
- <Directory /var/www/backups>
- IndexIgnoreReset ON
- IndexIgnore .??* *# HEADER* README* RCS CVS *,v *,t
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /var/www>
+ IndexIgnore *.bak .??* *~ *# HEADER* README* RCS CVS *,v *,t
+</Directory>
+<Directory /var/www/backups>
+ IndexIgnoreReset ON
+ IndexIgnore .??* *# HEADER* README* RCS CVS *,v *,t
+</Directory>
+ </highlight>
<note type="warning"><p> Review the default configuration for a list of
patterns that you might want to explicitly ignore after using this
(It depends on whether the underlying file system
uses Unicode filenames or not.)
- <example><title>Example:</title>
+ <highlight language="config">
IndexOptions Charset=UTF-8
- </example>
+ </highlight>
</dd>
<dt><a name="indexoptions.descriptionwidth"
specify the MIME content-type of the generated page. The default
is <var>text/html</var>.
- <example><title>Example:</title>
+ <highlight language="config">
IndexOptions Type=text/plain
- </example>
+ </highlight>
</dd>
<dt><a name="indexoptions.versionsort"
<li>Multiple <directive>IndexOptions</directive> directives for a
single directory are now merged together. The result of:
- <example>
- <Directory /foo>
- <indent>
- IndexOptions HTMLTable<br />
- IndexOptions SuppressColumnsorting
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /foo>
+ IndexOptions HTMLTable
+ IndexOptions SuppressColumnsorting
+</Directory>
+ </highlight>
<p>will be the equivalent of</p>
- <example>
+ <highlight language="config">
IndexOptions HTMLTable SuppressColumnsorting
- </example>
+ </highlight>
</li>
<li>The addition of the incremental syntax (<em>i.e.</em>, prefixing
clears all inherited options and any incremental settings encountered
so far. Consider the following example:</p>
- <example>
- IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing<br />
- IndexOptions +SuppressSize
- </example>
+ <highlight language="config">
+IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing<br />
+IndexOptions +SuppressSize
+ </highlight>
<p>The net effect is equivalent to <code>IndexOptions FancyIndexing
+SuppressSize</code>, because the unprefixed <code>FancyIndexing</code>
<p>The <directive>IndexStyleSheet</directive> directive sets the name of
the file that will be used as the CSS for the index listing.
</p>
- <example>
- <title>Example</title>
+ <highlight language="config">
IndexStyleSheet "/css/style.css"
- </example>
+ </highlight>
<p>Using this directive in conjunction with <code>IndexOptions
HTMLTable</code> adds a number of CSS classes to the resulting HTML.
<p>The <directive>IndexHeadInsert</directive> directive specifies a
string to insert in the <var><head></var> section of the HTML
generated for the index page.</p>
- <example>
- <title>Example</title>
+ <highlight language="config">
IndexHeadInsert "<link rel=\"sitemap\" href=\"/sitemap.html\">"
- </example>
+ </highlight>
</usage>
</directivesynopsis>
relative to the <directive module="core">DocumentRoot</directive>.
</p>
- <example><title>Example 1</title>
- ReadmeName FOOTER.html
- </example>
+ <highlight language="config">
+# Example 1
+ReadmeName FOOTER.html
+ </highlight>
- <example><title>Example 2</title>
- ReadmeName /include/FOOTER.html
- </example>
+ <highlight language="config">
+# Example 2
+ReadmeName /include/FOOTER.html
+ </highlight>
<p>See also <directive module="mod_autoindex"
>HeaderName</directive>, where this behavior is described in greater
projects / apache / commitdiff