<p>For example, to make the server accept connections on both
port 80 and port 8000, on all interfaces, use:</p>
- <example>
- Listen 80<br />
- Listen 8000
- </example>
+ <highlight language="config">
+Listen 80
+Listen 8000
+ </highlight>
<p>To make the server accept connections on port 80 for one interface,
and port 8000 on another, use</p>
- <example>
- Listen 192.0.2.1:80<br />
- Listen 192.0.2.5:8000
- </example>
+ <highlight language="config">
+Listen 192.0.2.1:80
+Listen 192.0.2.5:8000
+ </highlight>
<p>IPv6 addresses must be enclosed in square brackets, as in the
following example:</p>
- <example>
+ <highlight language="config">
Listen [2001:db8::a00:20ff:fea7:ccea]:80
- </example>
+ </highlight>
<note type="warning"><p>Overlapping <directive
module="mpm_common">Listen</directive> directives will result in a
<directive module="mpm_common">Listen</directive> directives, as in the
following examples:</p>
- <example>
- Listen 0.0.0.0:80<br />
- Listen 192.0.2.1:80
- </example>
+ <highlight language="config">
+Listen 0.0.0.0:80
+Listen 192.0.2.1:80
+ </highlight>
<p>If your platform supports it and you want httpd to handle IPv4 and
IPv6 connections on separate sockets (i.e., to disable IPv4-mapped
<p>You only need to set the protocol if you are running on non-standard
ports. For example, running an <code>https</code> site on port 8443:</p>
- <example>
+ <highlight language="config">
Listen 192.170.2.1:8443 https
- </example>
+ </highlight>
</section>
<section id="virtualhost">
<p>Typically the module will be configured as so;</p>
- <example>
-CacheRoot /var/cache/apache/<br />
-CacheEnable disk /<br />
-CacheDirLevels 2<br />
+ <highlight language="config">
+CacheRoot "/var/cache/apache/"
+CacheEnable disk /
+CacheDirLevels 2
CacheDirLength 1
- </example>
+ </highlight>
<p>Importantly, as the cached files are locally stored, operating system
in-memory caching will typically be applied to their access also. So
instructs httpd to open the file when it is started and to re-use
this file-handle for all subsequent access to this file.</p>
- <example>
+ <highlight language="config">
CacheFile /usr/local/apache2/htdocs/index.html
- </example>
+ </highlight>
<p>If you intend to cache a large number of files in this manner, you
must ensure that your operating system's limit for the number of open
start time (using the mmap system call). httpd will use the in-memory
contents for all subsequent accesses to this file.</p>
- <example>
+ <highlight language="config">
MMapFile /usr/local/apache2/htdocs/index.html
- </example>
+ </highlight>
<p>As with the
<directive module="mod_file_cache">CacheFile</directive> directive, any
defines a file suffix as <code>type-map</code>; this is best done
with</p>
-<example>AddHandler type-map .var</example>
+<highlight language="config">AddHandler type-map .var</highlight>
<p>in the server configuration file.</p>
module="mod_dir">DirectoryIndex</directive> directive, if the
server is trying to index a directory. If the configuration files
specify</p>
-<example>DirectoryIndex index</example>
+<highlight language="config">DirectoryIndex index</highlight>
<p>then the server will arbitrate between <code>index.html</code>
and <code>index.html3</code> if both are present. If neither
are present, and <code>index.cgi</code> is there, the server
the normal negotiation process applies.</p>
<example><title>Example</title>
- SetEnvIf Cookie "language=(.+)" prefer-language=$1<br />
- Header append Vary cookie
+ <highlight language="config">
+SetEnvIf Cookie "language=(.+)" prefer-language=$1
+Header append Vary cookie
+ </highlight>
</example>
</section>
</section>
if <directive module="core">AllowOverride</directive> is set to
FileInfo.</p>
- <example>
- ErrorDocument 500 "Sorry, our script crashed. Oh dear"<br />
- ErrorDocument 500 /cgi-bin/crash-recover<br />
- ErrorDocument 500 http://error.example.com/server_error.html<br />
- ErrorDocument 404 /errors/not_found.html <br />
- ErrorDocument 401 /subscription/how_to_subscribe.html
- </example>
+ <highlight language="config">
+ErrorDocument 500 "Sorry, our script crashed. Oh dear"<br />
+ErrorDocument 500 /cgi-bin/crash-recover<br />
+ErrorDocument 500 http://error.example.com/server_error.html<br />
+ErrorDocument 404 /errors/not_found.html <br />
+ErrorDocument 401 /subscription/how_to_subscribe.html
+ </highlight>
<p>The syntax of the <code>ErrorDocument</code> directive is:</p>
- <example>
+ <highlight language="config">
ErrorDocument <3-digit-code> <action>
- </example>
+ </highlight>
<p>where the action will be treated as:</p>
'REDIRECT_' onto the original header name. This provides the error
document the context of the original request.</p>
- <p>For example, you might recieve, in addition to more usual
+ <p>For example, you might receive, in addition to more usual
environment variables, the following.</p>
<example>
<p>If you point your <code>ErrorDocument</code> to some variety of
dynamic handler such as a server-side include document, CGI
script, or some variety of other handler, you may wish to use the
- available custom environent variables to customize this
+ available custom environment variables to customize this
response.</p>
<p>If the ErrorDocument specifies a local redirect to a CGI
<section id="example">
<title>A Simple Example</title>
- <example>
- # This is a misconfiguration example, do not use on your server <br />
- <VirtualHost www.example.dom> <br />
- ServerAdmin webgirl@example.dom <br />
- DocumentRoot /www/example <br />
- </VirtualHost>
- </example>
+ <highlight language="config">
+# This is a misconfiguration example, do not use on your server
+<VirtualHost www.example.dom>
+ ServerAdmin webgirl@example.dom
+ DocumentRoot /www/example
+</VirtualHost>
+ </highlight>
<p>In order for the server to function properly, it absolutely needs
to have two pieces of information about each virtual host: the
<p>Suppose that <code>www.example.dom</code> has address 192.0.2.1.
Then consider this configuration snippet:</p>
- <example>
- # This is a misconfiguration example, do not use on your server <br />
- <VirtualHost 192.0.2.1> <br />
- ServerAdmin webgirl@example.dom <br />
- DocumentRoot /www/example <br />
- </VirtualHost>
- </example>
+ <highlight language="config">
+# This is a misconfiguration example, do not use on your server
+<VirtualHost 192.0.2.1>
+ ServerAdmin webgirl@example.dom
+ DocumentRoot /www/example
+</VirtualHost>
+ </highlight>
<p>This time httpd needs to use reverse DNS to find the
<code>ServerName</code> for this virtualhost. If that reverse
<p>Here is a snippet that avoids both of these problems:</p>
- <example>
- <VirtualHost 192.0.2.1> <br />
- ServerName www.example.dom <br />
- ServerAdmin webgirl@example.dom <br />
- DocumentRoot /www/example <br />
- </VirtualHost>
- </example>
+ <highlight language="config">
+<VirtualHost 192.0.2.1>
+ ServerName www.example.dom
+ ServerAdmin webgirl@example.dom
+ DocumentRoot /www/example
+</VirtualHost>
+ </highlight>
</section>
<section id="denial">
<p>Consider this configuration snippet:</p>
- <example>
- <VirtualHost www.example1.dom><br />
- <indent>
- ServerAdmin webgirl@example1.dom<br />
- DocumentRoot /www/example1<br />
- </indent>
- </VirtualHost><br />
- <br />
- <VirtualHost www.example2.dom><br />
- <indent>
- ServerAdmin webguy@example2.dom<br />
- DocumentRoot /www/example2<br />
- </indent>
- </VirtualHost>
- </example>
+ <highlight language="config">
+<VirtualHost www.example1.dom>
+ ServerAdmin webgirl@example1.dom
+ DocumentRoot /www/example1
+</VirtualHost>
+<VirtualHost www.example2.dom>
+ ServerAdmin webguy@example2.dom
+ DocumentRoot /www/example2
+</VirtualHost>
+ </highlight>
<p>Suppose that you've assigned 192.0.2.1 to
<code>www.example1.dom</code> and 192.0.2.2 to
</module> and <module>mod_header</module> allows you to still accept
these headers:</p>
-<example>
-# <br />
-# The following works around a client sending a broken Accept_Encoding<br />
-# header.<br />
-#<br />
-SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1<br />
+<highlight language="config">
+#
+# The following works around a client sending a broken Accept_Encoding
+# header.
+#
+SetEnvIfNoCase ^Accept.Encoding$ ^(.*)$ fix_accept_encoding=$1
RequestHeader set Accept-Encoding %{fix_accept_encoding}e env=fix_accept_encoding
-</example>
+</highlight>
</section>
httpd.conf to deal with known client problems. Since the affected clients
are no longer seen in the wild, this configuration is likely no-longer
necessary.</p>
-<example>
-#<br />
-# The following directives modify normal HTTP response behavior.<br />
-# The first directive disables keepalive for Netscape 2.x and browsers that<br />
-# spoof it. There are known problems with these browser implementations.<br />
-# The second directive is for Microsoft Internet Explorer 4.0b2<br />
-# which has a broken HTTP/1.1 implementation and does not properly<br />
-# support keepalive when it is used on 301 or 302 (redirect) responses.<br />
-#<br />
-BrowserMatch "Mozilla/2" nokeepalive<br />
-BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0<br />
-<br />
-#<br />
-# The following directive disables HTTP/1.1 responses to browsers which<br />
-# are in violation of the HTTP/1.0 spec by not being able to understand a<br />
-# basic 1.1 response.<br />
-#<br />
-BrowserMatch "RealPlayer 4\.0" force-response-1.0<br />
-BrowserMatch "Java/1\.0" force-response-1.0<br />
+<highlight language="config">
+#
+# The following directives modify normal HTTP response behavior.
+# The first directive disables keepalive for Netscape 2.x and browsers that
+# spoof it. There are known problems with these browser implementations.
+# The second directive is for Microsoft Internet Explorer 4.0b2
+# which has a broken HTTP/1.1 implementation and does not properly
+# support keepalive when it is used on 301 or 302 (redirect) responses.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+
+#
+# The following directive disables HTTP/1.1 responses to browsers which
+# are in violation of the HTTP/1.0 spec by not being able to understand a
+# basic 1.1 response.
+#
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0
-</example>
+</highlight>
</section>
<section id="no-img-log">
particular directories, or to prevent logging of requests
coming from particular hosts.</p>
- <example>
- SetEnvIf Request_URI \.gif image-request<br />
- SetEnvIf Request_URI \.jpg image-request<br />
- SetEnvIf Request_URI \.png image-request<br />
- CustomLog logs/access_log common env=!image-request
- </example>
+ <highlight language="config">
+SetEnvIf Request_URI \.gif image-request
+SetEnvIf Request_URI \.jpg image-request
+SetEnvIf Request_URI \.png image-request
+CustomLog logs/access_log common env=!image-request
+ </highlight>
</section>
<section id="image-theft">
in limited circumstances. We assume that all your images are in
a directory called <code>/web/images</code>.</p>
- <example>
- SetEnvIf Referer "^http://www\.example\.com/" local_referal<br />
- # Allow browsers that do not send Referer info<br />
- SetEnvIf Referer "^$" local_referal<br />
- <Directory /web/images><br />
- <indent>
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from env=local_referal
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+SetEnvIf Referer "^http://www\.example\.com/" local_referal
+# Allow browsers that do not send Referer info
+SetEnvIf Referer "^$" local_referal
+<Directory /web/images>
+ Order Deny,Allow
+ Deny from all
+ Allow from env=local_referal
+</Directory>
+ </highlight>
<p>For more information about this technique, see the
"<a href="http://www.serverwatch.com/tutorials/article.php/1132731"
<seealso><module>mod_include</module></seealso>
<section id="grammar">
- <title>Grammar in Backus–Naur Form notation</title>
- <p><a href="http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_Form">Backus–Naur Form</a> (BNF) is a notation
+ <title>Grammar in Backus-Naur Form notation</title>
+ <p><a href="http://en.wikipedia.org/wiki/Backus%E2%80%93Naur_Form">Backus-Naur Form</a> (BNF) is a notation
technique for context-free grammars, often used to describe the syntax of languages used in computing.
</p>
<blockquote>
<title>Example expressions</title>
<p>The following examples show how expressions might be used to evaluate requests:</p>
<!-- This section should probably be extended with more, useful examples -->
- <example>
- # Compare the host name to example.com and redirect to www.example.com if it matches<br />
- <If "%{HTTP_HOST} == 'example.com'"><br />
- <indent>
- Redirect permanent / http://www.example.com<br />
- </indent>
- </If><br /><br />
- # Force text/plain if requesting a file with the query string contains 'forcetext'<br />
- <If "%{QUERY_STRING} =~ /forcetext/"><br />
- <indent>
- ForceType text/plain<br />
- </indent>
- </If><br /><br />
- # Only allow access to this content during business hours<br />
- <Directory "/foo/bar/business"><br />
- <indent>
- Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17 <br />
- </indent>
- </Directory>
- </example>
+ <highlight language="config">
+# Compare the host name to example.com and redirect to www.example.com if it matches
+<If "%{HTTP_HOST} == 'example.com'">
+ Redirect permanent / http://www.example.com
+</If>
+
+# Force text/plain if requesting a file with the query string contains 'forcetext'
+<If "%{QUERY_STRING} =~ /forcetext/">
+ ForceType text/plain
+</If>
+
+# Only allow access to this content during business hours
+<Directory "/foo/bar/business">
+ Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17
+</Directory>
+ </highlight>
</section>
<section id="other">
<module>mod_substitute</module>
<module>mod_xml2enc</module>
<module>mod_proxy_html</module>
+ <module>mod_policy</module>
</modulelist>
<directivelist>
<directive module="mod_filter">FilterChain</directive>
be written as "<code>/images/.*(jpg|gif)$</code>". In places where
regular expressions are used to replace strings, the special variables
$1 ... $9 contain backreferences to the grouped parts (in parentheses) of
- the matched expression. The special variable $0 contains a backerference
+ the matched expression. The special variable $0 contains a backreference
to the whole matched expression. To write a literal dollar sign in a
replacement string, it can be escaped with a backslash. Historically, the
variable & could be used as alias for $0 in some places. This is no
the <code>html</code> extension to trigger the launch of the
<code>footer.pl</code> CGI script.</p>
- <example>
- Action add-footer /cgi-bin/footer.pl<br/>
- AddHandler add-footer .html
- </example>
+ <highlight language="config">
+Action add-footer /cgi-bin/footer.pl
+AddHandler add-footer .html
+ </highlight>
<p>Then the CGI script is responsible for sending the
originally requested document (pointed to by the
the <code>send-as-is</code> handler, regardless of their
filename extensions.</p>
- <example>
- <Directory /web/htdocs/asis><br/>
- SetHandler send-as-is<br/>
- </Directory>
- </example>
+ <highlight language="config">
+<Directory /web/htdocs/asis>
+ SetHandler send-as-is
+</Directory>
+ </highlight>
</section>
</section>
you may wish to make use of. Specifically, a new record has
been added to the <code>request_rec</code> structure:</p>
- <example>
+ <highlight language="c">
char *handler
- </example>
+ </highlight>
<p>If you wish to have your module engage a handler, you need
only to set <code>r->handler</code> to the name of the
you may have to install the corresponding <code>-dev</code>
package to allow httpd to build against your installed copy
of PCRE.</dd>
-
+
<dt>Disk Space</dt>
<dd>Make sure you have at least 50 MB of temporary free disk
space available. After installation the server occupies
major releases (for example, from 2.0 to 2.2 or from 2.2 to 2.3),
there will likely be major differences in the compile-time and
run-time configuration that will require manual adjustments. All
- modules will also need to be upgraded to accomodate changes in the
+ modules will also need to be upgraded to accommodate changes in the
module API.</p>
<p>Upgrading from one minor version to the next (for example, from
<p>Do this by specifying the name of the module in your
<directive>LogLevel</directive> directive:</p>
- <example>
+ <highlight language="config">
LogLevel info rewrite:trace5
- </example>
+ </highlight>
<p>This sets the main <directive>LogLevel</directive> to info, but
turns it up to <code>trace5</code> for
<p>A typical configuration for the access log might look as
follows.</p>
- <example>
- LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
- CustomLog logs/access_log common
- </example>
+ <highlight language="config">
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+CustomLog logs/access_log common
+ </highlight>
<p>This defines the <em>nickname</em> <code>common</code> and
associates it with a particular log format string. The format
<p>Another commonly used format string is called the Combined
Log Format. It can be used as follows.</p>
- <example>
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
- \"%{User-agent}i\"" combined<br />
- CustomLog log/access_log combined
- </example>
+ <highlight language="config">
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
+CustomLog log/access_log combined
+ </highlight>
<p>This format is exactly the same as the Common Log Format,
with the addition of two more fields. Each of the additional
to mimic the effects of the <code>ReferLog</code> and <code
>AgentLog</code> directives.</p>
- <example>
- LogFormat "%h %l %u %t \"%r\" %>s %b" common<br />
- CustomLog logs/access_log common<br />
- CustomLog logs/referer_log "%{Referer}i -> %U"<br />
- CustomLog logs/agent_log "%{User-agent}i"
- </example>
+ <highlight language="config">
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+CustomLog logs/access_log common
+CustomLog logs/referer_log "%{Referer}i -> %U"
+CustomLog logs/agent_log "%{User-agent}i"
+ </highlight>
<p>This example also shows that it is not necessary to define a
nickname with the <directive
include or exclude requests where the environment variable is
set. Some examples:</p>
- <example>
- # Mark requests from the loop-back interface<br />
- SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog<br />
- # Mark requests for the robots.txt file<br />
- SetEnvIf Request_URI "^/robots\.txt$" dontlog<br />
- # Log what remains<br />
- CustomLog logs/access_log common env=!dontlog
- </example>
+ <highlight language="config">
+# Mark requests from the loop-back interface
+SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
+# Mark requests for the robots.txt file
+SetEnvIf Request_URI "^/robots\.txt$" dontlog
+# Log what remains
+CustomLog logs/access_log common env=!dontlog
+ </highlight>
<p>As another example, consider logging requests from
english-speakers to one log file, and non-english speakers to a
different log file.</p>
- <example>
+ <highlight language="config">
SetEnvIf Accept-Language "en" english<br />
CustomLog logs/english_log common env=english<br />
CustomLog logs/non_english_log common env=!english
- </example>
+ </highlight>
<p>In a caching scenario one would want to know about
the efficiency of the cache. A very simple method to
find this out would be:</p>
- <example>
- SetEnv CACHE_MISS 1<br />
- LogFormat "%h %l %u %t "%r " %>s %b %{CACHE_MISS}e" common-cache<br />
- CustomLog logs/access_log common-cache
- </example>
+ <highlight language="config">
+SetEnv CACHE_MISS 1
+LogFormat "%h %l %u %t "%r " %>s %b %{CACHE_MISS}e" common-cache
+CustomLog logs/access_log common-cache
+ </highlight>
<p><module>mod_cache</module> will run before
<module>mod_env</module> and when successfull will deliver the
module="mod_log_config">LogFormat</directive> supports logging values
conditional upon the HTTP response code:</p>
- <example>
- LogFormat "%400,501{User-agent}i" browserlog<br />
- LogFormat "%!200,304,302{Referer}i" refererlog
- </example>
+ <highlight language="config">
+LogFormat "%400,501{User-agent}i" browserlog
+LogFormat "%!200,304,302{Referer}i" refererlog
+ </highlight>
<p>In the first example, the <code>User-agent</code> will be
logged if the HTTP status code is 400 or 501. In other cases, a
for this purpose. For example, to rotate the logs every 24 hours, you
can use:</p>
- <example>
- CustomLog "|/usr/local/apache/bin/rotatelogs
- /var/log/access_log 86400" common
- </example>
+ <highlight language="config">
+ CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common
+ </highlight>
<p>Notice that quotes are used to enclose the entire command
that will be called for the pipe. Although these examples are
a shell. Use "<code>|$</code>" instead of "<code>|</code>"
to spawn using a shell (usually with <code>/bin/sh -c</code>):</p>
- <example>
- # Invoke "rotatelogs" using a shell<br />
- CustomLog "|$/usr/local/apache/bin/rotatelogs
- /var/log/access_log 86400" common
- </example>
+ <highlight language="config">
+# Invoke "rotatelogs" using a shell
+CustomLog "|$/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common
+ </highlight>
<p>This was the default behaviour for Apache 2.2.
Depending on the shell specifics this might lead to
later split the log into individual files. For example,
consider the following directives.</p>
- <example>
- LogFormat "%v %l %u %t \"%r\" %>s %b"
- comonvhost<br />
- CustomLog logs/access_log comonvhost
- </example>
+ <highlight language="config">
+LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost
+CustomLog logs/access_log comonvhost
+ </highlight>
<p>The <code>%v</code> is used to log the name of the virtual
host that is serving the request. Then a program like <a
to another site only if the server is started using
<code>httpd -DClosedForNow</code>:</p>
-<example>
-<IfDefine ClosedForNow><br />
-Redirect / http://otherserver.example.com/<br />
+<highlight language="config">
+<IfDefine ClosedForNow>
+ Redirect / http://otherserver.example.com/
</IfDefine>
-</example>
+</highlight>
<p>The <directive type="section" module="core">IfModule</directive>
directive is very similar, except it encloses directives that will
module="mod_mime_magic">MimeMagicFile</directive> directive will be
applied only if <module>mod_mime_magic</module> is available.</p>
-<example>
-<IfModule mod_mime_magic.c><br />
-MimeMagicFile conf/magic<br />
+<highlight language="config">
+<IfModule mod_mime_magic.c>
+ MimeMagicFile conf/magic
</IfModule>
-</example>
+</highlight>
<p>The <directive type="section" module="mod_version">IfVersion</directive>
directive is very similar to <directive type="section"
module is designed for the use in test suites and large networks which have to
deal with different httpd versions and different configurations.</p>
-<example>
- <IfVersion >= 2.1><br />
- <indent>
- # this happens only in versions greater or<br />
- # equal 2.1.0.<br />
- </indent>
+<highlight language="config">
+ <IfVersion >= 2.1>
+ # this happens only in versions greater or
+ # equal 2.1.0.
</IfVersion>
-</example>
+</highlight>
<p><directive type="section" module="core">IfDefine</directive>,
<directive type="section" module="core">IfModule</directive>, and the
following configuration, directory indexes will be enabled for the
<code>/var/web/dir1</code> directory and all subdirectories.</p>
-<example>
-<Directory /var/web/dir1><br />
-Options +Indexes<br />
+<highlight language="config">
+<Directory /var/web/dir1>
+ Options +Indexes
</Directory>
-</example>
+</highlight>
<p>Directives enclosed in a <directive type="section"
module="core">Files</directive> section apply to any file with
deny access to any file named <code>private.html</code> regardless
of where it is found.</p>
-<example>
-<Files private.html><br />
-Order allow,deny<br />
-Deny from all<br />
+<highlight language="config">
+<Files private.html>
+ Order allow,deny
+ Deny from all
</Files>
-</example>
+</highlight>
<p>To address files found in a particular part of the filesystem, the
<directive type="section" module="core">Files</directive> and
of <code>private.html</code> found under the <code>/var/web/dir1/</code>
directory.</p>
-<example>
-<Directory /var/web/dir1><br />
-<Files private.html><br />
-Order allow,deny<br />
-Deny from all<br />
-</Files><br />
+<highlight language="config">
+<Directory /var/web/dir1>
+ <Files private.html>
+ Order allow,deny
+ Deny from all
+ </Files>
</Directory>
-</example>
+</highlight>
</section>
<section id="webspace"><title>Webspace Containers</title>
<code>http://yoursite.example.com/private/dir/file.html</code> as well
as any other requests starting with the <code>/private</code> string.</p>
-<example>
-<LocationMatch ^/private><br />
-Order Allow,Deny<br />
-Deny from all<br />
+<highlight language="config">
+<LocationMatch ^/private>
+ Order Allow,Deny
+ Deny from all
</Location>
-</example>
+</highlight>
<p>The <directive type="section" module="core">Location</directive>
directive need not have anything to do with the filesystem.
No file called <code>server-status</code> needs to exist in the
filesystem.</p>
-<example>
-<Location /server-status><br />
-SetHandler server-status<br />
+<highlight language="config">
+<Location /server-status>
+ SetHandler server-status
</Location>
-</example>
+</highlight>
</section>
<section id="overlapping-webspace"><title>Overlapping Webspace</title>
<p>In order to have two overlapping URLs one has to consider the order in which
certain sections or directives are evaluated. For
<directive type="section" module="core">Location</directive> this would be:</p>
-<example>
-<Location /foo><br />
-</Location><br />
-<Location /foo/bar><br />
+<highlight language="config">
+<Location /foo>
+</Location>
+<Location /foo/bar>
</Location>
-</example>
+</highlight>
<p><directive type="section" module="mod_alias">Alias</directive>es on the other hand,
are mapped vice-versa:</p>
-<example>
-Alias /foo/bar /srv/www/uncommon/bar<br />
-Alias /foo /srv/www/common/foo<br />
-</example>
+<highlight language="config">
+Alias /foo/bar /srv/www/uncommon/bar
+Alias /foo /srv/www/common/foo
+</highlight>
<p>The same is true for the <directive module="mod_proxy">ProxyPass</directive>
directives:</p>
-<example>
-ProxyPass /special-area http://special.example.com smax=5 max=10<br />
+<highlight language="config">
+ProxyPass /special-area http://special.example.com smax=5 max=10
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On
-</example>
+</highlight>
</section>
<section id="wildcards"><title>Wildcards and Regular Expressions</title>
<p>A non-regex wildcard section that changes the configuration of
all user directories could look as follows:</p>
-<example>
-<Directory /home/*/public_html><br />
-Options Indexes<br />
+<highlight language="config">
+<Directory /home/*/public_html>
+ Options Indexes
</Directory>
-</example>
+</highlight>
<p>Using regex sections, we can deny access to many types of image files
at once:</p>
-<example>
-<FilesMatch \.(?i:gif|jpe?g|png)$><br />
-Order allow,deny<br />
-Deny from all<br />
+<highlight language="config">
+<FilesMatch \.(?i:gif|jpe?g|png)$>
+ Order allow,deny
+ Deny from all
</FilesMatch>
-</example>
+</highlight>
</section>
expressed by a boolean expression. For example, the following configuration
denies access if the HTTP Referer header does not start with
"http://www.example.com/".</p>
-<example>
-<If "!(%{HTTP_REFERER} -strmatch 'http://www.example.com/*')"><br />
-Require all denied<br />
+<highlight language="config">
+<If "!(%{HTTP_REFERER} -strmatch 'http://www.example.com/*')">
+ Require all denied
</If>
-</example>
+</highlight>
</section>
location, allowing your restrictions to be circumvented.
For example, consider the following configuration:</p>
-<example>
-<Location /dir/><br />
-Order allow,deny<br />
-Deny from all<br />
+<highlight language="config">
+<Location /dir/>
+ Order allow,deny
+ Deny from all
</Location>
-</example>
+</highlight>
<p>This works fine if the request is for
<code>http://yoursite.example.com/dir/</code>. But what if you are on
will prevent the proxy server from being used to access the
<code>www.example.com</code> website.</p>
-<example>
-<Proxy http://www.example.com/*><br />
-Order allow,deny<br />
-Deny from all<br />
+<highlight language="config">
+<Proxy http://www.example.com/*>
+ Order allow,deny
+ Deny from all
</Proxy>
-</example>
+</highlight>
</section>
<section id="whatwhere"><title>What Directives are Allowed?</title>
this example will be applied in the order A > B > C > D >
E.</p>
-<example>
-<Location /><br />
-E<br />
-</Location><br />
-<br />
-<Files f.html><br />
-D<br />
-</Files><br />
-<br />
-<VirtualHost *><br />
-<Directory /a/b><br />
-B<br />
-</Directory><br />
-</VirtualHost><br />
-<br />
-<DirectoryMatch "^.*b$"><br />
-C<br />
-</DirectoryMatch><br />
-<br />
-<Directory /a/b><br />
-A<br />
-</Directory><br />
-<br />
-</example>
+<highlight language="config">
+<Location />
+ E
+</Location>
+
+<Files f.html>
+ D
+</Files>
+
+<VirtualHost *>
+<Directory /a/b>
+ B
+</Directory>
+</VirtualHost>
+
+<DirectoryMatch "^.*b$">
+ C
+</DirectoryMatch>
+
+<Directory /a/b>
+ A
+</Directory>
+
+</highlight>
<p>For a more concrete example, consider the following. Regardless of
any access restrictions placed in <directive module="core"
evaluated last and will allow unrestricted access to the server. In
other words, order of merging is important, so be careful!</p>
-<example>
-<Location /><br />
-Order deny,allow<br />
-Allow from all<br />
-</Location><br />
-<br />
-# Woops! This <Directory> section will have no effect<br />
-<Directory /><br />
-Order allow,deny<br />
-Allow from all<br />
-Deny from badguy.example.com<br />
+<highlight language="config">
+<Location />
+ Order deny,allow
+ Allow from all
+</Location>
+
+# Woops! This <Directory> section will have no effect
+<Directory />
+ Order allow,deny
+ Allow from all
+ Deny from badguy.example.com
</Directory>
-</example>
+</highlight>
</section>
<p>The only configuration required is to select which cache provider
to use. This is the responsibility of modules using the cache, and
they enable selection using directives such as
+ <directive module="mod_cache_socache">CacheSocache</directive>,
<directive module="mod_authn_socache">AuthnCacheSOCache</directive>,
<directive module="mod_ssl">SSLSessionCache</directive>, and
<directive module="mod_ssl">SSLStaplingCache</directive>.</p>
<p class="indent">
If it doesn't exist, it can't very well contain files. If we
- can't change directory to it, it might aswell not exist.
+ can't change directory to it, it might as well not exist.
</p>
</li>
<p>If for example, your web server is configured to run as:</p>
- <example>
- User www<br />
- Group webgroup<br />
- </example>
+ <highlight language="config">
+User www
+Group webgroup
+ </highlight>
<p>and <program>suexec</program> is installed at
"/usr/local/apache2/bin/suexec", you should run:</p>
<li>configure: the "reallyall" module set adds developer modules
to the "all" set</li>
-
- <li>apr and apr-util: APR and APR-Util are no longer bundled with
- Apache httpd 2.4. You can either use already installed versions or
- continue to use <code>--with-included-apr</code> after downloading
- (from <a href="http://apr.apache.org/">Apache APR</a>) and unpacking
- apr/apr-util into <code>./srclib/</code></li>
</ul>
</section>
<p>In this example, all requests are denied.</p>
<example>
<title>2.2 configuration:</title>
- Order deny,allow<br />
- Deny from all
+ <highlight language="config">
+Order deny,allow
+Deny from all
+ </highlight>
</example>
<example>
<title>2.4 configuration:</title>
+ <highlight language="config">
Require all denied
+ </highlight>
</example>
<p>In this example, all requests are allowed.</p>
<example>
<title>2.2 configuration:</title>
- Order allow,deny<br />
- Allow from all
+ <highlight language="config">
+Order allow,deny
+Allow from all
+ </highlight>
</example>
<example>
<title>2.4 configuration:</title>
+ <highlight language="config">
Require all granted
+ </highlight>
</example>
<p>In the following example, all hosts in the example.org domain
<example>
<title>2.2 configuration:</title>
- Order Deny,Allow<br />
- Deny from all<br />
- Allow from example.org
+ <highlight language="config">
+Order Deny,Allow
+Deny from all
+Allow from example.org
+ </highlight>
</example>
<example>
<title>2.4 configuration:</title>
+ <highlight language="config">
Require host example.org
+ </highlight>
</example>
</section>
module="mod_alias">Alias</directive> directive will map any part
of the filesystem into the web space. For example, with</p>
-<example>Alias /docs /var/web</example>
+<highlight language="config">Alias /docs /var/web</highlight>
<p>the URL <code>http://www.example.com/docs/dir/file.html</code>
will be served from <code>/var/web/dir/file.html</code>. The
expression</glossary> based matching and substitution. For
example,</p>
-<example>ScriptAliasMatch ^/~([a-zA-Z0-9]+)/cgi-bin/(.+)
- /home/$1/cgi-bin/$2</example>
+ <highlight language="config">
+ ScriptAliasMatch ^/~([a-zA-Z0-9]+)/cgi-bin/(.+) /home/$1/cgi-bin/$2
+ </highlight>
<p>will map a request to
<code>http://example.com/~user/cgi-bin/script.cgi</code> to the
<code>/home/user/public_html/file.html</code>, use the following
<code>AliasMatch</code> directive:</p>
-<example>AliasMatch ^/upages/([a-zA-Z0-9]+)(/(.*))?$
- /home/$1/public_html/$3</example>
+ <highlight language="config">
+ AliasMatch ^/upages/([a-zA-Z0-9]+)(/(.*))?$ /home/$1/public_html/$3
+ </highlight>
</section>
<section id="redirect"><title>URL Redirection</title>
to the new directory <code>/bar/</code>, you can instruct clients
to request the content at the new location as follows:</p>
-<example>Redirect permanent /foo/
- http://www.example.com/bar/</example>
+ <highlight language="config">
+ Redirect permanent /foo/ http://www.example.com/bar/
+ </highlight>
<p>This will redirect any URL-Path starting in
<code>/foo/</code> to the same URL path on the
for the site home page to a different site, but leave all other
requests alone, use the following configuration:</p>
-<example>RedirectMatch permanent ^/$
- http://www.example.com/startpage.html</example>
+ <highlight language="config">
+ RedirectMatch permanent ^/$ http://www.example.com/startpage.html
+ </highlight>
<p>Alternatively, to temporarily redirect all pages on one site
to a particular page on another site, use the following:</p>
-<example>RedirectMatch temp .*
- http://othersite.example.com/startpage.html</example>
+ <highlight language="config">
+ RedirectMatch temp .* http://othersite.example.com/startpage.html
+ </highlight>
</section>
<section id="proxy"><title>Reverse Proxy</title>
and returns them to the client as if they were from the local
server.</p>
-<example>
+<highlight language="config">
ProxyPass /foo/ http://internal.example.com/bar/<br />
ProxyPassReverse /foo/ http://internal.example.com/bar/<br />
ProxyPassReverseCookieDomain internal.example.com public.example.com<br />
ProxyPassReverseCookiePath /foo/ /bar/
-</example>
+</highlight>
<p>The <directive module="mod_proxy">ProxyPass</directive> configures
the server to fetch the appropriate documents, while the
content) in a page as it is being served to the client using
<module>mod_substitute</module>.</p>
-<example>
+<highlight language="config">
Substitute s/internal\.example\.com/www.example.com/i
-</example>
+</highlight>
-<p>For more sophisticated rewriting of links in HTML and XHTML, the
+<p>For more sophisticated rewriting of links in HTML and XHTML, the
<module>mod_proxy_html</module> module is also available. It allows you
to create maps of URLs that need to be rewritten, so that complex
proxying scenarios can be handled.</p>
projects / apache / commitdiff