From: Astrid Malo Date: Thu, 19 Dec 2002 22:03:46 +0000 (+0000) Subject: - some markup improvement X-Git-Tag: pre_ajp_proxy~2379 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=151cb4dd6fd364c025de6ff6f70dece79aff3219;p=apache - some markup improvement - normalize notation of directive arguments - document ScriptInterpreterSource registry-strict - some odds and ends git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98046 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/core.html.en b/docs/manual/mod/core.html.en index 743d9cc3be..46b0db3618 100644 --- a/docs/manual/mod/core.html.en +++ b/docs/manual/mod/core.html.en @@ -106,43 +106,44 @@ available pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made - available to scripts in the PATH_INFO environment variable.

+ available to scripts in the PATH_INFO environment + variable.

For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect - /more as PATH_INFO.

+ /more as PATH_INFO.

The three possible arguments for the AcceptPathInfo directive are:

-
off
A request will only be accepted if it +
Off
A request will only be accepted if it maps to a literal path that exists. Therefore a request with trailing pathname information after the true filename such as /test/here.html/more in the above example will return a 404 NOT FOUND error.
-
on
A request will be accepted if a +
On
A request will be accepted if a leading path component maps to a file that exists. The above example /test/here.html/more will be accepted if /test/here.html maps to a valid file.
- -
default
The treatment of requests with + +
Default
The treatment of requests with trailing pathname information is determined by the handler responsible for the request. - The core handler for normal files defaults to rejecting PATH_INFO. - Handlers that serve scripts, such as cgi-script and isapi-isa, generally accept PATH_INFO by - default.
+ The core handler for normal files defaults to rejecting + PATH_INFO. Handlers that serve scripts, such as cgi-script and isapi-isa, generally accept + PATH_INFO by default.

The primary purpose of the AcceptPathInfo directive is to allow you to override the handler's choice of - accepting or rejecting PATH_INFO. This override is required, for - example, when you use a filter, such + accepting or rejecting PATH_INFO. This override is required, + for example, when you use a filter, such as INCLUDES, to generate content - based on PATH_INFO. The core handler would usually reject the - request, so you can use the following configuration to enable + based on PATH_INFO. The core handler would usually reject + the request, so you can use the following configuration to enable such a script:

@@ -230,8 +231,8 @@ response without an explicit character set

AddOutputFilterByType Directive

- + @@ -241,10 +242,11 @@ response without an explicit character set

This directive activates a particular output filter for a request depending on the response MIME-type.

-

The following example uses the DEFLATE filter, which is provided by - mod_deflate. It will compress all output (either static - or dynamic) which is labeled as text/html or - text/plain before it is sent to the client.

+

The following example uses the DEFLATE filter, which + is provided by mod_deflate. It will compress all + output (either static or dynamic) which is labeled as + text/html or text/plain before it is sent + to the client.

AddOutputFilterByType DEFLATE text/html text/plain @@ -256,8 +258,9 @@ response without an explicit character set them.

The configuration below causes all script output labeled as - text/html to be processed at first by the INCLUDES filter - and then by the DEFLATE filter.

+ text/html to be processed at first by the + INCLUDES filter and then by the DEFLATE + filter.

<Location /cgi-bin/>
@@ -294,31 +297,32 @@ response without an explicit character set

Description:assigns an output filter to a particular MIME-type
Syntax:AddOutputFilterByType filter[;filter...] MIME-type -[MIME-type] ...
Syntax:AddOutputFilterByType filter[;filter...] +MIME-type [MIME-type] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
-
Description:Types of directives that are allowed in .htaccess files
Syntax:AllowOverride All|None|directive-type +
Syntax:AllowOverride All|None|directive-type [directive-type] ...
Default:AllowOverride All
Context:directory
Status:Core
Module:core
-

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know - which directives declared in that file can override earlier - access information.

+

When the server finds an .htaccess file (as + specified by AccessFileName) + it needs to know which directives declared in that file can override + earlier access information.

Only available in Directory sections

AllowOverride is valid only in - <Directory> + <Directory> sections, not in <Location> or <Files> sections.

When this directive is set to None, then - .htaccess files are completely ignored. In this case, the - server will not even attempt to read .htaccess files in the - filesystem.

+ .htaccess files are completely ignored. + In this case, the server will not even attempt to read + .htaccess files in the filesystem.

When this directive is set to All, then any directive which has the .htaccess Context is allowed in - .htaccess files.

+ .htaccess files.

The directive-type can be one of the following groupings of directives.

@@ -442,9 +446,9 @@ and Access Control
top

CGIMapExtension Directive

- - + @@ -453,8 +457,10 @@ scripts
Description:Technique for locating the interpreter for CGI +
Description:Technique for locating the interpreter for CGI scripts
Syntax:CGIMapExtension cgi-path .extension
Syntax:CGIMapExtension cgi-path .extension
Default:None
Context:directory, .htaccess
Override:FileInfo
Compatibility:NetWare only

This directive is used to control how Apache finds the - interpreter used to run CGI scripts. For example, setting CGIMapExtension sys:\foo.nlm .foo will - cause all CGI script files with a .foo extension to be passed to the FOO interpreter.

+ interpreter used to run CGI scripts. For example, setting + CGIMapExtension sys:\foo.nlm .foo will + cause all CGI script files with a .foo extension to be passed to the + FOO interpreter.

top
@@ -462,8 +468,8 @@ scripts - - + + @@ -492,9 +498,9 @@ headers values are not cached).

Content-MD5 is only sent for documents served - by the core, and not by any module. For example, SSI documents, - output from CGI scripts, and byte range responses do not have - this header.

+ by the core, and not by any module. For example, + SSI documents, output from CGI scripts, and byte range responses + do not have this header.

top
@@ -522,7 +528,7 @@ server cannot determine a type in any other way

would be appropriate for a directory which contained many gif - images with filenames missing the .gif extension.

+ images with filenames missing the .gif extension.

Note that unlike ForceType, this directive is only provides the default mime-type. All other mime-type definitions, @@ -547,10 +553,10 @@ named file-system directory and sub-directories sub-directories of that directory. Any directive that is allowed in a directory context may be used. Directory-path is either the full path to a directory, or a wild-card string using - Unix shell-style matching. In a wild-card string, `?' matches any - single character, and `*' matches any sequences of characters. - You may also use `[]' character ranges. None of the wildcards - match a `/' character, so <Directory + Unix shell-style matching. In a wild-card string, ? matches + any single character, and * matches any sequences of + characters. You may also use [] character ranges. None + of the wildcards match a `/' character, so <Directory /*/public_html> will not match /home/user/public_html, but <Directory /home/*/public_html> will match. Example:

@@ -567,8 +573,8 @@ named file-system directory and sub-directories

Be careful with the directory-path arguments: They have to literally match the filesystem path which Apache uses to access the files. Directives applied to a particular - <Directory> will not apply to files accessed from that same - directory via a different path, such as via different symbolic + <Directory> will not apply to files accessed from + that same directory via a different path, such as via different symbolic links.

@@ -580,8 +586,8 @@ named file-system directory and sub-directories <Directory ~ "^/www/.*/[0-9]{3}">

-

would match directories in /www/ that consisted of three - numbers.

+

would match directories in /www/ that consisted of + three numbers.

If multiple (non-regular expression) directory sections match the directory (or its parents) containing a document, @@ -631,13 +637,13 @@ named file-system directory and sub-directories

The regular expression section won't be considered until after - all normal <Directory>s and .htaccess files - have been applied. Then the regular expression will match on + all normal <Directory>s and .htaccess + files have been applied. Then the regular expression will match on /home/abc/public_html/abc and be applied.

Note that the default Apache access for - <Directory /> is Allow from All. This means - that Apache will serve any file mapped from an URL. It is + <Directory /> is Allow from All. + This means that Apache will serve any file mapped from an URL. It is recommended that you change this with a block such as

@@ -652,11 +658,10 @@ named file-system directory and sub-directories

and then override this for directories you want accessible. See the Security Tips page for more - details.

+ details.

-

The directory sections typically occur in - the access.conf file, but they may appear in any configuration - file. <Directory> directives +

The directory sections occur in the httpd.conf file. + <Directory> directives cannot nest, and cannot appear in a <Limit> or <LimitExcept> section.

See also

@@ -713,10 +718,10 @@ from the web
Description:Enables the generation of Content-MD5 HTTP Response headers
Syntax:ContentDigest on|off
Default:ContentDigest off
Syntax:ContentDigest On|Off
Default:ContentDigest Off
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Core
Status:Core
Module:core
-

This directive sets the directory from which httpd will - serve files. Unless matched by a directive like Alias, the - server appends the path from the requested URL to the document - root to make the path to the document. Example:

+

This directive sets the directory from which httpd + will serve files. Unless matched by a directive like Alias, the server appends the + path from the requested URL to the document root to make the + path to the document. Example:

DocumentRoot /usr/web @@ -739,18 +744,18 @@ Location

EnableMMAP Directive

- - + +
Description:Use memory-mapping to read files during delivery
Syntax:EnableMMAP on|off
Default:EnableMMAP on
Syntax:EnableMMAP On|Off
Default:EnableMMAP On
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
-

This directive controls whether the httpd may use +

This directive controls whether the httpd may use memory-mapping if it needs to read the contents of a file during delivery. By default, when the handling of a request requires - access to the data within a file-- for example, when delivering a - server-parsed file using mod_include-- Apache + access to the data within a file -- for example, when delivering a + server-parsed file using mod_include -- Apache memory-maps the file if the OS supports it.

This memory-mapping sometimes yields a performance improvement. @@ -759,17 +764,18 @@ Location

  • On some multiprocessor systems, memory-mapping can reduce the - performance of the httpd.
    • + performance of the httpd.
  • With an NFS-mounted DocumentRoot, - the httpd may crash due to a segmentation fault if a file is deleted - or truncated while the httpd has it memory-mapped.
    • + the httpd may crash due to a segmentation fault if a file + is deleted or truncated while the httpd has it + memory-mapped.

For server configurations that are vulnerable to these problems, you should disable memory-mapping of delivered files by specifying:

- EnableMMAP off + EnableMMAP Off

For NFS mounted files, this feature may be disabled explicitly for @@ -777,7 +783,7 @@ Location

<Directory "/path-to-nfs-files"> - EnableMMAP off + EnableMMAP Off </Directory>

@@ -786,15 +792,15 @@ Location

EnableSendfile Directive

- - + +
Description:Use the kernel sendfile support to deliver files to the client
Syntax:EnableSendfile on|off
Default:EnableSendfile on
Syntax:EnableSendfile On|Off
Default:EnableSendfile On
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in version 2.0.44 and later
-

This directive controls whether httpd may use the sendfile +

This directive controls whether httpd may use the sendfile support from the kernel to transmit file contents to the client. By default, when the handling of a request requires no access to the data within a file -- for example, when delivering a @@ -820,15 +826,15 @@ Location you should disable this feature by specifying:

- EnableSendfile off + EnableSendfile Off

-

For NFS or SMB mounted files, this feature may be disabled explicitly +

For NFS or SMB mounted files, this feature may be disabled explicitly for the offending files by specifying:

<Directory "/path-to-nfs-files">
- EnableSendfile off
+ EnableSendfile Off
</Directory>

@@ -880,7 +886,7 @@ in case of an error

Note that when you specify an ErrorDocument that points to a remote URL (ie. anything with a method such as - "http" in front of it), Apache will send a redirect to the + http in front of it), Apache will send a redirect to the client to tell it where to find the document, even if the document ends up being on the same server. This has several implications, the most important being that the client will not @@ -894,9 +900,9 @@ in case of an error "ErrorDocument 401" directive then it must refer to a local document.

-

Microsoft Internet Explorer (MSIE) will ignore server-generated - error messages when they are "too small" and substitute its own - "friendly" error messages. The size threshold varies depending on +

Microsoft Internet Explorer (MSIE) will by default ignore + server-generated error messages when they are "too small" and substitute + its own "friendly" error messages. The size threshold varies depending on the type of error, but in general, if you make your error document greater than 512 bytes, then MSIE will show the server-generated error rather than masking it. More information is available in @@ -975,13 +981,14 @@ HTTP response header

The FileETag directive configures the file - attributes that are used to create the ETag (entity tag) response - header field when the document is based on a file. (The ETag - value is used in cache management to save network bandwidth.) In - Apache 1.3.22 and earlier, the ETag value was always formed - from the file's inode, size, and last-modified time (mtime). The - FileETag directive allows you to choose which of these -- if any - -- should be used. The recognized keywords are: + attributes that are used to create the ETag (entity + tag) response header field when the document is based on a file. + (The ETag value is used in cache management to save + network bandwidth.) In Apache 1.3.22 and earlier, the + ETag value was always formed + from the file's inode, size, and last-modified time (mtime). The + FileETag directive allows you to choose + which of these -- if any -- should be used. The recognized keywords are:

@@ -995,8 +1002,8 @@ HTTP response header
All available fields will be used. This is equivalent to:

FileETag INode MTime Size

None
-
If a document is file-based, no ETag field will be included in the - response
+
If a document is file-based, no ETag field will be + included in the response

The INode, MTime, and Size @@ -1040,8 +1047,8 @@ filenames portion of the filesystem they apply to.

The filename argument should include a filename, or - a wild-card string, where `?' matches any single character, and - `*' matches any sequences of characters. Extended regular + a wild-card string, where ? matches any single character, + and * matches any sequences of characters. Extended regular expressions can also be used, with the addition of the ~ character. For example:

@@ -1053,8 +1060,8 @@ filenames and later, <FilesMatch> is preferred, however.

Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside - .htaccess files. This allows users to control access to their own - files, at a file-by-file level.

+ .htaccess files. This allows users to control access to + their own files, at a file-by-file level.

See also

@@ -1108,13 +1115,13 @@ MIME content-type

When placed into an .htaccess file or a <Directory>, or - <Location> or + <Location> or <Files> section, this directive forces all matching files to be served with the content type identification given by MIME-type. For example, if you had a directory full of - GIF files, but did not want to label them all with ".gif", you - might want to use:

+ GIF files, but did not want to label them all with .gif, + you might want to use:

ForceType image/gif @@ -1148,15 +1155,15 @@ MIME content-type

HostnameLookups Directive

- - + +
Description:Enables DNS lookups on client IP addresses
Syntax:HostnameLookups on|off|double
Default:HostnameLookups off
Syntax:HostnameLookups On|Off|Double
Default:HostnameLookups Off
Context:server config, virtual host, directory
Status:Core
Module:core

This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). - The value double refers to doing double-reverse + The value Double refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original @@ -1167,18 +1174,18 @@ MIME content-type used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you - set HostnameLookups double. For example, if only - HostnameLookups on and a request is made to an object + set HostnameLookups Double. For example, if only + HostnameLookups On and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.

-

The default is off in order to save the network +

The default is Off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive - off, since DNS lookups can take considerable + Off, since DNS lookups can take considerable amounts of time. The utility logresolve, provided in the /support directory, can be used to look up host names from logged IP addresses offline.

@@ -1187,10 +1194,10 @@ MIME content-type
top

IdentityCheck Directive

- - - + + @@ -1278,8 +1285,8 @@ presence or absence of a specific module
Description:Enables logging of the RFC1413 identity of the remote +
Description:Enables logging of the RFC1413 identity of the remote user
Syntax:IdentityCheck on|off
Default:IdentityCheck off
Syntax:IdentityCheck On|Off
Default:IdentityCheck Off
Context:server config, virtual host, directory
Status:Core
Module:core
Module:core

The <IfModule test>...</IfModule> - section is used to mark directives that are conditional on the presence of a - specific module. The directives within an <IfModule> section are only processed if the test + section is used to mark directives that are conditional on the presence of + a specific module. The directives within an <IfModule> section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.

@@ -1310,7 +1317,7 @@ presence or absence of a specific module
This section should only be used if you need to have one configuration file that works whether or not a specific module - is available. In normal operation, directives need not be + is available. In normal operation, directives need not be placed in <IfModule> sections.
@@ -1330,7 +1337,7 @@ the server configuration files from within the server configuration files.

Shell-style (fnmatch) wildcard characters can be used to - include several files at once, in alphabetical order. In + include several files at once, in alphabetical order. In addition, if Include points to a directory, rather than a file, Apache will read all files in that directory and any subdirectory. But including entire directories is not @@ -1377,7 +1384,7 @@ the server configuration files

KeepAlive Directive

- + @@ -1453,8 +1460,9 @@ methods nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket will have no effect. The following - example applies the access control only to the methods POST, PUT, - and DELETE, leaving all other methods unprotected:

+ example applies the access control only to the methods POST, + PUT, and DELETE, leaving all other methods + unprotected:

<Limit POST PUT DELETE>
@@ -1533,9 +1541,9 @@ from the client request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. CGI scripts typically use the message body for passing form information to the - server. Implementations of the PUT method will require a value at - least as large as any representation that the server wishes to - accept for that resource.

+ server. Implementations of the PUT method will require + a value at least as large as any representation that the server + wishes to accept for that resource.

This directive gives the server administrator greater control over abnormal client request behavior, which may be @@ -1661,7 +1669,7 @@ from the client restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that - might be passed in the query part of a GET request.

+ might be passed in the query part of a GET request.

This directive gives the server administrator greater control over abnormal client request behavior, which may be @@ -1705,7 +1713,7 @@ from the client

+ URL-path|URL> ... </Location> @@ -1719,7 +1727,7 @@ URLs.htaccess files are read, and after the <Files> sections.

Note that URLs do not have to line up with the filesystem at - all, it should be emphasized that <Location> operates + all, it should be emphasized that <Location> operates completely outside the filesystem.

For all origin (non-proxy) requests, the URL to be matched is a @@ -1729,8 +1737,8 @@ URLs scheme://servername/path, and you must include the prefix.

-

The URL may use wildcards In a wild-card string, `?' matches - any single character, and `*' matches any sequences of +

The URL may use wildcards In a wild-card string, ? matches + any single character, and * matches any sequences of characters.

Extended regular @@ -1741,8 +1749,8 @@ URLs <Location ~ "/(extra|special)/data">

-

would match URLs that contained the substring "/extra/data" or - "/special/data". In Apache 1.3 and above, a new directive +

would match URLs that contained the substring /extra/data + or /special/data. In Apache 1.3 and above, a new directive <LocationMatch> exists which behaves identical to the regex version of <Location>.

@@ -1751,7 +1759,7 @@ URLs functionality is especially useful when combined with the SetHandler directive. For example, to enable status requests, but allow them - only from browsers at foo.com, you might use:

+ only from browsers at foo.com, you might use:

<Location /status>
@@ -1945,7 +1953,7 @@ connection

The MaxKeepAliveRequests directive limits the number of requests allowed per connection when KeepAlive is on. If it is - set to "0", unlimited requests will be allowed. We + set to 0, unlimited requests will be allowed. We recommend that this setting be kept to a high value for maximum server performance.

@@ -1986,11 +1994,11 @@ hosting servicing the requests. If you have multiple name-based hosts on multiple addresses, repeat the directive for each address.

-

Note: the "main server" and any _default_ servers will +

Note: the "main server" and any _default_ servers will never be served for a request to a NameVirtualHost IP Address (unless for some reason you specify NameVirtualHost but then - don't define any VirtualHosts for that address).

+ don't define any VirtualHosts for that address).

Optionally you can specify a port number on which the name-based virtual hosts should be used, e.g.

@@ -2001,20 +2009,21 @@ hosting

IPv6 addresses must be enclosed in square brackets, as shown in the following example:

- +

NameVirtualHost [fe80::a00:20ff:fea7:ccea]:8080

To receive requests on all interfaces, you can use an argument of - *

+ *

NameVirtualHost *

-

Argument to <VirtualHost> directive

-

Note that the argument to the <VirtualHost> directive must +

Argument to <VirtualHost> + directive

+

Note that the argument to the <VirtualHost> directive must exactly match the argument to the NameVirtualHost directive.

@@ -2054,7 +2063,7 @@ directory

All
-
All options except for MultiViews. This is the default +
All options except for MultiViews. This is the default setting.
ExecCGI
@@ -2084,23 +2093,24 @@ directory
- Server-side includes are permitted, but the #exec command and - #exec CGI are disabled. It is still possible to #include - virtual CGI scripts from ScriptAliase'd directories.
+ Server-side includes are permitted, but the #exec cmd + and #exec cgi are disabled. It is still possible to + #include virtual CGI scripts from + ScriptAliase'd directories.
Indexes
If a URL which maps to a directory is requested, and the - there is no DirectoryIndex (e.g., index.html) in - that directory, then the server will return a formatted - listing of the directory.
+ there is no DirectoryIndex (e.g., + index.html) in that directory, then the server will + return a formatted listing of the directory.
MultiViews
Content negotiated - MultiViews are allowed.
+ "MultiViews" are allowed.
SymLinksIfOwnerMatch
@@ -2114,13 +2124,14 @@ directory

Normally, if multiple Options could apply to a directory, then the most specific one is taken complete; the options are not merged. However if all the options on - the Options directive are preceded by a + or - - symbol, the options are merged. Any options preceded by a + are - added to the options currently in force, and any options - preceded by a - are removed from the options currently in + the Options directive are preceded by a + + or - + symbol, the options are merged. Any options preceded by a + + are added to the options currently in force, and any options + preceded by a - are removed from the options currently in force.

-

For example, without any + and - symbols:

+

For example, without any + and - symbols:

<Directory /web/docs>
@@ -2137,8 +2148,9 @@ directory

then only Includes will be set for the - /web/docs/spec directory. However if the second - Options directive uses the + and - symbols:

+ /web/docs/spec directory. However if the second + Options directive uses the + and + - symbols:

<Directory /web/docs>
@@ -2155,8 +2167,9 @@ directory

then the options FollowSymLinks and - Includes are set for the /web/docs/spec directory.

- + Includes are set for the /web/docs/spec + directory.

+

Note: Using -IncludesNOEXEC or -Includes disables server-side includes completely @@ -2347,22 +2360,22 @@ processes launched by Apache children

top

Satisfy Directive

Description:Enables HTTP persistent connections
Syntax:KeepAlive on|off
Syntax:KeepAlive On|Off
Default:KeepAlive On
Context:server config, virtual host
Status:Core
Description:Applies the enclosed directives only to matching URLs
Syntax:<Location - URL-path|URL> ... </Location>
Context:server config, virtual host
Status:Core
Module:core
- - - + +
Description:Interaction between host-level access control and +
Description:Interaction between host-level access control and user authentication
Syntax:Satisfy any|all
Default:Satisfy all
Syntax:Satisfy Any|All
Default:Satisfy All
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

Access policy if both Allow and Require used. The parameter can be - either all or any. This directive is only + either All or Any. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case - the default behavior (all) is to require that the client passes - the address access restriction and enters a valid - username and password. With the "any" option the client will be + the default behavior (All) is to require that the client + passes the address access restriction and enters a valid + username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without @@ -2376,9 +2389,9 @@ user authentication

Require valid-user
Allow from 192.168.1
- Satisfy any + Satisfy Any

- +

See also

    @@ -2389,22 +2402,29 @@ user authentication
    top

    ScriptInterpreterSource Directive

    - - - + + - +
    Description:Technique for locating the interpreter for CGI +
    Description:Technique for locating the interpreter for CGI scripts
    Syntax:ScriptInterpreterSource registry|script
    Default:ScriptInterpreterSource script
    Syntax:ScriptInterpreterSource Registry|Registry-Strict|Script
    Default:ScriptInterpreterSource Script
    Context:server config, virtual host, directory, .htaccess
    Override:FileInfo
    Status:Core
    Module:core
    Compatibility:Win32 only
    Compatibility:Win32 only +option Registry-Strict is available in Apache 2.0 and later

    This directive is used to control how Apache finds the interpreter used to run CGI scripts. The default technique is to - use the interpreter pointed to by the #! line in the - script. Setting ScriptInterpreterSource registry will + use the interpreter pointed to by the #! line in the + script.

    + +

    Setting ScriptInterpreterSource Registry will cause the Windows Registry to be searched using the script file - extension (e.g., .pl) as a search key.

    + extension (e.g., .pl) as a search key.

    + +

    The option Registry-Strict which is new in Apache 2.0 + does the same as Registry but uses a more strict registry + search.

    top
    @@ -2471,7 +2491,7 @@ itself

    The ServerName directive sets the hostname and port that the server uses to identify itself. This is used when - creating redirection URLs. For example, if the name of the + creating redirection URLs. For example, if the name of the machine hosting the webserver is simple.example.com, but the machine also has the DNS alias www.example.com and you wish the webserver to be so identified, the following @@ -2483,9 +2503,9 @@ itself

    If no ServerName is specified, then the server attempts to deduce the hostname by performing a reverse - lookup on the IP address. If no port is specified in the + lookup on the IP address. If no port is specified in the servername, then the server will use the port from the incoming - request. For optimal reliability and predictability, you should + request. For optimal reliability and predictability, you should specify an explicit hostname and port using the ServerName directive.

    @@ -2515,7 +2535,7 @@ itself
    top

    ServerPath Directive

    - @@ -2573,11 +2593,11 @@ is accessed by an incompatible browser
    Description:Legacy URL pathname for a name-virtual host that +
    Description:Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser
    Syntax:ServerPath URL-path
    Context:virtual host

    The ServerSignature directive allows the configuration of a trailing footer line under server-generated - documents (error messages, mod_proxy ftp directory listings, - mod_info output, ...). The reason why you would want to enable - such a footer line is that in a chain of proxies, the user often - has no possibility to tell which of the chained servers actually - produced a returned error message.
    The Off + documents (error messages, mod_proxy ftp directory + listings, mod_info output, ...). The reason why you + would want to enable such a footer line is that in a chain of proxies, + the user often has no possibility to tell which of the chained servers + actually produced a returned error message.
    The Off setting, which is the default, suppresses the error line (and is therefore compatible with the behavior of Apache-1.2 and below). The On setting simply adds a line with the @@ -2598,7 +2618,7 @@ is accessed by an incompatible browser

    ServerTokens Directive

    - + @@ -2657,7 +2677,7 @@ is accessed by an incompatible browser
    Description:Configures the Server HTTP response header
    Syntax:ServerTokens Major|Minor|Minimal|ProductOnly|OS|Full
    Syntax:ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
    Default:ServerTokens Full
    Context:server config
    Status:Core
    - + @@ -2800,8 +2820,8 @@ certain events before failing a request
    Description:Forces all matching files to be processed by a handler
    Syntax:SetHandler handler-name|none
    Syntax:SetHandler handler-name|None
    Context:server config, virtual host, directory, .htaccess
    Override:FileInfo
    Status:Core
    - - + + @@ -2814,7 +2834,7 @@ port is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs.

    -

    With UseCanonicalName off Apache will form +

    With UseCanonicalName Off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the canonical name, as defined above). These values are the same @@ -2834,8 +2854,8 @@ port authenticate twice (once for www and once again for www.domain.com -- see the FAQ on this subject for more information). But if - UseCanonicalName is set off, then Apache will - redirect to http://www/splat/.

    + UseCanonicalName is set Off, then + Apache will redirect to http://www/splat/.

    There is a third option, UseCanonicalName DNS, which is intended for use with mass IP-based virtual hosting to @@ -2885,7 +2905,7 @@ hostname or IP address

  • A fully qualified domain name for the IP address of the virtual host;
    • -
  • The character *, which is used only in combination with +
  • The character *, which is used only in combination with NameVirtualHost * to match all IP addresses; or
  • The string _default_, which is used only @@ -2931,7 +2951,7 @@ hostname or IP address

    Note

    The use of <VirtualHost> does - not affect what addresses Apache listens on. You + not affect what addresses Apache listens on. You may need to ensure that Apache is listening on the correct addresses using Listen.

    @@ -2940,11 +2960,12 @@ hostname or IP address _default_ can be specified in which case this virtual host will match any IP address that is not explicitly listed in another virtual host. In the absence - of any _default_ virtual host the "main" server config, + of any _default_ virtual host the "main" server config, consisting of all those definitions outside any VirtualHost section, is used when no IP-match occurs. (But note that any IP address that matches a NameVirtualHost directive will use neither - the "main" server config nor the _default_ virtual host. See the name-based virtual hosting + the "main" server config nor the _default_ virtual host. + See the name-based virtual hosting documentation for further details.)

    You can specify a :port to change the port that is diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 071780850e..78e7e6f222 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -25,46 +25,47 @@ available pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made - available to scripts in the PATH_INFO environment variable.

    + available to scripts in the PATH_INFO environment + variable.

    For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect - /more as PATH_INFO.

    + /more as PATH_INFO.

    The three possible arguments for the AcceptPathInfo directive are:

    -
    off
    A request will only be accepted if it +
    Off
    A request will only be accepted if it maps to a literal path that exists. Therefore a request with trailing pathname information after the true filename such as /test/here.html/more in the above example will return a 404 NOT FOUND error.
    -
    on
    A request will be accepted if a +
    On
    A request will be accepted if a leading path component maps to a file that exists. The above example /test/here.html/more will be accepted if /test/here.html maps to a valid file.
    - -
    default
    The treatment of requests with + +
    Default
    The treatment of requests with trailing pathname information is determined by the handler responsible for the request. - The core handler for normal files defaults to rejecting PATH_INFO. - Handlers that serve scripts, such as PATH_INFO. Handlers that serve scripts, such as cgi-script and isapi-isa, generally accept PATH_INFO by - default.
    + href="mod_isapi.html">isapi-isa, generally accept + PATH_INFO by default.

    The primary purpose of the AcceptPathInfo directive is to allow you to override the handler's choice of - accepting or rejecting PATH_INFO. This override is required, for - example, when you use a filter, such + accepting or rejecting PATH_INFO. This override is required, + for example, when you use a filter, such as INCLUDES, to generate content - based on PATH_INFO. The core handler would usually reject the - request, so you can use the following configuration to enable + based on PATH_INFO. The core handler would usually reject + the request, so you can use the following configuration to enable such a script:

    @@ -150,8 +151,8 @@ response without an explicit character set AddOutputFilterByType assigns an output filter to a particular MIME-type -AddOutputFilterByType filter[;filter...] MIME-type -[MIME-type] ... +AddOutputFilterByType filter[;filter...] +MIME-type [MIME-type] ... server config virtual hostdirectory .htaccess @@ -163,10 +164,11 @@ response without an explicit character set href="../filter.html">filter for a request depending on the response MIME-type.

    -

    The following example uses the DEFLATE filter, which is provided by - mod_deflate. It will compress all output (either static - or dynamic) which is labeled as text/html or - text/plain before it is sent to the client.

    +

    The following example uses the DEFLATE filter, which + is provided by mod_deflate. It will compress all + output (either static or dynamic) which is labeled as + text/html or text/plain before it is sent + to the client.

    AddOutputFilterByType DEFLATE text/html text/plain @@ -178,8 +180,9 @@ response without an explicit character set them.

    The configuration below causes all script output labeled as - text/html to be processed at first by the INCLUDES filter - and then by the DEFLATE filter.

    + text/html to be processed at first by the + INCLUDES filter and then by the DEFLATE + filter.

    <Location /cgi-bin/>
    @@ -216,34 +219,34 @@ response without an explicit character set AllowOverride Types of directives that are allowed in .htaccess files -AllowOverride All|None|directive-type +AllowOverride All|None|directive-type [directive-type] ... AllowOverride All directory -

    When the server finds an .htaccess file (as specified by AccessFileName) it needs to know - which directives declared in that file can override earlier - access information.

    +

    When the server finds an .htaccess file (as + specified by AccessFileName) + it needs to know which directives declared in that file can override + earlier access information.

    Only available in Directory sections AllowOverride is valid only in - Directory - sections, not in Directory + sections, not in Location or Files sections.

    When this directive is set to None, then - .htaccess files are completely ignored. In this case, the - server will not even attempt to read .htaccess files in the - filesystem.

    + .htaccess files are completely ignored. + In this case, the server will not even attempt to read + .htaccess files in the filesystem.

    When this directive is set to All, then any directive which has the .htaccess Context is allowed in - .htaccess files.

    + .htaccess files.

    The directive-type can be one of the following groupings of directives.

    @@ -384,9 +387,9 @@ and Access Control CGIMapExtension -Technique for locating the interpreter for CGI +Technique for locating the interpreter for CGI scripts -CGIMapExtension cgi-path .extension +CGIMapExtension cgi-path .extension None directory.htaccess @@ -395,17 +398,19 @@ scripts

    This directive is used to control how Apache finds the - interpreter used to run CGI scripts. For example, setting CGIMapExtension sys:\foo.nlm .foo will - cause all CGI script files with a .foo extension to be passed to the FOO interpreter.

    + interpreter used to run CGI scripts. For example, setting + CGIMapExtension sys:\foo.nlm .foo will + cause all CGI script files with a .foo extension to be passed to the + FOO interpreter.

         ContentDigest Enables the generation of Content-MD5 HTTP Response -headers -ContentDigest on|off -ContentDigest off +headers +ContentDigest On|Off +ContentDigest Off server configvirtual host directory.htaccess @@ -436,9 +441,9 @@ headers values are not cached).

    Content-MD5 is only sent for documents served - by the core, and not by any module. For example, SSI documents, - output from CGI scripts, and byte range responses do not have - this header.

    + by the core, and not by any module. For example, + SSI documents, output from CGI scripts, and byte range responses + do not have this header.

         @@ -467,7 +472,7 @@ server cannot determine a type in any other way

    would be appropriate for a directory which contained many gif - images with filenames missing the .gif extension.

    + images with filenames missing the .gif extension.

    Note that unlike ForceType, this directive is only @@ -493,10 +498,10 @@ named file-system directory and sub-directories sub-directories of that directory. Any directive that is allowed in a directory context may be used. Directory-path is either the full path to a directory, or a wild-card string using - Unix shell-style matching. In a wild-card string, `?' matches any - single character, and `*' matches any sequences of characters. - You may also use `[]' character ranges. None of the wildcards - match a `/' character, so <Directory + Unix shell-style matching. In a wild-card string, ? matches + any single character, and * matches any sequences of + characters. You may also use [] character ranges. None + of the wildcards match a `/' character, so <Directory /*/public_html> will not match /home/user/public_html, but <Directory /home/*/public_html> will match. Example:

    @@ -513,8 +518,8 @@ named file-system directory and sub-directories

    Be careful with the directory-path arguments: They have to literally match the filesystem path which Apache uses to access the files. Directives applied to a particular - <Directory> will not apply to files accessed from that same - directory via a different path, such as via different symbolic + <Directory> will not apply to files accessed from + that same directory via a different path, such as via different symbolic links.

    @@ -526,8 +531,8 @@ named file-system directory and sub-directories <Directory ~ "^/www/.*/[0-9]{3}"> -

    would match directories in /www/ that consisted of three - numbers.

    +

    would match directories in /www/ that consisted of + three numbers.

    If multiple (non-regular expression) directory sections match the directory (or its parents) containing a document, @@ -578,13 +583,13 @@ named file-system directory and sub-directories

    The regular expression section won't be considered until after - all normal <Directory>s and .htaccess files - have been applied. Then the regular expression will match on + all normal <Directory>s and .htaccess + files have been applied. Then the regular expression will match on /home/abc/public_html/abc and be applied.

    Note that the default Apache access for - <Directory /> is Allow from All. This means - that Apache will serve any file mapped from an URL. It is + <Directory /> is Allow from All. + This means that Apache will serve any file mapped from an URL. It is recommended that you change this with a block such as

    @@ -600,11 +605,10 @@ named file-system directory and sub-directories

    and then override this for directories you want accessible. See the Security Tips page for more - details.

    + details.

    -

    The directory sections typically occur in - the access.conf file, but they may appear in any configuration - file. Directory directives +

    The directory sections occur in the httpd.conf file. + Directory directives cannot nest, and cannot appear in a Limit or LimitExcept section.

    @@ -659,10 +663,11 @@ from the web -

    This directive sets the directory from which httpd will - serve files. Unless matched by a directive like Alias, the - server appends the path from the requested URL to the document - root to make the path to the document. Example:

    +

    This directive sets the directory from which httpd + will serve files. Unless matched by a directive like Alias, the server appends the + path from the requested URL to the document root to make the + path to the document. Example:

    DocumentRoot /usr/web @@ -682,19 +687,19 @@ Location EnableMMAP Use memory-mapping to read files during delivery -EnableMMAP on|off -EnableMMAP on +EnableMMAP On|Off +EnableMMAP On server configvirtual host directory.htaccess FileInfo -

    This directive controls whether the httpd may use +

    This directive controls whether the httpd may use memory-mapping if it needs to read the contents of a file during delivery. By default, when the handling of a request requires - access to the data within a file-- for example, when delivering a - server-parsed file using mod_include-- Apache + access to the data within a file -- for example, when delivering a + server-parsed file using mod_include -- Apache memory-maps the file if the OS supports it.

    This memory-mapping sometimes yields a performance improvement. @@ -703,17 +708,18 @@ Location

    • On some multiprocessor systems, memory-mapping can reduce the - performance of the httpd.
      • + performance of the httpd.
    • With an NFS-mounted DocumentRoot, - the httpd may crash due to a segmentation fault if a file is deleted - or truncated while the httpd has it memory-mapped.
      • + the httpd may crash due to a segmentation fault if a file + is deleted or truncated while the httpd has it + memory-mapped.

    For server configurations that are vulnerable to these problems, you should disable memory-mapping of delivered files by specifying:

    - EnableMMAP off + EnableMMAP Off

    For NFS mounted files, this feature may be disabled explicitly for @@ -721,7 +727,7 @@ Location <Directory "/path-to-nfs-files"> - EnableMMAP off + EnableMMAP Off </Directory> @@ -730,8 +736,8 @@ Location EnableSendfile Use the kernel sendfile support to deliver files to the client -EnableSendfile on|off -EnableSendfile on +EnableSendfile On|Off +EnableSendfile On server configvirtual host directory.htaccess @@ -739,7 +745,7 @@ Location Available in version 2.0.44 and later -

    This directive controls whether httpd may use the sendfile +

    This directive controls whether httpd may use the sendfile support from the kernel to transmit file contents to the client. By default, when the handling of a request requires no access to the data within a file -- for example, when delivering a @@ -766,15 +772,15 @@ Location you should disable this feature by specifying:

    - EnableSendfile off + EnableSendfile Off -

    For NFS or SMB mounted files, this feature may be disabled explicitly +

    For NFS or SMB mounted files, this feature may be disabled explicitly for the offending files by specifying:

    <Directory "/path-to-nfs-files">
    - EnableSendfile off
    + EnableSendfile Off
    </Directory>     @@ -827,7 +833,7 @@ in case of an error

    Note that when you specify an ErrorDocument that points to a remote URL (ie. anything with a method such as - "http" in front of it), Apache will send a redirect to the + http in front of it), Apache will send a redirect to the client to tell it where to find the document, even if the document ends up being on the same server. This has several implications, the most important being that the client will not @@ -841,14 +847,15 @@ in case of an error "ErrorDocument 401" directive then it must refer to a local document.

    -

    Microsoft Internet Explorer (MSIE) will ignore server-generated - error messages when they are "too small" and substitute its own - "friendly" error messages. The size threshold varies depending on +

    Microsoft Internet Explorer (MSIE) will by default ignore + server-generated error messages when they are "too small" and substitute + its own "friendly" error messages. The size threshold varies depending on the type of error, but in general, if you make your error document greater than 512 bytes, then MSIE will show the server-generated error rather than masking it. More information is available in Microsoft Knowledgebase article Q294807.

    + href="http://support.microsoft.com/default.aspx?scid=kb;en-us;Q294807" + >Q294807.

    Prior to version 2.0, messages were indicated by prefixing them with a single unmatched double quote character.

    @@ -921,13 +928,14 @@ HTTP response header

    The FileETag directive configures the file - attributes that are used to create the ETag (entity tag) response - header field when the document is based on a file. (The ETag - value is used in cache management to save network bandwidth.) In - Apache 1.3.22 and earlier, the ETag value was always formed - from the file's inode, size, and last-modified time (mtime). The - FileETag directive allows you to choose which of these -- if any - -- should be used. The recognized keywords are: + attributes that are used to create the ETag (entity + tag) response header field when the document is based on a file. + (The ETag value is used in cache management to save + network bandwidth.) In Apache 1.3.22 and earlier, the + ETag value was always formed + from the file's inode, size, and last-modified time (mtime). The + FileETag directive allows you to choose + which of these -- if any -- should be used. The recognized keywords are:

    @@ -941,8 +949,8 @@ HTTP response header
    All available fields will be used. This is equivalent to: FileETag INode MTime Size
    None
    -
    If a document is file-based, no ETag field will be included in the - response
    +
    If a document is file-based, no ETag field will be + included in the response

    The INode, MTime, and Size @@ -991,8 +999,8 @@ filenames portion of the filesystem they apply to.

    The filename argument should include a filename, or - a wild-card string, where `?' matches any single character, and - `*' matches any sequences of characters. Extended regular + a wild-card string, where ? matches any single character, + and * matches any sequences of characters. Extended regular expressions can also be used, with the addition of the ~ character. For example:

    @@ -1008,8 +1016,8 @@ filenames module="core">Directory and Location sections, Files sections can be used inside - .htaccess files. This allows users to control access to their own - files, at a file-by-file level.

    + .htaccess files. This allows users to control access to + their own files, at a file-by-file level.

     How @@ -1060,13 +1068,13 @@ MIME content-type

    When placed into an .htaccess file or a Directory, or - Location or + Location or Files section, this directive forces all matching files to be served with the content type identification given by MIME-type. For example, if you had a directory full of - GIF files, but did not want to label them all with ".gif", you - might want to use:

    + GIF files, but did not want to label them all with .gif, + you might want to use:

    ForceType image/gif @@ -1100,15 +1108,15 @@ MIME content-type HostnameLookups Enables DNS lookups on client IP addresses -HostnameLookups on|off|double -HostnameLookups off +HostnameLookups On|Off|Double +HostnameLookups Off server configvirtual host directory

    This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). - The value double refers to doing double-reverse + The value Double refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original @@ -1119,18 +1127,18 @@ MIME content-type used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you - set HostnameLookups double. For example, if only - HostnameLookups on and a request is made to an object + set HostnameLookups Double. For example, if only + HostnameLookups On and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.

    -

    The default is off in order to save the network +

    The default is Off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive - off, since DNS lookups can take considerable + Off, since DNS lookups can take considerable amounts of time. The utility logresolve, provided in the /support directory, can be used to look up host @@ -1140,10 +1148,10 @@ MIME content-type IdentityCheck -Enables logging of the RFC1413 identity of the remote +Enables logging of the RFC1413 identity of the remote user -IdentityCheck on|off -IdentityCheck off +IdentityCheck On|Off +IdentityCheck Off server configvirtual host directory @@ -1233,8 +1241,8 @@ presence or absence of a specific module

    The <IfModule test>...</IfModule> - section is used to mark directives that are conditional on the presence of a - specific module. The directives within an IfModule section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.

    @@ -1268,7 +1276,7 @@ presence or absence of a specific module This section should only be used if you need to have one configuration file that works whether or not a specific module - is available. In normal operation, directives need not be + is available. In normal operation, directives need not be placed in IfModule sections.     @@ -1289,7 +1297,7 @@ the server configuration files from within the server configuration files.

    Shell-style (fnmatch) wildcard characters can be used to - include several files at once, in alphabetical order. In + include several files at once, in alphabetical order. In addition, if Include points to a directory, rather than a file, Apache will read all files in that directory and any subdirectory. But including entire directories is not @@ -1335,7 +1343,7 @@ the server configuration files KeepAlive Enables HTTP persistent connections -KeepAlive on|off +KeepAlive On|Off KeepAlive On server configvirtual host @@ -1410,8 +1418,9 @@ methods nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket will have no effect. The following - example applies the access control only to the methods POST, PUT, - and DELETE, leaving all other methods unprotected:

    + example applies the access control only to the methods POST, + PUT, and DELETE, leaving all other methods + unprotected:

    <Limit POST PUT DELETE>
    @@ -1494,9 +1503,9 @@ from the client request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. CGI scripts typically use the message body for passing form information to the - server. Implementations of the PUT method will require a value at - least as large as any representation that the server wishes to - accept for that resource.

    + server. Implementations of the PUT method will require + a value at least as large as any representation that the server + wishes to accept for that resource.

    This directive gives the server administrator greater control over abnormal client request behavior, which may be @@ -1619,7 +1628,7 @@ from the client restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that - might be passed in the query part of a GET request.

    + might be passed in the query part of a GET request.

    This directive gives the server administrator greater control over abnormal client request behavior, which may be @@ -1663,7 +1672,7 @@ from the client Applies the enclosed directives only to matching URLs <Location - URL-path|URL> ... </Location> + URL-path|URL> ... </Location> server configvirtual host @@ -1680,7 +1689,7 @@ URLs type="section" module="core">Files sections.

    Note that URLs do not have to line up with the filesystem at - all, it should be emphasized that <Location> operates + all, it should be emphasized that <Location> operates completely outside the filesystem.

    For all origin (non-proxy) requests, the URL to be matched is a @@ -1690,8 +1699,8 @@ URLs scheme://servername/path, and you must include the prefix.

    -

    The URL may use wildcards In a wild-card string, `?' matches - any single character, and `*' matches any sequences of +

    The URL may use wildcards In a wild-card string, ? matches + any single character, and * matches any sequences of characters.

    Extended regular @@ -1702,8 +1711,8 @@ URLs <Location ~ "/(extra|special)/data"> -

    would match URLs that contained the substring "/extra/data" or - "/special/data". In Apache 1.3 and above, a new directive +

    would match URLs that contained the substring /extra/data + or /special/data. In Apache 1.3 and above, a new directive LocationMatch exists which behaves identical to the regex version of Location.

    @@ -1712,7 +1721,7 @@ URLs functionality is especially useful when combined with the SetHandler directive. For example, to enable status requests, but allow them - only from browsers at foo.com, you might use:

    + only from browsers at foo.com, you might use:

    <Location /status>
    @@ -1905,7 +1914,7 @@ connection

    The MaxKeepAliveRequests directive limits the number of requests allowed per connection when KeepAlive is on. If it is - set to "0", unlimited requests will be allowed. We + set to 0, unlimited requests will be allowed. We recommend that this setting be kept to a high value for maximum server performance.

    @@ -1946,11 +1955,11 @@ hosting servicing the requests. If you have multiple name-based hosts on multiple addresses, repeat the directive for each address.

    -

    Note: the "main server" and any _default_ servers will +

    Note: the "main server" and any _default_ servers will never be served for a request to a NameVirtualHost IP Address (unless for some reason you specify NameVirtualHost but then - don't define any VirtualHosts for that address).

    + don't define any VirtualHosts for that address).

    Optionally you can specify a port number on which the name-based virtual hosts should be used, e.g.

    @@ -1961,20 +1970,22 @@ hosting

    IPv6 addresses must be enclosed in square brackets, as shown in the following example:

    - + NameVirtualHost [fe80::a00:20ff:fea7:ccea]:8080

    To receive requests on all interfaces, you can use an argument of - *

    + *

    NameVirtualHost * - Argument to <VirtualHost> directive -

    Note that the argument to the <VirtualHost> directive must + Argument to <directive><VirtualHost></directive> + directive +

    Note that the argument to the <VirtualHost> directive must exactly match the argument to the NameVirtualHost directive.

    @@ -2015,7 +2026,7 @@ directory
    All
    -
    All options except for MultiViews. This is the default +
    All options except for MultiViews. This is the default setting.
    ExecCGI
    @@ -2046,23 +2057,24 @@ directory
    - Server-side includes are permitted, but the #exec command and - #exec CGI are disabled. It is still possible to #include - virtual CGI scripts from ScriptAliase'd directories.
    + Server-side includes are permitted, but the #exec cmd + and #exec cgi are disabled. It is still possible to + #include virtual CGI scripts from + ScriptAliase'd directories.
    Indexes
    If a URL which maps to a directory is requested, and the - there is no DirectoryIndex (e.g., index.html) in - that directory, then the server will return a formatted - listing of the directory.
    + there is no DirectoryIndex (e.g., + index.html) in that directory, then the server will + return a formatted listing of the directory.
    MultiViews
    Content negotiated - MultiViews are allowed.
    + "MultiViews" are allowed.
    SymLinksIfOwnerMatch
    @@ -2077,13 +2089,14 @@ directory

    Normally, if multiple Options could apply to a directory, then the most specific one is taken complete; the options are not merged. However if all the options on - the Options directive are preceded by a + or - - symbol, the options are merged. Any options preceded by a + are - added to the options currently in force, and any options - preceded by a - are removed from the options currently in + the Options directive are preceded by a + + or - + symbol, the options are merged. Any options preceded by a + + are added to the options currently in force, and any options + preceded by a - are removed from the options currently in force.

    -

    For example, without any + and - symbols:

    +

    For example, without any + and - symbols:

    <Directory /web/docs>
    @@ -2100,8 +2113,9 @@ directory

    then only Includes will be set for the - /web/docs/spec directory. However if the second - Options directive uses the + and - symbols:

    + /web/docs/spec directory. However if the second + Options directive uses the + and + - symbols:

    <Directory /web/docs>
    @@ -2118,8 +2132,9 @@ directory

    then the options FollowSymLinks and - Includes are set for the /web/docs/spec directory.

    - + Includes are set for the /web/docs/spec + directory.

    +

    Note: Using -IncludesNOEXEC or -Includes disables server-side includes completely @@ -2299,10 +2314,10 @@ processes launched by Apache children Satisfy -Interaction between host-level access control and +Interaction between host-level access control and user authentication -Satisfy any|all -Satisfy all +Satisfy Any|All +Satisfy All directory.htaccess AuthConfig @@ -2311,12 +2326,12 @@ user authentication

    Access policy if both Allow and Require used. The parameter can be - either all or any. This directive is only + either All or Any. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case - the default behavior (all) is to require that the client passes - the address access restriction and enters a valid - username and password. With the "any" option the client will be + the default behavior (All) is to require that the client + passes the address access restriction and enters a valid + username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without @@ -2330,9 +2345,9 @@ user authentication Require valid-user
    Allow from 192.168.1
    - Satisfy any + Satisfy Any     - + Allow Require @@ -2340,22 +2355,29 @@ user authentication ScriptInterpreterSource -Technique for locating the interpreter for CGI +Technique for locating the interpreter for CGI scripts -ScriptInterpreterSource registry|script -ScriptInterpreterSource script +ScriptInterpreterSource Registry|Registry-Strict|Script +ScriptInterpreterSource Script server configvirtual host directory.htaccess FileInfo -Win32 only +Win32 only
    +option Registry-Strict is available in Apache 2.0 and later

    This directive is used to control how Apache finds the interpreter used to run CGI scripts. The default technique is to - use the interpreter pointed to by the #! line in the - script. Setting ScriptInterpreterSource registry will + use the interpreter pointed to by the #! line in the + script.

    + +

    Setting ScriptInterpreterSource Registry will cause the Windows Registry to be searched using the script file - extension (e.g., .pl) as a search key.

    + extension (e.g., .pl) as a search key.

    + +

    The option Registry-Strict which is new in Apache 2.0 + does the same as Registry but uses a more strict registry + search.

    @@ -2419,7 +2441,7 @@ itself

    The ServerName directive sets the hostname and port that the server uses to identify itself. This is used when - creating redirection URLs. For example, if the name of the + creating redirection URLs. For example, if the name of the machine hosting the webserver is simple.example.com, but the machine also has the DNS alias www.example.com and you wish the webserver to be so identified, the following @@ -2431,9 +2453,9 @@ itself

    If no ServerName is specified, then the server attempts to deduce the hostname by performing a reverse - lookup on the IP address. If no port is specified in the + lookup on the IP address. If no port is specified in the servername, then the server will use the port from the incoming - request. For optimal reliability and predictability, you should + request. For optimal reliability and predictability, you should specify an explicit hostname and port using the ServerName directive.

    @@ -2462,7 +2484,7 @@ itself ServerPath -Legacy URL pathname for a name-virtual host that +Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser ServerPath URL-path virtual host @@ -2514,11 +2536,11 @@ is accessed by an incompatible browser

    The ServerSignature directive allows the configuration of a trailing footer line under server-generated - documents (error messages, mod_proxy ftp directory listings, - mod_info output, ...). The reason why you would want to enable - such a footer line is that in a chain of proxies, the user often - has no possibility to tell which of the chained servers actually - produced a returned error message.
    The Off + documents (error messages, mod_proxy ftp directory + listings, mod_info output, ...). The reason why you + would want to enable such a footer line is that in a chain of proxies, + the user often has no possibility to tell which of the chained servers + actually produced a returned error message.
    The Off setting, which is the default, suppresses the error line (and is therefore compatible with the behavior of Apache-1.2 and below). The On setting simply adds a line with the @@ -2539,7 +2561,7 @@ is accessed by an incompatible browser ServerTokens Configures the Server HTTP response header -ServerTokens Major|Minor|Minimal|ProductOnly|OS|Full +ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full ServerTokens Full server config @@ -2595,7 +2617,7 @@ is accessed by an incompatible browser SetHandler Forces all matching files to be processed by a handler -SetHandler handler-name|none +SetHandler handler-name|None server configvirtual host directory.htaccess @@ -2733,8 +2755,8 @@ certain events before failing a request UseCanonicalName Configures how the server determines its own name and port -UseCanonicalName on|off|dns -UseCanonicalName on +UseCanonicalName On|Off|DNS +UseCanonicalName On server configvirtual host directory @@ -2747,7 +2769,7 @@ port is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs.

    -

    With UseCanonicalName off Apache will form +

    With UseCanonicalName Off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the canonical name, as defined above). These values are the same @@ -2769,8 +2791,8 @@ port for www.domain.com -- see the FAQ on this subject for more information). But if - UseCanonicalName is set off, then Apache will - redirect to http://www/splat/.

    + UseCanonicalName is set Off, then + Apache will redirect to http://www/splat/.

    There is a third option, UseCanonicalName DNS, which is intended for use with mass IP-based virtual hosting to @@ -2816,7 +2838,7 @@ hostname or IP address

  • A fully qualified domain name for the IP address of the virtual host;
    • -
  • The character *, which is used only in combination with +
  • The character *, which is used only in combination with NameVirtualHost * to match all IP addresses; or
  • The string _default_, which is used only @@ -2862,7 +2884,7 @@ hostname or IP address Note

    The use of VirtualHost does - not affect what addresses Apache listens on. You + not affect what addresses Apache listens on. You may need to ensure that Apache is listening on the correct addresses using Listen.

     @@ -2871,13 +2893,13 @@ hostname or IP address _default_ can be specified in which case this virtual host will match any IP address that is not explicitly listed in another virtual host. In the absence - of any _default_ virtual host the "main" server config, + of any _default_ virtual host the "main" server config, consisting of all those definitions outside any VirtualHost section, is used when no IP-match occurs. (But note that any IP address that matches a NameVirtualHost directive will use neither - the "main" server config nor the _default_ virtual host. See the name-based virtual hosting + the "main" server config nor the _default_ virtual host. + See the name-based virtual hosting documentation for further details.)

    You can specify a :port to change the port that is

    • Description:Configures how the server determines its own name and port
    Syntax:UseCanonicalName on|off|dns
    Default:UseCanonicalName on
    Syntax:UseCanonicalName On|Off|DNS
    Default:UseCanonicalName On
    Context:server config, virtual host, directory
    Status:Core
    Module:core