Log Files

In order to effectively manage a web server, it is necessary to get feedback about the activity and performance of the - server as well as any problems that may be occuring. The Apache + server as well as any problems that may be occurring. The Apache HTTP Server provides very comprehensive and flexible logging capabilities. This document describes how to configure its logging capabilities, and how to understand what the logs @@ -303,7 +303,7 @@

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined - CustomLog log/acces_log combined + CustomLog log/access_log combined

This format is exactly the same as the Common Log Format, diff --git a/docs/manual/mod/mod_rewrite.html.en b/docs/manual/mod/mod_rewrite.html.en index 437eea988e..3b82c00ddd 100644 --- a/docs/manual/mod/mod_rewrite.html.en +++ b/docs/manual/mod/mod_rewrite.html.en @@ -1159,7 +1159,7 @@ once! Override:FileInfo Status:Extension Module:mod_rewrite -Compatibility:MaxRedirects is available in Apache 2.1 and +Compatibility:MaxRedirects is available in Apache 2.0.45 and later diff --git a/docs/manual/mod/mod_suexec.html.ja.jis b/docs/manual/mod/mod_suexec.html.ja.jis index 88944bac22..dc4ce4cfa1 100644 --- a/docs/manual/mod/mod_suexec.html.ja.jis +++ b/docs/manual/mod/mod_suexec.html.ja.jis @@ -4,32 +4,67 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX This file is generated from xml source: DO NOT EDIT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - -->mod_suexec - Apache HTTP $B%5!<%P(B

Apache > HTTP $B%5!<%P(B > $B%I%-%e%a%s%F!<%7%g%s(B > $B%P!<%8%g%s(B 2.0 > $B%b%8%e!<%k(B

Apache $B%b%8%e!<%k(B mod_suexec

$B@bL@(B: -	$B;XDj$5$l$?%f!<%6$H%0%k!<%W$G(B CGI $B%9%/%j%W%H$r
$B%9%F!<%?%9(B: -	$B3HD%(B
$B%b%8%e!<%k<1JL;R(B: -	suexec_module
$B%=!<%9%U%!%$(B$B%k(B: -	mod_suexec.c
$B8_49@-(B: -	Apache 2.0 $B0J9_$G;HMQ2DG=(B

$B35MW(B

+ --> +mod_suexec - Apache HTTP $B%5!<%P(B + + + + + + +

+Apache > HTTP $B%5!<%P(B > $B%I%-%e%a%s%F!<%7%g%s(B > $B%P!<%8%g%s(B 2.1 > $B%b%8%e!<%k(B

Apache $B%b%8%e!<%k(B mod_suexec

+ + + + +

$B@bL@(B:	$B;XDj$5$l$?%f!<%6$H%0%k!<%W$G(B CGI $B%9%/%j%W%H$r
$B%9%F!<%?%9(B:	$B3HD%(B
$B%b%8%e!<%k<1JL;R(B:	suexec_module
$B%=!<%9%U%!%$%k(B:	mod_suexec.c
$B8_49@-(B:	Apache 2.0 $B0J9_$G;HMQ2DG=(B

$B35MW(B

$B$3$N%b%8%e!<%k$H(B suexec $B%5%]!<%H%W%m%0%i%`(B $B$K$h$j!"(BCGI $B%9%/%j%W%H$,;XDj$5$l$?%f!<%6$H%0%k!<%W$G(B $B -

$B%G%#%l%/%F%#%V(B

SuexecUserGroup

$B;2(B$B>H(B

SuEXEC $B%5%]!<%H(B

SuexecUserGroup $B%G(B$B%#%l%/%F%#%V(B

$B@bL@(B: -	CGI $B%W%m%0%i%`$N%f!<%6%Q!<%_%C%7%g%s!"%0%k!<%W%Q!<%_%C%7%g%s(B
$B9=J8(B: -	`SuexecUserGroup User Group`
$B%3%s%F%-%9%H(B: -	$B%5!<%P@_Dj%U%!%$%k(B, $B%P!<%A%c%k%[%9%H(B
$B%9%F!<%?%9(B: -	$B3HD%(B
$B%b%8%e!<%k(B: -	mod_suexec
$B8_49@-(B: -	SuexecUserGroup $B$O(B 2.0 $B0J9_$G$N$_;HMQ2DG=!#(B

$B%G%#%l%/%F%#%V(B

SuexecUserGroup

$B;2>H(B

SuEXEC $B%5%]!<%H(B

+ +

SuexecUserGroup $B%G%#%l%/%F%#%V(B

+ + + + + + + +

$B@bL@(B:	CGI $B%W%m%0%i%`$N%f!<%6%Q!<%_%C%7%g%s!"%0%k!<%W%Q!<%_%C%7%g%s(B
$B9=J8(B:	`SuexecUserGroup User Group`
$B%3%s%F%-%9%H(B:	$B%5!<%P@_Dj%U%!%$%k(B, $B%P!<%A%c%k%[%9%H(B
$B%9%F!<%?%9(B:	$B3HD%(B
$B%b%8%e!<%k(B:	mod_suexec
$B8_49@-(B:	SuexecUserGroup $B$O(B 2.0 $B0J9_$G$N$_;HMQ2DG=!#(B

SuexecUserGroup $B%G%#%l%/%F%#%V$O(B CGI $B%W%m%0%i%`(B - $B$, + User $B%G%#%l%/%F%#%V$H(B Group $B%G%#%l%/%F%#%V$r;H$&MQK!$NBe$o$j$K$J$j$^$9!#(B

$BNc(B

SuexecUserGroup nobody nogroup

\ No newline at end of file + +

+ + \ No newline at end of file diff --git a/docs/manual/programs/apachectl.html.en b/docs/manual/programs/apachectl.html.en index 7f273708ad..2be27174aa 100644 --- a/docs/manual/programs/apachectl.html.en +++ b/docs/manual/programs/apachectl.html.en @@ -34,7 +34,7 @@

If your Apache installation uses non-standard paths, you will need to edit the apachectl script to set the appropriate paths to the httpd binary. You can also - specify any necessary httpd command line arugments. + specify any necessary httpd command line arguments. See the comments in the script for details.

The apachectl script returns a 0 exit value on @@ -131,7 +131,7 @@ equivalent to apachectl -t.

startssl

This is equivalent to apachectl -k start -DSSL. We -recommend that you use that command explictly, or you adjust your +recommend that you use that command explicitly, or you adjust your httpd.conf to remove the <IfDefine> section so that SSL will always be available.

diff --git a/docs/manual/sections.html.en b/docs/manual/sections.html.en index 1e82644281..2d54762f70 100644 --- a/docs/manual/sections.html.en +++ b/docs/manual/sections.html.en @@ -196,7 +196,7 @@ directives can each use shell-style wildcard characters as in matches any sequence of characters, "?" matches any single character, and "[seq]" matches any character in seq. The "/" character will not be matched by any wildcard; it must be specified -explictly.

+explicitly.

If even more flexible matching is required, each container has a regular-expression (regex) counterpart <DirectoryMatch>, <FilesMatch>, and <LocationMatch> that allow diff --git a/docs/manual/ssl/index.html.ja.jis b/docs/manual/ssl/index.html.ja.jis index f255d57a11..7dd36e2b89 100644 --- a/docs/manual/ssl/index.html.ja.jis +++ b/docs/manual/ssl/index.html.ja.jis @@ -4,7 +4,19 @@ XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX This file is generated from xml source: DO NOT EDIT XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX - -->Apache $B$N(B SSL/TLS $B0E9f2=(B - Apache HTTP $B%5!<%P(B

Apache > HTTP $B%5!<%P(B > $B%I%-%e%a%s%F!<%7%g%s(B > $B%P!<%8%g%s(B 2.0

Apache $B$N(B SSL/TLS $B0E9f2=(B

+ --> +Apache $B$N(B SSL/TLS $B0E9f2=(B - Apache HTTP $B%5!<%P(B + + + + + +

+Apache > HTTP $B%5!<%P(B > $B%I%-%e%a%s%F!<%7%g%s(B > $B%P!<%8%g%s(B 2.1

Apache $B$N(B SSL/TLS $B0E9f2=(B

Apache HTTP $B%5!<%P%b%8%e!<%k(B mod_ssl $B$,(B OpenSSL $B%i%$%V%i%j$X$N%$%s%?!<%U%'!<%9$rDs6!$7$F$$$^$9$,!"$3$l$O(B @@ -12,7 +24,13 @@ Secure Sockts Layer $B$H(B Transport Layer Security $B%W%m%H%3%k$rMQ$$$?6/NO$J0E9f2=$rDs6!$7$^$9!#(B $B$3$N%b%8%e!<%k$d$3$NJ8=q$O(B Ralf S. Engelschall $B$N(B mod_ssl $B%W%m%8%'%/%H$K4p$E$$$F$$$^$9!#(B

Documentation
mod_ssl

Documentation

$B$O$8$a$K(B
$B8_49@-(B
$B$h$/$"$k

$BMQ8l(B

mod_ssl

mod_ssl

$B$3$N%b%8%e!<%k$GDs6!$5$l$k%G%#%l%/%F%#%V$d4D6-JQ?t$K4X$9$k(B $B>\$7$$J8=q$O!"(Bmod_ssl $B%j%U%!%l%s%9(B$B$r$4Mw2<$5$$!#(B

\ No newline at end of file +

+ + \ No newline at end of file diff --git a/docs/manual/ssl/ssl_compat.html.en b/docs/manual/ssl/ssl_compat.html.en index c9d46ae95f..176554336d 100644 --- a/docs/manual/ssl/ssl_compat.html.en +++ b/docs/manual/ssl/ssl_compat.html.en @@ -28,7 +28,7 @@ Here we talk about backward compatibility to other SSL solutions. As you perhaps know, mod_ssl is not the only existing SSL solution for Apache. Actually there are four additional major products available on the market: Ben Laurie's freely available Apache-SSL -(from where mod_ssl were originally derived in 1998), RedHat's commercial Secure Web +(from where mod_ssl were originally derived in 1998), Red Hat's commercial Secure Web Server (which is based on mod_ssl), Covalent's commercial Raven SSL Module (also based on mod_ssl) and finally C2Net's commercial product Stronghold (based on a different evolution branch named Sioux up to Stronghold 2.x and based on @@ -53,7 +53,7 @@ solutions we do an on-the-fly mapping: directives which have a direct counterpart in mod_ssl are mapped silently while other directives lead to a warning message in the logfiles. The currently implemented directive mapping is listed in Table 1. Currently full backward -compatibilty is provided only for Apache-SSL 1.x and mod_ssl 2.0.x. +compatibility is provided only for Apache-SSL 1.x and mod_ssl 2.0.x. Compatibility to Sioux 1.x and Stronghold 2.x is only partial because of special functionality in these interfaces which mod_ssl (still) doesn't provide.

diff --git a/docs/manual/ssl/ssl_faq.html.en b/docs/manual/ssl/ssl_faq.html.en index 4dbcc2d3e7..4f08cc1e4c 100644 --- a/docs/manual/ssl/ssl_faq.html.en +++ b/docs/manual/ssl/ssl_faq.html.en @@ -25,7 +25,7 @@ he poses the right questions.

This chapter is a collection of frequently asked questions (FAQ) and corresponding answers following the popular USENET tradition. Most of these -questions occured on the Newsgroup comp.infosystems.www.servers.unix or the mod_ssl Support +questions occurred on the Newsgroup comp.infosystems.www.servers.unix or the mod_ssl Support Mailing List modssl-users@modssl.org. They are collected at this place to avoid answering the same questions over and over.

@@ -55,7 +55,7 @@ author.

Laurie's development cycle it then was re-assembled from scratch for Apache 1.3.0 by merging the old mod_ssl 1.x with the newer Apache-SSL 1.18. From this point on mod_ssl lived its own life as mod_ssl v2. The - first publically released version was mod_ssl 2.0.0 from August 10th, + first publicly released version was mod_ssl 2.0.0 from August 10th, 1998. As of this writing (August 1999) the current mod_ssl version is 2.4.0.

@@ -87,7 +87,7 @@ author.

Additionally according to a Year 2000 statement from the Apache Group, the Apache webserver is Year 2000 - compliant, too. But whether OpenSSL or the underlaying Operating System + compliant, too. But whether OpenSSL or the underlying Operating System (either a Unix or Win32 platform) is Year 2000 compliant is a different question which cannot be answered here.

@@ -100,9 +100,9 @@ author.

replaced the previous CoCom regime. 33 countries are signatories: Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, - Luxembourg, Netherlands, New Zealand, Norway, Poland, Portugal, Republic + Luxembourg, the Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, - Switzerland, Turkey, Ukraine, United Kingdom and United States. For more + Switzerland, Turkey, Ukraine, the United Kingdom and the United States. For more details look at http://www.wassenaar.org/.

@@ -683,7 +683,7 @@ Hosting to identify different SSL virtual hosts?

Why has my webserver a higher load now that I run SSL there?

Because SSL uses strong cryptographic encryption and this needs a lot of number crunching. And because when you request a webpage via HTTPS even - the images are transfered encrypted. So, when you have a lot of HTTPS + the images are transferred encrypted. So, when you have a lot of HTTPS traffic the load increases.

@@ -691,7 +691,7 @@ Hosting to identify different SSL virtual hosts? the connection, although sometimes it works faster?

Usually this is caused by using a /dev/random device for SSLRandomSeed which is blocking in read(2) calls if not - enough entropy is available. Read more about this problem in the refernce + enough entropy is available. Read more about this problem in the reference chapter under SSLRandomSeed.

@@ -731,9 +731,9 @@ shared cipher'' errors? I try to connect to my freshly installed server?

Either you have messed up your SSLCipherSuite directive (compare it with the pre-configured example in - httpd.conf-dist) or you have choosen the DSA/DH + httpd.conf-dist) or you have chosen the DSA/DH algorithms instead of RSA when you generated your private key - and ignored or overlooked the warnings. If you have choosen + and ignored or overlooked the warnings. If you have chosen DSA/DH, then your server no longer speaks RSA-based SSL ciphers (at least not until you also configure an additional RSA-based certificate/key pair). But current browsers like NS or IE only speak diff --git a/docs/manual/ssl/ssl_howto.html.en b/docs/manual/ssl/ssl_howto.html.en index 2277165be6..02fe037768 100644 --- a/docs/manual/ssl/ssl_howto.html.en +++ b/docs/manual/ssl/ssl_howto.html.en @@ -83,7 +83,7 @@ only, but allows export browsers to upgrade to stronger encryption? strong encryption or have to upgrade to strong encryption, but are not allowed to keep the export ciphers. The following does the trick:

httpd.conf

- # allow all ciphers for the inital handshake, + # allow all ciphers for the initial handshake, # so export browsers can upgrade via SGC facility SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL @@ -132,7 +132,7 @@ all my clients? situation), as it's the case for instance in an Intranet, you can use plain certificate authentication. All you have to do is to create client certificates signed by your own CA certificate - ca.crt and then verifiy the clients against this + ca.crt and then verify the clients against this certificate.


     httpd.conf

       # require a client certificate which has to be directly

@@ -165,7 +165,7 @@ parts of the server?
 on certificates but still allow arbitrary clients to access the remaining
 parts of the server?
 
-    
The key is to check for various ingredients of the client certficate.
+    
The key is to check for various ingredients of the client certificate.
     Usually this means to check the whole or part of the Distinguished
     Name (DN) of the Subject. For this two methods exists: The mod_auth_basic based variant and the SSLRequire variant. The first method is
     good when the clients are of totally different type, i.e. when their
diff --git a/docs/manual/ssl/ssl_intro.html.en b/docs/manual/ssl/ssl_intro.html.en
index bd62894d65..77888ab44e 100644
--- a/docs/manual/ssl/ssl_intro.html.en
+++ b/docs/manual/ssl/ssl_intro.html.en
@@ -40,7 +40,7 @@ from the article Frederick J. Hirsch, of The
 Open Group Research Institute, which was published in Web Security: A Matter of
 Trust, World Wide Web Journal, Volume 2, Issue 3, Summer 1997.
-Please send any postive feedback to Frederick Hirsch (the original
+Please send any positive feedback to Frederick Hirsch (the original
 article author) and all negative feedback to Ralf S. Engelschall (the
 mod_ssl author).

 

@@ -122,7 +122,7 @@ messages which create the same digest -- thus eliminating the possibility of
 substituting one message for another while maintaining the same digest.
 Another challenge that Alice faces is finding a way to send the digest to the
 bank securely; when this is achieved, the integrity of the associated message
-is assured. One way to to this is to include the digest in a digital
+is assured. One way to do this is to include the digest in a digital
 signature.
 
 
@@ -185,7 +185,7 @@ certificates are used for authentication.
     Administrative Information
         Version, Serial Number
     Extended Information
-        Basic Contraints, Netscape Flags, etc.
+        Basic Constraints, Netscape Flags, etc.
     
     
 
diff --git a/docs/manual/suexec.html.en b/docs/manual/suexec.html.en
index e019211423..875cb1959e 100644
--- a/docs/manual/suexec.html.en
+++ b/docs/manual/suexec.html.en
@@ -53,7 +53,7 @@
     Apache Group and this document.
 
     First, it is assumed that you are using a UNIX
-    derivate operating system that is capable of
+    derivative operating system that is capable of
     setuid and setgid operations.
     All command examples are given in this regard. Other platforms,
     if they are capable of supporting suEXEC, may differ in their
@@ -327,7 +327,7 @@
       
     
 
-    
This is the standard operation of the the
+    
This is the standard operation of the
     suEXEC wrapper's security model. It is somewhat stringent and
     can impose new limitations and guidelines for CGI/SSI design,
     but it was developed carefully step-by-step with security in
diff --git a/docs/manual/urlmapping.html.en b/docs/manual/urlmapping.html.en
index e4c9361ce6..98cac60461 100755
--- a/docs/manual/urlmapping.html.en
+++ b/docs/manual/urlmapping.html.en
@@ -199,7 +199,7 @@ ProxyPassReverse /foo/ http://internal.example.com/bar/
 the server to fetch the appropriate documents, while the
 ProxyPassReverse
 directive rewrites redirects originating at
-internal.examle.com so that they target the appropriate
+internal.example.com so that they target the appropriate
 directory on the local server.  It is important to note, however, that
 links inside the documents will not be rewritten.  So any absolute
 links on internal.example.com will result in the client
diff --git a/docs/manual/vhosts/fd-limits.html.en b/docs/manual/vhosts/fd-limits.html.en
index 01c4e63433..8f00a4e628 100644
--- a/docs/manual/vhosts/fd-limits.html.en
+++ b/docs/manual/vhosts/fd-limits.html.en
@@ -97,7 +97,7 @@ more about customizing your log files.)
 When you wish to split your log file into its component parts (one
 file per virtual host) you can use the program split-logfile to accomplish
 this. You'll find this program in the support directory
-of the Apache disribution.
+of the Apache distribution.
 
 Run this program with the command:
 
diff --git a/docs/manual/vhosts/name-based.html.en b/docs/manual/vhosts/name-based.html.en
index ad84cc982d..b809df9b33 100644
--- a/docs/manual/vhosts/name-based.html.en
+++ b/docs/manual/vhosts/name-based.html.en
@@ -157,7 +157,7 @@
 	is allowed, check the Context of the
 	directive.  Configuration directives set in the main server
 	context (outside any <VirtualHost> container)
-	will be used only if they are not overriden by the virtual host
+	will be used only if they are not overridden by the virtual host
 	settings.
 
 	Now when a request arrives, the server will first check if it is
-- 
2.50.1

Log Files

Apache $B%b%8%e!<%k(B mod_suexec

$B35MW(B

Apache $B%b%8%e!<%k(B mod_suexec

$B35MW(B

$B%G%#%l%/%F%#%V(B

$B;2(B$B>H(B

SuexecUserGroup $B%G(B$B%#%l%/%F%#%V(B

$B%G%#%l%/%F%#%V(B

$B;2>H(B

SuexecUserGroup $B%G%#%l%/%F%#%V(B

$BNc(B

Apache $B$N(B SSL/TLS $B0E9f2=(B

Apache $B$N(B SSL/TLS $B0E9f2=(B

Documentation

Documentation

mod_ssl

mod_ssl

Why has my webserver a higher load now that I run SSL there?

httpd.conf

httpd.conf

Apache $B%b%8%e!<%k(B mod_suexec

$B35MW(B

Apache $B%b%8%e!<%k(B mod_suexec

$B35MW(B

$B%G%#%l%/%F%#%V(B

$B;2(B$B>H(B

SuexecUserGroup $B%G(B$B%#%l%/%F%#%V(B

$B%G%#%l%/%F%#%V(B

$B;2>H(B

SuexecUserGroup $B%G%#%l%/%F%#%V(B

$BNc(B

Apache $B$N(B SSL/TLS $B0E9f2=(B

Apache $B$N(B SSL/TLS $B0E9f2=(B