| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> |
| <HTML> |
| <HEAD> |
| <TITLE>Apache Core Features</TITLE> |
| </HEAD> |
| |
| <!-- Background white, links blue (unvisited), navy (visited), red (active) --> |
| <BODY |
| BGCOLOR="#FFFFFF" |
| TEXT="#000000" |
| LINK="#0000FF" |
| VLINK="#000080" |
| ALINK="#FF0000" |
| > |
| <!--#include virtual="header.html" --> |
| |
| <H1 ALIGN="CENTER">Apache Core Features</h1> |
| |
| These configuration parameters control the core Apache features, and are |
| always available. |
| |
| |
| <ul> |
| <li><A HREF="#accessconfig">AccessConfig</A> |
| <li><A HREF="#accessfilename">AccessFileName</A> |
| <li><A HREF="#addmodule">AddModule</A> |
| <li><A HREF="#allowoverride">AllowOverride</A> |
| <li><A HREF="#authname">AuthName</A> |
| <li><A HREF="#authtype">AuthType</A> |
| <li><A HREF="#bindaddress">BindAddress</A> |
| <li><A HREF="#clearmodulelist">ClearModuleList</A> |
| <li><A HREF="#defaulttype">DefaultType</A> |
| <li><A HREF="#directory"><Directory></A> |
| <li><A HREF="#documentroot">DocumentRoot</A> |
| <li><A HREF="#errordocument">ErrorDocument</A> |
| <li><A HREF="#errorlog">ErrorLog</A> |
| <li><A HREF="#files"><Files></A> |
| <li><A HREF="#group">Group</A> |
| <li><A HREF="#hostnamelookups">HostNameLookups</A> |
| <li><A HREF="#identitycheck">IdentityCheck</A> |
| <li><A HREF="#ifmodule"><IfModule></A> |
| <li><A HREF="#keepalive">KeepAlive</A> |
| <li><A HREF="#keepalivetimeout">KeepAliveTimeout</A> |
| <li><A HREF="#limit"><Limit></A> |
| <li><A HREF="#listen">Listen</A> |
| <li><A HREF="#location"><Location></A> |
| <li><A HREF="#lockfile">LockFile</A> |
| <li><A HREF="#maxclients">MaxClients</A> |
| <li><A HREF="#maxkeepaliverequests">MaxKeepAliveRequests</a> |
| <li><A HREF="#maxrequestsperchild">MaxRequestsPerChild</A> |
| <li><A HREF="#maxspareservers">MaxSpareServers</A> |
| <li><A HREF="#minspareservers">MinSpareServers</A> |
| <li><A HREF="#options">Options</A> |
| <li><A HREF="#pidfile">PidFile</A> |
| <li><A HREF="#port">Port</A> |
| <li><A HREF="#require">require</A> |
| <li><A HREF="#resourceconfig">ResourceConfig</A> |
| <li><A HREF="#rlimitcpu">RLimitCPU</A> |
| <li><A HREF="#rlimitmem">RLimitMEM</A> |
| <li><A HREF="#rlimitnproc">RLimitNPROC</A> |
| <li><A HREF="#satisfy">Satisfy</A> |
| <li><A HREF="#scoreboardfile">ScoreBoardFile</A> |
| <li><A HREF="#sendbuffersize">SendBufferSize</A> |
| <li><A HREF="#serveradmin">ServerAdmin</A> |
| <li><A HREF="#serveralias">ServerAlias</A> |
| <li><A HREF="#servername">ServerName</A> |
| <li><A HREF="#serverpath">ServerPath</A> |
| <li><A HREF="#serverroot">ServerRoot</A> |
| <li><A HREF="#servertype">ServerType</A> |
| <li><A HREF="#startservers">StartServers</A> |
| <li><A HREF="#timeout">TimeOut</A> |
| <li><A HREF="#user">User</A> |
| <li><A HREF="#virtualhost"><VirtualHost></A> |
| </ul> |
| <hr> |
| |
| <A name="accessconfig"><h2>AccessConfig directive</h2></A> |
| <!--%plaintext <?INDEX {\tt AccessConfig} directive> --> |
| <strong>Syntax:</strong> AccessConfig <em>filename</em><br> |
| <strong>Default:</strong> <code>AccessConfig conf/access.conf</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The server will read this file for more directives after reading the |
| <A HREF="#resourceconfig">ResourceConfig</A> file. <em>Filename</em> is |
| relative to the <A HREF="#serverroot">ServerRoot</A>. |
| This feature can be disabled using: |
| <blockquote><code>AccessConfig /dev/null</code></blockquote> |
| Historically, this file only contained |
| <A HREF="#directory"><Directory></A> sections; in fact it can now |
| contain any server directive allowed in the <em>server config</em> context. |
| <p><hr> |
| |
| <A name="accessfilename"><h2>AccessFileName directive</h2></A> |
| <!--%plaintext <?INDEX {\tt AccessFileName} directive> --> |
| <strong>Syntax:</strong> AccessFileName <em>filename</em><br> |
| <strong>Default:</strong> <code>AccessFileName .htaccess</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| When returning a document to the client the server looks for an |
| access control file with this name in every directory of the path to |
| the document, if access control files are enabled for that directory. |
| |
| For example: |
| <blockquote><code>AccessFileName .acl</code></blockquote> |
| before returning the document /usr/local/web/index.html, the |
| server will read /.acl, /usr/.acl, /usr/local/.acl and /usr/local/web/.acl |
| for directives, unless they have been disabled with |
| <blockquote><code> |
| <Directory /><br> |
| AllowOverride None<br> |
| </Directory></code></blockquote><p><hr> |
| |
| <A name="addmodule"><h2>AddModule directive</h2></A> |
| <!--%plaintext <?INDEX {\tt AddModule} directive> --> |
| <strong>Syntax:</strong> AddModule <em>module module ...</em><br> |
| <strong>Context:</strong> server config <br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> AddModule is only available in Apache 1.2 and later<p> |
| |
| The server can have modules compiled in which are not actively in use. |
| This directive can be used to enable the use of those modules. The |
| server comes with a pre-loaded list of active modules; this list can |
| be cleared with the <A HREF="#clearmodulelist">ClearModuleList</A> |
| directive.<p><hr> |
| |
| <A name="allowoverride"><h2>AllowOverride directive</h2></A> |
| <!--%plaintext <?INDEX {\tt AllowOverride} directive> --> |
| <strong>Syntax:</strong> AllowOverride <em>override override ...</em><br> |
| <strong>Default:</strong> <code>AllowOverride All</code><br> |
| <strong>Context:</strong> directory<br> |
| <strong>Status:</strong> core<p> |
| |
| When the server finds an .htaccess file (as specified by |
| <A HREF="#accessfilename">AccessFileName</A>) it needs to know which |
| directives declared in that file can override earlier access information.<p> |
| |
| <em>Override</em> can be set to <code>None</code>, in which case the server |
| will not read the file, <code>All</code> in which case the server will |
| allow all the directives, or one or more of the following: |
| <dl> |
| <dt>AuthConfig |
| <dd> |
| <!--%plaintext <?INDEX {\tt AuthConfig} override> --> |
| Allow use of the authorization directives |
| (<A HREF="mod_auth_dbm.html#authdbmgroupfile">AuthDBMGroupFile</A>, |
| <A HREF="mod_auth_dbm.html#authdbmuserfile">AuthDBMUserFile</A>, |
| <A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A>, |
| <A HREF="#authname">AuthName</A>, <A HREF="#authtype">AuthType</A>, |
| <A HREF="mod_auth.html#authuserfile">AuthUserFile</A>, |
| <A HREF="#require">require</A>, etc.). |
| <dt>FileInfo |
| <dd> |
| <!--%plaintext <?INDEX {\tt FileInfo} override> --> |
| Allow use of the directives controlling document types |
| (<A HREF="mod_mime.html#addencoding">AddEncoding</A>, |
| <A HREF="mod_mime.html#addlanguage">AddLanguage</A>, |
| <A HREF="mod_mime.html#addtype">AddType</A>, |
| <A HREF="#defaulttype">DefaultType</A>, |
| <A HREF="#errordocument">ErrorDocument</A>, |
| <A HREF="mod_negotiation.html#languagepriority">LanguagePriority</A>, etc.). |
| <dt>Indexes |
| <dd> |
| <!--%plaintext <?INDEX {\tt Indexes} override> --> |
| Allow use of the directives controlling directory indexing |
| (<A HREF="mod_dir.html#adddescription">AddDescription</A>, |
| <A HREF="mod_dir.html#addicon">AddIcon</A>, |
| <A HREF="mod_dir.html#addiconbyencoding">AddIconByEncoding</A>, |
| <A HREF="mod_dir.html#addiconbytype">AddIconByType</A>, |
| <A HREF="mod_dir.html#defaulticon">DefaultIcon</A>, |
| <A HREF="mod_dir.html#directoryindex">DirectoryIndex</A>, |
| <A HREF="mod_dir.html#fancyindexing">FancyIndexing</A>, |
| <A HREF="mod_dir.html#headername">HeaderName</A>, |
| <A HREF="mod_dir.html#indexignore">IndexIgnore</A>, |
| <A HREF="mod_dir.html#indexoptions">IndexOptions</A>, |
| <A HREF="mod_dir.html#readmename">ReadmeName</A>, etc.). |
| <dt>Limit |
| <dd> |
| <!--%plaintext <?INDEX {\tt Limit} override> --> |
| Allow use of the directives controlling host access (allow, deny and order). |
| <dt>Options |
| <dd> |
| <!--%plaintext <?INDEX {\tt Options} override> --> |
| Allow use of the directives controlling specific directory features |
| (<A HREF="#options">Options</A> and |
| <A HREF="mod_include.html#xbithack">XBitHack</A>). |
| </dl><p><hr> |
| |
| <A name="authname"><h2>AuthName directive</h2></A> |
| <!--%plaintext <?INDEX {\tt AuthName} directive> --> |
| <strong>Syntax:</strong> AuthName <em>auth-domain</em><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> core<p> |
| |
| This directive sets the name of the authorization realm for a directory. |
| This realm is given to the client so that the user knows which username and |
| password to send. |
| It must be accompanied by <A HREF="#authtype">AuthType</A> and |
| <A HREF="#require">require</A> directives, and directives such as |
| <A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and |
| <A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<p><hr> |
| |
| <A name="authtype"><h2>AuthType directive</h2></A> |
| <!--%plaintext <?INDEX {\tt AuthType} directive> --> |
| <strong>Syntax:</strong> AuthType <em>type</em><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> core<p> |
| |
| This directive selects the type of user authentication for a directory. |
| Only <code>Basic</code> is currently implemented. |
| <!--%plaintext <?INDEX {\tt Basic} authentication scheme> --> |
| It must be accompanied by <A HREF="#authname">AuthName</A> and |
| <A HREF="#require">require</A> directives, and directives such as |
| <A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and |
| <A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> to work.<p><hr> |
| |
| <A name="bindaddress"><h2>BindAddress directive</h2></A> |
| <!--%plaintext <?INDEX {\tt BindAddress} directive> --> |
| <strong>Syntax:</strong> BindAddress <em>saddr</em><br> |
| <strong>Default:</strong> <code>BindAddress *</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| A Unix® http server can either listen for connections to every |
| IP address of the server machine, or just one IP address of the server |
| machine. <em>Saddr</em> can be |
| |
| <menu> |
| <li>* |
| <li>An IP address |
| <li>A fully-qualified Internet domain name |
| </menu> |
| If the value is *, then the server will listen for connections on |
| every IP address, otherwise it will only listen on the IP address |
| specified. <p> |
| |
| This option can be used as an alternative method for supporting |
| <A HREF="../virtual-host.html">virtual hosts</A> instead of using |
| <A HREF="#virtualhost"><VirtualHost></A> sections. |
| |
| <p><strong>See Also:</strong> |
| <a href="../dns-caveats.html">DNS Issues</a><br> |
| <strong>See Also:</strong> |
| <a href="../bind.html">Setting which addresses and ports Apache uses</a></p> |
| |
| <hr> |
| |
| <A name="clearmodulelist"><h2>ClearModuleList directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ClearModuleList} directive> --> |
| <strong>Syntax:</strong> ClearModuleList<br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> ClearModuleList is only available in Apache 1.2 and later<p> |
| |
| The server comes with a built-in list of active modules. This |
| directive clears the list. It is assumed that the list will then be |
| re-populated using the <A HREF="#addmodule">AddModule</A> directive.<p><hr> |
| |
| <A name="defaulttype"><h2>DefaultType directive</h2></A> |
| <!--%plaintext <?INDEX {\tt DefaultType} directive> --> |
| <strong>Syntax:</strong> DefaultType <em>mime-type</em><br> |
| <strong>Default:</strong> <code>DefaultType text/html</code><br> |
| <strong>Context:</strong> server config, virtual host, directory, .htaccess<br> |
| <strong>Override:</strong> FileInfo<br> |
| <strong>Status:</strong> core<p> |
| |
| There will be times when the server is asked to provide a document |
| whose type cannot be determined by its MIME types mappings.<p> |
| |
| The server must inform the client of the content-type of the document, so in |
| the event of an unknown type it uses the <CODE>DefaultType</CODE>. For |
| example: |
| <blockquote><code>DefaultType image/gif</code></blockquote> |
| would be appropriate for a directory which contained many gif images |
| with filenames missing the .gif extension.<p><hr> |
| |
| <A name="directory"><h2><Directory> directive</h2></A> |
| <!--%plaintext <?INDEX {\tt Directory} section directive> --> |
| <strong>Syntax:</strong> <Directory <em>directory</em>> ... </Directory> <br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> Core. <p> |
| |
| <Directory> and </Directory> are used to enclose a group of |
| directives which will apply only to the named directory and sub-directories |
| of that directory. Any directive which is allowed in a directory |
| context may be used. <em>Directory</em> is either the full path to a directory, |
| or a wild-card string. In a wild-card string, `?' matches any single character, |
| and `*' matches any sequences of characters. Example: |
| <pre> |
| <Directory /usr/local/httpd/htdocs> |
| Options Indexes FollowSymLinks |
| </Directory> |
| </pre> |
| |
| <p><strong>Apache 1.2 and above:</strong> |
| Extended regular expressions can also be used, with the addition of the |
| <code>~</code> character. For example:</p> |
| |
| <pre> |
| <Directory ~ "^/www/.*/[0-9]{3}"> |
| </pre> |
| |
| would match directories in /www/ that consisted of three numbers.<p> |
| |
| <p>If multiple directory sections match the directory (or its parents) containing |
| a document, then the directives are applied in the order of shortest match |
| first, interspersed with the directives from the |
| <A HREF="#accessfilename">.htaccess</A> files. For example, with |
| <blockquote><code> |
| <Directory /><br> |
| AllowOverride None<br> |
| </Directory><br><br> |
| <Directory /home/*><br> |
| AllowOverride FileInfo<br> |
| </Directory></code></blockquote> |
| for access to the document <code>/home/web/dir/doc.html</code> the |
| steps are: |
| <menu> |
| <li>Apply directive <code>AllowOverride None</code> (disabling |
| <code>.htaccess</code> files). |
| <li>Apply directive <code>AllowOverride FileInfo</code> (for directory |
| <code>/home/web</code>). |
| <li>Apply any FileInfo directives in <code>/home/web/.htaccess</code> |
| </menu> |
| |
| <P> |
| <STRONG> |
| Note that the default Apache access for <Directory /> is |
| <SAMP>Allow from All</SAMP>. This means that Apache will serve any file |
| mapped from an URL. It is recommended that you change this with a block |
| such as |
| </STRONG> |
| <PRE> |
| <Directory /> |
| Order Deny,Allow |
| Deny from All |
| </Directory> |
| </PRE> |
| <P> |
| <STRONG> |
| and then override this for directories you <EM>want</EM> accessible. |
| See the |
| <A |
| HREF="../misc/security_tips.html" |
| >Security Tips</A> |
| page for more details. |
| </STRONG> |
| </P> |
| |
| The directory sections typically occur in the access.conf file, but they |
| may appear in any configuration file. <Directory> directives cannot |
| nest, and cannot appear in a <A HREF="#limit"><Limit></A> section. |
| <p><hr> |
| |
| <A NAME="documentroot"><h2>DocumentRoot directive</h2></A> |
| <!--%plaintext <?INDEX {\tt DocumentRoot} directive> --> |
| <strong>Syntax:</strong> DocumentRoot <em>directory-filename</em><br> |
| <strong>Default:</strong> <code>DocumentRoot |
| /usr/local/etc/httpd/htdocs</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| This directive sets the directory from which httpd will serve files. |
| Unless matched by a directive like Alias, the server appends the path |
| from the requested URL to the document root to make the path to the |
| document. Example: |
| <blockquote><code>DocumentRoot /usr/web</code></blockquote> |
| then an access to <code>http://www.my.host.com/index.html</code> refers |
| to <code>/usr/web/index.html</code>. |
| |
| <P>There appears to be a bug in mod_dir which causes problems when the |
| DocumentRoot has a trailing slash (i.e. "DocumentRoot /usr/web/") so |
| please avoid that. |
| |
| <p><hr> |
| |
| <A name="errordocument"><h2>ErrorDocument directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ErrorDocument} directive> --> |
| <strong>Syntax:</strong> ErrorDocument <em>error-code document</em><br> |
| <strong>Context</strong> server config, virtual host, directory, .htaccess<br> |
| <strong>Status:</strong> core<br> |
| <strong>Override:</strong> FileInfo<br> |
| <strong>Compatibility:</strong> The directory and .htaccess contexts |
| are only available in Apache 1.1 and later.<p> |
| |
| In the event of a problem or error, Apache can be configured to do |
| one of four things, |
| |
| <OL> |
| <LI>output a simple hardcoded error message |
| <LI>output a customized message |
| <LI>redirect to a local URL to handle the problem/error |
| <LI>redirect to an external URL to handle the problem/error |
| </OL> |
| |
| <P>The first option is the default, while options 2-4 are configured |
| using the <CODE>ErrorDocument</CODE> directive, which is followed by |
| the HTTP response code and a message or URL. |
| |
| <P><em>Messages</em> in this context begin with a single quote |
| (<code>"</code>), which does not form part of the message itself. |
| Apache will sometimes offer additional information regarding the |
| problem/error. |
| |
| <P>URLs can begin with a slash (/) for local URLs, or be a full |
| URL which the client can resolve. Examples: |
| <blockquote><code> |
| ErrorDocument 500 http://foo.example.com/cgi-bin/tester<br> |
| ErrorDocument 404 /cgi-bin/bad_urls.pl<br> |
| ErrorDocument 401 /subscription_info.html<br> |
| ErrorDocument 403 "Sorry can't allow you access today |
| </code></blockquote> |
| |
| <P>Note that when you specify an <CODE>ErrorDocument</CODE> that |
| points to a remote URL (ie. anything with a method such as "http" in |
| front of it) Apache will send a redirect to the client to tell it |
| where to find the document, even if the document ends up being |
| on the same server.. This has several implications, the |
| most important being that <STRONG>if you use an "ErrorDocument 401" |
| directive then it must refer to a local document.</STRONG> This results |
| from the nature of the HTTP basic authentication scheme. |
| |
| <P>See Also: <A HREF="../custom-error.html">documentation of customizable |
| responses.</A><p><hr> |
| |
| <A name="errorlog"><h2>ErrorLog directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ErrorLog} directive> --> |
| <strong>Syntax:</strong> ErrorLog <em>filename</em><br> |
| <strong>Default:</strong> <code>ErrorLog logs/error_log</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The error log directive sets the name of the file to which the server will log |
| any errors it encounters. If the filename does not begin with a slash (/) |
| then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>. |
| Example: |
| <blockquote><code>ErrorLog /dev/null</code></blockquote> |
| This effectively turns off error logging.<p> |
| |
| SECURITY: See the <A HREF="../misc/security_tips.html">security tips</A> |
| document for details on why your security could be compromised if |
| the directory where logfiles are stored is writable by anyone other |
| than the user that starts the server. |
| |
| <p><hr> |
| |
| <A name="files"><h2><Files></h2></A> |
| <strong>Syntax:</strong> <Files <em>filename</em>> |
| ... </Files><br> |
| <strong>Context:</strong> server config, virtual host, htaccess<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> only available in Apache |
| 1.2 and above.<p> |
| |
| <p>The <Files> directive provides for access control by |
| filename. It is comparable to the <a |
| href="#directory"><Directory></a> directive and |
| <a href="#location"><Location></a> directives. It |
| should be matched with a </Files> directive. Directives that |
| apply to the filename given should be listed |
| within. <code><Files></code> sections are processed in the |
| order they appear in the configuration file, after the |
| <Directory> sections and <code>.htaccess</code> files are |
| read, but before <Location> sections.</p> |
| |
| <p>The <em>filename</em> argument should include a filename, or a |
| wild-card string, where `?' matches any single character, and `*' matches any |
| sequences of characters. Extended regular expressions can also be used, with the addition of |
| the <code>~</code> character. For example:</p> |
| |
| <pre> |
| <Files ~ "\.(gif|jpe?g|png)$"> |
| </pre> |
| |
| would match most common Internet graphics formats. |
| |
| <p>Note that unlike <a |
| href="#directory"><code><Directory></code></a> and <a |
| href="#location"><code><Location></code></a> sections, |
| <code><Files></code> sections can be used inside .htaccess |
| files. This allows users to control access to their own files, at a |
| file-by-file level. When used in an .htaccess file, if the |
| <em>filename</em> does not begin with a <code>/</code> character, |
| the directory being applied will be prefixed automatically. |
| |
| <p> <hr> |
| |
| <A name="group"><h2>Group directive</h2></A> |
| <!--%plaintext <?INDEX {\tt Group} directive> --> |
| <strong>Syntax:</strong> Group <em>unix-group</em><br> |
| <strong>Default:</strong> <code>Group #-1</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The Group directive sets the group under which the server will answer requests. |
| In order to use this directive, the stand-alone server must be run initially |
| as root. <em>Unix-group</em> is one of: |
| <dl> |
| <dt>A group name |
| <dd>Refers to the given group by name. |
| <dt># followed by a group number. |
| <dd>Refers to a group by its number. |
| </dl> |
| |
| It is recommended that you set up a new group specifically for running the |
| server. Some admins use user <code>nobody</code>, but this is not always |
| possible or desirable.<p> |
| |
| Note: if you start the server as a non-root user, it will fail to change |
| to the specified group, and will instead continue to run as the group of the |
| original user. <p> |
| |
| Special note: Use of this directive in <VirtualHost> requires a |
| properly configured <A HREF="../suexec.html">suEXEC wrapper</A>. |
| When used inside a <VirtualHost> in this manner, only the group |
| that CGIs are run as is affected. Non-CGI requests are still processed |
| as the group specified in the main Group directive.<p> |
| |
| SECURITY: See <A HREF="#user">User</A> for a discussion of the security |
| considerations.<p><hr> |
| |
| <A name="hostnamelookups"><h2>HostNameLookups directive</h2></A> |
| <!--%plaintext <?INDEX {\tt HostNameLookups} directive> --> |
| <strong>Syntax:</strong> HostNameLookups <em>boolean</em><br> |
| <strong>Default:</strong> <code>HostNameLookups on</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| This directive enables DNS lookups so that host names can be logged. |
| Having this directive set <code>on</code> also enables the use of names |
| in <Limit> blocks for access control.<p> |
| |
| Heavily loaded sites should set this directive <code>off</code>, since DNS |
| lookups can take considerable amounts of time. The utility <i>logresolve</i>, |
| provided in the <i>/support</i> directory, can be used to look up host names |
| from logged IP addresses offline.<p><hr> |
| |
| <A name="identitycheck"><h2>IdentityCheck directive</h2></A> |
| <!--%plaintext <?INDEX {\tt IdentityCheck} directive> --> |
| <strong>Syntax:</strong> IdentityCheck <em>boolean</em><br> |
| <strong>Default:</strong> <code>IdentityCheck off</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| This directive enables RFC1413-compliant logging of the remote user name |
| for each connection, where the client machine runs identd or something similar. |
| This information is logged in the access log. <em>Boolean</em> is either |
| <code>on</code> or <code>off</code>.<p> |
| |
| The information should not be trusted in any way except for rudimentary usage |
| tracking.<p> |
| |
| Note that this can cause serious latency problems accessing your server |
| since every request requires one of these lookups to be performed. When |
| firewalls are involved each lookup might possibly fail and add 30 seconds |
| of latency to each hit. So in general this is not very useful on public |
| servers accessible from the Internet. |
| <p><hr> |
| |
| <A NAME="ifmodule"><H2><IfModule></H2></A> |
| <b>Syntax:</b> <IfModule [!]<i>module-name</i>> <i>...</i> |
| </IfModule><br> |
| <b>Default:</b> None<br> |
| <b>Context:</b> all<br> |
| <b>Status:</b> Core |
| <strong>Compatibility:</strong> ScriptLog is only available in 1.2 and |
| later.<P> |
| |
| <p> |
| |
| The <IfModule <i>test</i>>...</IfModule> |
| section is used to mark directives that are conditional. The |
| directives within an IfModule section are only |
| processed if the <i>test</i> is true. If <i>test</i> |
| is false, everything between the start and end markers |
| is ignored.<p> |
| |
| The <i>test</i> in the <IfModule> section directive |
| can be one of two forms: |
| |
| <ul> |
| <li><i>module name</i> |
| <li>!<i>module name</i> |
| </ul> |
| |
| <p>In the former case, the directives between the start and end markers |
| are only processed if the module named <i>module name</i> is compiled |
| in to Apache. The second format reverses the test, and only processes |
| the directives if <i>module name</i> is <b>not</b> compiled in. |
| |
| <p>The <i>module name</i> argument is a module name as given as the file |
| name of the module, at the time it was compiled. For example, |
| <code>mod_rewrite.c</code>. |
| |
| <p><IfModule> sections are nest-able, which can be used to implement |
| simple multiple-module tests. |
| |
| <P> <hr> |
| |
| <h2><a name="keepalive">KeepAlive</a></h2> |
| <strong>Syntax: (Apache 1.1)</strong> KeepAlive <em>max-requests</em><br> |
| <strong>Default: (Apache 1.1)</strong> <code>KeepAlive 5</code><br> |
| <strong>Syntax: (Apache 1.2)</strong> KeepAlive <em>on/off</em><br> |
| <strong>Default: (Apache 1.2)</strong> <code>KeepAlive On</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> Core<br> |
| <strong>Compatibility:</strong> KeepAlive is only available in Apache |
| 1.1 and later.<p> |
| |
| This directive enables |
| <a href="../keepalive.html">Keep-Alive</a> |
| support. |
| |
| <p><strong>Apache 1.1</strong>: Set <em>max-requests</em> |
| to the maximum number of requests you want Apache to entertain per |
| request. A limit is imposed to prevent a client from hogging your |
| server resources. Set this to <code>0</code> to disable support. |
| |
| <p><strong>Apache 1.2 and later</strong>: Set to "On" to enable |
| persistent connections, "Off" to disable. See also the <a |
| href="#maxkeepaliverequests">MaxKeepAliveRequests</a> directive.</p> |
| |
| <h2><a name="keepalivetimeout">KeepAliveTimeout</a></h2> |
| <strong>Syntax:</strong> KeepAliveTimeout <em>seconds</em><br> |
| <strong>Default:</strong> <code>KeepAliveTimeout 15</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> Core<br> |
| <strong>Compatibility:</strong> KeepAliveTimeout is only available in Apache |
| 1.1 and later.<p> |
| |
| The number of seconds Apache will wait for a subsequent request before |
| closing the connection. Once a request has been received, the timeout |
| value specified by the <a |
| href="#timeout"><code>Timeout</code></a> directive |
| applies. |
| <hr> |
| |
| <A name="listen"><h2>Listen</h2></A> |
| <strong>Syntax:</strong> |
| Listen [<em>IP address</em>:]<em>port number</em><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> Listen is only available in Apache |
| 1.1 and later.<p> |
| |
| <p>The Listen directive instructs Apache to listen to more than one IP |
| address or port; by default it responds to requests on all IP |
| interfaces, but only on the port given by the <a href="#port">Port</a> |
| directive.</p> |
| |
| <p><strong>See Also:</strong> |
| <a href="../dns-caveats.html">DNS Issues</a><br> |
| <strong>See Also:</strong> |
| <a href="../bind.html">Setting which addresses and ports Apache uses</a><br> |
| <strong>See Also:</strong> |
| <a href="../misc/known_bugs.html#listenbug">Known Bugs</a></p> |
| <hr> |
| |
| <A name="limit"><h2><Limit> directive</h2></A> |
| <!--%plaintext <?INDEX {\tt Limit} section directive> --> |
| <strong>Syntax:</strong> |
| <Limit <em>method method</em> ... > ... </Limit><br> |
| <strong>Context:</strong> any<br> |
| <strong>Status:</strong> core<p> |
| |
| <Limit> and </Limit> are used to enclose a group of |
| access control directives which will then apply only to the specified |
| access methods, where <em>method</em> is any valid HTTP method. |
| Any directive except another <Limit> or |
| <A HREF="#directory"><Directory></A> may be used; the majority will be |
| unaffected by the <Limit>. Example: |
| <blockquote><code> |
| <Limit GET POST><br> |
| require valid-user<br> |
| </Limit></code></blockquote> |
| If an access control directive appears outside a <Limit> directive, |
| then it applies to all access methods.<p><hr> |
| |
| <h2><a name="location"><Location></a></h2> |
| |
| <strong>Syntax:</strong> <Location <em>URL</em>> |
| ... </Location><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> Location is only available in Apache |
| 1.1 and later.<p> |
| |
| <p>The <Location> directive provides for access control by |
| URL. It is comparable to the <a |
| href="#directory"><Directory></a> directive, and |
| should be matched with a </Location> directive. Directives that |
| apply to the URL given should be listed |
| within. <code><Location></code> sections are processed in the |
| order they appear in the configuration file, after the |
| <Directory> sections and <code>.htaccess</code> files are |
| read.</p> |
| |
| <p>Note that, due to the way HTTP functions, <em>URL prefix</em> |
| should, save for proxy requests, be of the form <code>/path/</code>, |
| and should not include the <code>http://servername</code>. It doesn't |
| necessarily have to protect a directory (it can be an individual |
| file, or a number of files), and can include wild-cards. In a wild-card |
| string, `?' matches any single character, and `*' matches any |
| sequences of characters. |
| |
| <p><strong>Apache 1.2 and above:</strong> |
| Extended regular expressions can also be used, with the addition of |
| the |
| <code>~</code> character. For example:</p> |
| |
| <pre> |
| <Location ~ "/(extra|special)/data"> |
| </pre> |
| |
| <p>would match URLs that contained the substring "/extra/data" or |
| "/special/data".</p> |
| |
| <p>The <code>Location</code> functionality is especially useful when |
| combined with the <code><a |
| href="mod_mime.html#sethandler">SetHandler</a></code> directive. For example, to enable status requests, but allow them only |
| from browsers at foo.com, you might use: |
| |
| <pre> |
| <Location /status> |
| SetHandler server-status |
| order deny,allow |
| deny from all |
| allow from .foo.com |
| </Location> |
| </pre> |
| <hr> |
| |
| <A NAME="lockfile"><H2>LockFile</H2></A> |
| <strong>Syntax:</strong> LockFile <em>filename</em><BR> |
| <strong>Default:</strong> <code>LockFile logs/accept.lock</code><BR> |
| <strong>Context:</strong> server config<BR> |
| <strong>Status:</strong> core<P> |
| |
| The LockFile directive sets the path to the lockfile used when |
| Apache is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or |
| USE_FLOCK_SERIALIZED_ACCEPT. This directive should normally be |
| left at its default value. The main reason for changing it is if |
| the <code>logs</code> directory is NFS mounted, since the lockfile |
| should be stored on a local disk if possible. The PID of the main |
| server process is automatically appended to the filename. |
| |
| <P><HR> |
| |
| <A name="maxclients"><h2>MaxClients</h2></A> |
| <!--%plaintext <?INDEX {\tt MaxClients} directive> --> |
| <strong>Syntax:</strong> MaxClients <em>number</em><br> |
| <strong>Default:</strong> <code>MaxClients 256</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The MaxClients directive sets the limit on the number of simultaneous |
| requests that can be supported; not more than this number of child server |
| processes will be created.<p><hr> |
| |
| <A name="maxkeepaliverequests"><h2>MaxKeepAliveRequests</h2></A> |
| <strong>Syntax:</strong> MaxKeepAliveRequests <em>number</em><br> |
| <strong>Default:</strong> <code>MaxKeepAliveRequests 100</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> Only available in Apache |
| 1.2 and later. |
| |
| <p>The MaxKeepAliveRequests directive limits the number of requests |
| allowed per connection when <a href="#keepalive">KeepAlive</a> is |
| on. If it is set to "<code>0</code>", unlimited requests will be |
| allowed. We recommend that this setting be kept to a high value for |
| maximum server performance. |
| |
| <A name="maxrequestsperchild"><h2>MaxRequestsPerChild directive</h2></A> |
| <!--%plaintext <?INDEX {\tt MaxRequestsPerChild} directive> --> |
| <strong>Syntax:</strong> MaxRequestsPerChild <em>number</em><br> |
| <strong>Default:</strong> <code>MaxRequestsPerChild 0</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The MaxRequestsPerChild directive sets the limit on the number of requests |
| that an individual child server process will handle. After MaxRequestsPerChild |
| requests, the child process will die. If MaxRequestsPerChild is 0, then |
| the process will never expire.<p> |
| |
| Setting MaxRequestsPerChild to a non-zero limit has two beneficial effects: |
| <ul> |
| <li>it limits the amount of memory that process can consume by (accidental) |
| memory leakage; |
| <li> by giving processes a finite lifetime, it helps reduce the |
| number of processes when the server load reduces. |
| </ul><p><hr> |
| |
| <A name="maxspareservers"><h2>MaxSpareServers directive</h2></A> |
| <!--%plaintext <?INDEX {\tt MaxSpareServers} directive> --> |
| <strong>Syntax:</strong> MaxSpareServers <em>number</em><br> |
| <strong>Default:</strong> <code>MaxSpareServers 10</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The MaxSpareServers directive sets the desired maximum number of <em>idle</em> |
| child server processes. An idle process is one which is not handling |
| a request. If there are more than MaxSpareServers idle, then the parent |
| process will kill off the excess processes.<p> |
| |
| Tuning of this parameter should only be necessary on very busy sites. |
| Setting this parameter to a large number is almost always a bad idea.<p> |
| |
| See also <A HREF="#minspareservers">MinSpareServers</A> and |
| <A HREF="#startservers">StartServers</A>.<p><hr> |
| |
| <A name="minspareservers"><h2>MinSpareServers directive</h2></A> |
| <!--%plaintext <?INDEX {\tt MinSpareServers} directive> --> |
| <strong>Syntax:</strong> MinSpareServers <em>number</em><br> |
| <strong>Default:</strong> <code>MinSpareServers 5</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The MinSpareServers directive sets the desired minimum number of <em>idle</em> |
| child server processes. An idle process is one which is not handling |
| a request. If there are fewer than MinSpareServers idle, then the parent |
| process creates new children at a maximum rate of 1 per second.<p> |
| |
| Tuning of this parameter should only be necessary on very busy sites. |
| Setting this parameter to a large number is almost always a bad idea.<p> |
| |
| See also <A HREF="#maxspareservers">MaxSpareServers</A> and |
| <A HREF="#startservers">StartServers</A>.<p><hr> |
| |
| <A name="options"><h2>Options directive</h2></A> |
| <!--%plaintext <?INDEX {\tt Options} directive> --> |
| <strong>Syntax:</strong> Options <em>[+|-]option [+|-]option ...</em><br> |
| <strong>Context:</strong> server config, virtual host, directory, .htaccess<br> |
| <strong>Override:</strong> Options<br> |
| <strong>Status:</strong> core<p> |
| |
| The Options directive controls which server features are available in |
| a particular directory. |
| <p> |
| <em>option</em> can be set to <code>None</code>, in which case none of |
| the extra features are enabled, or one or more of the following: |
| <dl> |
| <dt>All |
| <dd>All options except for MultiViews. |
| <dt>ExecCGI |
| <dd> |
| <!--%plaintext <?INDEX {\tt ExecCGI} option> --> |
| Execution of CGI scripts is permitted. |
| <dt>FollowSymLinks |
| <dd> |
| <!--%plaintext <?INDEX {\tt FollowSymLinks} option> --> |
| The server will follow symbolic links in this directory. |
| <b>Note</b>: even though the server follows the symlink it does <i>not</i> |
| change the pathname used to match against <code><Directory></code> |
| sections. |
| <dt>Includes |
| <dd> |
| <!--%plaintext <?INDEX {\tt Includes} option> --> |
| Server-side includes are permitted. |
| <dt>IncludesNOEXEC |
| <dd> |
| <!--%plaintext <?INDEX {\tt IncludesNOEXEC} option> --> |
| Server-side includes are permitted, but the #exec command and |
| #include of CGI scripts are disabled. |
| <dt>Indexes |
| <dd> |
| <!--%plaintext <?INDEX {\tt Indexes} option> --> |
| If a URL which maps to a directory is requested, and the there is no |
| DirectoryIndex (e.g. index.html) in that directory, then the server will |
| return a formatted listing of the directory. |
| <dt>MultiViews |
| <dd> |
| <!--%plaintext <?INDEX {\tt MultiViews} option> --> |
| <A HREF="../content-negotiation.html">Content negotiated</A> MultiViews are |
| allowed. |
| <dt>SymLinksIfOwnerMatch |
| <dd> |
| <!--%plaintext <?INDEX {\tt SymLinksIfOwnerMatch} option> --> |
| The server will only follow symbolic links for which the target |
| file or directory is owned by the same user id as the link. |
| </dl> |
| |
| Normally, if multiple <code>Options</code> could apply to a directory, |
| then the most specific one is taken complete; the options are not |
| merged. However if <i>all</i> the options on the <code>Options</code> |
| directive are preceded by a + or - symbol, the options are |
| merged. Any options preceded by a + are added to the options |
| currently in force, and any options preceded by a - are removed from |
| the options currently in force. <P> |
| |
| For example, without any + and - symbols: |
| |
| <blockquote><code> |
| <Directory /web/docs> <br> |
| Options Indexes FollowSymLinks<br> |
| </Directory><br> |
| <Directory /web/docs/spec> <br> |
| Options Includes<br> |
| </Directory> |
| </code></blockquote> |
| then only <code>Includes</code> will be set for the /web/docs/spec |
| directory. However if the second <code>Options</code> directive uses the + |
| and - symbols:<p> |
| |
| <blockquote><code> |
| <Directory /web/docs> <br> |
| Options Indexes FollowSymLinks<br> |
| </Directory><br> |
| <Directory /web/docs/spec> <br> |
| Options +Includes -Indexes<br> |
| </Directory> |
| </code></blockquote> |
| then the options <code>FollowSymLinks</code> and <code>Includes</code> |
| are set for the /web/docs/spec directory. |
| <hr> |
| |
| <A name="pidfile"><h2>PidFile directive</h2></A> |
| <!--%plaintext <?INDEX {\tt PidFile} directive> --> |
| <strong>Syntax:</strong> PidFile <em>filename</em><br> |
| <strong>Default:</strong> <code>PidFile logs/httpd.pid</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The PidFile directive sets the file to which the server records the |
| process id of the daemon. If the filename does not begin with a slash (/) |
| then it is assumed to be relative to the <A HREF="#serverroot">ServerRoot</A>. |
| The PidFile is only used in <A HREF="#servertype">standalone</A> mode.<p> |
| |
| It is often useful to be able to send the server a signal, so that it closes |
| and then reopens its <A HREF="#errorlog">ErrorLog</A> and TransferLog, and |
| re-reads its configuration files. This is done by sending a SIGHUP (kill -1) |
| signal to the process id listed in the PidFile.<p> |
| |
| The PidFile is subject to the same warnings about log file placement and |
| <a href="../misc/security_tips.html">security</a>. |
| |
| <p><hr> |
| |
| <A name="port"><h2>Port directive</h2></A> |
| <!--%plaintext <?INDEX {\tt Port} directive> --> |
| <strong>Syntax:</strong> Port <em>number</em><br> |
| <strong>Default:</strong> <code>Port 80</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| <em>Number</em> is a number from 0 to 65535; some port numbers (especially below |
| 1024) are reserved for particular protocols. See <code>/etc/services</code> |
| for a list of some defined ports; the standard port for the http protocol |
| is 80.<p> |
| |
| The Port directive has two behaviors, the first of which is necessary for |
| NCSA backwards compatibility (and which is confusing in the context of |
| Apache).<p> |
| |
| <ul> |
| <li> |
| In the absence of any <a href="#listen">Listen</a> or |
| <a href="#bindaddress">BindAddress</a> directives specifying a port number, |
| the Port directive sets the network port on which the server listens. |
| If there are any Listen or BindAddress directives specifying |
| <code>:number</code> then Port has no effect on what address the server |
| listens at. |
| |
| <li>The Port directive |
| sets the <code>SERVER_PORT</code> environment variable (for |
| <a href="mod_cgi.html">CGI</a> and <a href="mod_include.html">SSI</a>), |
| and is used when the server must generate a URL that refers to itself |
| (for example when creating an external redirect to itself). |
| </ul> |
| |
| In no event does a Port setting affect |
| what ports a <a href="#virtualhost">VirtualHost</a> responds on, the |
| VirtualHost directive itself is used for that.<p> |
| |
| The primary behaviour of Port should be considered to be similar to that of |
| the <a href="#servername">ServerName</a> directive. The ServerName |
| and Port together specify what you consider to be the <i>canonical</i> |
| address of the server.<p> |
| |
| Port 80 is one of Unix's special ports. All ports numbered |
| below 1024 are reserved for system use, i.e. regular (non-root) users cannot |
| make use of them; instead they can only use higher port numbers. |
| To use port 80, you must start the server from the root account. |
| After binding to the port and before accepting requests, Apache will change |
| to a low privileged user as set by the <A HREF="#user">User directive</A>.<p> |
| |
| If you cannot use port 80, choose any other unused port. Non-root users |
| will have to choose a port number higher than 1023, such as 8000.<p> |
| |
| SECURITY: if you do start the server as root, be sure |
| not to set <A HREF="#user">User</A> to root. If you run the server as |
| root whilst handling connections, your site may be open to a major security |
| attack.<p><hr> |
| |
| <A name="require"><h2>require directive</h2></A> |
| <!--%plaintext <?INDEX {\tt require} directive> --> |
| <strong>Syntax:</strong> require <em>entity-name entity entity...</em><br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Override:</strong> AuthConfig<br> |
| <strong>Status:</strong> core<p> |
| |
| This directive selects which authenticated users can access a directory. |
| The allowed syntaxes are: |
| <ul> |
| <li>require user <em>userid userid ...</em><p> |
| Only the named users can access the directory.<p> |
| <li>require group <em>group-name group-name ...</em><p> |
| Only users in the named groups can access the directory.<p> |
| <li>require valid-user<p> |
| All valid users can access the directory. |
| </ul> |
| <p> |
| If <code>require</code> appears in a <A HREF="#limit"><Limit></A> |
| section, then it restricts access to the named methods, otherwise |
| it restricts access for all methods. Example: |
| <blockquote><code> |
| AuthType Basic<br> |
| AuthName somedomain<br> |
| AuthUserFile /web/users<br> |
| AuthGroupFile /web/groups<br> |
| <Limit GET POST><br> |
| require group admin<br> |
| </Limit> |
| </code></blockquote> |
| |
| Require must be accompanied by <A HREF="#authname">AuthName</A> and |
| <A HREF="#authtype">AuthType</A> directives, and directives such as |
| <A HREF="mod_auth.html#authuserfile">AuthUserFile</A> and |
| <A HREF="mod_auth.html#authgroupfile">AuthGroupFile</A> (to define users and |
| groups) in order to work correctly.<p><hr> |
| |
| <A name="resourceconfig"><h2>ResourceConfig directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ResourceConfig} directive> --> |
| <strong>Syntax:</strong> ResourceConfig <em>filename</em><br> |
| <strong>Default:</strong> <code>ResourceConfig conf/srm.conf</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The server will read this file for more directives after reading the |
| httpd.conf file. <em>Filename</em> is relative to the |
| <A HREF="#serverroot">ServerRoot</A>. |
| This feature can be disabled using: |
| <blockquote><code>ResourceConfig /dev/null</code></blockquote> |
| Historically, this file contained most directives except for server |
| configuration directives and <A HREF="#directory"><Directory></A> |
| sections; in fact it can now contain any server directive allowed in the |
| <em>server config</em> context.<p> |
| |
| See also <A HREF="#accessconfig">AccessConfig</A>.<p><hr> |
| |
| <A name="rlimit"> </A> |
| <A name="rlimitcpu"><h2>RLimitCPU directive</h2></A> |
| <!--%plaintext <?INDEX {\tt RLimitCPU} directive> --> |
| <strong>Syntax:</strong> RLimitCPU <em># or 'max'</em> <em>[# or 'max']</em><br> |
| <strong>Default:</strong> <code>Unset uses operating system defaults</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> RLimitCPU is only available in Apache 1.2 and later<p> |
| |
| Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all |
| processes and the second parameter sets the maximum resource limit. Either parameter |
| can be a number, or <em>max</em> to indicate to the server that the limit should |
| be set to the maximum allowed by the operating system configuration. Raising the |
| maximum resource limit requires that the server is running as root, or in the initial |
| startup phase.<p> |
| |
| CPU resource limits are expressed in seconds per process.<p> |
| |
| See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="#rlimitnproc">RLimitNPROC</A>.<p><hr> |
| |
| <A name="rlimitmem"><h2>RLimitMEM directive</h2></A> |
| <!--%plaintext <?INDEX {\tt RLimitMEM} directive> --> |
| <strong>Syntax:</strong> RLimitMEM <em># or 'max'</em> <em>[# or 'max']</em><br> |
| <strong>Default:</strong> <code>Unset uses operating system defaults</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> RLimitMEM is only available in Apache 1.2 and later<p> |
| |
| Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all |
| processes and the second parameter sets the maximum resource limit. Either parameter |
| can be a number, or <em>max</em> to indicate to the server that the limit should |
| be set to the maximum allowed by the operating system configuration. Raising the |
| maximum resource limit requires that the server is running as root, or in the initial |
| startup phase.<p> |
| |
| Memory resource limits are expressed in bytes per process.<p> |
| |
| See also <A HREF="#rlimitcpu">RLimitCPU</A> or <A HREF="#rlimitnproc">RLimitNPROC</A>.<p><hr> |
| |
| <A name="rlimitnproc"><h2>RLimitNPROC directive</h2></A> |
| <!--%plaintext <?INDEX {\tt RLimitNPROC} directive> --> |
| <strong>Syntax:</strong> RLimitNPROC <em># or 'max'</em> <em>[# or 'max']</em><br> |
| <strong>Default:</strong> <code>Unset uses operating system defaults</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> RLimitNPROC is only available in Apache 1.2 and later<p> |
| |
| Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all |
| processes and the second parameter sets the maximum resource limit. Either parameter |
| can be a number, or <em>max</em> to indicate to the server that the limit should |
| be set to the maximum allowed by the operating system configuration. Raising the |
| maximum resource limit requires that the server is running as root, or in the initial |
| startup phase.<p> |
| |
| Process limits control the number of processes per user.<p> |
| |
| Note: If CGI processes are <b>not</b> running under userids other than the |
| web server userid, this directive will limit the number of processes that the |
| server itself can create. Evidence of this situation will be indicated by |
| <b><em>cannot fork</em></b> messages in the error_log.<p> |
| |
| See also <A HREF="#rlimitmem">RLimitMEM</A> or <A HREF="#rlimitcpu">RLimitCPU</A>. |
| |
| <p><hr> |
| |
| <A name="satisfy"><h2>Satisfy</h2></A> |
| <!--%plaintext <?INDEX {\tt Satisfy} directive> --> |
| <strong>Syntax:</strong> Satisfy <em>'any' or 'all'</em><br> |
| <strong>Default:</strong> Satisfy all<br> |
| <strong>Context:</strong> directory, .htaccess<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> Satisfy is only available in Apache 1.2 and later<p> |
| |
| Access policy if both allow and require used. The parameter can be |
| either <em>'all'</em> or <em>'any'</em>. This directive is only useful |
| if access to a particular area is being restricted by both |
| username/password <i>and</i> client host address. In this case the |
| default behavior ("all") is to require that the client passes the |
| address access restriction <i>and</i> enters a valid username and |
| password. With the "any" option the client will be granted access if |
| they either pass the host restriction or enter a valid username and |
| password. This can be used to password restrict an area, but to let |
| clients from particular addresses in without prompting for a password. |
| |
| |
| <p><hr> |
| |
| <A name="scoreboardfile"><h2>ScoreBoardFile directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ScoreBoardFile} directive> --> |
| <strong>Syntax:</strong> ScoreBoardFile <em>filename</em><br> |
| <strong>Default:</strong> <code>ScoreBoardFile logs/apache_status</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The ScoreBoardFile directive is required on some architectures to place |
| a file that the server will use to communicate between its children and |
| the parent. The easiest way to find out if your architecture requires |
| a scoreboard file is to run Apache and see if it creates the file named |
| by the directive. If your architecture requires it then you must ensure |
| that this file is not used at the same time by more than one invocation |
| of Apache.<p> |
| |
| If you have to use a ScoreBoardFile then you may see improved speed by |
| placing it on a RAM disk. But be careful that you heed the same warnings |
| about log file placement and |
| <a href="../misc/security_tips.html">security</a>.<p> |
| |
| Apache 1.2 and above:<p> |
| |
| Linux 1.x users might be able to add <code>-DHAVE_SHMGET</code> to |
| the <code>EXTRA_CFLAGS</code> in your <code>Configuration</code>. This |
| might work with some 1.x installations, but won't work with all of |
| them.<p> |
| |
| SVR4 users should consider adding <code>-DHAVE_SHMGET</code> to the |
| <code>EXTRA_CFLAGS</code> in your <code>Configuration</code>. This |
| is believed to work, but we were unable to test it in time for 1.2 |
| release.<p> |
| |
| <strong>See Also</strong>: |
| <a href="../stopping.html">Stopping and Restarting Apache</a></p> |
| |
| <p><hr> |
| |
| <A name="sendbuffersize"><h2>SendBufferSize directive</h2></A> |
| <!--%plaintext <?INDEX {\tt SendBufferSize} directive> --> |
| <strong>Syntax:</strong> SendBufferSize <em>bytes</em><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The server will set the TCP buffer size to the number of bytes |
| specified. Very useful to increase past standard OS defaults on high |
| speed high latency (i.e. 100ms or so, such as transcontinental |
| fast pipes) |
| <p><hr> |
| |
| <A name="serveradmin"><h2>ServerAdmin directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ServerAdmin} directive> --> |
| <strong>Syntax:</strong> ServerAdmin <em>email-address</em><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The ServerAdmin sets the e-mail address that the server includes in any |
| error messages it returns to the client.<p> |
| |
| It may be worth setting up a dedicated address for this, e.g. |
| <blockquote><code>ServerAdmin www-admin@foo.bar.com</code></blockquote> |
| as users do not always mention that they are talking about the server!<p><hr> |
| |
| <A name="serveralias"><h2>ServerAlias directive</h2></A> |
| |
| <strong>Syntax:</strong> ServerAlias <em>host1 host2 ...</em><br> |
| <strong>Context:</strong> virtual host<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> ServerAlias is only available in Apache |
| 1.1 and later.<p> |
| |
| The ServerAlias directive sets the alternate names for a host, for use |
| with |
| <a href="../host.html">Host-header based virtual hosts</a>. |
| <p><strong>See Also</strong>: |
| <a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a></p> |
| |
| <hr> |
| |
| <A name="servername"><h2>ServerName directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ServerName} directive> --> |
| <strong>Syntax:</strong> ServerName <em>fully-qualified domain name</em><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The ServerName directive sets the hostname of the server; this is only |
| used when creating redirection URLs. If it is not specified, then the |
| server attempts to deduce it from its own IP address; however this may |
| not work reliably, or may not return the preferred hostname. For example: |
| <blockquote><code>ServerName www.wibble.com</code></blockquote> |
| would be used if the canonical (main) name of the actual machine |
| were <code>monster.wibble.com</code>.<p> |
| <p><strong>See Also</strong>: |
| <a href="../dns-caveats.html">DNS Issues</a></p> |
| <hr> |
| |
| <A name="serverpath"><h2>ServerPath directive</h2></A> |
| |
| <strong>Syntax:</strong> ServerPath <em>pathname</em><br> |
| <strong>Context:</strong> virtual host<br> |
| <strong>Status:</strong> core<br> |
| <strong>Compatibility:</strong> ServerPath is only available in Apache |
| 1.1 and later.<p> |
| |
| The ServerPath directive sets the legacy URL pathname for a host, for |
| use with <a href="../host.html">Host-header based virtual hosts</a>. |
| <p><strong>See Also</strong>: |
| <a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a></p> |
| <hr> |
| |
| <A name="serverroot"><h2>ServerRoot directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ServerRoot} directive> --> |
| <strong>Syntax:</strong> ServerRoot <em>directory-filename</em><br> |
| <strong>Default:</strong> <code>ServerRoot /usr/local/etc/httpd</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The ServerRoot directive sets the directory in which the server lives. |
| Typically it will contain the subdirectories <code>conf/</code> and |
| <code>logs/</code>. Relative paths for other configuration files are taken |
| as relative to this directory.<br> |
| See also <a href="../invoking.html">the <code>-d</code> option to httpd</a>.<p><hr> |
| |
| <A name="servertype"><h2>ServerType directive</h2></A> |
| <!--%plaintext <?INDEX {\tt ServerType} directive> --> |
| <strong>Syntax:</strong> ServerType <em>type</em><br> |
| <strong>Default:</strong> <code>ServerType standalone</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The ServerType directive sets how the server is executed by the system. |
| <em>Type</em> is one of |
| <dl> |
| <dt>inetd |
| <dd>The server will be run from the system process inetd; the command to start |
| the server is added to <code>/etc/inetd.conf</code> |
| <dt>standalone |
| <dd>The server will run as a daemon process; the command to start the server |
| is added to the system startup scripts. (<code>/etc/rc.local</code> or |
| <code>/etc/rc3.d/...</code>.) |
| </dl> |
| |
| Inetd is the lesser used of the two options. For each http |
| connection received, a new copy of the server is started from scratch; |
| after the connection is complete, this program exits. There is a high price to |
| pay per connection, but for security reasons, some admins prefer this option. |
| <p> |
| |
| Standalone is the most common setting for ServerType since |
| it is far more efficient. The server is started once, and services all |
| subsequent connections. If you intend running Apache to serve a busy site, |
| standalone will probably be your only option.<p> |
| |
| SECURITY: if you are paranoid about security, run in inetd mode. Security |
| cannot be guaranteed in either, but whilst most people are happy to use |
| standalone, inetd is probably least prone to attack.<p><hr> |
| |
| <A name="startservers"><h2>StartServers directive</h2></A> |
| <!--%plaintext <?INDEX {\tt StartServers} directive> --> |
| <strong>Syntax:</strong> StartServers <em>number</em><br> |
| <strong>Default:</strong> <code>StartServers 5</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The StartServers directive sets the number of child server processes created |
| on startup. As the number of processes is dynamically controlled depending |
| on the load, there is usually little reason to adjust this parameter.<p> |
| |
| See also <A HREF="#minspareservers">MinSpareServers</A> and |
| <A HREF="#maxspareservers">MaxSpareServers</A>.<p><hr> |
| |
| <A name="timeout"><h2>TimeOut directive</h2></A> |
| <!--%plaintext <?INDEX {\tt TimeOut} directive> --> |
| <strong>Syntax:</strong> TimeOut <em>number</em><br> |
| <strong>Default:</strong> <code>TimeOut 300</code><br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> core<p> |
| |
| The TimeOut directive currently defines the amount of time Apache will |
| wait for three things: |
| |
| <OL> |
| <LI>The total amount of time it takes to receive a GET request. |
| <LI>The amount of time between receipt of TCP packets on a POST or |
| PUT request. |
| <LI>The amount of time between ACKs on transmissions of TCP packets |
| in responses. |
| </OL> |
| |
| We plan on making these separately configurable at some point down the |
| road. The timer used to default to 1200 before 1.2, but has been |
| lowered to 300 which is still far more than necessary in most |
| situations. It is not set any lower by default because there may |
| still be odd places in the code where the timer is not reset when |
| a packet is sent. |
| |
| <p><hr> |
| |
| <A name="user"><h2>User directive</h2></A> |
| <!--%plaintext <?INDEX {\tt User} directive> --> |
| <strong>Syntax:</strong> User <em>unix-userid</em><br> |
| <strong>Default:</strong> <code>User #-1</code><br> |
| <strong>Context:</strong> server config, virtual host<br> |
| <strong>Status:</strong> core<p> |
| |
| The User directive sets the userid as which the server will answer requests. |
| In order to use this directive, the standalone server must be run initially |
| as root. <em>Unix-userid</em> is one of: |
| <dl> |
| <dt>A username |
| <dd>Refers to the given user by name. |
| <dt># followed by a user number. |
| <dd>Refers to a user by their number. |
| </dl> |
| |
| The user should have no privileges which result in it being able to access |
| files which are not intended to be visible to the outside world, and |
| similarly, the user should not be able to execute code which is not |
| meant for httpd requests. It is recommended that you set up a new user and |
| group specifically for running the server. Some admins use user |
| <code>nobody</code>, but this is not always possible or desirable.<p> |
| |
| Notes: If you start the server as a non-root user, it will fail to change |
| to the lesser privileged user, and will instead continue to run as |
| that original user. If you do start the server as root, then it is normal |
| for the parent process to remain running as root.<p> |
| |
| Special note: Use of this directive in <VirtualHost> requires a |
| properly configured <A HREF="../suexec.html">suEXEC wrapper</A>. |
| When used inside a <VirtualHost> in this manner, only the user |
| that CGIs are run as is affected. Non-CGI requests are still processed |
| with the user specified in the main User directive.<p> |
| |
| SECURITY: Don't set User (or <A HREF="#group">Group</A>) to |
| <code>root</code> unless you know exactly what you are doing, and what the |
| dangers are.<p><hr> |
| |
| <A name="virtualhost"><h2><VirtualHost> directive</h2></A> |
| <!--%plaintext <?INDEX {\tt VirtualHost} section directive> --> |
| <strong>Syntax:</strong> <VirtualHost <em>addr</em>[:<em>port</em>] ...> ... |
| </VirtualHost> <br> |
| <strong>Context:</strong> server config<br> |
| <strong>Status:</strong> Core.<br> |
| <strong>Compatibility:</strong> Non-IP address-based Virtual Hosting only |
| available in Apache 1.1 and later.<br> |
| <strong>Compatibility:</strong> Multiple address support only available in |
| Apache 1.2 and later.<p> |
| |
| <VirtualHost> and </VirtualHost> are used to enclose a group of |
| directives which will apply only to a particular virtual host. |
| Any directive which is allowed in a virtual host context may be used. |
| When the server receives a request for a document on a particular virtual |
| host, it uses the configuration directives enclosed in the <VirtualHost> |
| section. <em>Addr</em> can be |
| <menu> |
| <li>The IP address of the virtual host |
| <li>A fully qualified domain name for the IP address of the virtual host. |
| </menu> Example: |
| <blockquote> |
| <code> |
| <VirtualHost 10.1.2.3> <br> |
| ServerAdmin webmaster@host.foo.com <br> |
| DocumentRoot /www/docs/host.foo.com <br> |
| ServerName host.foo.com <br> |
| ErrorLog logs/host.foo.com-error_log <br> |
| TransferLog logs/host.foo.com-access_log <br> |
| </VirtualHost> |
| </code></blockquote> |
| |
| Each VirtualHost must correspond to a different IP address or a |
| different host name for the server, in the latter case the server |
| machine must be configured to accept IP packets for multiple |
| addresses. (If the machine does not have multiple network interfaces, |
| then this can be accomplished with the <code>ifconfig alias</code> |
| command (if your OS supports it), or with kernel patches like <A |
| HREF="../misc/vif-info.html">VIF</A> (for SunOS(TM) 4.1.x)).<p> |
| |
| The special name <code>_default_</code> can be specified in which case |
| this virtual host will match any IP address that is not explicitly listed |
| in another virtual host. In the absence of any _default_ virtual host |
| the "main" server config, consisting of all those definitions outside |
| any VirtualHost section, is used when no match occurs.<p> |
| |
| You can specify a <code>:port</code> to change the port that is matched. |
| If unspecified then it defaults to the same port as the most recent |
| <code><a href="#port">Port</a></code> statement of the main server. You |
| may also specify <code>:*</code> to match all ports on that address. |
| (This is recommended when used with <code>_default_</code>.)<p> |
| |
| <strong>SECURITY</strong>: See the |
| <A HREF="../misc/security_tips.html">security tips</A> |
| document for details on why your security could be compromised if |
| the directory where logfiles are stored is writable by anyone other |
| than the user that starts the server. |
| |
| <p><strong>See also:</strong> |
| <A HREF="../dns-caveats.html">Warnings about DNS and Apache</a><br> |
| <strong>See also:</strong> |
| <A HREF="../virtual-host.html">Information on Virtual Hosts. |
| (multihome)</A><br> |
| <strong>See also:</strong> |
| <a href="../host.html">Non-IP address-based Virtual Hosts</a><br> |
| <strong>See also:</strong> |
| <a href="../vhosts-in-depth.html">In-depth description of Virtual Host matching</a> |
| </p> |
| |
| <!--#include virtual="footer.html" --> |
| </BODY> |
| </HTML> |
| |