developer/ 40755 0 0 0 11074463123 10076 5ustar 0 0 faq/ 40755 0 0 0 11074463123 6660 5ustar 0 0 howto/ 40755 0 0 0 11074463123 7251 5ustar 0 0 images/ 40755 0 0 0 11074463123 7356 5ustar 0 0 misc/ 40755 0 0 0 11074463123 7044 5ustar 0 0 mod/ 40755 0 0 0 11074463123 6670 5ustar 0 0 platform/ 40755 0 0 0 11074463123 7735 5ustar 0 0 programs/ 40755 0 0 0 11074463123 7743 5ustar 0 0 rewrite/ 40755 0 0 0 11074463123 7572 5ustar 0 0 ssl/ 40755 0 0 0 11074463123 6712 5ustar 0 0 style/ 40755 0 0 0 11074463123 7251 5ustar 0 0 style/_generated/ 40755 0 0 0 11074463123 11346 5ustar 0 0 style/css/ 40755 0 0 0 11074463037 10045 5ustar 0 0 style/lang/ 40755 0 0 0 11074463123 10172 5ustar 0 0 style/latex/ 40755 0 0 0 11074463123 10366 5ustar 0 0 style/xsl/ 40755 0 0 0 11074463123 10057 5ustar 0 0 style/xsl/util/ 40755 0 0 0 11074463123 11034 5ustar 0 0 vhosts/ 40755 0 0 0 11074463123 7437 5ustar 0 0 bind.html100644 0 0 16666 11074463123 10047 0ustar 0 0 ּҿ Ʈ (Binding) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ּҿ Ʈ (Binding)

ֽ ƴմϴ. ֱٿ ϼ.

ġ Ư ּҿ Ʈ ϵ ϱ.

top

õ õ þ

ġ ϸ ġ ǻ  Ʈ ּҿ Ͽ, û ٸ. ⺻ ġ ǻ ּҿ ٸ. ׷ ġ Ư Ʈ ּҸ ٸ ؾ 찡 ִ. ġ  ٸ IP ּ, ȣƮ, Ʈ ϴ ȣƮ ɰ õִ.

Listen þ Ư Ʈ ּҿ Ʈ տ û ް Ѵ. Listen þ Ʈ ȣ ϸ, ̽ Ʈ ٸ. Listen þ ٸ ּҿ Ʈ ִ. ּҿ Ʈ û Ѵ.

, 80 8000 Ʈ ο ޵ Ϸ:

Listen 80
Listen 8000

̽ Ʈ ٸ Ϸ,

Listen 192.170.2.1:80
Listen 192.170.2.5:8000

IPv6 ּҴ ȣ Ѵ:

Listen [2001:db8::a00:20ff:fea7:ccea]:80

top

IPv6 Ư

IPv6 ÷ ð ְ APR ̵ ÷ κп IPv6 ϱ⶧, ġ IPv6 ҴϿ IPv6 û ó ִ.

ġ ڿ κ IPv6 IPv4 IPv6 ó ִĴ ̴. κ ÷ IPv4-(mapped) IPv6 ּҸ Ͽ IPv6 Ͽ IPv4 , FreeBSD NetBSD OpenBSD ýü å ⺻ ʴ´. ׷ ⺻ ʴ ý̶ ġ Ư Ķͷ ִ.

ġ ּ Ͽ IPv4 IPv6 ޵Ϸ IPv4- IPv6 ּҸ ؾ Ѵ. ׷ؼ ϶ ɼ --enable-v4-mapped ϰ, Ϲ Listen þ Ѵ:

Listen 80

--enable-v4-mapped Ҷ ġ ⺻ Listen þ . --enable-v4-mapped FreeBSD, NetBSD, OpenBSD ÷ ⺻̰, Ƹ ġ ̴.

÷ APR ο ġ IPv4 Ḹ ޵Ϸ, Listen þ IPv4 ּҸ Ѵ:

Listen 0.0.0.0:80
Listen 192.170.2.1:80

IPv4 IPv6 ٸ , ϶ ɼ --disable-v4-mapped ϰ Listen þ Ѵ:

Listen [::]:80
Listen 0.0.0.0:80

--disable-v4-mapped Ҷ ġ ⺻ Listen þ . --disable-v4-mapped FreeBSD, NetBSD, OpenBSD ⺻̴.

top

ȣƮ  dz

Listen ȣƮ ʴ´. ̴ ּ  ּҿ Ʈ ٸ ˷ش. <VirtualHost> þ , û Ȱ óѴ. ׷ <VirtualHost> ּҿ Ʈ ٸ ൿ ִ. ȣƮ ּҿ Ʈ ˷ Ѵ. ׸ Ư ּҿ Ʈ ȣƮ ൿ <VirtualHost> ʿϴ. ּ ٸʴ ּҿ Ʈ ϴ <VirtualHost> ϶.

configuring.html100644 0 0 23717 11074463123 11440 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ġ ϴ ϵ Ѵ.

top

ּ

õ õ þ

Ϲ Ͽ þ Ͽ ġ Ѵ. ּ httpd.conf θ. ġ Ͻ , -f ɼ ִ. ٸ Include þ Ͽ ְ, ϵī带 Ͽ ִ. þ  Ͽ ص ȴ. ּ ϸ ġ ϰų Ŀ ݿȴ.

mime Ÿ ϵ д´. ϸ TypesConfig þ ϰ, ⺻ mime.types̴.

top

ġ ٿ þ Ѵ. ڰ 齽 "\"̸ þ ٿ ӵ Ѵ. 齽 ڿ  ڳ 鵵 ȵȴ.

þ ҹڸ , þ ƱԸƮ ҹڸ ϴ 찡 ִ. ؽ "#" ϴ ּ Ѵ. ּ þ ٿ . ٰ þ տ ϹǷ, ϰ ̵ þ ٵ(indent) ִ.

apachectl configtest -t ɼ Ͽ ġ ʰ ˻ ִ.

top

õ õ þ

ġ ȭ . ̴ ſ ⺻ ɸ ٽɿ Ե Ѵ. ġ о鿩 ȮѴ. ⺻ ϸ base Եȴ. о̴ ְ Ͽٸ Ͽ ƹ LoadModule þ ߰ ִ. ׷ ߰ϰų ġ ٽ ؾ Ѵ. þ IfModule μ Ư ִ 쿡 ó ִ.

 ϵִ -l ɼ Ѵ.

top

þ

õ õ þ

ּϿ ִ þ ü ȴ. þ Ϻο ǰ Ϸ þ <Directory>, <DirectoryMatch>, <Files>, <FilesMatch>, <Location>, <LocationMatch> ȿ ξѴ. ǵ ׵ δ þ Ͻý̳ URL Ư ġ Ѵ. , ļ ֱ⶧ ſ ϴ.

ġ ٸ Ʈ ÿ ϴ ɷ ִ. ̸ ȣƮ Ѵ. þ <VirtualHost> ȿ ξ Ư Ʈ þ ִ.

þ κ  ǿ ͵ ,  þ Ư ҿ ǹ̰ . μ ϴ þ ּ ҿ ִ. þ  ǿ ġ ִ ˷ þ Ȯ϶. ڼ  Directory, Location, Files ϳ ϶.

top

.htaccess

õ õ þ

ġ Ư Ͽ (б) ִ. Ư .htaccess θ, ̸ AccessFileName þ ִ. .htaccess Ͽ ִ þ ִ 丮 丮 ȴ. .htaccess ּϰ . .htaccess û б⶧ ϸ ȿ ִ.

 þ .htaccess Ͽ ִ ˷ þ Ȯ϶. ڴ ּ AllowOverride þ .htaccess Ͽ  þ ִ ִ.

.htaccess Ͽ ڼ .htaccess 丮 ϶.

content-negotiation.html100644 0 0 62006 11074463123 13110 0ustar 0 0 (Content Negotiation) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

(Content Negotiation)

ġ HTTP/1.1 Ծ࿡ (content negotiation) Ѵ. media type, , , ڵ  ȣ ڿ ǥ Ѵ. ҿ û óϴ ɵ ִ.

⺻ ϵǴ mod_negotiation Ѵ.

top

ڿ ٸ ǥ ִ. , ٸ  ٸ media type Ȥ ΰ ٸ ǥ ִ. ǥ ϴ Ѱ ڿ ְ ϰ ϴ ̴. ׷ ڵ ϴ ͵ ϴ. ̴ û Ϻη ׵ ȣϴ ǥ ⶧ ϴ. , Ҿ, ׷ ٸ ʹٰ ˷ ִ. û ׵ ȣ Ÿ. Ҿε ǥ ûѴٸ .

Accept-Language: fr

̷ ȣ ǥ  ٸ 쿡 ȴ.

û Ҿ  , Ҿ ȣϰ, media type , Ϲ ؽƮ ٴ HTML, ٸ media type ٴ GIF JPEG ȣѴٰ ˷ش.

Accept-Language: fr; q=1.0, en; q=0.5
Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6, image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1

ġ HTTP/1.1 Ծ࿡ ǵ ' ֵ(server driven)' Ѵ. ġ Accept, Accept-Language, Accept-Charset, Accept-Encoding û Ѵ. , ġ RFC 2295 RFC 2296 ǵ 'ڿ(transparent)' û Ѵ. ׷ RFC ǵ ' (feature negotiation)' ʴ´.

ڿ(resource) (RFC 2396) URI ϴ . ġ ڿ ǥ(representations) Ѵ. ǥ media type, , ڵ Ʈ ִ. ڿ ǥ (δ ִ) ȴ. ڿ ǥ ִٸ ڿ 󰡴ϴٰ(negotiable) θ, ̶ ǥ (variant)̶ Ѵ. 󰡴 ڿ (dimension) Ѵ.

top

ġ

ڿ ϱ ʿϴ. ΰ ϳ ´:

type-map ϱ

type map type-map̶ ڵ鷯 (Ȥ ġ ȣȯ MIME type application/x-type-map) . Ϸ type-map ڵ鷯 Ȯڸ ؾ Ѵ. Ͽ ϴ .

AddHandler type-map .var

Type map شϴ ڿ ̸ ƾ ϰ, ׸ ־ Ѵ. ׸ HTTP ٷ ȴ. ׸ ٷ Ѵ. ׸ȿ . (̷ ʿ䰡 , ־ ) ׸ ִ map ϴ ̴. map . ̸ foo.var, foo ڿ Ѵ.

URI: foo

URI: foo.en.html
Content-type: text/html
Content-language: en

URI: foo.fr.de.html
Content-type: text/html;charset=iso-8859-2
Content-language: fr, de

typemap ϸ Ȯ , Multiviews Ͽ, 켱 ϶. ٸ ǰ ٸ, (JPEG, GIF, ASCII-art شϴ) media type "qs" Ķͷ ǰ(source quality) ǥ ִ:

URI: foo

URI: foo.jpeg
Content-type: image/jpeg; qs=0.8

URI: foo.gif
Content-type: image/gif; qs=0.5

URI: foo.txt
Content-type: text/plain; qs=0.01

qs 0.000 1.000 ̴. qs 0.000 õ ϶. 'qs' 1.0 ޵ȴ. qs Ŭ̾Ʈ ɷ° ٸ Ͽ 'ǰ' Ÿ. , Ÿ JPEG ASCII Ϻٴ ׻ ǰ . ׷ ڿ ASCII artٸ ASCII ǥ JPEG ǥ ǰ ִ. ׷Ƿ  qs ǥϷ ڿ ٸ.

ϴ mod_negotation typemap ϶.

Multiviews

MultiViews 丮 ɼ̹Ƿ, httpd.conf <Directory>, <Location>, <Files> Ȥ (AllowOverride Ǿٸ) .htaccess Options þ ִ. Options All MultiViews ϶. Ѵ.

MultiViews ϸ Ͼ: /some/dir/foo û ް /some/dir/foo MultiViews ϸ /some/dir/foo , 丮 ̸ foo.* ϵ ϴ type map . Ŭ̾Ʈ û media type content-encoding ߿ Ѵ.

MultiViews 丮 Ҷ ã DirectoryIndex þ ȴ. ٸ,

DirectoryIndex index

index.html index.html3 ִٸ ̵ ߿ ϳ Ѵ. index.cgi ִٸ, װ Ѵ.

丮 ϳ Charset, Content-Type, Language, Encoding Ǵϴ mod_mime 𸣴 Ȯڸ ٸ, MultiViewsMatch þ ޷Ǵ. þ ڵ鷯, , ٸ Ȯ MultiViews θ Ѵ.

top

ġ type-map ̳ 丮 ִ ϸ ־ ڿ ԵǸ '' ϱ ϳ Ѵ. ġ ϱ Ȯ  Ͼ ڼ ʿ . ׷ ñ Ѵ.

ΰ ִ:

  1. ġ ˰ Ͽ ֵϴ Ϲ 쿡 Ѵ. ġ ˰ Ʒ ڼ Ѵ. ˰ ϸ ġ Ư ǰ(quality factor) 'Ѵ'. ġ ǰ ϴ Ʒ ڼ Ѵ.
  2. ڿ(Transparent) RFC 2295 ǵ û 쿡 Ѵ. '' οѴ. ׷ ˰ ޷ȴ. ڿ ߿ ġ RFC 2296 ǵ ' ˰(remote variant selection algorithm)' û ִ.

Media Type Accept ȣ Ÿ. ׸ ǰ ִ. ǰ ("qs" Ķ) ִ.
Language Accept-Language ȣ Ÿ. ׸ ǰ ִ.  (Ȥ ƹ  ) ִ.
Encoding Accept-Encoding ȣ Ÿ. ׸ ǰ ִ.
Charset Accept-Charset ȣ Ÿ. ׸ ǰ ִ. media type Ķͷ Ÿ ִ.

ġ ˰

ġ '' (ִٸ) ϱ Ʒ ˰ Ѵ. ˰ . Ѵ:

  1. , شϴ Accept* ˻ϰ, ǰ ű.  Accept* ޾Ƶ ʴ ĺ Ѵ.  4 ܰ .
  2. ĺ ϳ Ͽ '' ã´. ˻ Ͼ. ˻翡 õ ܵȴ. ˻ ̸ ϰ 3 ܰ . ˻縦 Ѵ.
    1. Accept ǰ media type ǰ Ͽ Ѵ.
    2. (language) ǰ Ѵ.
    3. Accept-Language (ִٸ) Ȥ LanguagePriority þ (ִٸ)  Ѵ.
    4. (text/html media type Ÿ) 'level' media Ķ͸ Ѵ.
    5. Accept-Charset charset media Ķ͸ ã´. ٸ ISO-8859-1 ȣѴ. text/* media type Ư հ ISO-8859-1 Ѵ.
    6. ISO-8859-1 ƴ charset media Ķ͸ Ѵ. ׷ ٸ, Ѵ.
    7. ڵ Ѵ. user-agent ڵ ִٸ Ѵ. ׷ʰ ڵ ڵȵ ִٸ ڵȵ Ѵ. ڵǾų ڵȵ Ѵ.
    8. content length Ѵ.
    9. ù Ѵ. ̴ type-map տ ԰ų, 丮 ϸ ASCII ڵ Ͽ տ ̴.
  3. ˰ '' ߴ. ̰ . HTTP Vary Ÿ ȴ. ( ij ڿ ijҶ ִ.) .
  4. ܰ迡 ߴٸ ( ϱ )  ȵ . ("No acceptable representation" ϴ) 406 밡 HTML . , HTML Vary Ÿ.
top

ǰ ϱ

ġ ġ ˰ Űʰ ǰ Ѵ. ϰ Ȯ ʴ (˰) ؼ. θ ̴ Ϻδ ߸ ϵ Accept . ϰ ùٸ ٸ, ʴ´.

Media Type ϵī

Accept: û media type ȣ Ÿ. , *  ڿ̶ ϱ⶧ "image/*" "*/*" 'ϵī' media type ִ. ׷ û:

Accept: image/*, */*

"image/" ϴ  type ٸ  type ǹѴ.  ڽ ٷ ִ type ߰ ϵī带 . :

Accept: text/html, text/plain, image/gif, image/jpeg, */*

type ȣ ٸ ǥ ִٸ װ͵ Ÿ ؼ. ǰ ̴.

Accept: text/html, text/plain, image/gif, image/jpeg, */*; q=0.01

type ǰ  ⺻ ( ) 1.0 . ϵī */* ȣ 0.01 Ƿ type ´ 쿡 ٸ type ȴ.

Accept: q "*/*" ִٸ, ġ ٶ ൿ q 0.01 Ѵ. , "type/*" ϵī忡 ("*/*"ٴ ȣϵ) 0.02 Ѵ. Accept: q media type ִٸ ̷ Ư ߰ ʴ´. ׷ û ûѵ óѴ.

(language)

ġ 2.0 ε巴 ϱ ˰ ܸ  ߰ߴ.

Ŭ̾Ʈ û Accept-language ´ Ѱ ã , ׷ Ŭ̾Ʈ "No Acceptable Variant" "Multiple Choices" . ̷ ϱ Accept-language ϰ Ŭ̾Ʈ û Ȯ ġ ִ. ForceLanguagePriority þ ̷ ϳ Ȥ Ѵٸ ϰ LanguagePriority þ Ǵϵ Ѵ.

, ´  ã θ ã ִ. Ŭ̾Ʈ  ϴ en-GB û , HTTP/1.1 ǥؿ enθ ǥõ Ϲ Ѵ. (׷  ϴ ڰ Ϲ  Ƿ Accept-Language en-GB ϰ en Ȯ ߸ ϶. Ŭ̾Ʈ ̷ ⺻ִ.) ٸ  ã Ͽ "No Acceptable Variants" ų LanguagePriority ư Ѵٸ, Ծ ϰ en-GB en Ѵ. Ϲ ġ θ ſ ǰ Ŭ̾Ʈ Ͽ ߰Ѵ. ׷ Ŭ̾Ʈ "en-GB; q=0.9, fr; q=0.8" ûϰ "en" "fr" ִٸ, "fr" õ ϶. ̴ HTTP/1.1 ǥ Ű, ùٷ Ŭ̾Ʈ ȿ ϱ̴.

ڰ ȣϴ  ˾Ƴ (Ű Ư URL- ) ϱ ġ 2.0.47 mod_negotiation prefer-language ȯ溯 νѴ. ȯ溯 ϰ ±׸ Ѵٸ, mod_negotiation شϴ Ϸ õѴ. ׷ ٸ Ϲ Ѵ.

SetEnvIf Cookie "language=en" prefer-language=en
SetEnvIf Cookie "language=fr" prefer-language=fr

top

ڿ(transparent) Ȯ

ġ ڿ Ȯ (RFC 2295) ȮѴ. ο {encoding ..} Ư content-encoding ĪѴ. RVSA/1.0 ˰ (RFC 2296) Ͽ ڵ ν ְ, ڵ Accept-Encoding û ´ ڵ 鵵 ĺ ϵ ȮǾ. RVSA/1.0 ã ǰ Ҽ 5ڸ ݿø ʴ´.

top

۸ũ ̸Ģ Ͽ

(language) Ѵٸ Ȯڸ Ȯ Ƿ ϸ ٸ ̸Ģ ִ. (ڼ mod_mime ϶.)

MIME-type Ȯ ( , html), 쿡 encoding Ȯ ( , gz), Ͽ ִ Ȯڸ ( , en) .

:

ϸ Ͽ ȿϰ ȿ ۸ũ δ:

ϸ ȿ ۸ũ ȿ ۸ũ
foo.html.en foo
foo.html		 -
foo.en.html foo foo.html
foo.html.en.gz foo
foo.html		 foo.gz
foo.html.gz
foo.en.html.gz foo foo.html
foo.html.gz
foo.gz
foo.gz.html.en foo
foo.gz
foo.gz.html		 foo.html
foo.html.gz.en foo
foo.html
foo.html.gz		 foo.gz

ǥ ۸ũ  Ȯڵ ̸ ( , foo) ׻ ִ. ־, ̷ũ Ͼʰ html shtml̳ cgi ִٴ ̴.

۸ũ MIME-type ( , foo.html) ϰ ʹٸ (encoding Ȯڰ ִٸ ̰͵ Ͽ) Ȯڸ MIME-type Ȯں ʿ ( , foo.html.en) ξѴ.

top

ij Ͽ

ij ǥ ϸ ǥ û URL Ų. URL ûϸ ij ǥ Ѵ. ׷ ڿ ù° û ijǾ û ij ߸ ִ. ̸ ġ ȯǴ û HTTP/1.0 Ŭ̾Ʈ ij ϵ ǥø Ѵ. , ġ ij ϴ HTTP/1.1 Ѵ.

CacheNegotiatedDocs þ HTTP/1.0 ȣȯ Ŭ̾Ʈ( Ȥ ij) û ij ְ Ѵ. þ ȣƮ ϸ, ƱԸƮ ʴ´. þ HTTP/1.1 Ŭ̾Ʈ û 谡 .

top

ٸ

ٸ Alan J. Flavell Language Negotiation Notes ϶. ׷ ġ 2.0 ȭ ݿ ִ.

custom-error.html100644 0 0 17341 11074463123 11563 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ʹ ߻ ġ ִ.

߰ ִ.

ũƮ "500 Server Error" ڿ ģ ϰų ٸ ( Ʈ ܺ Ʈ) URL ̷ ִ.

top

ൿ

ൿ

NCSA httpd 1.3 ڿ ǹϰ ´. ߻ α׿ .

ο ൿ

ִ:

  1. NCSA ٸ ְų
  2. Ʈ URL ̷ϰų
  3. ܺ Ʈ URL ̷Ѵ.

ٸ Ʈ URL ̷ϴ , ϰų αϴµ ʿ Ϻθ ޵ȴ.

ϱ ġ CGI ο ȯ溯 Ѵ:

REDIRECT_HTTP_ACCEPT=*/*, image/gif, image/x-xbitmap, image/jpeg
REDIRECT_HTTP_USER_AGENT=Mozilla/1.1b2 (X11; I; HP-UX A.09.05 9000/712)
REDIRECT_PATH=.:/bin:/usr/local/bin:/etc
REDIRECT_QUERY_STRING=
REDIRECT_REMOTE_ADDR=121.345.78.123
REDIRECT_REMOTE_HOST=ooh.ahhh.com
REDIRECT_SERVER_NAME=crash.bang.edu
REDIRECT_SERVER_PORT=80
REDIRECT_SERVER_SOFTWARE=Apache/0.8.15
REDIRECT_URL=/cgi-bin/buggy.pl

REDIRECT_ λ翡 ָ϶.

ּ REDIRECT_URL REDIRECT_QUERY_STRING (cgi-script cgi-include) URL Ѱ. ٸ ߻ϱ (; ̸ REDIRECT_ ȯ溯) 쿡 ִ. ErrorDocument ܺη ( http: Ŵ(scheme) Ѵٸ) ̷Ѵٸ  ͵ ʴ´.

top

AllowOverride Ǿٸ .htaccess Ͽ ErrorDocument ִ.

̴...

ErrorDocument 500 /cgi-bin/crash-recover
ErrorDocument 500 "Sorry, our script crashed. Oh dear"
ErrorDocument 500 http://xxx/
ErrorDocument 404 /Lame_excuses/not_found.html
ErrorDocument 401 /Subscription/how_to_subscribe.html

,

ErrorDocument <3-digit-code> <action>

action,

  1. . ǥ (") տ δ. ڿ ǥ µȴ. : տ ǥ (") µ ʴ´.
  2. ̷ ܺ URL.
  3. ̷ URL.
top

̷

URL ̷ϴ ġ ൿ ũƮ/server-include ȯ溯 Ѱֵ Ǿ.

ൿ

̷ǵǴ ũƮ ǥ CGI Ѿ. 𿡼 ̷ Ͼ .

ο ൿ

̷ǵ ũƮ ο ȯ溯 ִ. տ REDIRECT_ پִ. REDIRECT_ ȯ溯 CGI ȯ溯 տ REDIRECT_ ٿ . , HTTP_USER_AGENT REDIRECT_HTTP_USER_AGENT Ǿ. ̷ ߰ ũƮ URL ˵ ġ REDIRECT_URL REDIRECT_STATUS Ѵ. URL ̷ǵ URL α׿ ִ.

ErrorDocument ִ CGI ũƮ ̷Ѵٸ, ũƮ Ŭ̾Ʈ Ȳ Ȯ ϱ ¿ "Status:" ʵ带 ؾ Ѵ. , Perl ۼ ErrorDocument ũƮ :

...
print "Content-type: text/html\n";
printf "Status: %s Condition Intercepted\n", $ENV{"REDIRECT_STATUS"};
...

404 Not Found Ư Ȳ ũƮ, (; ) Ư ڵ ִ.

(Ŭ̾Ʈ ̷ ûϱ) 信 Location: Ѵٸ, ũƮ ݵ (302 Found ) Status: ؾ ϶. ׷ Location: ƹ ҿ ִ.

developer/API.html100644 0 0 172267 11074463123 11551 0ustar 0 0 Apache 1.3 API notes - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Apache 1.3 API notes

Warning

This document has not been updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

These are some notes on the Apache API and the data structures you have to deal with, etc. They are not yet nearly complete, but hopefully, they will help you get your bearings. Keep in mind that the API is still subject to change as we gain experience with it. (See the TODO file for what might be coming). However, it will be easy to adapt modules to any changes that are made. (We have more modules to adapt than you do).

A few notes on general pedagogical style here. In the interest of conciseness, all structure declarations here are incomplete -- the real ones have more slots that I'm not telling you about. For the most part, these are reserved to one component of the server core or another, and should be altered by modules with caution. However, in some cases, they really are things I just haven't gotten around to yet. Welcome to the bleeding edge.

Finally, here's an outline, to give you some bare idea of what's coming up, and in what order:

top

Basic concepts

We begin with an overview of the basic concepts behind the API, and how they are manifested in the code.

Handlers, Modules, and Requests

Apache breaks down request handling into a series of steps, more or less the same way the Netscape server API does (although this API has a few more stages than NetSite does, as hooks for stuff I thought might be useful in the future). These are:

These phases are handled by looking at each of a succession of modules, looking to see if each of them has a handler for the phase, and attempting invoking it if so. The handler can typically do one of three things:

Most phases are terminated by the first module that handles them; however, for logging, `fixups', and non-access authentication checking, all handlers always run (barring an error). Also, the response phase is unique in that modules may declare multiple handlers for it, via a dispatch table keyed on the MIME type of the requested object. Modules may declare a response-phase handler which can handle any request, by giving it the key */* (i.e., a wildcard MIME type specification). However, wildcard handlers are only invoked if the server has already tried and failed to find a more specific response handler for the MIME type of the requested object (either none existed, or they all declined).

The handlers themselves are functions of one argument (a request_rec structure. vide infra), which returns an integer, as above.

A brief tour of a module

At this point, we need to explain the structure of a module. Our candidate will be one of the messier ones, the CGI module -- this handles both CGI scripts and the ScriptAlias config file command. It's actually a great deal more complicated than most modules, but if we're going to have only one example, it might as well be the one with its fingers in every place.

Let's begin with handlers. In order to handle the CGI scripts, the module declares a response handler for them. Because of ScriptAlias, it also has handlers for the name translation phase (to recognize ScriptAliased URIs), the type-checking phase (any ScriptAliased request is typed as a CGI script).

The module needs to maintain some per (virtual) server information, namely, the ScriptAliases in effect; the module structure therefore contains pointers to a functions which builds these structures, and to another which combines two of them (in case the main server and a virtual server both have ScriptAliases declared).

Finally, this module contains code to handle the ScriptAlias command itself. This particular module only declares one command, but there could be more, so modules have command tables which declare their commands, and describe where they are permitted, and how they are to be invoked.

A final note on the declared types of the arguments of some of these commands: a pool is a pointer to a resource pool structure; these are used by the server to keep track of the memory which has been allocated, files opened, etc., either to service a particular request, or to handle the process of configuring itself. That way, when the request is over (or, for the configuration pool, when the server is restarting), the memory can be freed, and the files closed, en masse, without anyone having to write explicit code to track them all down and dispose of them. Also, a cmd_parms structure contains various information about the config file being read, and other status information, which is sometimes of use to the function which processes a config-file command (such as ScriptAlias). With no further ado, the module itself:

/* Declarations of handlers. */

int translate_scriptalias (request_rec *);
int type_scriptalias (request_rec *);
int cgi_handler (request_rec *);

/* Subsidiary dispatch table for response-phase
 * handlers, by MIME type */

handler_rec cgi_handlers[] = {
{ "application/x-httpd-cgi", cgi_handler },
{ NULL }
 };

/* Declarations of routines to manipulate the
 * module's configuration info. Note that these are
 * returned, and passed in, as void *'s; the server
 * core keeps track of them, but it doesn't, and can't,
 * know their internal structure.
 */

void *make_cgi_server_config (pool *);
void *merge_cgi_server_config (pool *, void *, void *);

/* Declarations of routines to handle config-file commands */

extern char *script_alias(cmd_parms *, void *per_dir_config, char *fake, char *real);

command_rec cgi_cmds[] = {
{ "ScriptAlias", script_alias, NULL, RSRC_CONF, TAKE2,
"a fakename and a realname"},
 { NULL }
 };

module cgi_module = { 

  STANDARD_MODULE_STUFF,
  NULL,                     /* initializer */
  NULL,                     /* dir config creator */
  NULL,                     /* dir merger */
  make_cgi_server_config,   /* server config */
  merge_cgi_server_config,  /* merge server config */
  cgi_cmds,                 /* command table */
  cgi_handlers,             /* handlers */
  translate_scriptalias,    /* filename translation */
  NULL,                     /* check_user_id */
  NULL,                     /* check auth */
  NULL,                     /* check access */
  type_scriptalias,         /* type_checker */
  NULL,                     /* fixups */
  NULL,                     /* logger */
  NULL                      /* header parser */
};
top

How handlers work

The sole argument to handlers is a request_rec structure. This structure describes a particular request which has been made to the server, on behalf of a client. In most cases, each connection to the client generates only one request_rec structure.

A brief tour of the request_rec

The request_rec contains pointers to a resource pool which will be cleared when the server is finished handling the request; to structures containing per-server and per-connection information, and most importantly, information on the request itself.

The most important such information is a small set of character strings describing attributes of the object being requested, including its URI, filename, content-type and content-encoding (these being filled in by the translation and type-check handlers which handle the request, respectively).

Other commonly used data items are tables giving the MIME headers on the client's original request, MIME headers to be sent back with the response (which modules can add to at will), and environment variables for any subprocesses which are spawned off in the course of servicing the request. These tables are manipulated using the ap_table_get and ap_table_set routines.

Note that the Content-type header value cannot be set by module content-handlers using the ap_table_*() routines. Rather, it is set by pointing the content_type field in the request_rec structure to an appropriate string. e.g.,

r->content_type = "text/html";

Finally, there are pointers to two data structures which, in turn, point to per-module configuration structures. Specifically, these hold pointers to the data structures which the module has built to describe the way it has been configured to operate in a given directory (via .htaccess files or <Directory> sections), for private data it has built in the course of servicing the request (so modules' handlers for one phase can pass `notes' to their handlers for other phases). There is another such configuration vector in the server_rec data structure pointed to by the request_rec, which contains per (virtual) server configuration data.

Here is an abridged declaration, giving the fields most commonly used:

struct request_rec {

pool *pool;
conn_rec *connection;
server_rec *server;

/* What object is being requested */

char *uri;
char *filename;
char *path_info; 

char *args;           /* QUERY_ARGS, if any */
struct stat finfo;    /* Set by server core;
                       * st_mode set to zero if no such file */

char *content_type;
char *content_encoding;

/* MIME header environments, in and out. Also,
 * an array containing environment variables to
 * be passed to subprocesses, so people can write
 * modules to add to that environment.
 *
 * The difference between headers_out and
 * err_headers_out is that the latter are printed
 * even on error, and persist across internal
 * redirects (so the headers printed for
 * ErrorDocument handlers will have them).
 */

table *headers_in;
table *headers_out;
table *err_headers_out;
table *subprocess_env;

/* Info about the request itself... */

int header_only;     /* HEAD request, as opposed to GET */
char *protocol;      /* Protocol, as given to us, or HTTP/0.9 */
char *method;        /* GET, HEAD, POST, etc. */
int method_number;   /* M_GET, M_POST, etc. */

/* Info for logging */

char *the_request;
int bytes_sent;

/* A flag which modules can set, to indicate that
 * the data being returned is volatile, and clients
 * should be told not to cache it.
 */

int no_cache;

/* Various other config info which may change
 * with .htaccess files
 * These are config vectors, with one void*
 * pointer for each module (the thing pointed
 * to being the module's business).
 */

void *per_dir_config;   /* Options set in config files, etc. */
void *request_config;   /* Notes on *this* request */

};

Where request_rec structures come from

Most request_rec structures are built by reading an HTTP request from a client, and filling in the fields. However, there are a few exceptions:

Handling requests, declining, and returning error codes

As discussed above, each handler, when invoked to handle a particular request_rec, has to return an int to indicate what happened. That can either be

Note that if the error code returned is REDIRECT, then the module should put a Location in the request's headers_out, to indicate where the client should be redirected to.

Special considerations for response handlers

Handlers for most phases do their work by simply setting a few fields in the request_rec structure (or, in the case of access checkers, simply by returning the correct error code). However, response handlers have to actually send a request back to the client.

They should begin by sending an HTTP response header, using the function ap_send_http_header. (You don't have to do anything special to skip sending the header for HTTP/0.9 requests; the function figures out on its own that it shouldn't do anything). If the request is marked header_only, that's all they should do; they should return after that, without attempting any further output.

Otherwise, they should produce a request body which responds to the client as appropriate. The primitives for this are ap_rputc and ap_rprintf, for internally generated output, and ap_send_fd, to copy the contents of some FILE * straight to the client.

At this point, you should more or less understand the following piece of code, which is the handler which handles GET requests which have no more specific handler; it also shows how conditional GETs can be handled, if it's desirable to do so in a particular response handler -- ap_set_last_modified checks against the If-modified-since value supplied by the client, if any, and returns an appropriate code (which will, if nonzero, be USE_LOCAL_COPY). No similar considerations apply for ap_set_content_length, but it returns an error code for symmetry.

int default_handler (request_rec *r)
{
int errstatus;
FILE *f;

if (r->method_number != M_GET) return DECLINED;
if (r->finfo.st_mode == 0) return NOT_FOUND;

if ((errstatus = ap_set_content_length (r, r->finfo.st_size))
    || (errstatus = ap_set_last_modified (r, r->finfo.st_mtime)))
return errstatus;

f = fopen (r->filename, "r");

if (f == NULL) {
log_reason("file permissions deny server access", r->filename, r);
return FORBIDDEN;
 }

register_timeout ("send", r);
ap_send_http_header (r);

if (!r->header_only) send_fd (f, r);
ap_pfclose (r->pool, f);
return OK;
 }

Finally, if all of this is too much of a challenge, there are a few ways out of it. First off, as shown above, a response handler which has not yet produced any output can simply return an error code, in which case the server will automatically produce an error response. Secondly, it can punt to some other handler by invoking ap_internal_redirect, which is how the internal redirection machinery discussed above is invoked. A response handler which has internally redirected should always return OK.

(Invoking ap_internal_redirect from handlers which are not response handlers will lead to serious confusion).

Special considerations for authentication handlers

Stuff that should be discussed here in detail:

Special considerations for logging handlers

When a request has internally redirected, there is the question of what to log. Apache handles this by bundling the entire chain of redirects into a list of request_rec structures which are threaded through the r->prev and r->next pointers. The request_rec which is passed to the logging handlers in such cases is the one which was originally built for the initial request from the client; note that the bytes_sent field will only be correct in the last request in the chain (the one for which a response was actually sent).

top

Resource allocation and resource pools

One of the problems of writing and designing a server-pool server is that of preventing leakage, that is, allocating resources (memory, open files, etc.), without subsequently releasing them. The resource pool machinery is designed to make it easy to prevent this from happening, by allowing resource to be allocated in such a way that they are automatically released when the server is done with them.

The way this works is as follows: the memory which is allocated, file opened, etc., to deal with a particular request are tied to a resource pool which is allocated for the request. The pool is a data structure which itself tracks the resources in question.

When the request has been processed, the pool is cleared. At that point, all the memory associated with it is released for reuse, all files associated with it are closed, and any other clean-up functions which are associated with the pool are run. When this is over, we can be confident that all the resource tied to the pool have been released, and that none of them have leaked.

Server restarts, and allocation of memory and resources for per-server configuration, are handled in a similar way. There is a configuration pool, which keeps track of resources which were allocated while reading the server configuration files, and handling the commands therein (for instance, the memory that was allocated for per-server module configuration, log files and other files that were opened, and so forth). When the server restarts, and has to reread the configuration files, the configuration pool is cleared, and so the memory and file descriptors which were taken up by reading them the last time are made available for reuse.

It should be noted that use of the pool machinery isn't generally obligatory, except for situations like logging handlers, where you really need to register cleanups to make sure that the log file gets closed when the server restarts (this is most easily done by using the function ap_pfopen, which also arranges for the underlying file descriptor to be closed before any child processes, such as for CGI scripts, are execed), or in case you are using the timeout machinery (which isn't yet even documented here). However, there are two benefits to using it: resources allocated to a pool never leak (even if you allocate a scratch string, and just forget about it); also, for memory allocation, ap_palloc is generally faster than malloc.

We begin here by describing how memory is allocated to pools, and then discuss how other resources are tracked by the resource pool machinery.

Allocation of memory in pools

Memory is allocated to pools by calling the function ap_palloc, which takes two arguments, one being a pointer to a resource pool structure, and the other being the amount of memory to allocate (in chars). Within handlers for handling requests, the most common way of getting a resource pool structure is by looking at the pool slot of the relevant request_rec; hence the repeated appearance of the following idiom in module code:

int my_handler(request_rec *r)
{
struct my_structure *foo;
...

foo = (foo *)ap_palloc (r->pool, sizeof(my_structure));
 }

Note that there is no ap_pfree -- ap_palloced memory is freed only when the associated resource pool is cleared. This means that ap_palloc does not have to do as much accounting as malloc(); all it does in the typical case is to round up the size, bump a pointer, and do a range check.

(It also raises the possibility that heavy use of ap_palloc could cause a server process to grow excessively large. There are two ways to deal with this, which are dealt with below; briefly, you can use malloc, and try to be sure that all of the memory gets explicitly freed, or you can allocate a sub-pool of the main pool, allocate your memory in the sub-pool, and clear it out periodically. The latter technique is discussed in the section on sub-pools below, and is used in the directory-indexing code, in order to avoid excessive storage allocation when listing directories with thousands of files).

Allocating initialized memory

There are functions which allocate initialized memory, and are frequently useful. The function ap_pcalloc has the same interface as ap_palloc, but clears out the memory it allocates before it returns it. The function ap_pstrdup takes a resource pool and a char * as arguments, and allocates memory for a copy of the string the pointer points to, returning a pointer to the copy. Finally ap_pstrcat is a varargs-style function, which takes a pointer to a resource pool, and at least two char * arguments, the last of which must be NULL. It allocates enough memory to fit copies of each of the strings, as a unit; for instance:

ap_pstrcat (r->pool, "foo", "/", "bar", NULL);

returns a pointer to 8 bytes worth of memory, initialized to "foo/bar".

Commonly-used pools in the Apache Web server

A pool is really defined by its lifetime more than anything else. There are some static pools in http_main which are passed to various non-http_main functions as arguments at opportune times. Here they are:

permanent_pool
never passed to anything else, this is the ancestor of all pools
pconf
  • subpool of permanent_pool
  • created at the beginning of a config "cycle"; exists until the server is terminated or restarts; passed to all config-time routines, either via cmd->pool, or as the "pool *p" argument on those which don't take pools
  • passed to the module init() functions
ptemp
  • sorry I lie, this pool isn't called this currently in 1.3, I renamed it this in my pthreads development. I'm referring to the use of ptrans in the parent... contrast this with the later definition of ptrans in the child.
  • subpool of permanent_pool
  • created at the beginning of a config "cycle"; exists until the end of config parsing; passed to config-time routines via cmd->temp_pool. Somewhat of a "bastard child" because it isn't available everywhere. Used for temporary scratch space which may be needed by some config routines but which is deleted at the end of config.
pchild
  • subpool of permanent_pool
  • created when a child is spawned (or a thread is created); lives until that child (thread) is destroyed
  • passed to the module child_init functions
  • destruction happens right after the child_exit functions are called... (which may explain why I think child_exit is redundant and unneeded)
ptrans
  • should be a subpool of pchild, but currently is a subpool of permanent_pool, see above
  • cleared by the child before going into the accept() loop to receive a connection
  • used as connection->pool
r->pool
  • for the main request this is a subpool of connection->pool; for subrequests it is a subpool of the parent request's pool.
  • exists until the end of the request (i.e., ap_destroy_sub_req, or in child_main after process_request has finished)
  • note that r itself is allocated from r->pool; i.e., r->pool is first created and then r is the first thing palloc()d from it

For almost everything folks do, r->pool is the pool to use. But you can see how other lifetimes, such as pchild, are useful to some modules... such as modules that need to open a database connection once per child, and wish to clean it up when the child dies.

You can also see how some bugs have manifested themself, such as setting connection->user to a value from r->pool -- in this case connection exists for the lifetime of ptrans, which is longer than r->pool (especially if r->pool is a subrequest!). So the correct thing to do is to allocate from connection->pool.

And there was another interesting bug in mod_include / mod_cgi. You'll see in those that they do this test to decide if they should use r->pool or r->main->pool. In this case the resource that they are registering for cleanup is a child process. If it were registered in r->pool, then the code would wait() for the child when the subrequest finishes. With mod_include this could be any old #include, and the delay can be up to 3 seconds... and happened quite frequently. Instead the subprocess is registered in r->main->pool which causes it to be cleaned up when the entire request is done -- i.e., after the output has been sent to the client and logging has happened.

Tracking open files, etc.

As indicated above, resource pools are also used to track other sorts of resources besides memory. The most common are open files. The routine which is typically used for this is ap_pfopen, which takes a resource pool and two strings as arguments; the strings are the same as the typical arguments to fopen, e.g.,

...
FILE *f = ap_pfopen (r->pool, r->filename, "r");

if (f == NULL) { ... } else { ... }

There is also a ap_popenf routine, which parallels the lower-level open system call. Both of these routines arrange for the file to be closed when the resource pool in question is cleared.

Unlike the case for memory, there are functions to close files allocated with ap_pfopen, and ap_popenf, namely ap_pfclose and ap_pclosef. (This is because, on many systems, the number of files which a single process can have open is quite limited). It is important to use these functions to close files allocated with ap_pfopen and ap_popenf, since to do otherwise could cause fatal errors on systems such as Linux, which react badly if the same FILE* is closed more than once.

(Using the close functions is not mandatory, since the file will eventually be closed regardless, but you should consider it in cases where your module is opening, or could open, a lot of files).

Other sorts of resources -- cleanup functions

More text goes here. Describe the cleanup primitives in terms of which the file stuff is implemented; also, spawn_process.

Pool cleanups live until clear_pool() is called: clear_pool(a) recursively calls destroy_pool() on all subpools of a; then calls all the cleanups for a; then releases all the memory for a. destroy_pool(a) calls clear_pool(a) and then releases the pool structure itself. i.e., clear_pool(a) doesn't delete a, it just frees up all the resources and you can start using it again immediately.

Fine control -- creating and dealing with sub-pools, with a note on sub-requests

On rare occasions, too-free use of ap_palloc() and the associated primitives may result in undesirably profligate resource allocation. You can deal with such a case by creating a sub-pool, allocating within the sub-pool rather than the main pool, and clearing or destroying the sub-pool, which releases the resources which were associated with it. (This really is a rare situation; the only case in which it comes up in the standard module set is in case of listing directories, and then only with very large directories. Unnecessary use of the primitives discussed here can hair up your code quite a bit, with very little gain).

The primitive for creating a sub-pool is ap_make_sub_pool, which takes another pool (the parent pool) as an argument. When the main pool is cleared, the sub-pool will be destroyed. The sub-pool may also be cleared or destroyed at any time, by calling the functions ap_clear_pool and ap_destroy_pool, respectively. (The difference is that ap_clear_pool frees resources associated with the pool, while ap_destroy_pool also deallocates the pool itself. In the former case, you can allocate new resources within the pool, and clear it again, and so forth; in the latter case, it is simply gone).

One final note -- sub-requests have their own resource pools, which are sub-pools of the resource pool for the main request. The polite way to reclaim the resources associated with a sub request which you have allocated (using the ap_sub_req_... functions) is ap_destroy_sub_req, which frees the resource pool. Before calling this function, be sure to copy anything that you care about which might be allocated in the sub-request's resource pool into someplace a little less volatile (for instance, the filename in its request_rec structure).

(Again, under most circumstances, you shouldn't feel obliged to call this function; only 2K of memory or so are allocated for a typical sub request, and it will be freed anyway when the main request pool is cleared. It is only when you are allocating many, many sub-requests for a single main request that you should seriously consider the ap_destroy_... functions).

top

Configuration, commands and the like

One of the design goals for this server was to maintain external compatibility with the NCSA 1.3 server --- that is, to read the same configuration files, to process all the directives therein correctly, and in general to be a drop-in replacement for NCSA. On the other hand, another design goal was to move as much of the server's functionality into modules which have as little as possible to do with the monolithic server core. The only way to reconcile these goals is to move the handling of most commands from the central server into the modules.

However, just giving the modules command tables is not enough to divorce them completely from the server core. The server has to remember the commands in order to act on them later. That involves maintaining data which is private to the modules, and which can be either per-server, or per-directory. Most things are per-directory, including in particular access control and authorization information, but also information on how to determine file types from suffixes, which can be modified by AddType and DefaultType directives, and so forth. In general, the governing philosophy is that anything which can be made configurable by directory should be; per-server information is generally used in the standard set of modules for information like Aliases and Redirects which come into play before the request is tied to a particular place in the underlying file system.

Another requirement for emulating the NCSA server is being able to handle the per-directory configuration files, generally called .htaccess files, though even in the NCSA server they can contain directives which have nothing at all to do with access control. Accordingly, after URI -> filename translation, but before performing any other phase, the server walks down the directory hierarchy of the underlying filesystem, following the translated pathname, to read any .htaccess files which might be present. The information which is read in then has to be merged with the applicable information from the server's own config files (either from the <Directory> sections in access.conf, or from defaults in srm.conf, which actually behaves for most purposes almost exactly like <Directory />).

Finally, after having served a request which involved reading .htaccess files, we need to discard the storage allocated for handling them. That is solved the same way it is solved wherever else similar problems come up, by tying those structures to the per-transaction resource pool.

Per-directory configuration structures

Let's look out how all of this plays out in mod_mime.c, which defines the file typing handler which emulates the NCSA server's behavior of determining file types from suffixes. What we'll be looking at, here, is the code which implements the AddType and AddEncoding commands. These commands can appear in .htaccess files, so they must be handled in the module's private per-directory data, which in fact, consists of two separate tables for MIME types and encoding information, and is declared as follows:

typedef struct {
    table *forced_types;      /* Additional AddTyped stuff */
    table *encoding_types;    /* Added with AddEncoding... */
} mime_dir_config;

When the server is reading a configuration file, or <Directory> section, which includes one of the MIME module's commands, it needs to create a mime_dir_config structure, so those commands have something to act on. It does this by invoking the function it finds in the module's `create per-dir config slot', with two arguments: the name of the directory to which this configuration information applies (or NULL for srm.conf), and a pointer to a resource pool in which the allocation should happen.

(If we are reading a .htaccess file, that resource pool is the per-request resource pool for the request; otherwise it is a resource pool which is used for configuration data, and cleared on restarts. Either way, it is important for the structure being created to vanish when the pool is cleared, by registering a cleanup on the pool if necessary).

For the MIME module, the per-dir config creation function just ap_pallocs the structure above, and a creates a couple of tables to fill it. That looks like this:

void *create_mime_dir_config (pool *p, char *dummy)
{
mime_dir_config *new =
(mime_dir_config *) ap_palloc (p, sizeof(mime_dir_config));
new->forced_types = ap_make_table (p, 4);
new->encoding_types = ap_make_table (p, 4);

return new;
 }

Now, suppose we've just read in a .htaccess file. We already have the per-directory configuration structure for the next directory up in the hierarchy. If the .htaccess file we just read in didn't have any AddType or AddEncoding commands, its per-directory config structure for the MIME module is still valid, and we can just use it. Otherwise, we need to merge the two structures somehow.

To do that, the server invokes the module's per-directory config merge function, if one is present. That function takes three arguments: the two structures being merged, and a resource pool in which to allocate the result. For the MIME module, all that needs to be done is overlay the tables from the new per-directory config structure with those from the parent:

void *merge_mime_dir_configs (pool *p, void *parent_dirv, void *subdirv)
{
mime_dir_config *parent_dir = (mime_dir_config *)parent_dirv;
mime_dir_config *subdir = (mime_dir_config *)subdirv;
mime_dir_config *new =
(mime_dir_config *)ap_palloc (p, sizeof(mime_dir_config));
new->forced_types = ap_overlay_tables (p, subdir->forced_types,
parent_dir->forced_types);
 new->encoding_types = ap_overlay_tables (p, subdir->encoding_types,
parent_dir->encoding_types);
return new;
 }

As a note -- if there is no per-directory merge function present, the server will just use the subdirectory's configuration info, and ignore the parent's. For some modules, that works just fine (e.g., for the includes module, whose per-directory configuration information consists solely of the state of the XBITHACK), and for those modules, you can just not declare one, and leave the corresponding structure slot in the module itself NULL.

Command handling

Now that we have these structures, we need to be able to figure out how to fill them. That involves processing the actual AddType and AddEncoding commands. To find commands, the server looks in the module's command table. That table contains information on how many arguments the commands take, and in what formats, where it is permitted, and so forth. That information is sufficient to allow the server to invoke most command-handling functions with pre-parsed arguments. Without further ado, let's look at the AddType command handler, which looks like this (the AddEncoding command looks basically the same, and won't be shown here):

char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct, char *ext)
{
if (*ext == '.') ++ext;
ap_table_set (m->forced_types, ext, ct);
return NULL;
 }

This command handler is unusually simple. As you can see, it takes four arguments, two of which are pre-parsed arguments, the third being the per-directory configuration structure for the module in question, and the fourth being a pointer to a cmd_parms structure. That structure contains a bunch of arguments which are frequently of use to some, but not all, commands, including a resource pool (from which memory can be allocated, and to which cleanups should be tied), and the (virtual) server being configured, from which the module's per-server configuration data can be obtained if required.

Another way in which this particular command handler is unusually simple is that there are no error conditions which it can encounter. If there were, it could return an error message instead of NULL; this causes an error to be printed out on the server's stderr, followed by a quick exit, if it is in the main config files; for a .htaccess file, the syntax error is logged in the server error log (along with an indication of where it came from), and the request is bounced with a server error response (HTTP error status, code 500).

The MIME module's command table has entries for these commands, which look like this:

command_rec mime_cmds[] = {
{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
"a mime type followed by a file extension" },
 { "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
"an encoding (e.g., gzip), followed by a file extension" },
 { NULL }
 };

The entries in these tables are:

Finally, having set this all up, we have to use it. This is ultimately done in the module's handlers, specifically for its file-typing handler, which looks more or less like this; note that the per-directory configuration structure is extracted from the request_rec's per-directory configuration vector by using the ap_get_module_config function.

int find_ct(request_rec *r)
{
int i;
char *fn = ap_pstrdup (r->pool, r->filename);
mime_dir_config *conf = (mime_dir_config *)
ap_get_module_config(r->per_dir_config, &mime_module);
 char *type;

if (S_ISDIR(r->finfo.st_mode)) {
r->content_type = DIR_MAGIC_TYPE;
return OK;
 }

if((i=ap_rind(fn,'.')) < 0) return DECLINED;
++i;

if ((type = ap_table_get (conf->encoding_types, &fn[i])))
{
r->content_encoding = type;

/* go back to previous extension to try to use it as a type */
fn[i-1] = '\0';
if((i=ap_rind(fn,'.')) < 0) return OK;
++i;
 }

if ((type = ap_table_get (conf->forced_types, &fn[i])))
{
r->content_type = type;
 }

return OK; }

Side notes -- per-server configuration, virtual servers, etc.

The basic ideas behind per-server module configuration are basically the same as those for per-directory configuration; there is a creation function and a merge function, the latter being invoked where a virtual server has partially overridden the base server configuration, and a combined structure must be computed. (As with per-directory configuration, the default if no merge function is specified, and a module is configured in some virtual server, is that the base configuration is simply ignored).

The only substantial difference is that when a command needs to configure the per-server private module data, it needs to go to the cmd_parms data to get at it. Here's an example, from the alias module, which also indicates how a syntax error can be returned (note that the per-directory configuration argument to the command handler is declared as a dummy, since the module doesn't actually have per-directory config data):

char *add_redirect(cmd_parms *cmd, void *dummy, char *f, char *url)
{
server_rec *s = cmd->server;
alias_server_conf *conf = (alias_server_conf *)
ap_get_module_config(s->module_config,&alias_module);
 alias_entry *new = ap_push_array (conf->redirects);

if (!ap_is_url (url)) return "Redirect to non-URL";

new->fake = f; new->real = url;
return NULL;
 }

developer/debugging.html100644 0 0 21540 11074463123 13036 0ustar 0 0 Debugging Memory Allocation in APR - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Debugging Memory Allocation in APR

The allocation mechanism's within APR have a number of debugging modes that can be used to assist in finding memory problems. This document describes the modes available and gives instructions on activating them.

top

Available debugging options

Allocation Debugging - ALLOC_DEBUG

Debugging support: Define this to enable code which helps detect re-use of free()d memory and other such nonsense.

The theory is simple. The FILL_BYTE (0xa5) is written over all malloc'd memory as we receive it, and is written over everything that we free up during a clear_pool. We check that blocks on the free list always have the FILL_BYTE in them, and we check during palloc() that the bytes still have FILL_BYTE in them. If you ever see garbage URLs or whatnot containing lots of 0xa5s then you know something used data that's been freed or uninitialized.

Malloc Support - ALLOC_USE_MALLOC

If defined all allocations will be done with malloc() and free()d appropriately at the end.

This is intended to be used with something like Electric Fence or Purify to help detect memory problems. Note that if you're using efence then you should also add in ALLOC_DEBUG. But don't add in ALLOC_DEBUG if you're using Purify because ALLOC_DEBUG would hide all the uninitialized read errors that Purify can diagnose.

Pool Debugging - POOL_DEBUG

This is intended to detect cases where the wrong pool is used when assigning data to an object in another pool.

In particular, it causes the table_{set,add,merge}n routines to check that their arguments are safe for the apr_table_t they're being placed in. It currently only works with the unix multiprocess model, but could be extended to others.

Table Debugging - MAKE_TABLE_PROFILE

Provide diagnostic information about make_table() calls which are possibly too small.

This requires a recent gcc which supports __builtin_return_address(). The error_log output will be a message such as:

table_push: apr_table_t created by 0x804d874 hit limit of 10

Use l *0x804d874 to find the source that corresponds to. It indicates that a apr_table_t allocated by a call at that address has possibly too small an initial apr_table_t size guess.

Allocation Statistics - ALLOC_STATS

Provide some statistics on the cost of allocations.

This requires a bit of an understanding of how alloc.c works.

top

Allowable Combinations

Not all the options outlined above can be activated at the same time. the following table gives more information.

ALLOC DEBUG ALLOC USE MALLOC POOL DEBUG MAKE TABLE PROFILE ALLOC STATS
ALLOC DEBUG -NoYesYesYes
ALLOC USE MALLOC No-NoNoNo
POOL DEBUG YesNo-YesYes
MAKE TABLE PROFILE YesNoYes-Yes
ALLOC STATS YesNoYesYes-

Additionally the debugging options are not suitable for multi-threaded versions of the server. When trying to debug with these options the server should be started in single process mode.

top

Activating Debugging Options

The various options for debugging memory are now enabled in the apr_general.h header file in APR. The various options are enabled by uncommenting the define for the option you wish to use. The section of the code currently looks like this (contained in srclib/apr/include/apr_pools.h)

/*
#define ALLOC_DEBUG
#define POOL_DEBUG
#define ALLOC_USE_MALLOC
#define MAKE_TABLE_PROFILE
#define ALLOC_STATS
*/

typedef struct ap_pool_t {
union block_hdr *first;
union block_hdr *last;
struct cleanup *cleanups;
struct process_chain *subprocesses;
struct ap_pool_t *sub_pools;
struct ap_pool_t *sub_next;
struct ap_pool_t *sub_prev;
struct ap_pool_t *parent;
char *free_first_avail;
 #ifdef ALLOC_USE_MALLOC
void *allocation_list;
 #endif
#ifdef POOL_DEBUG
struct ap_pool_t *joined;
 #endif
int (*apr_abort)(int retcode);
struct datastruct *prog_data;
 } ap_pool_t;

To enable allocation debugging simply move the #define ALLOC_DEBUG above the start of the comments block and rebuild the server.

Note

In order to use the various options the server must be rebuilt after editing the header file.

developer/documenting.html100644 0 0 10130 11074463123 13410 0ustar 0 0 Documenting Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Documenting Apache 2.0

Apache 2.0 uses Doxygen to document the APIs and global variables in the code. This will explain the basics of how to document using Doxygen.

top

Brief Description

To start a documentation block, use /**
To end a documentation block, use */

In the middle of the block, there are multiple tags we can use:

Description of this functions purpose
@param parameter_name description
@return description
@deffunc signature of the function

The deffunc is not always necessary. DoxyGen does not have a full parser in it, so any prototype that use a macro in the return type declaration is too complex for scandoc. Those functions require a deffunc. An example (using &gt; rather than >):

/**
 * return the final element of the pathname
 * @param pathname The path to get the final element of
 * @return the final element of the path
 * @tip Examples:
 * <pre>
 * "/foo/bar/gum" -&gt; "gum"
 * "/foo/bar/gum/" -&gt; ""
 * "gum" -&gt; "gum"
 * "wi\\n32\\stuff" -&gt; "stuff"
 * </pre>
 * @deffunc const char * ap_filename_of_pathname(const char *pathname)
 */

At the top of the header file, always include:

/**
 * @package Name of library header
 */

Doxygen uses a new HTML file for each package. The HTML files are named {Name_of_library_header}.html, so try to be concise with your names.

For a further discussion of the possibilities please refer to the Doxygen site.

developer/filters.html100644 0 0 27634 11074463123 12565 0ustar 0 0 How filters work in Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

How filters work in Apache 2.0

Warning

This is a cut 'n paste job from an email (<022501c1c529$f63a9550$7f00000a@KOJ>) and only reformatted for better readability. It's not up to date but may be a good start for further research.

top

Filter Types

There are three basic filter types (each of these is actually broken down into two categories, but that comes later).

CONNECTION
Filters of this type are valid for the lifetime of this connection. (AP_FTYPE_CONNECTION, AP_FTYPE_NETWORK)
PROTOCOL
Filters of this type are valid for the lifetime of this request from the point of view of the client, this means that the request is valid from the time that the request is sent until the time that the response is received. (AP_FTYPE_PROTOCOL, AP_FTYPE_TRANSCODE)
RESOURCE
Filters of this type are valid for the time that this content is used to satisfy a request. For simple requests, this is identical to PROTOCOL, but internal redirects and sub-requests can change the content without ending the request. (AP_FTYPE_RESOURCE, AP_FTYPE_CONTENT_SET)

It is important to make the distinction between a protocol and a resource filter. A resource filter is tied to a specific resource, it may also be tied to header information, but the main binding is to a resource. If you are writing a filter and you want to know if it is resource or protocol, the correct question to ask is: "Can this filter be removed if the request is redirected to a different resource?" If the answer is yes, then it is a resource filter. If it is no, then it is most likely a protocol or connection filter. I won't go into connection filters, because they seem to be well understood. With this definition, a few examples might help:

Byterange
We have coded it to be inserted for all requests, and it is removed if not used. Because this filter is active at the beginning of all requests, it can not be removed if it is redirected, so this is a protocol filter.
http_header
This filter actually writes the headers to the network. This is obviously a required filter (except in the asis case which is special and will be dealt with below) and so it is a protocol filter.
Deflate
The administrator configures this filter based on which file has been requested. If we do an internal redirect from an autoindex page to an index.html page, the deflate filter may be added or removed based on config, so this is a resource filter.

The further breakdown of each category into two more filter types is strictly for ordering. We could remove it, and only allow for one filter type, but the order would tend to be wrong, and we would need to hack things to make it work. Currently, the RESOURCE filters only have one filter type, but that should change.

top

How are filters inserted?

This is actually rather simple in theory, but the code is complex. First of all, it is important that everybody realize that there are three filter lists for each request, but they are all concatenated together. So, the first list is r->output_filters, then r->proto_output_filters, and finally r->connection->output_filters. These correspond to the RESOURCE, PROTOCOL, and CONNECTION filters respectively. The problem previously, was that we used a singly linked list to create the filter stack, and we started from the "correct" location. This means that if I had a RESOURCE filter on the stack, and I added a CONNECTION filter, the CONNECTION filter would be ignored. This should make sense, because we would insert the connection filter at the top of the c->output_filters list, but the end of r->output_filters pointed to the filter that used to be at the front of c->output_filters. This is obviously wrong. The new insertion code uses a doubly linked list. This has the advantage that we never lose a filter that has been inserted. Unfortunately, it comes with a separate set of headaches.

The problem is that we have two different cases were we use subrequests. The first is to insert more data into a response. The second is to replace the existing response with an internal redirect. These are two different cases and need to be treated as such.

In the first case, we are creating the subrequest from within a handler or filter. This means that the next filter should be passed to make_sub_request function, and the last resource filter in the sub-request will point to the next filter in the main request. This makes sense, because the sub-request's data needs to flow through the same set of filters as the main request. A graphical representation might help:

Default_handler --> includes_filter --> byterange --> ...

If the includes filter creates a sub request, then we don't want the data from that sub-request to go through the includes filter, because it might not be SSI data. So, the subrequest adds the following:

    
Default_handler --> includes_filter -/-> byterange --> ...
                                    /
Default_handler --> sub_request_core

What happens if the subrequest is SSI data? Well, that's easy, the includes_filter is a resource filter, so it will be added to the sub request in between the Default_handler and the sub_request_core filter.

The second case for sub-requests is when one sub-request is going to become the real request. This happens whenever a sub-request is created outside of a handler or filter, and NULL is passed as the next filter to the make_sub_request function.

In this case, the resource filters no longer make sense for the new request, because the resource has changed. So, instead of starting from scratch, we simply point the front of the resource filters for the sub-request to the front of the protocol filters for the old request. This means that we won't lose any of the protocol filters, neither will we try to send this data through a filter that shouldn't see it.

The problem is that we are using a doubly-linked list for our filter stacks now. But, you should notice that it is possible for two lists to intersect in this model. So, you do you handle the previous pointer? This is a very difficult question to answer, because there is no "right" answer, either method is equally valid. I looked at why we use the previous pointer. The only reason for it is to allow for easier addition of new servers. With that being said, the solution I chose was to make the previous pointer always stay on the original request.

This causes some more complex logic, but it works for all cases. My concern in having it move to the sub-request, is that for the more common case (where a sub-request is used to add data to a response), the main filter chain would be wrong. That didn't seem like a good idea to me.

top

Asis

The final topic. :-) Mod_Asis is a bit of a hack, but the handler needs to remove all filters except for connection filters, and send the data. If you are using mod_asis, all other bets are off.

top

Explanations

The absolutely last point is that the reason this code was so hard to get right, was because we had hacked so much to force it to work. I wrote most of the hacks originally, so I am very much to blame. However, now that the code is right, I have started to remove some hacks. Most people should have seen that the reset_filters and add_required_filters functions are gone. Those inserted protocol level filters for error conditions, in fact, both functions did the same thing, one after the other, it was really strange. Because we don't lose protocol filters for error cases any more, those hacks went away. The HTTP_HEADER, Content-length, and Byterange filters are all added in the insert_filters phase, because if they were added earlier, we had some interesting interactions. Now, those could all be moved to be inserted with the HTTP_IN, CORE, and CORE_IN filters. That would make the code easier to follow.

developer/hooks.html100644 0 0 24517 11074463123 12235 0ustar 0 0 Apache 2.0 Hook Functions - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Apache 2.0 Hook Functions

Warning

This document is still in development and may be partially out of date.

In general, a hook function is one that Apache will call at some point during the processing of a request. Modules can provide functions that are called, and specify when they get called in comparison to other modules.

top

Creating a hook function

In order to create a new hook, four things need to be done:

Declare the hook function

Use the AP_DECLARE_HOOK macro, which needs to be given the return type of the hook function, the name of the hook, and the arguments. For example, if the hook returns an int and takes a request_rec * and an int and is called do_something, then declare it like this:

AP_DECLARE_HOOK(int, do_something, (request_rec *r, int n))

This should go in a header which modules will include if they want to use the hook.

Create the hook structure

Each source file that exports a hook has a private structure which is used to record the module functions that use the hook. This is declared as follows:

APR_HOOK_STRUCT(
APR_HOOK_LINK(do_something)
...
 )

Implement the hook caller

The source file that exports the hook has to implement a function that will call the hook. There are currently three possible ways to do this. In all cases, the calling function is called ap_run_hookname().

Void hooks

If the return value of a hook is void, then all the hooks are called, and the caller is implemented like this:

AP_IMPLEMENT_HOOK_VOID(do_something, (request_rec *r, int n), (r, n))

The second and third arguments are the dummy argument declaration and the dummy arguments as they will be used when calling the hook. In other words, this macro expands to something like this:

void ap_run_do_something(request_rec *r, int n)
{
...
do_something(r, n);
 }

Hooks that return a value

If the hook returns a value, then it can either be run until the first hook that does something interesting, like so:

AP_IMPLEMENT_HOOK_RUN_FIRST(int, do_something, (request_rec *r, int n), (r, n), DECLINED)

The first hook that does not return DECLINED stops the loop and its return value is returned from the hook caller. Note that DECLINED is the tradition Apache hook return meaning "I didn't do anything", but it can be whatever suits you.

Alternatively, all hooks can be run until an error occurs. This boils down to permitting two return values, one of which means "I did something, and it was OK" and the other meaning "I did nothing". The first function that returns a value other than one of those two stops the loop, and its return is the return value. Declare these like so:

AP_IMPLEMENT_HOOK_RUN_ALL(int, do_something, (request_rec *r, int n), (r, n), OK, DECLINED)

Again, OK and DECLINED are the traditional values. You can use what you want.

Call the hook callers

At appropriate moments in the code, call the hook caller, like so:

int n, ret;
request_rec *r;

ret=ap_run_do_something(r, n);

top

Hooking the hook

A module that wants a hook to be called needs to do two things.

Implement the hook function

Include the appropriate header, and define a static function of the correct type:

static int my_something_doer(request_rec *r, int n)
{
...
return OK;
 }

Add a hook registering function

During initialisation, Apache will call each modules hook registering function, which is included in the module structure:

static void my_register_hooks()
{
ap_hook_do_something(my_something_doer, NULL, NULL, HOOK_MIDDLE);
 }

mode MODULE_VAR_EXPORT my_module =
{
...
my_register_hooks /* register hooks */
 };

Controlling hook calling order

In the example above, we didn't use the three arguments in the hook registration function that control calling order. There are two mechanisms for doing this. The first, rather crude, method, allows us to specify roughly where the hook is run relative to other modules. The final argument control this. There are three possible values: HOOK_FIRST, HOOK_MIDDLE and HOOK_LAST.

All modules using any particular value may be run in any order relative to each other, but, of course, all modules using HOOK_FIRST will be run before HOOK_MIDDLE which are before HOOK_LAST. Modules that don't care when they are run should use HOOK_MIDDLE. (I spaced these out so people could do stuff like HOOK_FIRST-2 to get in slightly earlier, but is this wise? - Ben)

Note that there are two more values, HOOK_REALLY_FIRST and HOOK_REALLY_LAST. These should only be used by the hook exporter.

The other method allows finer control. When a module knows that it must be run before (or after) some other modules, it can specify them by name. The second (third) argument is a NULL-terminated array of strings consisting of the names of modules that must be run before (after) the current module. For example, suppose we want "mod_xyz.c" and "mod_abc.c" to run before we do, then we'd hook as follows:

static void register_hooks()
{
static const char * const aszPre[] = { "mod_xyz.c", "mod_abc.c", NULL };

ap_hook_do_something(my_something_doer, aszPre, NULL, HOOK_MIDDLE);
 }

Note that the sort used to achieve this is stable, so ordering set by HOOK_ORDER is preserved, as far as is possible.

Ben Laurie, 15th August 1999

developer/index.html100644 0 0 10135 11074463123 12210 0ustar 0 0 Developer Documentation for Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

Developer Documentation for Apache 2.0

Many of the documents on these Developer pages are lifted from Apache 1.3's documentation. While they are all being updated to Apache 2.0, they are in different stages of progress. Please be patient, and point out any discrepancies or errors on the developer/ pages directly to the dev@httpd.apache.org mailing list.

top

Topics

top

External Resources

developer/modules.html100644 0 0 26307 11074463123 12561 0ustar 0 0 Converting Modules from Apache 1.3 to Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Converting Modules from Apache 1.3 to Apache 2.0

This is a first attempt at writing the lessons I learned when trying to convert the mod_mmap_static module to Apache 2.0. It's by no means definitive and probably won't even be correct in some ways, but it's a start.

top

The easier changes ...

Cleanup Routines

These now need to be of type apr_status_t and return a value of that type. Normally the return value will be APR_SUCCESS unless there is some need to signal an error in the cleanup. Be aware that even though you signal an error not all code yet checks and acts upon the error.

Initialisation Routines

These should now be renamed to better signify where they sit in the overall process. So the name gets a small change from mmap_init to mmap_post_config. The arguments passed have undergone a radical change and now look like

Data Types

A lot of the data types have been moved into the APR. This means that some have had a name change, such as the one shown above. The following is a brief list of some of the changes that you are likely to have to make.

top

The messier changes...

Register Hooks

The new architecture uses a series of hooks to provide for calling your functions. These you'll need to add to your module by way of a new function, static void register_hooks(void). The function is really reasonably straightforward once you understand what needs to be done. Each function that needs calling at some stage in the processing of a request needs to be registered, handlers do not. There are a number of phases where functions can be added, and for each you can specify with a high degree of control the relative order that the function will be called in.

This is the code that was added to mod_mmap_static:

static void register_hooks(void)
{
    static const char * const aszPre[]={ "http_core.c",NULL };
    ap_hook_post_config(mmap_post_config,NULL,NULL,HOOK_MIDDLE);
    ap_hook_translate_name(mmap_static_xlat,aszPre,NULL,HOOK_LAST);
};

This registers 2 functions that need to be called, one in the post_config stage (virtually every module will need this one) and one for the translate_name phase. note that while there are different function names the format of each is identical. So what is the format?

ap_hook_phase_name(function_name, predecessors, successors, position);

There are 3 hook positions defined...

To define the position you use the position and then modify it with the predecessors and successors. Each of the modifiers can be a list of functions that should be called, either before the function is run (predecessors) or after the function has run (successors).

In the mod_mmap_static case I didn't care about the post_config stage, but the mmap_static_xlat must be called after the core module had done it's name translation, hence the use of the aszPre to define a modifier to the position HOOK_LAST.

Module Definition

There are now a lot fewer stages to worry about when creating your module definition. The old defintion looked like

module MODULE_VAR_EXPORT module_name_module =
{
    STANDARD_MODULE_STUFF,
    /* initializer */
    /* dir config creater */
    /* dir merger --- default is to override */
    /* server config */
    /* merge server config */
    /* command handlers */
    /* handlers */
    /* filename translation */
    /* check_user_id */
    /* check auth */
    /* check access */
    /* type_checker */
    /* fixups */
    /* logger */
    /* header parser */
    /* child_init */
    /* child_exit */
    /* post read-request */
};

The new structure is a great deal simpler...

module MODULE_VAR_EXPORT module_name_module =
{
    STANDARD20_MODULE_STUFF,
    /* create per-directory config structures */
    /* merge per-directory config structures  */
    /* create per-server config structures    */
    /* merge per-server config structures     */
    /* command handlers */
    /* handlers */
    /* register hooks */
};

Some of these read directly across, some don't. I'll try to summarise what should be done below.

The stages that read directly across :

/* dir config creater */
/* create per-directory config structures */
/* server config */
/* create per-server config structures */
/* dir merger */
/* merge per-directory config structures */
/* merge server config */
/* merge per-server config structures */
/* command table */
/* command apr_table_t */
/* handlers */
/* handlers */

The remainder of the old functions should be registered as hooks. There are the following hook stages defined so far...

ap_hook_post_config
this is where the old _init routines get registered
ap_hook_http_method
retrieve the http method from a request. (legacy)
ap_hook_open_logs
open any specified logs
ap_hook_auth_checker
check if the resource requires authorization
ap_hook_access_checker
check for module-specific restrictions
ap_hook_check_user_id
check the user-id and password
ap_hook_default_port
retrieve the default port for the server
ap_hook_pre_connection
do any setup required just before processing, but after accepting
ap_hook_process_connection
run the correct protocol
ap_hook_child_init
call as soon as the child is started
ap_hook_create_request
??
ap_hook_fixups
last chance to modify things before generating content
ap_hook_handler
generate the content
ap_hook_header_parser
lets modules look at the headers, not used by most modules, because they use post_read_request for this
ap_hook_insert_filter
to insert filters into the filter chain
ap_hook_log_transaction
log information about the request
ap_hook_optional_fn_retrieve
retrieve any functions registered as optional
ap_hook_post_read_request
called after reading the request, before any other phase
ap_hook_quick_handler
called before any request processing, used by cache modules.
ap_hook_translate_name
translate the URI into a filename
ap_hook_type_checker
determine and/or set the doc type
developer/request.html100644 0 0 33157 11074463123 12602 0ustar 0 0 Request Processing in Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Request Processing in Apache 2.0

Warning

Warning - this is a first (fast) draft that needs further revision!

Several changes in Apache 2.0 affect the internal request processing mechanics. Module authors need to be aware of these changes so they may take advantage of the optimizations and security enhancements.

The first major change is to the subrequest and redirect mechanisms. There were a number of different code paths in Apache 1.3 to attempt to optimize subrequest or redirect behavior. As patches were introduced to 2.0, these optimizations (and the server behavior) were quickly broken due to this duplication of code. All duplicate code has been folded back into ap_process_request_internal() to prevent the code from falling out of sync again.

This means that much of the existing code was 'unoptimized'. It is the Apache HTTP Project's first goal to create a robust and correct implementation of the HTTP server RFC. Additional goals include security, scalability and optimization. New methods were sought to optimize the server (beyond the performance of Apache 1.3) without introducing fragile or insecure code.

top

The Request Processing Cycle

All requests pass through ap_process_request_internal() in request.c, including subrequests and redirects. If a module doesn't pass generated requests through this code, the author is cautioned that the module may be broken by future changes to request processing.

To streamline requests, the module author can take advantage of the hooks offered to drop out of the request cycle early, or to bypass core Apache hooks which are irrelevant (and costly in terms of CPU.)

top

The Request Parsing Phase

Unescapes the URL

The request's parsed_uri path is unescaped, once and only once, at the beginning of internal request processing.

This step is bypassed if the proxyreq flag is set, or the parsed_uri.path element is unset. The module has no further control of this one-time unescape operation, either failing to unescape or multiply unescaping the URL leads to security reprecussions.

Strips Parent and This Elements from the URI

All /../ and /./ elements are removed by ap_getparents(). This helps to ensure the path is (nearly) absolute before the request processing continues.

This step cannot be bypassed.

Initial URI Location Walk

Every request is subject to an ap_location_walk() call. This ensures that <Location> sections are consistently enforced for all requests. If the request is an internal redirect or a sub-request, it may borrow some or all of the processing from the previous or parent request's ap_location_walk, so this step is generally very efficient after processing the main request.

translate_name

Modules can determine the file name, or alter the given URI in this step. For example, mod_vhost_alias will translate the URI's path into the configured virtual host, mod_alias will translate the path to an alias path, and if the request falls back on the core, the DocumentRoot is prepended to the request resource.

If all modules DECLINE this phase, an error 500 is returned to the browser, and a "couldn't translate name" error is logged automatically.

Hook: map_to_storage

After the file or correct URI was determined, the appropriate per-dir configurations are merged together. For example, mod_proxy compares and merges the appropriate <Proxy> sections. If the URI is nothing more than a local (non-proxy) TRACE request, the core handles the request and returns DONE. If no module answers this hook with OK or DONE, the core will run the request filename against the <Directory> and <Files> sections. If the request 'filename' isn't an absolute, legal filename, a note is set for later termination.

URI Location Walk

Every request is hardened by a second ap_location_walk() call. This reassures that a translated request is still subjected to the configured <Location> sections. The request again borrows some or all of the processing from its previous location_walk above, so this step is almost always very efficient unless the translated URI mapped to a substantially different path or Virtual Host.

Hook: header_parser

The main request then parses the client's headers. This prepares the remaining request processing steps to better serve the client's request.

top

The Security Phase

Needs Documentation. Code is:

switch (ap_satisfies(r)) {
case SATISFY_ALL:
case SATISFY_NOSPEC:
    if ((access_status = ap_run_access_checker(r)) != 0) {
        return decl_die(access_status, "check access", r);
    }

    if (ap_some_auth_required(r)) {
        if (((access_status = ap_run_check_user_id(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check user.  No user file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }

        if (((access_status = ap_run_auth_checker(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check access.  No groups file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }
    }
    break;

case SATISFY_ANY:
    if (((access_status = ap_run_access_checker(r)) != 0)) {
        if (!ap_some_auth_required(r)) {
            return decl_die(access_status, "check access", r);
        }

        if (((access_status = ap_run_check_user_id(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check user.  No user file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }

        if (((access_status = ap_run_auth_checker(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check access.  No groups file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }
    }
    break;
}
top

The Preparation Phase

Hook: type_checker

The modules have an opportunity to test the URI or filename against the target resource, and set mime information for the request. Both mod_mime and mod_mime_magic use this phase to compare the file name or contents against the administrator's configuration and set the content type, language, character set and request handler. Some modules may set up their filters or other request handling parameters at this time.

If all modules DECLINE this phase, an error 500 is returned to the browser, and a "couldn't find types" error is logged automatically.

Hook: fixups

Many modules are 'trounced' by some phase above. The fixups phase is used by modules to 'reassert' their ownership or force the request's fields to their appropriate values. It isn't always the cleanest mechanism, but occasionally it's the only option.

top

The Handler Phase

This phase is not part of the processing in ap_process_request_internal(). Many modules prepare one or more subrequests prior to creating any content at all. After the core, or a module calls ap_process_request_internal() it then calls ap_invoke_handler() to generate the request.

Hook: insert_filter

Modules that transform the content in some way can insert their values and override existing filters, such that if the user configured a more advanced filter out-of-order, then the module can move its order as need be. There is no result code, so actions in this hook better be trusted to always succeed.

Hook: handler

The module finally has a chance to serve the request in its handler hook. Note that not every prepared request is sent to the handler hook. Many modules, such as mod_autoindex, will create subrequests for a given URI, and then never serve the subrequest, but simply lists it for the user. Remember not to put required teardown from the hooks above into this module, but register pool cleanups against the request pool to free resources as required.

developer/thread_safety.html100644 0 0 36007 11074463123 13731 0ustar 0 0 Apache 2.0 Thread Safety Issues - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > Developer Documentation

Apache 2.0 Thread Safety Issues

When using any of the threaded mpms in Apache 2.0 it is important that every function called from Apache be thread safe. When linking in 3rd party extensions it can be difficult to determine whether the resulting server will be thread safe. Casual testing generally won't tell you this either as thread safety problems can lead to subtle race conditons that may only show up in certain conditions under heavy load.

top

Global and static variables

When writing your module or when trying to determine if a module or 3rd party library is thread safe there are some common things to keep in mind.

First, you need to recognize that in a threaded model each individual thread has its own program counter, stack and registers. Local variables live on the stack, so those are fine. You need to watch out for any static or global variables. This doesn't mean that you are absolutely not allowed to use static or global variables. There are times when you actually want something to affect all threads, but generally you need to avoid using them if you want your code to be thread safe.

In the case where you have a global variable that needs to be global and accessed by all threads, be very careful when you update it. If, for example, it is an incrementing counter, you need to atomically increment it to avoid race conditions with other threads. You do this using a mutex (mutual exclusion). Lock the mutex, read the current value, increment it and write it back and then unlock the mutex. Any other thread that wants to modify the value has to first check the mutex and block until it is cleared.

If you are using APR, have a look at the apr_atomic_* functions and the apr_thread_mutex_* functions.

top

errno

This is a common global variable that holds the error number of the last error that occurred. If one thread calls a low-level function that sets errno and then another thread checks it, we are bleeding error numbers from one thread into another. To solve this, make sure your module or library defines _REENTRANT or is compiled with -D_REENTRANT. This will make errno a per-thread variable and should hopefully be transparent to the code. It does this by doing something like this:

#define errno (*(__errno_location()))

which means that accessing errno will call __errno_location() which is provided by the libc. Setting _REENTRANT also forces redefinition of some other functions to their *_r equivalents and sometimes changes the common getc/putc macros into safer function calls. Check your libc documentation for specifics. Instead of, or in addition to _REENTRANT the symbols that may affect this are _POSIX_C_SOURCE, _THREAD_SAFE, _SVID_SOURCE, and _BSD_SOURCE.

top

Common standard troublesome functions

Not only do things have to be thread safe, but they also have to be reentrant. strtok() is an obvious one. You call it the first time with your delimiter which it then remembers and on each subsequent call it returns the next token. Obviously if multiple threads are calling it you will have a problem. Most systems have a reentrant version of of the function called strtok_r() where you pass in an extra argument which contains an allocated char * which the function will use instead of its own static storage for maintaining the tokenizing state. If you are using APR you can use apr_strtok().

crypt() is another function that tends to not be reentrant, so if you run across calls to that function in a library, watch out. On some systems it is reentrant though, so it is not always a problem. If your system has crypt_r() chances are you should be using that, or if possible simply avoid the whole mess by using md5 instead.

top

Common 3rd Party Libraries

The following is a list of common libraries that are used by 3rd party Apache modules. You can check to see if your module is using a potentially unsafe library by using tools such as ldd(1) and nm(1). For PHP, for example, try this:

% ldd libphp4.so
libsablot.so.0 => /usr/local/lib/libsablot.so.0 (0x401f6000)
libexpat.so.0 => /usr/lib/libexpat.so.0 (0x402da000)
libsnmp.so.0 => /usr/lib/libsnmp.so.0 (0x402f9000)
libpdf.so.1 => /usr/local/lib/libpdf.so.1 (0x40353000)
libz.so.1 => /usr/lib/libz.so.1 (0x403e2000)
libpng.so.2 => /usr/lib/libpng.so.2 (0x403f0000)
libmysqlclient.so.11 => /usr/lib/libmysqlclient.so.11 (0x40411000)
libming.so => /usr/lib/libming.so (0x40449000)
libm.so.6 => /lib/libm.so.6 (0x40487000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x404a8000)
libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x404e7000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40505000)
libssl.so.2 => /lib/libssl.so.2 (0x40532000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x40560000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40624000)
libdl.so.2 => /lib/libdl.so.2 (0x40634000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40637000)
libc.so.6 => /lib/libc.so.6 (0x4064b000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

In addition to these libraries you will need to have a look at any libraries linked statically into the module. You can use nm(1) to look for individual symbols in the module.

top

Library List

Please drop a note to dev@httpd.apache.org if you have additions or corrections to this list.

LibraryVersionThread Safe?Notes
ASpell/PSpell ?
Berkeley DB 3.x, 4.x Yes Be careful about sharing a connection across threads.
bzip2 Yes Both low-level and high-level APIs are thread-safe. However, high-level API requires thread-safe access to errno.
cdb ?
C-Client Perhaps c-client uses strtok() and gethostbyname() which are not thread-safe on most C library implementations. c-client's static data is meant to be shared across threads. If strtok() and gethostbyname() are thread-safe on your OS, c-client may be thread-safe.
cpdflib ?
libcrypt ?
Expat Yes Need a separate parser instance per thread
FreeTDS ?
FreeType ?
GD 1.8.x ?
GD 2.0.x ?
gdbm No Errors returned via a static gdbm_error variable
ImageMagick 5.2.2 Yes ImageMagick docs claim it is thread safe since version 5.2.2 (see Change log).
Imlib2 ?
libjpeg v6b ?
libmysqlclient Yes Use mysqlclient_r library variant to ensure thread-safety. For more information, please read http://www.mysql.com/doc/en/Threaded_clients.html.
Ming 0.2a ?
Net-SNMP 5.0.x ?
OpenLDAP 2.1.x Yes Use ldap_r library variant to ensure thread-safety.
OpenSSL 0.9.6g Yes Requires proper usage of CRYPTO_num_locks, CRYPTO_set_locking_callback, CRYPTO_set_id_callback
liboci8 (Oracle 8+) 8.x,9.x ?
pdflib 5.0.x Yes PDFLib docs claim it is thread safe; changes.txt indicates it has been partially thread-safe since V1.91: http://www.pdflib.com/products/pdflib/index.html.
libpng 1.0.x ?
libpng 1.2.x ?
libpq (PostgreSQL) 7.x Yes Don't share connections across threads and watch out for crypt() calls
Sablotron 0.95 ?
zlib 1.1.4 Yes Relies upon thread-safe zalloc and zfree functions Default is to use libc's calloc/free which are thread-safe.
dns-caveats.html100644 0 0 23776 11074463123 11343 0ustar 0 0 DNS ġ õ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

DNS ġ õ

ֽ ƴմϴ. ֱٿ ϼ.

ִ. ġ DNS ʵ ϶. ġ дµ DNS ʿϴٸ ŷڼ ( ȵ ִ) Ȥ 񽺰ź ݰ (ڰ ٸ ڿ ä Ͽ) 񽺵(theft of service) ݿ ô޸ ִ.

top

<VirtualHost www.abc.dom>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

ġ ϱؼ ȣƮ ΰ ʿϴ. ServerName ٸ ּ Ѱ IP ̴ּ. IP ּҰ ⶧, ġ DNS Ͽ www.abc.dom ּҸ ãƾ Ѵ.  DNS ٸ ȣƮ . ȣƮ û . (ġ 1.2 õ Ѵ.)

www.abc.dom ּҰ 10.0.0.1̶ . ׸ :

<VirtualHost 10.0.0.1>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

ġ ȣƮ ServerName ã DNS ؾ Ѵ. ãⰡ ϸ ġ ȣƮ κ . (ġ 1.2 õ Ѵ.) , ̸ ȣƮ ȣƮ ʰ, ip̶ κ Ѵ. ׷ ġ Ͽ ü URL Ѵٸ URL Ѵ.

Ʒ ΰ .

<VirtualHost 10.0.0.1>
ServerName www.abc.dom
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

top

񽺰ź (Denial of Service)

(ּ) ΰ 񽺰źΰ ߻ ִ. ġ 1.2  ȣƮ DNS ˻ ϸ ʴ´. DNS ִ. , abc.dom Ʈ̰ ڽ DNS Ѵٸ, www.abc.dom ڵ带 ⸸ ص (1.2 ) Ѵ.

ξ Ȱ ִ. 캸:

<VirtualHost www.abc.dom>
  ServerAdmin webgirl@abc.dom
  DocumentRoot /www/abc
</VirtualHost>

<VirtualHost www.def.dom>
  ServerAdmin webguy@def.dom
  DocumentRoot /www/def
</VirtualHost>

www.abc.dom 10.0.0.1, www.def.dom 10.0.0.2 Ҵߴٰ . , def.dom ü DNS Ѵٰ . Բ def.dom abc.dom ç ִ ҿ ξ. ׷ٸ ׵ www.def.dom 10.0.0.1 ϱ⸸ ϸ ȴ. ׵ ü DNS ϱ⶧ ׵ ϴµ www.def.dom ڵ带 ϴ .

http://www.abc.dom/whatever URL Էϴ 츦 Ͽ) 10.0.0.1 û def.dom ȣƮ ϰ ȴ. ̷ Ͼ Ϸ ġ  ȣƮ û óϴ ʿϴ. 밭 ִ.

top

"ּ" ּ

ġ 1.1 ̸ ȣƮ ԵǾ⶧ ġ ϴ ȣƮ IP ּ() ʿ䰡 . ּҴ (ִٸ) ServerName Ȥ C Լ gethostname (Ʈ "hostname" Է ) ´. ׷ ּҷ DNS ˻ Ѵ. ˻ .

DNS ׾ ˻ ٸ /etc/hosts ȣƮ ִ. (ǻͰ õǾٸ Ƹ ̹ ̴.) ׸ DNS ϸ /etc/hosts ϴ Ȯ϶. ϴ ü /etc/resolv.conf Ȥ /etc/nsswitch.conf ϸ ̴.

 DNS ˻ϸ ȵȴٸ HOSTRESORDER ȯ溯 "local" ϰ ġ ִ. mod_env Ͽ ȯ ʴ´ٸ ȯ溯 CGI ش. ü manpage FAQ ϴ .

top

ϱ

top

η: δ

DNS õ Ȳ ſ ٶ ϴ. ġ 1.2 츮 DNS 쿡 ּ . · Ͽ IP ּҸ 䱸ϴ ȣ ٽ ؾ ͳݿ ſ ٶ ϴ.

񽺵 Ѱ ˻ IP ּҿ ٽ DNS ˻ Ͽ ̸ ϴ ̴. ٸ ȣƮ ִ. DNS ùٷ Ǿ Ѵ. (FTP TCP wrapper "ߺ-" DNS ˻ ϱ⶧ κ ڿ ͼ ̴.)

· IP ּҸ DNS ȣƮ ְ . Ϻθ ϴ Ͱ κ ذå ü ʴ ͺ ִ.

HTTP/1.1 ԰ Ͻð Host Ƿ IP ȣƮ ʴ ̴. ׷ ߿ DNS ˻ ʿ䰡 . ׷ 1997 3 ߿ ̸ ȣƮ θ ʾҴ.

dso.html100644 0 0 32332 11074463123 7704 0ustar 0 0 ü (DSO) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ü (DSO)

ֽ ƴմϴ. ֱٿ ϼ.

ġ ڰ Ͽ ִ ȭ α׷̴. Ҷ httpd Ͽ ִ. ƴϸ httpd ϰ иϿ ü(Dynamic Shared Objects, DSO) ִ. DSO Ҷ ϰų, Apache Extension Tool (apxs) Ͽ ߿ Ͽ ߰ ִ.

DSO ̷ Ѵ.

top

õ õ þ

ġ ٽɿ ؾ mod_so.c ġ о̱ DSO Ѵ. core ϰ DSO ̴. ٸ ġ ġ configure --enable-module=shared ɼ Ͽ DSO ִ. mod_foo.so DSO httpd.conf Ͽ mod_so LoadModule ɾ Ͽ ۽ Ȥ ۽ о ִ.

ġ (Ư ڰ ) DSO apxs (APache eXtenSion) ο α׷ ִ. α׷ ġ ҽ Ʈ ۿ DSO Ҷ Ѵ. . ġ ġҶ configure make install ġ C ġϰ, DSO ϱ ÷ Ư Ϸ ɼǰ Ŀ ɼ apxs α׷ Ѵ. ׷ apxs ϴ ڴ ġ ҽ Ʈ, DSO ÷ Ư Ϸ ɼǿ Ŀ ɼǿ Ű ʰ ڽ ġ ҽ ִ.

top

Apache 2.0 DSO ɿ ª ̴:

  1. ִ ġ ϰ ġϴ . mod_foo.c DSO mod_foo.so:

    $ ./configure --prefix=/path/to/install --enable-foo=shared
    $ make install

  2. ڰ ġ ϰ ġϴ . mod_foo.c DSO mod_foo.so:

    $ ./configure --add-module=module_type:/path/to/3rdparty/mod_foo.c --enable-foo=shared
    $ make install

  3. ߿ ϱ ġ ϴ :

    $ ./configure --enable-so
    $ make install

  4. ڰ ġ ϰ ġϴ . apxs Ͽ ġ ҽ Ʈ ۿ mod_foo.c DSO mod_foo.so:

    $ cd /path/to/3rdparty
    $ apxs -c mod_foo.c
    $ apxs -i -a -n foo mod_foo.la

ϴ ϵǸ, httpd.conf LoadModule þ Ͽ ġ о̰ .

top

н ü (DSO) ŷ/ε(dynamic linking/loading)̶ Ͽ, Ư ڵ α׷ ּҰ о̴ ִ.

ΰ о ִ. ϳ α׷ Ҷ ld.so ý α׷ ڵ о̴ , ٸ ϳ α׷ dlopen()/dlsym() ýȣ н δ(loader) ý ̽ Ͽ о̴ .

ù° DSO ̺귯(shared libraries) Ȥ DSO ̺귯 θ, libfoo.so libfoo.so.1.2 ̸ . ̵ ý 丮( /usr/lib) ְ, Ͻ Ŀ ɾ -lfoo ־ ϰ Ѵ. ̷ ̺귯 Ͽ ǿ, α׷ Ҷ Ŀ ɼ -R , ȯ溯 LD_LIBRARY_PATH Ȥ /usr/lib н δ libfoo.so ã ִ. ׷ α׷ ( ã(unresolved)) ɺ(symbol) DSO ãԵȴ.

DSO α׷ ɺ ãʱ (DSO 밡 Ϲ ڵ ̺귯̹Ƿ) ã ⼭ . н δ ɺ ã⸦ ϹǷ α׷ DSO ɺ ã ʿ䰡 . ( ld.so θ ڵ ƴ α׷ ũǴ ڵ Ϻδ.) ̺귯 ڵ带 о̴ Ȯϴ. ̺귯 ڵ尡 α׷ ߺؼ Ǵ libc.so ý ̺귯 ѹ DZ ũ ȴ.

ι° DSO ü(shared objects) Ȥ DSO ̶ θ, (Ģ ̸ foo.so) Ȯڴ Ӵ. ϵ α׷ ü 丮 ġϰ α׷ ڵ ʴ´. α׷ dlopen() Ͽ DSO ּҰ о鿩 Ѵ. ̶ α׷ DSO ɺ ã ʴ´. տ н δ ڵ ϰ ̹ о DSO ̺귯(Ư ׻ ϴ libc.so ɺ) DSO ( ã) ɺ ã´. ׷ DSO ġ ó α׷ ũȰͰ ɺ ˰Եȴ.

DSO API ̿ϱؼ α׷ dlsym() DSO Ư ɺ ãƼ, ϱ ġ(dispatch) ǥ Ѵ. ٸ α׷ Ǻ ãƾѴ. ̷ α׷ Ϻθ α׷ ʿҶ о ʾƵ (׷ ޸𸮸 ʰ) ȴٴ ̴. ⺻ α׷ Ȯϱ ʿ κ о ִ.

̷ DSO ڿ , ּ Ѱִ. α׷ Ȯϱ DSO Ҷ DSO α׷ ɺ ã ̴. ? DSO α׷ ɺ " ã " (̺귯 ڽ ϴ α׷ 𸥴ٴ) ̺귯 迡 ϸ, ÷ ʰ ǥȭ ʾұ ̴. ɺ(global symbol) ͽƮ(export) ʱ⶧ DSO . DSO Ͽ α׷ ȮϷ Ŀ ɺ ͽƮϵ ϴ ֵ ذå̴.

̺귯 DSO Ģ ̱⶧ ü ϴ ̺귯 Ѵ. ݴ α׷ α׷ Ȯϱ ü ʴ´.

1998 Ȯϱ DSO Ʈ Ű (XS DynaLoader ) Perl 5, Netscape Server 幰. ġ ̹ Ȯϱ ߰ ܺ ġ ٽɱɿ ϱ ġ ̿ ٹ ߱⶧ 1.3 뿭 շߴ. ׷ ġ о̴µ DSO ϵ .

top

տ DSO ϸ ִ:

DSO ִ:

env.html100644 0 0 44447 11074463123 7721 0ustar 0 0 ġ ȯ溯 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ġ ȯ溯

ֽ ƴմϴ. ֱٿ ϼ.

ġ ȯ溯(environment variable) ִ. Ͽ α׳ ۾ Ѵ. , ȯ溯 CGI ũƮ ܺ α׷ ϴ ȴ. ȯ溯 ٷ ϴ پ Ѵ.

ȯ溯 θ, ü ϴ ȯ溯 ٸ. ġ ο ǰ ȴ. ȯ溯 CGI ũƮ Server Side Include ũƮ Ѱ ü ȯ溯 ȴ. ϴ ü ȯ ϰ ʹٸ ü ȯ ؾ Ѵ.

top

ȯ溯 ϱ

õ õ þ

⺻ ȯ漳

ġ ȯ溯 ϴ ⺻ SetEnv þ ϴ ̴. PassEnv þ Ͽ ȯ溯 ִ.

û Ǻ

ϰ, mod_setenvif ϴ þ û û Ư¡ ȯ溯 Ѵ. , Ư (User-Agent) ûϰų Ư Referer ( Ʋ ʾҴ) ִ 쿡 ִ. mod_rewrite ִ RewriteRule [E=...] ɼ Ͽ ϰ ȯ溯 ִ.

ĺ

mod_unique_id û  쿡 "" û߿ Ȯ (ġ) UNIQUE_ID ȯ溯 Ѵ.

ǥ CGI

CGI ũƮ SSI ġ Ͽų ȯ溯 ܿ ߰ CGI Ծ û ˷ִ ȯ溯 ޴´.

top

ȯ溯 ϱ

õ õ þ

CGI ũƮ

ȯ溯 ֵ 뵵 ϳ CGI ũƮ ȯϴ ̴. տ ߵ ġ ܿ û ǥ CGI ũƮ Ѿ. ڼ CGI 丮 ϶.

SSI

mod_include INCLUDES Ͱ óϴ Ľ (SSI) echo Ҹ Ͽ ȯ溯 ְ, ȯ溯 Ͽ û Ư¡ 帧 ҷ Ϻθ ִ. ġ SSI ǥ CGI ȯ溯 Ѵ. ڼ SSI 丮 ϶.

allow from env= deny from env= þ Ͽ ȯ溯 ִ. SetEnvIf ϸ Ŭ̾Ʈ Ư¡ Ӱ ִ. , Ư (User-Agent) ź ִ.

Ǻ α

LogFormat %e ɼ Ͽ ȯ溯 α׿ ִ. , CustomLog þ Ǻ ϸ ȯ溯 Ȳ û α θ ִ. SetEnvIf Ͽ  û α Ӱ ִ. , ϸ gif û α ʰų, ܺ Ʈ ִ Ŭ̾Ʈ û α ִ.

Ǻ

Header þ Ŭ̾Ʈ ȯ溯  HTTP ִ. , Ŭ̾Ʈ û Ư ִ 쿡  ִ.

ܺ ϱ

mod_ext_filter ExtFilterDefine þ ܺ ͸ disableenv= enableenv= ɼ Ͽ ȯ溯 ִ.

URL ۼ(Rewriting)

RewriteCond TestString %{ENV:...} ϸ mod_rewrite ۼ ȯ溯 ٸ ൿѴ. mod_rewrite տ ENV: ʰ ϴ ȯ溯 ƴ ϶. ׵ ٸ ⿡ mod_rewrite .

top

Ư ȯ溯

Ŭ̾Ʈ Ȱ ϱ ġ Ư Ŭ̾Ʈ ڽ ൿ Ѵ. BrowserMatch ȯ溯 Ͽ ̷ ذѴ. ׷ SetEnv PassEnvε ϴ.

downgrade-1.0

û ϴ HTTP/1.0 û óѴ.

force-no-vary

Ŭ̾Ʈ Vary ʵ带 .  Ŭ̾Ʈ ʵ带 ؼ Ѵ (Ŭ̾Ʈ ̹ ˷ ). ̷ ذѴ. , force-response-1.0 Ѵ.

force-response-1.0

HTTP/1.0 û ϴ Ŭ̾Ʈ HTTP/1.0 Ѵ. AOL Ͻÿ ־ .  HTTP/1.0 Ŭ̾Ʈ HTTP/1.1 Ƿ, ذϱ Ѵ.

gzip-only-text/html

"1"̸ text/html ƴ content-type mod_deflate DEFLATE ͸ ʴ´.

no-gzip

ɼ ϸ mod_deflate DEFLATE ͸ ʴ´.

nokeepalive

KeepAlive Ѵ.

prefer-language

mod_negotiation ൿ ģ. (en, ja, x-klingon ) ±׸ ִٸ, mod_negotiation õѴ. ׷ ٸ Ϲ Ѵ.

redirect-carefully

Ŭ̾Ʈ ̷ . ̷ óϴµ ִ Ŭ̾Ʈ Ѵ. Microsoft WebFolders Ʈ DAV ޽带 丮 ڿ ̷ óϴµ ־ .

suppress-error-charset

2.0.40 ִ

ġ Ŭ̾Ʈ û ̷ Ŭ̾Ʈ ڵ ̷ ϴ(Ȥ ʴ) 쿡 Ͽ 信 ڿ Ѵ. ġ ġ ϴ ISO-8859-1 ǥѴ.

׷ ̷ǵ ٸ  ̻ ƴ϶ ̷ Ϸ Ѵ. , ׸ ̻ϰ ִ.

ȯ溯 ġ ̷ ʵ Ͽ, ̷ ùٷ ϰ .

top

߸ ϴ Ŭ̾Ʈ ൿ ϱ

Ŭ̾Ʈ ̹ ˷ ذϱ httpd.conf ϱ ٶ.

#
#  þ Ϲ HTTP  Ѵ.
# ù° þ Netscape 2.x ̸  
# keepalive  ʴ´. ̵    ִ.
# ι° þ HTTP/1.1  ߸Ǿ 301̳ 302
# (̷) 信  keepalive  
# ϴ Microsoft Internet Explorer 4.0b2  ̴.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

#
#  þ ⺻ HTTP/1.1   Ͽ
# HTTP/1.0 Ծ   HTTP/1.1   ʴ´.
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

α׿ ̹ û α ʱ

̹ û α׿ ʴ´. Ư 丮 Ȥ Ư ȣƮ û α ʵ ִ.

SetEnvIf Request_URI \.gif image-request
SetEnvIf Request_URI \.jpg image-request
SetEnvIf Request_URI \.png image-request
CustomLog logs/access_log common env=!image-request

"̹ "

ڰ ִ ̹ ϵ ϴ Ѵ. , ѵ 쿡 Ѵ. 츮 ̹ /web/images 丮 ȿ ִٰ Ѵ.

SetEnvIf Referer "^http://www.example.com/" local_referal
# Referer   ʴ  Ѵ
SetEnvIf Referer "^$" local_referal
<Directory /web/images>
   Order Deny,Allow
   Deny from all
   Allow from env=local_referal
</Directory>

ڼ ApacheToday 丮 " Keeping Your Images from Adorning Other Sites" ϶.

faq/all_in_one.html100644 0 0 22426 11074463123 11770 0ustar 0 0  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > FAQ

 (FAQ)

FAQ ֽ ġ Ʈ <http://httpd.apache.org/docs/2.0/faq/> ִ.

ġ 2.0 ȵǼ 츮  (FAQ) 𸥴. ä ⿡ ش ٸ ġ 1.3 FAQ ϶.

top

 ذϳ?
ΰ?
top

" ... ȵdz? ... ʴ°?"

ġ Ʈ ܰ踦 :

α(errorlog) Ȯ϶!
ġ ַ Ѵ. α׿ ڼ Ѵ. ̰͸ε (ϱ ) ߰ϰ ĥ ִ 찡 . α ⺻ ġ /usr/local/apache2/logs/error_log, Ȯ ġ ErrorLog þ ϶.
FAQ Ȯ϶!
ġ Ʈ ׻ ġ FAQ ֽ ִ.
ġ ͺ̽ Ȯ϶
ġ׷(The Apache Group) κ ͺ̽ ϵȴ. ׸ ߰ϱ , ̹ ˷ų(open) ذ(closed) װ ִ Ȯϱ ٶ. ̹ Ǿٸ " ̷ ִٰ" ʱ ٶ. ذ ʾҴٸ ֱ Ȳ Ȯϱ ٶ. , ͺ̽ ϵ ʰ ̸ ȯ ó غ ִ.
Ѵ

ġ ϱ ϴ Ȱ ü ִ. Ϲ ̷ ü ϴ ̴.

ϸƮ

USENET ׷:

  • comp.infosystems.www.servers.unix [news] [google]
  • comp.infosystems.www.servers.ms-windows [news] [google]
  • comp.infosystems.www.authoring.cgi [news] [google]
ϸ ͺ̽ Ѵ

ܰ踦 õϰ ذå ٸ, ׸ Ͽ ڵ鿡 ˸ ٶ.

core dump ״ (ϸ) backtrace(; Ȯ  ߻Ͽ, α׷  η Ǿ ˷ִ ) ϱ ٶ. ,

# cd ServerRoot
# dbx httpd core
(dbx) where

(ServerRoot, httpd, core ġ ϶. dbx gdb ؾ ִ.)

ϳ?

40 ڹ ڸδ 鸸 ڿ ġ . ϱ Ѵ.

ġ ȸ Ѵ.

top

Invalid argument: core_output_filter: writing data to the network

÷ sendfile ýȣ Ѵٸ, ġ ӵ ϱ ýȣ Ѵ.  ýۿ ġ Ҷ sendfile ۵ ʴµ ۵Ѵٰ Ѵ. Ʈ Ͻý̳ ǥ Ͻý Ҷ ߻Ѵ.

α(error log) ϰų ũⰡ 0 ƴ Ͽ ũⰡ 0 ϴ ̴. Ҷ sendfile ʱ⶧ Ϲ ûҶ ߻Ѵ.

ذϷ sendfile ʵ EnableSendfile þ Ѵ. , ̿ EnableMMAP ϶.

AcceptEx Failed

win32 AcceptEx ýȣ⿡ , Win32DisableAcceptEx þ ϶.

Premature end of script headers

CGI ũƮ Internal Server Error α׿ Ѵ. ̷ Ҷ CGI 丮 ִ.

faq/error.html100644 0 0 7746 11074463123 11012 0ustar 0 0 -  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > FAQ

-  (FAQ)

top

Invalid argument: core_output_filter: writing data to the network

÷ sendfile ýȣ Ѵٸ, ġ ӵ ϱ ýȣ Ѵ.  ýۿ ġ Ҷ sendfile ۵ ʴµ ۵Ѵٰ Ѵ. Ʈ Ͻý̳ ǥ Ͻý Ҷ ߻Ѵ.

α(error log) ϰų ũⰡ 0 ƴ Ͽ ũⰡ 0 ϴ ̴. Ҷ sendfile ʱ⶧ Ϲ ûҶ ߻Ѵ.

ذϷ sendfile ʵ EnableSendfile þ Ѵ. , ̿ EnableMMAP ϶.

AcceptEx Failed

win32 AcceptEx ýȣ⿡ , Win32DisableAcceptEx þ ϶.

Premature end of script headers

CGI ũƮ Internal Server Error α׿ Ѵ. ̷ Ҷ CGI 丮 ִ.

faq/index.html100644 0 0 5124 11074463123 10754 0ustar 0 0  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

 (FAQ)

FAQ ֽ ġ Ʈ <http://httpd.apache.org/docs/2.0/faq/> ִ. , ˻ϰ ϱ ϰ FAQ ִ.

ġ 2.0 ȵǼ 츮  (FAQ) 𸥴. ä ⿡ ش ٸ ġ 1.3 FAQ ϶.

top

 ذϳ?
ΰ?
faq/support.html100644 0 0 14270 11074463123 11403 0ustar 0 0 -  (FAQ) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > FAQ

-  (FAQ)

top

" ... ȵdz? ... ʴ°?"

ġ Ʈ ܰ踦 :

α(errorlog) Ȯ϶!
ġ ַ Ѵ. α׿ ڼ Ѵ. ̰͸ε (ϱ ) ߰ϰ ĥ ִ 찡 . α ⺻ ġ /usr/local/apache2/logs/error_log, Ȯ ġ ErrorLog þ ϶.
FAQ Ȯ϶!
ġ Ʈ ׻ ġ FAQ ֽ ִ.
ġ ͺ̽ Ȯ϶
ġ׷(The Apache Group) κ ͺ̽ ϵȴ. ׸ ߰ϱ , ̹ ˷ų(open) ذ(closed) װ ִ Ȯϱ ٶ. ̹ Ǿٸ " ̷ ִٰ" ʱ ٶ. ذ ʾҴٸ ֱ Ȳ Ȯϱ ٶ. , ͺ̽ ϵ ʰ ̸ ȯ ó غ ִ.
Ѵ

ġ ϱ ϴ Ȱ ü ִ. Ϲ ̷ ü ϴ ̴.

ϸƮ

USENET ׷:

  • comp.infosystems.www.servers.unix [news] [google]
  • comp.infosystems.www.servers.ms-windows [news] [google]
  • comp.infosystems.www.authoring.cgi [news] [google]
ϸ ͺ̽ Ѵ

ܰ踦 õϰ ذå ٸ, ׸ Ͽ ڵ鿡 ˸ ٶ.

core dump ״ (ϸ) backtrace(; Ȯ  ߻Ͽ, α׷  η Ǿ ˷ִ ) ϱ ٶ. ,

# cd ServerRoot
# dbx httpd core
(dbx) where

(ServerRoot, httpd, core ġ ϶. dbx gdb ؾ ִ.)

ϳ?

40 ڹ ڸδ 鸸 ڿ ġ . ϱ Ѵ.

ġ ȸ Ѵ.

filter.html100644 0 0 11624 11074463123 10405 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ġ ͸ ϴ Ѵ.

top

õ õ þ

(filter) ų ޴ ڷῡ Ǵ ۾̴. Ŭ̾Ʈ ڷ Է(input filter) óϰ, Ŭ̾Ʈ ڷ (output filter) óѴ. ڷῡ ͸ ְ, ִ.

ġ ̾ޱ(byte-range) û óϱ ͸ Ѵ. , þ Ͽ ð ͸ ϴ ⵵ ִ. SetInputFilter, SetOutputFilter, AddInputFilter, AddOutputFilter, RemoveInputFilter, RemoveOutputFilter þ ڷḦ óϴ ͸ Ѵ.

ġ ڰ ִ ͸ Ѵ.

INCLUDES
mod_include óϴ Server-Side Includes
DEFLATE
mod_deflate Ͽ Ŭ̾Ʈ

, mod_ext_filter Ͽ ܺ α׷ ͷ ִ.

glossary.html100644 0 0 42775 11074463123 10776 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ֽ ƴմϴ. ֱٿ ϼ.

Ϲݿ , Ư ġ õ, Ѵ. 信 ڼ ũ ϶. (; ܾ ѱ ƴ϶, Դϴ. ǥ ϱ ٶϴ.)

top

(Access Control)
Ʈ . ġ Ư URL ϱ Ѵ.
: , Ѻο,
˰ (Algorithm)
ܰ踦 Ǫ Ȯ Ȥ Ģ. ȣȭ ˰ ȣ(Ciphers) θ.
APache eXtension Tool (apxs)
(module) ҽ ü (DSO) ϰ ġ ġϴ ۾ perl ũƮ.
: Manpage: apxs
(Authentication)
, Ŭ̾Ʈ, Ʈ ü Ȯ.
: , Ѻο,
(Certificate)
Ŭ̾Ʈ Ʈ ü ϴ ڷ. (subject ), (Certificate Authority) (issuer ), Ű, CA  X.509 ִ. Ʈ ü CA Ͽ ˻Ѵ.
: SSL/TLS ȣȭ
û (Certificate Signing Request, CSR)
(Certification Authority) Ͽ CA (Certificate) Ű (Private Key) . CSR Ǹ ȴ.
: SSL/TLS ȣȭ
(Certification Authority, CA)
Ʈ ü ϴ ŷϴ . ٸ Ʈ ü CA ڸ ߴ Ȯ ִ.
: SSL/TLS ȣȭ
ȣ (Cipher)
ڷḦ ȣȭϴ ˰̳ ý. , DES, IDEA, RC4 ִ.
: SSL/TLS ȣȭ
ȣ (Ciphertext)
(Plaintext) ȣ (Cipher) ó .
: SSL/TLS ȣȭ
Ʈ ̽ (Common Gateway Interface, CGI)
ܺ α׷ û ֵ ܺ α׷ ̽ ǥ. ̽ NCSA , RFC Ʈ̱⵵ ϴ.
: CGI
þ (Configuration Directive)
: þ
(Configuration File)
ġ ϴ þ (directive) ؽƮ.
:
CONNECT
HTTP ڷ帧 Ͻϴ HTTP ޽ (method). SSL ٸ α Ѵ.
(Context)
(configuration file) Ư þ (directive) ִ .
: ġ þ ϴµ
ڼ (Digital Signature)
ٸ ˻ϴ ȣȭ ڵ. (Certification Authority) (Certificate) Ե Ű (Public Key) ؽ ڽ Ű (Private Key) ȣȭϿ . CA Ű Ǯ ֱ⶧, CA (Certificate) Ʈ ü ִ.
: SSL/TLS ȣȭ
þ (Directive)
ġ ϴ ɾ. þ (Configuration File) Ѵ.
: þ
ü (Dynamic Shared Object) (DSO)
ġ httpd ϰ Ͽ ʿҶ о ִ (Module).
: ü
ȯ溯 (Environment Variable) (env-variable)
ϰ α׷ ü ϴ . ġ ȯ溯 , ȯ ƴ϶ ġ ο ȴ.
: ġ ȯ溯
(Export-Crippled)
̱ (Export Administration Regulations, EAR) ؼϱ ȣ( ) . ȣȭ Ʈ Ű ũⰡ ۰ ѵǾ, ȣ (Ciphertext) (brute force) Ǯ ִ.
: SSL/TLS ȣȭ (SSL/TLS Encryption)
(Filter)
ų ޴ ڷḦ óϴ . Էʹ Ŭ̾Ʈ ڷḦ óϰ, ʹ Ŭ̾Ʈ óѴ. , INCLUDES ʹ Server Side Includes óѴ.
:
θ (Fully-Qualified Domain-Name) (FQDN)
IP ּҿ ϴ, ȣƮ θ Ʈ ü ̸. , www ȣƮ̰ example.com θ϶, www.example.com θ̴.
ڵ鷯 (Handler)
ûҶ ϴ ۾ ġ ǥ. Ϲ Ϲ ڵ鷯 . ,  "óȴ(handled)". , cgi-script ڵ鷯 CGI ó Ѵ.
: ġ ڵ鷯
(Header)
HTTP û 信 κ ϴ ִ.
.htaccess
ȿ ִ (configuration file), þ (directive) ڽ ġ 丮 丮 Ѵ. ̸ ޸ Ͽ ܼ þܿ þ ִ.
:
httpd.conf
ġ (configuration file). ⺻ ġ /usr/local/apache2/conf/httpd.conf, Ҷ Ȥ ϶ ִ.
:
HyperText Transfer Protocol (HTTP)
̵ ϴ ǥ . ġ RFC 2616 HTTP/1.1̶ 1.1 Ѵ.
HTTPS
ȭ̵ ǥ ȣ , HyperText Transfer Protocol (Secure). شܿ SSL HTTP̴.
: SSL/TLS ȣȭ
޽ (Method)
Ŭ̾Ʈ HTTP û ڿ ϵ ൿ. HTTP ޽忡 GET, POST, PUT ִ.
޽ (Message Digest)
޽ ʾ ϱ ޽ ؽ.
: SSL/TLS ȣȭ
MIME-type
ϴ . Multipurpose Internet Mail Extensions Ա⶧ ̷ ̸ . ̿ major type minor type ̷. , text/html, image/gif, application/octet-stream ̴. MIME-type HTTP Content-Type (header) Ѵ.
: mod_mime
(Module)
α׷ κ. ġ Կθ ִ ⿡ ִ. ġ httpd ϰ ̶ ϸ, иǾ о ִ Ȥ DSO Ѵ. ⺻ ϴ base ̶ Ѵ. ġ Ÿ (tarball) ġ ִ. ̵ ڰ (third-party) ̶ Ѵ.
:
(Module Magic Number) (MMN)
ġ ҽڵ尡 , ȣȯ ִ. ȣȯ ̻ ġ Լ ȣ, ٸ API Ϻΰ 쿡 ٲ. MMN ϸ ڰ ּ ٽ ϵǾ Ѵ. ġ µ ؾ 쵵 ִ.
OpenSSL
SSL/TLS ¼ҽ
http://www.openssl.org/
Pass Phrase
Ű ȣϴ . ڰ Ű Ͽ ȣȭ ϵ Ѵ. ȣ (Ciphers) ϴ н ȣ/ص Ű̴.
: SSL/TLS ȣȭ
(Plaintext)
ȣȭ .
Ű (Private Key)
ڷḦ صϰ ڷḦ ϱ Ű ȣȭ (Public Key Cryptography) ý ȣŰ.
: SSL/TLS ȣȭ
Ͻ (Proxy)
Ŭ̾Ʈ ̿ ִ ߰ . Ŭ̾Ʈ û ޾ , Լ ٽ Ŭ̾Ʈ . Ŭ̾Ʈ ûϸ Ͻô Ź ûʰ ij Ͽ ð ִ.
: mod_proxy
Ű (Public Key)
Ű ȣȭ (Public Key Cryptography) ýۿ Ű ڿ ȣȭϰų ڰ Ǯ Ű.
: SSL/TLS ȣȭ
Ű ȣȭ (Public Key Cryptography)
ȣ ص ٸ Ű ϴ Ī(asymmetric) ȣȭ ý Ȱ. ȣ ص ϴ ΰ Ű Ű(key pair) ̷. Ī ȣȭ θ.
: SSL/TLS ȣȭ
ǥ (Regular Expression) (Regex)
ϴ . , " A ϴ ܾ", " 10ε ȭȣ", "ǥ ΰְ 빮 Q " ǥ ִ. ǥ ϸ ſ ϰ ̳ ڿ  ִ. , "images" 丮 Ʒ ִ .gif .jpg "/images/.*(jpg|gif)$" Ī ִ. ġ PCRE ̺귯 Ͽ Perlȣȯ ǥ Ѵ.
Ͻ (Reverse Proxy)
Ŭ̾Ʈ ó ̴ Ͻ (proxy) . Ȼ Ȥ ϸ лϱ Ŭ̾Ʈ 涧 ϴ.
Secure Sockets Layer (SSL)
Netscape Communications簡 TCP/IP Ʈ Ϲ ȣȭ . Ϲ 뵵 HTTPS (HyperText Transfer Protocol (HTTP) over SSL)̴.
: SSL/TLS ȣȭ
Server Side Includes (SSI)
HTML ȿ óþ ϴ .
: Server Side Includes Ұ
(Session)
Ϲ Ȳ(context) .
SSLeay
Eric A. Young SSL/TLS ̺귯
Ī ȣ (Symmetric Cryptography)
ȣ ص ۾ ȣŰ ϴ ȣ (Ciphers) Ȱ.
: SSL/TLS Encryption
Ÿ (Tarball)
tar Ͽ ϵ . ġ tar ϰų pkzip Ͽ ȴ.
Transport Layer Security (TLS)
ͳݱ ǥȭⱸ(Internet Engineering Task Force, IETF) TCP/IP Ʈ Ϲ ȣȭ SSL ļ . TLS 1 SSL 3 ϴ.
: SSL/TLS ȣȭ
Uniform Resource Locator (URL)
ͳݿ ִ ڿ ̸/ּ. δ Uniform Resource Identifier ϴ ϻ Ī̴. URL http https Ŵ(scheme), ȣƮ, η ȴ. URL http://httpd.apache.org/docs/2.0/glossary.html̴.
Uniform Resource Identifier (URI)
߻ ڿ̳ ڿ Īϱ ڿ. RFC 2396 Ѵ. ̵ ϴ URI URL̶ θ.
ȣƮ (Virtual Hosting)
ġ ϳ Ʈ ϱ. IP ȣƮ Ʈ IP ּҰ ٸ. ̸(name-based) ȣƮ ȣƮ ϹǷ IP ּҿ Ʈ ִ.
: ġ ȣƮ
X.509
ſ(International Telecommunication Union, ITU-T) ϴ . SSL/TLS Ѵ.
: SSL/TLS ȣȭ
handler.html100644 0 0 16600 11074463123 10534 0ustar 0 0 ġ ڵ鷯 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

ġ ڵ鷯

ġ ڵ鷯 ϴ Ѵ.

top

ڵ鷯 ΰ

õ õ þ

ûҶ ġ ۾ "ڵ鷯(handler)" Ѵ. Ϲ Ϲ ڵ鷯 ִ. ,  "óȴ(handled)".

Apache 1.1 ڵ鷯 ְ Ǿ. ڵ鷯 Ȯڳ ġ ִ. ̴ Ǹ ̰ ڵ鷯 ο ֱ⶧ . ( Ȯڸ )

ڵ鷯 Ͽ, Action þ ߰ ִ. ǥ ִ ⺻ ڵ鷯 :

top

CGI ũƮ Ͽ ϱ

þ Ȯڰ html û footer.pl CGI ũƮ .

Action add-footer /cgi-bin/footer.pl
AddHandler add-footer .html

CGI ũƮ (PATH_TRANSLATED ȯ溯 Īϴ) û .

HTTP ϴ

þ HTTP ϴ Ͽ send-as-is ڵ鷯 Ѵ. /web/htdocs/asis/ 丮 ȿ ִ Ȯڿ send-as-is ڵ鷯 óѴ.

<Directory /web/htdocs/asis>
SetHandler send-as-is
</Directory>

top

α׷Ӹ

ڵ鷯 ϱ Apache API ߰Ǿ. Ư request_rec ü ο ʵ尡 ߰Ǿ:

char *handler

ڵ鷯 Ϸ, û invoke_handler ܰ r->handler ڵ鷯 ̸ ֱ⸸ ϸ ȴ. ڵ鷯 content type ڵ鷯 ̸ ϰ Ǿ. ų ʿ ڵ鷯 ̸ ʰ, ܾ ̿ ȣ ϴ Ϲ̴. ׷ ڵ鷯 ̸ media type ġ ʴ´.

howto/auth.html100644 0 0 41113 11074463123 11215 0ustar 0 0 (Authentication), Ѻο(Authorization), (Access Control) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > How-To / Tutorials

(Authentication), Ѻο(Authorization), (Access Control)

ֽ ƴմϴ. ֱٿ ϼ.

(authentication) ڽ ϴ Ȯϴ ̴. Ѻο(authorization) Ȥ ϴ 򵵷 ϴ ̴.

top

þ

õ õ þ
top

Ұ

Ʈ ִ Ҽ 鸸 ̰ų ̵鸸 , ۿ ϴ Ͽ ϴ ִ.

Ʈ Ϻθ ȣϱ ϴ "ǥ" ٷ.

top

ۿ ٷ þ ּ(Ϲ <Directory> )̳ 丮 (.htaccess ) Ѵ.

.htaccess Ϸ Ͽ ִ þ ϵ ؾ Ѵ. ̸ 丮 Ͽ  þ ִ ϴ AllowOverride þ Ѵ.

⼭ ٷ , AllowOverride þ ʿϴ.

AllowOverride AuthConfig

Ȥ þ ּϿ ´ٸ, Ͽ ־ Ѵ.

׸ ȣ ִ ˱ 丮 ˾ƾѴ. ʰ, ڼ ̴.

top

⺻ ϱ

丮 ȣ ȣϴ ⺻ Ѵ.

ȣ Ѵ. ־ Ѵ. ٸ ȣ ٿε ϰϱ ؼ. , /usr/local/apache/htdocs ִٸ ȣ() /usr/local/apache/passwd д.

ġ Ե htpasswd Ͽ ȣ . α׷ ġ ġ bin 丮 ִ. ԷѴ.

htpasswd -c /usr/local/apache/passwd/passwords rbowen

htpasswd ȣ , Ȯ ȣ ٽ Է϶ ûѴ.

# htpasswd -c /usr/local/apache/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

htpasswd ο ٸ ü θ Էؾ Ѵ. ϴ /usr/local/apache/bin/htpasswd ִ.

ȣ ûϵ ϰ,  ˷ Ѵ. httpd.conf ϰų .htaccess Ͽ Ѵ. , /usr/local/apache/htdocs/secret 丮 ȣϷ, Ʒ þ /usr/local/apache/htdocs/secret/.htaccess ̳ httpd.conf <Directory /usr/local/apache/apache/htdocs/secret> ǿ Ѵ.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen

þ ϳ 캸. AuthType þ ڸ Ѵ. Ϲ Basic, mod_auth Ѵ. ׷ Basic ȣ ȣȭ ʰ . ׷Ƿ ڷḦ ȣϱ ϸ ȵȴ. ġ AuthType Digest Ѵ. mod_auth_digest ϸ, ſ ϴ. ֱ Ŭ̾Ʈ鸸 Digest Ѵٰ Ѵ.

AuthName þ (realm) Ѵ. ΰ Ѵ. ù° Ŭ̾Ʈ ȣ ȭâ ش. ι° Ͽ Ŭ̾Ʈ Ư  ȣ Ѵ.

, ϴ Ŭ̾Ʈ "Restricted Files" Ͽٸ, Ŭ̾Ʈ ڵ "Restricted Files" ǥõ ȣ õѴ. ׷ ϸ ڰ ȣ Է ʾƵ ȴ. Ȼ Ŭ̾Ʈ ȣƮ ٸ ׻ ȣ .

AuthUserFile þ 츮 htpasswd ȣ θ Ѵ. ڰ ٸ û Ź ڸ ϱ Ϲ ˻ϴµ ð ɸ ִ. ġ Ÿ̽ Ͽ ִ. mod_auth_dbm AuthDBMUserFile þ Ѵ. dbmmanage α׷ Ͽ ȣ ٷ. ġ Ÿ̽ ٸ ϴ ڰ ִ.

Require þ Ư ִ ڸ Ͽ Ѻο Ѵ. require þ ϴ پ Ѵ.

top

þ 丮 (ڸ rbowen) 鿩. κ 鿩 ̴. AuthGroupFile .

鿩 ʹٸ ׷ ׷쿡  ڵ ִ ˷ִ ׷ ʿϴ. ſ Ͽ, ƹ γ ִ. ϳ .

GroupName: rbowen dpitts sungo rshersey

׳ ׷ ̴.

ȣϿ ڸ ߰Ϸ ԷѴ

htpasswd /usr/local/apache/passwd/passwords dpitts

, ʰ Ͽ ڸ ߰Ѵ. (-c ɼ ȣ ).

.htaccess Ѵ.

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

׷ GroupName ׷쿡 ϸ password Ͽ ׸ ִ ڰ ùٸ ȣ Էϸ Ѵ.

Ϲ ڸ 鿩 ٸ ִ. ׷ ʿ þ ϱ⸸ ϸ ȴ.

Require valid-user

Require user rbowen þ ϸ ȣϿ ִ ùٸ ȣ Էϱ⸸ ϸ Ѵ. ׷캰 ٸ ȣ Ͽ ׷ ȿ ִ. ġ ΰ(ȣϰ ׷) ƴ Ѱ(ȣ) ˻ϸ ȴٴ ̴. ׷ ȣ ؾ ϰ, AuthUserFile þ Ȯ ȣ ؾ ϴ ̴.

top

߻ ִ

Basic û ڸ ȣ ȮѴ. ħ (׸ ȣ ȣϴ 丮 ִ ) ִ ׸ ٽ ȮѴ. ϵ ӵ . ȣ  ڸ ã ϱ⶧ ȣ ũⰡ Ŀ . ׸ ۾ û Ѵ.

׷ ȣϿ ִ ڼ Ѱ谡 ִ. Ѱ ϴ ɿ ٸ, ׸ 鰳 Ѵ´ٸ ٰ ϰ ٸ ؾ Ѵ.

top

ٸ Ѱ?

ڸ ȣ ٰ ƴϴ. ҿ ٸ ڸ 鿩 ִ.

Allow Deny þ û ǻ ȣƮ Ȥ ȣƮ ּҸ ϰų źѴ. Order þ þ Ͽ, ġ  Ģ ˸.

̵ þ .

Allow from address

address IP ּ(Ȥ IP ּ Ϻ) θ(Ȥ θ Ϻ)̴. Ѵٸ ּҳ θ ִ.

, Խǿ ø ִٸ ִ.

Deny from 205.252.46.165

ּҿ 湮ڴ þ ȣϴ . IP ּ ǻ͸ ִ.

Deny from host.example.com

, ü ּҳ θ Ϻθ Ѵ.

Deny from 192.101.205
Deny from cyberthugs.com moreidiots.com
Deny from ke

Order Deny Allow þ Ͽ ϴ ִ.

Order deny,allow
Deny from all
Allow from dev.example.com

Allow þ ϸ, ش ȣƮ ڸ ϰ ű⿡ ߰ ϹǷ ϴ Ѵ. Ư ϱ Ѵ.

top

mod_auth mod_access  ϴ ִ.

howto/cgi.html100644 0 0 54573 11074463123 11034 0ustar 0 0 ġ 丮: CGI - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > How-To / Tutorials

ġ 丮: CGI

ֽ ƴմϴ. ֱٿ ϼ.
top

Ұ

õ õ þ

CGI (Common Gateway Interface) CGI α׷ Ȥ CGI ũƮ θ, ( ) ܺ α׷ ϴ Ѵ. Ʈ ϰ ̴. ġ CGI ϴ Ұϰ, CGI α׷ ۼغ.

top

CGI ϵ ġ ϱ

CGI α׷ ùٷ Ϸ CGI ϵ ġ ؾ Ѵ. ϴ .

ScriptAlias

ScriptAlias þ ϸ ġ Ư 丮 CGI α׷ д. ġ 丮 ִ CGI α׷̶ Ͽ Ŭ̾Ʈ ڿ ûϸ ڿ Ϸ õѴ.

ScriptAlias þ Ѵ.

ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/

ġ ⺻ ҿ ġ httpd.conf Ͽ ִ ̴. ScriptAlias þ Alias þ URL պκ Ư 丮 Ѵ. Alias ScriptAlias DocumentRoot 丮 ۿ ִ 丮 Ѵ. Alias ScriptAlias ScriptAlias ߰ URL պκ ϴ CGI α׷ ϴ ̴. ׷ ġ /cgi-bin/ ϴ ڿ ûϸ /usr/local/apache2/cgi-bin/ 丮 ãƼ CGI α׷ ó϶ ˸.

, URL http://www.example.com/cgi-bin/test.pl ûϸ ġ /usr/local/apache2/cgi-bin/test.pl Ͽ ȯѴ. ϰ డϸ  ε ؾ Ѵ. ׷ ġ .

ScriptAlias 丮 ۿ ִ CGI

Ȼ CGI α׷ ScriptAlias 丮 Ѵ. ׷ ڴ CGI α׷ ִ ִ. ׷ ġ ߴٸ ƹ 丮 CGI α׷ . , UserDir þ Ͽ ڰ ڽ Ȩ丮 츦 . ڰ ڽ CGI α׷ ϰ cgi-bin 丮 ٱ ٸ, ٸ CGI α׷ ϰ ̴.

ƹ 丮 CGI Ϸ ʿϴ. , AddHandler SetHandler þ Ͽ cgi-script ڵ鷯 ۵ؾ Ѵ. ι°, Options þ ExecCGI ؾ Ѵ.

Options Ͽ CGI ϱ

ּϿ Options þ Ͽ Ư 丮 CGI ִ.

<Directory /usr/local/apache2/htdocs/somedir>
Options +ExecCGI
 </Directory>

þ ġ CGI Ѵ.  CGI ˷ Ѵ. AddHandler þ Ȯڰ cgi pl CGI α׷̶ ˸.

AddHandler cgi-script .cgi .pl

.htaccess

.htaccess httpd.conf ٱ 쿡 CGI α׷ ִ ˷ش.

Ʒ ϸ 丮 .cgi CGI α׷ Ѵ.

<Directory /home/*/public_html>
Options +ExecCGI
AddHandler cgi-script .cgi
 </Directory>

ϸ 丮 cgi-bin 丮 ִ CGI α׷ νѴ.

<Directory /home/*/public_html/cgi-bin>
Options ExecCGI
SetHandler cgi-script
 </Directory>

top

CGI α׷ ۼϱ

``Ϲ'' α׷ְ CGI α׷ ̿ ΰ ֵ ִ.

ù° ̴ CGI α׷ ٸ ϱ MIME-type ؾ Ѵٴ ̴. HTTP Ŭ̾Ʈ Ŭ̾Ʈ  ްԵ ̸ ˸. .

Content-type: text/html

ι° ̴ HTML Ȥ ִ ؾ Ѵٴ ̴. κ HTML , gif ׸ HTML ƴ ϴ CGI α׷ ۼϴ 쵵 ִ.

ΰ ϰ CGI α׷ ۼ ̹ ٸ α׷ ſ ϴ.

ó CGI α׷

CGI α׷ . ״ first.pl̶ Ͽ ϰ, cgi-bin 丮 Ѵ.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";

Perl ͼ ʴ Ͼ ִ. ù° ġ(Ȥ ϴ ) /usr/bin/perl ġ ִ Ͽ α׷ ϶ ˸. ι° content-type ϰ carriage-return ٹٲ ι Ѵ. ׷ ڿ HTTP ϴ , Ѵ. ° "Hello, World." ڿ Ѵ. ̰ ̴.

ϰ ּҸ ԷѴ

http://www.example.com/cgi-bin/first.pl

Ҹ Էϸ, â Hello, World. δ. е , ѹ ϴ ٸ õ ִ.

top

׷ ʾƿ!

CGI α׷ Ҷ ִ ⺻ װ.

CGI α׷
! Ѵٴ ̴. Ȯ ùٷ ó Ѵٸ, CGI α׷ ùٸ Content-Type Ͽ ȮѴ.
CGI α׷ ҽڵ Ȥ "POST Method Not Allowed"
CGI α׷ ϵ ġ ʾҴٴ ̴. ġ ϱ ٽ а κ ִ ãƺ.
"Forbidden" ϴ
ִٴ ̴. ġ α Ʒ ϱ Ȯ϶.
"Internal Server Error"
ġ α Ƹ CGI α׷ Բ "Premature end of script headers" ̴. Ʒ ϳ ȮϿ  CGI α׷ HTTP ߴ ˾ƺ.

ϱ

Ű ϶. , ϸ Ư ( nobody www) Ѵ. ׷ Ϸ ʿϴ. Ͽ nobody ϱ⿡ ֱ ο ش.

chmod a+x first.pl

, α׷ ٸ аų ٸ Ͽ ʿϴ.

ȯ

࿡ α׷ ϸ ڵ  ޵ȴ. , PATH ã Ҹ ˷ش.

α׷ CGI α׷ Ҷ PATH ٸ ִ. ( , sendmail ) CGI α׷ ȿ ϴ ɾ η ؾ ɾ ã ִ.

CGI α׷ ù° ٿ ũƮ ( perl) ο ߻Ѵ.

#!/usr/bin/perl

ȮѴ.

, CGI α׷ ٸ ȯ溯 Ѵٸ ġ α׷ ؾ Ѵ.

α׷

CGI α׷ ϴ κ α׷ ü ̴. Ư ΰ Ǽ ʾҰ ִٸ ׷. ϱ ࿡ α׷ غ. , Ѵ.

cd /usr/local/apache2/cgi-bin
./first.pl

(perl ͸ . ġ ũƮ ù° ٿ ִ Ͽ ͸ ãƾ Ѵ.)

α׷ Content-Type HTTP ϰ ؾ Ѵ. ٸ Ѵٸ ġ Premature end of script headers ȯѴ. ڼ CGI α׷ ۼϱ ϶.

α

α״ ̴. ߸Ǹ α׿ . α׸ Ѵ. Ʈ ȣϴ α׸ ϰ Ѵٸ, Ƹ ٸ ü ˾ƺ Ѵ. α׸ , κ ľϿ ذ ִ.

Suexec

suexec α׷ ϸ  ȣƮ Ȥ  丮 ִ CGI α׷ ٸ ִ. Suexec ſ ϰ ˻ϸ, ˻縦 ϳ ϸ CGI α׷ ʰ Premature end of script headers ȯѴ.

suexec ϰ ִ ˷ apachectl -V Ͽ SUEXEC_BIN ġ ȮѴ. ġ Ҷ ҿ suexec ߰ϸ, suexec ִ.

suexec ߴٸ ؼ ȵȴ. suexec SUEXEC_BIN ġ ִ suexec (Ȥ ϸ ٲٰ) ϸ ȴ. suexec ׷ ϰ ʹٸ, suexec -V Ͽ suexec α ġ ˾Ƴ αϿ  Ģ ִ ã´.

top

ڿ °?

CGI α׷ֿ ͼ ڿ ϸ ȴ. ü ϴ ϴ ̴. "Hello, World." ϴ α׷ ۼ ̷ α׷ ⶧̴.

ȯ溯

ȯ溯 ǻ͸ ϴ ٴϴ ̴. ȯ溯 path (ǻͰ Է ɾ شϴ ã ), ڸ, ͹̳ . Ϲ ȯ溯 Ʈ env ԷѴ.

CGI Ҷ ȯ溯 ȯѴ. (Netscape, IE, Lynx), (ġ, IIS, WebSite), ϴ CGI α׷ ִ.

CGI α׷Ӵ ̷ ְ, ȯ溯 Ŭ̾Ʈ- ſ Ϻκ Ѵ. ü ʼ http://hoohoo.ncsa.uiuc.edu/cgi/env.html ִ.

Ʒ Perl CGI α׷ ڽſ ޵ ȯ溯 ش. ġ cgi-bin 丮 ̿ α׷ ΰ ִ. ʼ̰ ̴. ׷ Ͽ δ. , ġ ⺻ ϴ ȯ溯 ܿ ȯ溯 ߰ ִ.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
print "$key --> $ENV{$key}<br>";
 }

STDIN STDOUT

, Ŭ̾Ʈ ǥԷ(STDIN) ǥ(STDOUT) Ѵ. ϻ STDIN Ű峪 α׷ óϴ Ÿ, STDOUT ܼ̳ ȭ Ѵ.

CGI α׷ (form) POSTϸ Ŀ Է ڷḦ Ư  CGI α׷ STDIN Ѵ. ׷ α׷ Ű峪 Ͽ ڷḦ óϵ ڷḦ ó ִ.

"Ư " ſ ϴ. ׸ ̸ ȣ(=) ϰ, ׸ ̸ ֵ ۻ(&) Ѵ. , ۻ, ȣ ڿ ڴ ȥ ʵ 16 ȯѴ. ڷ ڿ .

name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey

URL ڿ ̷ ڿ ȴ. ڿ QUERY_STRING̶ ȯ溯 Ѵ. ̸ GET û̶ Ѵ. FORM ± METHOD Ӽ Ͽ HTML (form) ڷḦ GET POST Ѵ.

α׷ ̷ ڿ ɰ Ѵ. ̷ ڷ ó CGI α׷ ٸ Ǵ ̺귯 ִ.

top

CGI /̺귯

CGI α׷ ۼҶ ۾ ִ ڵ ̺귯 Ȥ غ Ѵ. ̷ ϸ װ ٰ α׷ ִ.

Perl CGI α׷ ۼѴٸ CPAN ã ִ. CGI ߿ θ Ǵ CGI.pm̴. κ α׷ ּ CGI::Lite ִ.

C CGI α׷ ۼѴٸ . ϳ http://www.boutell.com/cgic/ ִ CGIC ̺귯.

top

...

ſ CGI ִ. ׷ comp.infosystems.www.authoring.cgi CGI ִ. HTML Writers Guild -servers ϸƮ ã⿡ Ǹ Ҵ. http://www.hwg.org/lists/hwg-servers/ ִ.

׸ CGI α׷ ۿ CGI Ծ о 𸥴. NCSA ְ, ʾ Common Gateway Interface RFC Ʈ ִ.

ϸƮ ׷쿡 ݰ ִ CGI Ҷ ߻ , ߻  ٸ, ϴ , CGI α׷ ۼ , ϸ ش ڵ带 ڼ . ׷ ذå ã .

ġ ҽڵ尡 ߸Ǿٰ Ȯ ʴ CGI ġ ͺ̽ ø ȵȴ.

howto/htaccess.html100644 0 0 40653 11074463123 12061 0ustar 0 0 ġ 丮: .htaccess - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > How-To / Tutorials

ġ 丮: .htaccess

ֽ ƴմϴ. ֱٿ ϼ.

.htaccess Ͽ 丮 ִ.

top

.htaccess

õ õ þ
top

̸/ ϴ°

.htaccess (Ȥ "л ") ϸ 丮 ִ. þ ִ Ư 丮 θ, 丮 丮 þ Ѵ.

:

.htaccess ϸ ٸ ϰ ʹٸ, AccessFileName þ Ͽ ִ. , .config ϸ Ϸ Ͽ ߰Ѵ.

AccessFileName .config

Ϲ .htaccess ּ . AllowOverride þ Ͽ ִ Ѵ. þ .htaccess Ͽ ϴ þ з Ѵ. þ .htaccess Ͽ ִٸ, ش þ Override ׸ þ ϱ AllowOverride ˷ش.

, AddDefaultCharset þ þ .htaccess Ͽ ִ. (þ ࿡ ׸ .) Override ٿ FileInfo ִ. ׷ þ .htaccess Ͽ ϱؼ ּ AllowOverride FileInfo ʿϴ.

:

: ּ, ȣƮ, directory, .htaccess
Override: FileInfo

Ư þ .htaccess Ͽ ִ ñϸ þ ׸ ".htaccess" ִ ȮѴ.

top

.htaccess ϳ (Ȥ ʳ)

Ϲ ּϿ 찡 ƴ϶ .htaccess ϸ ȵȴ. , ׻ .htaccess Ͽ ־ Ѵٴ ߸ ˷ ش. ̴ ƴϴ. ּ ְ, ̷ Ѵ.

.htaccess ڰ 丮 ٸϰ ýۿ root 쿡 Ѵ. ڰ ϰ Ϲ ڰ .htaccess ϵ ϴ ٶϴ. , ǻͿ Ʈ ϴ ISP ڰ ڽ ϰ 찡 ׷ϴ.

׷ Ϲ .htaccess ؾ Ѵ. .htaccess Ͽ ϴ þ ּ <Directory> ǰ ȿ ִ.

ΰ ū .htaccess ؾ Ѵ.

ù° ̴. AllowOverride .htaccess ϵ ϸ, ġ 丮 .htaccess ã´. ׷ .htaccess ϸ ʴ 쿡 ! , .htaccess ûҶ оδ.

Դٰ ؾ ϴ ü þ ġ 丮 .htaccess ã´. ( þ ϳ .) ׷ /www/htdocs/example 丮 ִ ûϸ, ġ ϵ ãƾ Ѵ.

/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess

׷ 丮 ִ  Ͻý 4 ؾ Ѵ. (/ .htaccess 츦 Ѵ. ʴ´.)

ι° ̴. ڿ ָ ȭ Ͼ ִ. ڿ ̷ ϶. , ڰ ϴ ͺ ָ û ´. ڿ Ȯ ˷. ڿ AllowOverride  Ͽ Ȯ ˸ ϸ ȥ ִ.

þ /www/htdocs/example.htaccess δ Ͱ ּ <Directory /www/htdocs/example> Directory δ .

/www/htdocs/example ִ .htaccess :

/www/htdocs/example ִ .htaccess

AddType text/example .exm

httpd.conf Ͽ ִ

<Directory /www/htdocs/example>
AddType text/example .exm
 </Directory>

׷ û ʰ ġ Ҷ ѹ б⶧ Ͽ ϸ .

AllowOverride þ none ϸ .htaccess .

AllowOverride None

top

 þ ϳ

.htaccess ߰ 丮 丮 丮 .htaccess Ͽ ִ þ Ѵ. ׷ 丮 .htaccess ؾ Ѵ. ߰ þ Ѵ. Ư 丮 ִ .htaccess 丮 ִ .htaccess þ ȿ ְ, 丮 ִ þ 丮 Ȥ ּϿ ִ þ ȿ ִ.

:

/www/htdocs/example1.htaccess ִ.

Options +ExecCGI

(: .htaccess Ͽ "Options" þ Ϸ "AllowOverride Options" ʿϴ.)

/www/htdocs/example1/example2.htaccess ִ.

Options Includes

ι° .htaccess Options Includes ȿ ⶧ /www/htdocs/example1/example2 丮 CGI ʴ´.

top

˱ ٷ ̰ д´ٸ ִ. ȣ Ϸ .htaccess ʿϴٴ ذ θ ִ. ̴ ƴϴ. ּ <Directory> ǿ þ δ ϴ ̰, ּ 쿡 .htaccess ؾ Ѵ. .htaccess ؾ ϴ ƾ ϴ Ͽ.

տ .htaccess ʿϴٰ Ǹ Ʒ ̴.

þ Ϸ "AllowOverride AuthConfig" ־ Ѵ.

.htaccess .

AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

þ ϱؼ AllowOverride AuthConfig þ ʿ ϶.

Ѻο ڼ ٶ.

top

Server Side Includes

Ǵٸ Ϲ .htaccess 뵵 Ư 丮 Server Side Includes ϰ ̴. ϴ 丮 .htaccess Ͽ þ ϸ ȴ.

Options +Includes
AddType text/html shtml
AddHandler server-parsed shtml

þ Ϸ AllowOverride Options AllowOverride FileInfo ʿ ϶.

server-side includes ڼ SSI 丮 ٶ.

top

CGI

.htaccess Ͽ Ư 丮 CGI α׷ ϰ ʹٸ, Ѵ.

Options +ExecCGI
AddHandler cgi-script cgi pl

Ȥ 丮 ִ CGI α׷ óϰ ʹٸ ϴ.

Options +ExecCGI
SetHandler cgi-script

þ Ϸ AllowOverride Options AllowOverride FileInfo ʿ ϶.

CGI α׷ְ ڼ CGI 丮 ٶ.

top

ذ

.htaccess Ͽ þ ϴ ʴ ִ.

Ϲ þ ϰ AllowOverride . Ǵ AllowOverride None ȮѴ. .htaccess ƹԳ ٽ Ͽ ˻غ ִ. Ȯ AllowOverride None .

ݴ Ҷ ߻ϸ ġ α׸ . Ƹ .htaccess Ͽ ִ þ ʴ´ٰ ̴. ƴϰ ִٸ ģ.

howto/index.html100644 0 0 10436 11074463123 11367 0ustar 0 0 How-To / 丮 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0

How-To / 丮

top

How-To / 丮

(authentication) ڽ ϴ Ȯϴ ̴. Ѻο(authorization) Ȥ ϴ 򵵷 ϴ ̴.

: , Ѻο,

CGI

CGI (Common Gateway Interface) CGI α׷ Ȥ CGI ũƮϰ θ, ( ) ܺ α׷ ȣۿϴ Ѵ. Ʈ ϰ ̴. ġ CGI ϴ Ұϰ, CGI α׷ ۼغ.

: CGI:

.htaccess

.htaccess Ͽ 丮 ִ. þ ִ Ư 丮 θ, 丮 丮 þ Ѵ.

: .htaccess

Server Side Includes Ұ

SSI (Server Side Includes) HTML ϴ þ, Ҷ óѴ. SSI ϸ CGI α׷̳ ٸ ü  ʰ HTML ߰ ִ.

: Server Side Includes (SSI)

ں 丮

ڰ ִ ýۿ UserDir þ ϸ ڴ ڽ Ȩ丮 ȿ Ʈ ִ. URL http://example.com/~username/ ϸ "username" Ȩ丮 UserDir þ 丮 ִ ȴ.

: 丮 (public_html)

howto/public_html.html100644 0 0 16570 11074463123 12567 0ustar 0 0 ں 丮 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > How-To / Tutorials

ں 丮

ڰ ִ ýۿ UserDir þ ϸ ڴ ڽ Ȩ丮 ȿ Ʈ ִ. URL http://example.com/~username/ ϸ "username" Ȩ丮 UserDir þ 丮 ִ ȴ.

top

ں 丮

õ õ þ
top

UserDir ϰ ϱ

UserDir þ ں 丮 Ѵ. þ .

ʴ θ ϸ Ȩ丮 丮 η óѴ. , Ʒ :

UserDir public_html

URL http://example.com/~rbowen/file.html /home/rbowen/public_html/file.html Ѵ.

ϴ θ ϸ 丮 ڸ 丮 θ Ѵ. , Ʒ :

UserDir /var/html

URL http://example.com/~rbowen/file.html /var/html/rbowen/file.html Ѵ.

ǥ (*) θ ϸ ǥ ڸ ü θ Ѵ. , Ʒ :

UserDir /var/www/*/docs

URL http://example.com/~rbowen/file.html /var/www/rbowen/docs/file.html Ѵ.

top

̿ ϱ

UserDir ִ Ͽ ں 丮 ̿ ִ ڸ ִ:

UserDir enabled
UserDir disabled root jro fish

disabled 忡 ϰ ڿ 丮 Ѵ. , ڸ ϰ ִ:

UserDir disabled
UserDir enabled rbowen krietz

UserDir ִ ٸ 鵵 ϶.

top

ں cgi 丮 ϱ

ڸ cgi-bin 丮 οϷ <Directory> þ Ͽ Ȩ丮 Ư 丮 cgi ϰ .

<Directory /home/*/public_html/cgi-bin/>
Options ExecCGI
SetHandler cgi-script
</Directory>

UserDir public_html̶ ϸ, ȿ ִ cgi α׷ example.cgi ִ.

http://example.com/~rbowen/cgi-bin/example.cgi

top

ڰ ֵ

ڰ ڽ Ϸ, .htaccess ־ Ѵ. AllowOverride ڰ ִ þ ϶.  ϴ ڼ .htaccess 丮 ϶.

howto/ssi.html100644 0 0 45353 11074463123 11064 0ustar 0 0 ġ 丮: Server Side Includes Ұ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
Apache > HTTP Server > Documentation > Version 2.0 > How-To / Tutorials

ġ 丮: Server Side Includes Ұ

Server-side includes Ͽ HTML ߰ ִ.

top

Ұ

õ õ þ

SSI θ Server Side Includes Ѵ. SSI ϵ ϴ HTML ߰ϴ ⺻ SSI ҰѴ.

޺κ SSI þ ǹ ޱ Ѵ.

top

SSI ΰ?

SSI (Server Side Includes) HTML ϴ þ, Ҷ óѴ. SSI ϸ CGI α׷̳ ٸ ü  ʰ HTML ߰ ִ.

SSI ƴϸ α׷ ü κ ٽ ؾ ޷ȴ. SSI ð ߰ϴµ . ׷ Ҷ κ ؾ Ѵٸ ٸ ãƺ Ѵ.

top

SSI ϵ ϱ

SSI óϷ httpd.conf ̳ .htaccess Ͽ þ ؾ Ѵ.

Options +Includes

׷ ġ Ͽ SSI þ óѴ. Options þ ְ, þ Ἥ ȿ . ׷ þ Ǹ óϱ SSI ϴ Ư 丮 Options Ѵ.

Ͽ SSI þ óϴ ƴϴ. ġ  ó ˷ Ѵ. ΰ ִ. ϳ þ .shtml Ư Ȯڸ óϴ ̴.

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

̹ ִ SSI þ ߰ϴ SSI þ óϱ .shtml Ȯڸ οϱ⶧ ϸ ũ ؾ ϴ ̴.

ٸ XBitHack þ ϴ ̴.

XBitHack on

XBitHack ִ Ͽ SSI þ óѴ. ׷ ̹ ִ SSI þ ߰Ѵٸ ϸ ʰ chmod Ͽ ָ ȴ.

chmod +x pagename.html

ƾ ϳ. .shtml ϸ ġ .html SSI ó϶ ϴ ִ. Ƹ XBitHack 𸣴 . ̷ ϸ ġ Ͽ SSI þ Ŭ̾Ʈ Ѵٴ ̴. ſ , ƴϴ.

 ̶ ⶧ ڸ .

̿ ϱ Ʊ⶧ ġ ⺻ SSI ֱټϰ content length HTTP ʴ´. ׷ ij ϰ Ŭ̾Ʈ . ΰ ذ ִ.

  1. XBitHack Full Ѵ. ׷ ġ ϴ(include) ϵ ü û ¥ ֱټ ˾Ƴ.
  2. mod_expires ִ þ Ͽ Ͽ ϸ Ͻð ij ִ.
top

⺻ SSI þ

SSI þ .

<!--#element attribute=value attribute=value ... -->

HTML ּ ⶧ SSI ʾƵ HTML ҽ Ѵ. SSI ùٷ ϸ þ ٲ۴.

element ϳ. ȸ ڼ ̴. SSI ִ  δ

¥

<!--#echo var="DATE_LOCAL" -->

echo element ״ Ѵ. CGI α׷ ϴ ȯ溯 ܿ ǥ ִ. , set element Ͽ ִ.

¥ ʴ´ٸ, config element timefmt attribute Ѵ.

<!--#config timefmt="%A %B %d, %Y" -->
Today is <!--#echo var="DATE_LOCAL" -->

<!--#flastmod file="index.html" --> Ǿ

element timefmt ޷ȴ.

CGI α׷ ϱ

Ϲ SSI ϳ, ̵ ֿϴ ``湮 ī'' CGI α׷ Ѵ.

<!--#include virtual="/cgi-bin/counter.pl" -->

top

߰

HTML ִ  SSI .

Ǿ?

տ SSI Ͽ ڿ ֱټ ˸ ִٰ ߴ. ׷ ˷ ʾҴ. ڵ带 HTML ϸ ð . Ѵ SSI ùٷ ۵ؾ Ѵ.

<!--#config timefmt="%A %B %d, %Y" -->
<!--#flastmod file="ssi.shtml" --> Ǿ;

ssi.shtml ϴ ϸ Ѵ. ƹ ٿ ִ ڵ带 Ѵٸ, ϸ LAST_MODIFIED Ѵ.

<!--#config timefmt="%D" -->
This file last modified <!--#echo var="LAST_MODIFIED" -->

timefmt Ŀ ڼ ˻ strftime ãƺ. .

ǥ ϴ ϱ

ִ Ʈ Ѵٸ ü ϴ , Ư ǥ ܰ ϴ Ӵ.

(header) ϴ(footer) Ϸ Ͽ ̷ δ ִ. include SSI ɾ Ͽ ϴ ϳ ϸ ȴ. include element file attribute virtual attribute Ѵ. file attribute ϰδ. , (/ ϴ) ϰγ ȿ ../ . Ƹ ϴ URL ִ virtual attribute ̴. θ / , Ϸ ϴ ϰ ־ Ѵ.

<!--#include virtual="/footer.html" -->

ΰ ļ ϴ Ͽ LAST_MODIFIED þ ִ´. Ϸ Ͽ SSI þ , ̷ ٸ ϴ ִ.

top

̿ܿ ִ ?

ð config() ܿ ΰ config() ִ.

SSI þ ߸Ǹ ´

[an error occurred while processing this directive]

ϰ ʹٸ config element errmsg attribute Ͽ Ѵ.

<!--#config errmsg="[It appears that you don't know how to use SSI]" -->

Ʈ ϱ SSI þ ذϿ ڰ ̷ ʱ ٶ. (׷?)

׸ sizefmt attribute ȯϴ ũ config() ִ. Ʈ ũ⸦ ַ bytes, Kb Mb ũ⸦ ַ abbrev Ѵ.

top

ɾ ϱ

޿ CGI α׷ SSI ϴ ̴. exec element ִ ٸ ͵ ̴. SSI (Ȯ /bin/sh Win32 Ѵٸ DOS ) Ͽ ɾ Ѵ. , 丮 ش.

<pre>
<!--#exec cmd="ls" -->
</pre>

or, on Windows

<pre>
<!--#exec cmd="dir" -->
</pre>

dir ¿ ȥ ``<dir>'' ڿ Եֱ⶧,  þ ϸ ̻ ̴.

exec ±׿  ɾ ֱ⶧ ſ ϴ. ``'' ڰ ִ ȯ̶, ؼ ȵȴ. Options þ IncludesNOEXEC ƱԸƮ Ͽ SSI exec ִ.

top

SSI

ϴ ܿ ġ SSI ϰ, 񱳹 ǹ ִ.

ۿ ϴ κ ġ 1.2 ĺ ִ. , ġ 1.2 ̻ ʴ´ٸ Ƹ ׷̵ؾ Ѵ. ض. ض. ٸ ̴.

set þ Ͽ ߿ ִ. ʿϱ⶧ Ѵ. .

<!--#set var="name" value="Rich" -->

ڱ״ ʰ ȯ溯 ( , LAST_MODIFIED) ٸ Ͽ ִ. ̶ տ ޷ ǥ($) ٿ ڿ ƴ ǥѴ.

<!--#set var="modified" value="$LAST_MODIFIED" -->

޷ ڸ ״ ԷϷ ޷ ǥ տ 齽 Ѵ.

<!--#set var="cost" value="\$100" -->

ڿ ߰ ϴµ ڿ ִ ڵ Ͽ ȥǴ , ȣ  Ȯ Ѵ. ( ã , ϱ ٶ.)

<!--#set var="date" value="${DATE_LOCAL}_${DATE_GMT}" -->

ǥ

ϰ ǹ ϴ. SSI α׷־ ȴ. mod_include ǹ if, elif, else, endif Ѵ. ִ.

ǹ .

<!--#if expr="test_condition" -->
<!--#elif expr="test_condition" -->
<!--#else -->
<!--#endif -->

test_condition  񱳶 ִ. ٸ ϰų, Ư ``'' ˻Ѵ. (ڿ ̴.) 밡 ڸ , mod_include ϶. ǹ  .

Ͽ ߰Ѵ.

BrowserMatchNoCase macintosh Mac
BrowserMatchNoCase MSIE InternetExplorer

Ŭ̾Ʈ Ųÿ ϴ Internet Explorer ȯ溯 ``Mac'' ``InternetExplorer'' Ѵ.

׸ SSI ´.

<!--#if expr="${Mac} && ${InternetExplorer}" -->
⿡ ´
<!--#else -->
⿡ JavaScript ڵ尡 ´
<!--#endif -->

Ų IE ݰ ִ ƴϴ. ֿ ٸ JavaScript ڵ尡 Ų IE ʾƼ ð ߴ. ӽ ذå̴.

( Ͽ Ϲ ȯ溯̰)  ǹ ִ. ƶġ SetEnvIf ٸ þ ȯ溯 ֱ⶧ CGI ̵ ִ.

top

SSI Ȯ CGI ϴ ٸ ü . ׷ ߰ ۾ ߰ϱ⿡ Ǹ ̴.

images/custom_errordocs.gif100644 0 0 55373 11074463037 13577 0ustar 0 0 GIF87aqqquuuQQ}}0ee릦00eeeϚ eA4E]vHsfqIWh]Wu% ~߈jbyy&`b2Ҩxb}(6&hH.`!UH!qbױ[VX-އ͘a:Fj 07mr䟀$  tMhxӕFN}ZniH`ga(9rwgy$;w'5ycܠ6sJ٢5ڔֵE,&ݬ[ Xvlٞ 緶k.dr.ܻaHXz驦jb+RJg)n"bʊ-A6{WrN6n99a^9l@Qdž:j=e)*'%+cZHtqr21usORcJĵ_'-¥k3W-mfDr#i4x \~wF8S\5ocRBm5l7A褗n:Tꬷ.n/o'7?4WogK/}x_ro Hn/t+:0|5%CY3Ds6(]qpDE(La=<&"^HA317TX""aȮ J:'i8 wxDEAObŨ+JъX' p)3*Bka&~pF76…"qFˑe#q̤&-a:«xL`8HAVi4# i?fQiL*YZf|e kMx%[qk,wiKJ(Cf.UIGiZ 4sJJ"2461..6nN];SzS @9IjQ&ѶO5)Ȑ%Ei䗓T~鉕w3"&H=oz{f/h&Dm]G  Ab. EaOcL<] // XwkJz eSy~X^]cMNhOlc򔐯d4tA%0?i璌v|~fP)$<܀*_9[͋Th' $#^4fmN2'o㲗6)^4*ȻiV8Re򙣺/^^C}OWOa5NxhsgZSo;]Vc&r*.m{{ڥzwsmOʮ6zampC59wO[ցf;u?ֵ7{UbW_򠏡ѽp*:p:' ٥RۥGJVkSˤ$;IɵTژT]ٶڜa˶kˮ-[( lY5kUY\98&dmgSZCF H[zvkD1DqIyZ`C%)0VKɹ[xˆo0r[E>0  ;˲{N{Zp\ ⳼ 'Y蛾껖a{%pHн[5ۿ<\| <f.i~]>9ٔw=;o璎|e东Иm ͤ^Zj>/问.6땾נu^빞f>^y.rL]W[b닞dٱrޞN~*nnNb>Zٝ]89־>n ~tϤϾc,>N.an  o.B*؂>>4oMO8=_~do<3B{D/ܬK)^`2("zj^Z/ >~nʶ̩n(n3 rߕ:ez.U[ZxĭvFHž[_ܷnq¿,cȟ">KŮƏ>Oj#Րڼ?Yw~pP<ڦm/^D-܀@Xhx)9IY)xY  :0 *@jZ @`{[kk+ (H,lHiܬL25!6E+`# X JLC@aK璎 sḇzN 0EAhy +Ђ%7%Dlzwx (P%#P$ 9Dt0lf:N0 LAE.â4( 8x 668O# vKAetWLLF,"/ȫ ",\:6 6sGp#؀RH_EyQR`18.C5;R$;^ p$U'@ 7zVpA;Sn%Z?/>o51$cJl"(BqR"h,bqZ"0qb,#h4qjl#F%^rK(B mKW2״;} Ą0֘IN@ p@ҤЄ"=x0jʻ6[8*?ϯ㥺SQѬ.&'9{3<cMn"O1Ż"5N}^w뿭nvKdBSe-,M,t̞<8"cʟ$׌%DThY9c=pyml+m2dj"ocs+sB. eyszmd5IT"4ݘ1qP!bN$wK|?d1BX{97xT#e#iR.&h[ncJrTޒAlkiЪB]tpjBZP06u&zpT}S2yTZ(Yӹ3]ÓP8%?9jC.o/eG9ynol 0/OAvz[}C}8iT,q"@uE޾ZؼV^7`}ܮe ܇׃Bn)wx>&UnE++,2Lq9GoAВJ@x|80jI`GV:)Et2{wV|6fi?brXdr W{ 5^u$O HpIpIG 9'~goS`tr7>2ZYO;s YM{PFi8PSq ;W{"t\Xmc X*cl"ŵ6h[ZHVsasLJ[:uO\Ule WmG@ͤxR2%0W!sR7S>S .j<b:һke"x f L < \ GD`JT\Iq~MЛ{+J娥@e hOD0RyhYlφL<ϒp( bH/ 9> pŜj l c 3[J# 6$[ah}#}% ))-0 lU +$=ҤWbJh{.?ܭli@"]! $\ϑ]٘}ّmֵ!1;DMƀt~qFXUJOp-2n[!p#}s!aYP֍ٌؐm!mcc ^/]ܟT`!ciEC=ZC@P4Ң {T'ËG:7x7ݨ.P"-#j&B"=΍_}ԭ }} ^m180r 2c(9-/Cx$"P0Rޅ?:L m->0#{%L'jٓFN\@>Kn?0 2S#P= N@(02+t<L kĥdWغ=yQM& Gbm- mB=݂a=_a V7GcP`W^:1 ):}ThO0ԊIpl9^,.,ǭ[!@UuHOFSr]07*гX&7-ЯT"9!BJ羠M 9?K-D)tЇ@)j0e&`QUMiT۫8GnWY[].=ٵ ҐQ~5C,$#GcKḙ9A@cнAA!yƊhQ;ie`*[єim٪ Q[ ~$D "s!w9O"o UQ"[| %%䉠dFRF2e+DaVG\%R\uF2% 6`_sSWTI7 6TW f(&I=\ O xuJ}j]D(-5%[JLA &$$F)TV)K4Fe( I4&!%(!:T*"Jxwkm hѵ9ld$nS;5֐G.tDX x Ⱥ,&`+P$E?{jZ 4JNdG8'|T,jcݠa I ^~@O-9"Bv:: */,҆CLV9ƖGA:AtP"p` NH(l`j`>,(R FqjD0I v{ϒ%؏w]n^@-EIŻؗH"/: ʶ6 =Vd1$'f^h>Aop ߑibؗy4Îw6 =!4 BrÐ@#{4aINB H`+[=eᗊv['\3~$ၔ$Y,<^Gfҗ/2@B(9 fbp"z 2Y:UbH3K"pC)P)E|\(nZJBxu3HAy sL`#3L2l ,ъn&!).R0A.eJҚ M`@NqS66DbC3xQ4N#/ թj*|ewyL@VQHaPŪV*թ5ij1*cb5a=k\Vժ~+4VenUjk^ ׶5y`RRMjf7kYVvVlbVhU+lh+ eݐ6CgJ ХB]j׼:xqױ*s;\.׹׍nu>=kw{] w煮vɫz{IP_9!8K^ĝ݁zpr֯ʷ+a׾0x^ 6 {9Ķ80~FAk]حZJlc|aU%q?\ WT}d"p̒οE}T}fu>.+2]dx0WB gA_nLir5j>wv2}O3ٱ\}1|k:͕jWznto%c]kra=PƥkcXUž~UmVTW{SV'v[Wm;N,QmbAraZi#6vhe͎R,C5e0'>Ye2pCNX\@DeZ*.//!)Rc7m@{fեAOҗΗb6ӧN) %akV^p ~~Ȁi Nc= _CeJu~@x} 4M?l㉟'{ҔO6OzL0uxϽz>;qlVkk1r#O>mUc ڒbX(]?v۬\ʹYX0gwqwcG%`g1~[? t{tU=f IFsEacG} FL&(`IjLE]rX8 [fg}/(rPqr4C?kq^&rG5O;8TNpU8SmƆPfNWX%7Ȁq l榁(m&\jov_`1'kEXUdV%ennKm0hH8vnFnq8PQO堁Y փllzFl>k5XvBk"g/vjf\<fs{dȨj(_Ɗ/v`gx\h`vokVo;fZunnFg1X Vق8uww8U6oPeDvhf}tY)jF(iEedfdθ`lEE]ܸhƓ?9k&H֒>?I!ix6b&HW4r=dVׄ+ i EdkƖBɌVVȌijhl\4vƇޖo扠joƈٖhVTUXؙoV*fmaIj}m6f^)mfؘАZO2¹~QuNP 9p#jv2{p)t㉝{yg{@ΗybG~l4GBT|44m4w{YSz5Rc*ͩudTנHM#/|5ᩡ$Z}6p7)~W.J}yyܷx/z0gf U~CyԢ8Z9ThNzjYMV{H{:89y^y' `dz|Y `9Vjz:i8 zO';<7{x*y~2k 5Qc1[!Â%7Đ?hrY @qdiדW9u{T?x+:rו8OU׆_{ST}؎t0սؖlajӥG٢ ٢upZr:ڬH vۮOZ*۸]Df-9b} :ȍ5} WC=ݝ^~ >"^$~&^v}w yz6. {07yn=D@8 'J6u8*Dg-\L>]qdT~w8y}1{~ev= z ?]{`ťn|Iqݡ}G$PLW='HܛK ȯy&MnD%V%We8xNWR(q j`;j) }f^D묎󆎽]e೮V9n`VCr>j^@]\eXhlniԶhZoɨugҎѐ]WckMƹ;bkv`Q+gnƨ9{,Qs ڎS,g, --k$2m7iuk$<|)=S.w@@R_D 4wAᇁ 4CdW {@rPe`/c 783MM<պq dR$0CK70PN 0\X\Pet!`G )m' W`@f/ 'b_SP|oΐ 8YߊX vvfk4$miw)n,4R;b$`HAFzHغ͈yqc01cxkۑw#g}LH[g,- 8WX'S2/fދo IKjPD aC +rt HT ǁE`NhD–wX$ưm8Cqo}KEi4dlʌ8׹'N& t{1&K 4Gpbw #lD.ntc JXVClOފᜤ@*2 (|p0 _,:nP52Z:Ԋt .gё ]#BD/lE4;@ym {06}Vwܘ͈[G{ងu.!|䮷mmi޶ߺԨ&օ#Őkf[e[;l$׷;^}W[淫A.n|]m5o9^}|wnqNu{2w?5+='~süZ~nc~3zsw~s.{WW[C"%0oqtGy~z'z\{|t>'.7u!wxMWzwzhxxW|(7'yGxr xn#|zu$Xur0S{RvPr+vg}ta6uDcce'.LI( BU(j'p`_X(ciN((PhjdkH?$l(sindgt{HefД|(HdZ*.ԅ@?F舲Hanlx։au灔^GnHv ˷,Ln_д tȏ_wEwV xN'{2(,(y,׀;i'pg(u-"q鑛rƁ1 uǒ/1x>t6y3HMKɔMݸQV; 6l~&x.|9(twxAɐ[g'9ӗr*x7we&y`)}n)|tok(cɒyI{mcIi'H瀆}m)׏1NPi3J!L# e858=iWؚ/xtrs޷g٘I¹iZwnȩ[uɔiyZfhgjΈzLԙr)"9~K(xyFm)gY &ڠڌy889MɝOIv@llfkss jIꘂY|l}X)v93*Zj飻7mZ}WK8!ڝ#jdQ̡d~h {#Gqpס3)yvs{mZtzsz"Y;؜ʧ}CxǧExz&1|wgpʖ:i~H ʝVfPcF iJt9r.z8HjY!GJʪ2:YI*y uCِګi+un/J !efH ![i'隙b@Xj`xjgeJZ*$ڔkl}V*zZrv°aJHf lm\fl)_ "󰋘!v|v9ұKOQ%GGJ H1PZN^[Y v;, A{p_ukзK;b˷0j[l?K:wk[kkRֳ.LX*!px [Kۻ_]k \yK[ۼ[+dkʻy ˛˻QEH(ʯ0_3P˻ 뼉[ ܿ ]K̫ݛ |۽̹ʾ} [-+!G ̛O8ɶ ґ ҳkdcд5m79;=? A-CMEm 59;㾝.,Vm4}IMO?!= [].H^ʽaNenea %A娀p oN0'y p}2  %gNcnRm  @u>0NNvpn ~! SEN+.Ǯ6> .0>܎pM. .LFpn0ľilܜ.p>ܦ =nNz*?.1/3OrO@#۱N@(/@L]U0F$'F`aoy13kR~ 柮nM(~ )=OY.F P.ihj$;?Nܱ~|MQoV` fݓ//oO5oۅ 0绿 /P@_܈o ?T_[o ̔գ밍*\ȰX%GuE < Fdf XR7YX@`Nr%z<Ǩ_EH LʴӧPJYG`AfL8,d'hOBHY)mn,J:QҘ'ԤK+^̸cUGi b=", gh>;Sop^+`Oʝ>Nx۸sYR݇Y.]Nμ {X8ȕ^6Ë/L~{oßOOk(h& 6^QD(VhfvΣ׹ug(ԹC",(4h#+.<@)DiH&L6PFN/hXfm`)T]ih'<p)tix|矀*蠄j衈&袌6裐YΤVj饘f馜v駠*ꨤjꩨꪬ꫰*무;images/custom_errordocs.png100644 0 0 54573 11074463037 13617 0ustar 0 0 PNG  IHDRWsRGBgAMA a cHRMz&u0`:pQ<PLTEqqquuuQQ}}0ee릦00eeeϚ eA4/z^ vه%.)2[p+sk)\I QcRpm9uj A|х | ǔ5Hsk] ),EaWH|gp"3m&vJiդ-VyFµJwceѤZUAǞ-I2]=;1@M-zƺYSEኻz̽>!2_px8^‰w›6vrp$QC93PKþߗJY fEHZf dk,k S@0"qetJJ[;4UČCt, khmsP!V[Yd@حIV5N*L逅HpMiyRI kG$ڡJEMpMIW@%V3xN+yCC*:IHwMp]'t\HpTfa 8Jp]MtV1pFn j,{"b?W^ \e@F* `tE 0 ɤ0,͂ڨ|1P𲜲1%\yp["[Ee+(%q-x~)_M\,+[b*>ڷG>,>'@< h9VA2O]*? \<\ '>5 W* ы9yRԠm%S̮q%j>4.UQno#Nkg' VcQX>;dE' mґ 7NQ P]J[eQU@ "Z{aC=N*=4&);Co! ]b\iCusX [>At WdnLQzZ `VE~p{7ǮP e: \yv0}zB-)C"Q 5bt(J &>)&kmbD"JA ww7?ΰk2@+SIY ip5[TfP_ ?Y̓W]KZ*jRȰ|Ep-i. u,N6׻w1N;˰δR\I? aڠ_-1續Jµ(R>3DG%A{J*I\C>>J );@_]82fHۥz \i0*@MZ2\3TN*t5*a)0 F(uBentB|~+\W|k2P~Nl}ek{hą"uGrJ"&#"*e8uMm])r2ЊҧBH`*Zsլln| v7sp- $T1Bn \Y# tl**d]A{ڕ3IX;XpM@[oW\ߒ,68\nY<(TI ]`S@\ԛ$J%I,\vE䩜3J "C6]+&@ŵe];%upݸ5/.w{$ pZ L*:݋K,̝t+R i3 ..8=h8bmՙe͢uczs5m%9)x\]*ό"2s:jl c*uFfǭVMc ặ f'Ʋ+4[x%X y5QL W7myp)КA]`skéno =uf "a:}o=$V| Նfnʀl/Sg `{[ 12rxv;T-l̽T 7 MF橉ĝ9Z.2bk+Vf{ e&$'Bre yzf \yEjj4KfM!O2 e`mYW8`kY;l>O&]x_X[نȴL -M ;^- o KAC\KF3n-f)NŠrIXꮪzcCjFRX:~X:"AK* 7*SrAe:yK\#, l{޾]LԀ@Exvj 㸸5Z#hTi[" XWo D;. R. A4K`{:~Ke M:El|p͔U7epu˳P@ 1)EzY`F_+4@bw$3#L$)Y{XC? Ŕuq-5cpͬb ؂] 5YӘDȹY2."2 Ϯj5-]u}6@6*Zk'v}=g/Jo=+lv(r C͠'+"v4..F+*iʓv hyԄf< C DB^i\eWVC5hM'sZES CWdF-k6ݵ]K.jD+^;WS/<î5ZvfW j3Zp-)k%~] fV(jJ.]! 5k2V-R%c (@6d}ؒ1t fJeT !v[+?L* #Z]`q0G%q1[>J%c:EmqY;.(/p5DCool׾2GV"ktv 5S^[gIe=Z>0nqs 8I<2_\a,+NܰP^H'[lE[T*N4Ab y ƶ 赍lL슫 Ͼk!V DrHiT+Mv-g_'lUZ] q+Lcص;n1&W%U)vĭbGkr6Nt]Żkr mucڷ U`*/4vMn1ڧ0y`/|Wv-|HG}0TS;[yq璀UVEQ:S n1mܸNxpT??G6vW=n1Dڼf-= ]~O]ỳdK2y琀~OQ;(RFY,\ŘC)j r52ONǧ_GgOµn1xJp dmiIOسӳi,\c٦KubV`%r9, ;kfka'b4.0-^ϹD#@旧_2@X=GF5`׎ŘC)jx>|oTN޿<.1(#dq4\qu?yzz~8: LG'ç@Cu 9ꝢvRhicXwwA9Ygcx : lՕ-4bDF}'N&?e(ZSPK,sX\͒*V, o( cv& aLQa~zx?<<<:<bٵn1p$:IÏ'6x*Q^AYdx㓣1miڿMʲ<||p 83]8[t&,^F zъjH!kbj1\@gpp4:{`6V'^dX)vG _RѳSkF0O0>;tP  "m W7@|+VO@hص[ ~V^ukzwuuuc0[hwEY4A[eau®@]=#X7W}fgaax=?XrD.nP-qIn1VH˩Рwx>&v~y `}wuputWZ ]ǰzh|Xe][4jro7̭ث0+&]O 0tYcгmQ7owdkvvBz+ LJʧ6~%I'i-I4qt t( Q577nDΫ4গ/>bkSbt$)wq?o3\spv=9:| *_t=PI&3Dث&/'0opw 슊*`, $I;~9y1AF[^^¨Q8APNZ3Ԟho&mNnZZt}E?@c/?g0fu,ؠ 2 Wf@9h$["%/^xy tWW$WXAP=_he h/:Q2_Mvp<~h 3鰷Zc'lr P,_N.x)܊+G` Xq@o:P]yɀ`5VV`-Ppޟ<yZ++ގe `Ń-p1<z5mph= J7-%Q>+.t"⶗C[xzUǐbm.ګEBU>AvX;+Tp&@b6#Me81Jo!uЖ{պZ^6!eAU`B0F-m:++ R0_zxVb6c=e{EЅ$ &dspt5tכhADKBI#RUFozu+ރ*b-.O \WOLe{B G ZvlhZs&hYH1't%#-}X +?ң2hGF] פ ])`` c,"WH@|1\O׼p+w xobbt-+'.iiJ%}֫)" &-CEkqrVc%8EoX~+ V衖]y LW@PH8ڢ1>Xњ4Z)l@k}vtEAeq)&82(_4vR ? X"TY v4AMݕv*^%_M@gf}*B&*?]lT\IuRK4Wje =ƅXW]qn1(EFHVH8E+ݤVV+*(أ"bj`12mzJn@Uaup}jqj3ZiȪ`u.p!X@[ W$Jxm{}skJWx!j`#u.b˚nB@`@ZѺk}<]E.vA]x(`WƊNIWY5XK]J{Tp:,-њ$cϺ똭#h]ŰlJBʣjĮ+Yvtc4׺je'xG`]8غF ¹s6?6[ F 8ncT4+ 2KV]$ߒC l8{bZ-똟cVbMW% ,5tP_uQwE5`k^\PcH/99tQSVKOȍMʯ[aͶ,n{Z]Ϯq=ccWт"4:ԺX *+V| @,Hxed(kxvh H]7Cy UgɂW_-K 0b+dWPdE#]E5MHMn1fhu2ACbW<@WkbF*nvT_>+|F5X'5S38fsl gm(\>vX@xv18/:GuP˺tYik3\l)f dcq#g&dX+ N1FX u*]%*К}V:"eM6,M Z 0q9Xb][ftS*ɘP]Bx]w2^ X?AݕC+ˮ--F)zy:U(X o`ؼ:B  ;-SwpMn1lUKoEy8⸟[:2SX}m\ܰ ZﮆH҇[8+-|m>_oTJv}:Mz4(WDj3bXB Lwtr:U bbx|&qG#@,ZE 0ђQxf,5Sj dY5ŘMW8d3P_ me^+ސBCC`"\]iarhjTt+h  Tg l'/Gތ ?`\odg&s1wS;\ Ex6{ mW I!P5-FG= fR< ӧ0 `Mbt>g,WL;`0Lگ bkws1gSJM/B r{x!P-)<,jM `D)`hvQib)sX8%})[d |O`J. p 0ĂC$ WcmWn:W:q{Ζ^4籖N0OMĔG_>aWB%77OO#pFmٕq e@?7޿4ߡRhNtYR%K[EC&51Y.Vڠ%/rE;X&ć秨\]!~IZ]ň7op&b/W࿂ч&,R:a QGzd3g0:0mίw0!k4w[sF+pE봨Jf}3HP A3ü㠬jaݕyYWw߀/"zJq۲<NZWVj? g= >+p)>N|Rȹ$RkyXFݪ+ BX:%.H3kn16hڥqXaƆ}(+3o'g'p*Zc"iu%0`*=piy+E^-ԁbd)P\E 75SI`N"$"G#?0}ao6F|],lJ\"2jc0}-#ʊkk{ߏeGӏ >¦hC@KF+W p:Bd ,m텴A-~5l,\!+ŘAW;gDȮ8{p9.AH X~&FgovU+[zvBGj@] Bh^0FH  Oh,;bsnEfbhu :yVXzH<@+:`9b#*dNi](+/fMn1 Ȏ)R&G]clJ `WB$ʞ.Td6RҫNꮪft4 dmU ::??=ECM ZzxE`rt=F`=0G8z  uU7Y,sm4\[UXVX~iuD :, F~8BsBwRAً+V\Q`p][Ŗ e +`Q?:z5V {FЧ=ĥN (HUuE۳ W*Nh9zŭܬ ۑWV%@e >B\Y3@ibuof Յb",gs}۱p][[sʼ zX'h::?9 8 Y<`K K ,XE[mьkvшR"+`WTX<u_ q:Npo]ê!+ `_x \[ەsʽ \q kXp B[Xbt>yYQ0kmX^ʀ[ǐ^1I$enky.)nVpBE4s34jl}千PA,rsܽA QJ*A:ۘ[^Y34탉YD&^lJSLIąC 0J6WײЦ=״Ne)69]10lmv'ny r\,[ MsքR WX ע⋌8lw?1 ^[[ q^ 0\..2S*CMc3)A |_% -YøMP / hI@Tⲹ_ƴ)utim\"tvYSi5/-𯿾;ҽWAtO[H~ pރLZ^YL?J/vsQ=B8D[L) }2CFrTĢ W?til S+N&.^wY'* [Z Sgro5o%II3 Sipa/] czźM#+a õ[ Oš KtQ_;H2kM2_ 6}brs% dy PWYK,#lճX7ؼT:bh4lyL!f@mwAǬh@ 2*6D??U5ܬjT#jk>uصr7A@aMvݳݕ)t7ͣ#c0/ge4 сmr*{[UBʽ)RF]*Z-E<cgo@Z`ȩskIMOAn!;ҹt,lArY&8 3AB*sĚN2 pI~-ɭQe~XY?3:uQfةխy/bUH+ 6cZy4+lH#][e4Gcؕ v'Ib5Ũ!t`c Ү#8krQG)$0~vr0kI`K6n~[WÙGk"aL*h~w% Ov&:c [Et Tچ!sUk-]rq. Ut*\VZBʞE@%T W/]gRuS]br+iAz=vwn}ӤC692MzKi#pk1t?'^2@c@k<A4ltO)r} Ȯψfx:.Ο)ZR$AYz#Li=: 8A$C)Y7*1n19;"8hh5i4pG̤+jǦ]TXp 2IjJ8!޹B5.(OfVD]s8ȴǏ6cr" p%xdsN-[|}\QE22RVUZ-%1K5Pr&<<&L0i+|Z qg/ǧpeEÓEu3]#bX=c8ܑ *}AwL Nelazت{:ۑϗ0My (L4)Qg\pa]kŠHۉ?(8ӎ8\,AKǸ#%Y9k&G%!(' b=M5(sLEZsZt R-W.vmî vb3 h.-FDqMJgw][ -Q.\2EmNn1 )H $J (vMn1T ~b$CQJawMn1L"*vMn1R 8vMn1XZ!vMn1ZRqb$EUbR95Hhiص[6T'a%akr8`hص[6îUn1:.TK jK[6Ub|**&)Snh]~#L" #6 5vA~}QO c%T_ZkPpOm,z&n-mr_9h^d UA|~ xrQKW؞a+OMئ5M>h[x|kVp*\K>۾rʛE1L65i'\yU'\˄x`nGlg>~ =L0^ 8TX.'M\/ωRRH9_^+kd[+BNyOt DxC;fD(ot'@IIz(WMv/N=(U2 \,[-ICnU`Ixe1Y.y㪋S0E"ytԩMLSո8$OpxΠ'b¸$&ω{ gge+ɺVo7FwuYP%!ښ%G|[piWj 9i1Che:kK &$Rp`ż)_xd2*5) k">s FӠ9xa ZdzW]IUJ ³ LcW2^35Dd |S! =LJ!Ք5+]&#NZ!TD%kU+ǝ2c[峮Urb(@W/_TgoU$WlAj[ sb1% b wx UF*\عv7[@5aeƿg/݋N!\msT"רn1ȣ$"оz6շԨ +|= ^)/רrrb0y[6 UМ ë6^V%R$R t P5dF0]j("fCͭ>T<(e)m-4EoA&F$s Dz2zےF1x wtD;S^W_N-/)&po^FL 82 ּޫNr0W<ȷ^|afJ$+vŮwRt+ZZGQk:rw\،uWI#l)؄?4ˏՂX~>%^PkawMn1O5Ũ`~ccM*@& @m@&miT*vMn1FZ$HvMn1Zfk\*vMn1z$VrѾ\Ukr^xhymkr\E-qIn1Vݨa2PM2[Wk &TK ]QX~RIVUJHII @ ƺXpQSI#3I`FXlQSIQb$y& ,T W'Iq ' ]btBy!%ބt׎hBN)VH 2@3;Nh@v9$@&9%Ҍ5hF)9%-Ɯ2N@&I;%45ŘS)zdI7Tkr^lLO0<8xga=}¬+x9"b$g=4a#sosd#C= Kj`EwZ 9:df#Г83s_j>Hs(79*vMn1:S);Q±A;{"k[n=b^macj)sA0#П][C W:;3得{~6 :d㬄)N἖RG-qIn1ڏSL-@{x c )>1Ȝ:i fIC:'U*1»p5*s4~2btK+p򛮻-W ,iZ%][5EʨZцZ)Ģ%PŮ-Ƣ[ _C1bh H DkrHiב@u-b\#K{OfBQW-?/NݫvX׬tleOA |fpd pǿaϤ|ܟxq oƄo \A8oѕY5-FD6lI۷77j L9z?~P߃7@±Cc 5ٴQ늺ŘuG_y0{v=?#<1`g1•O5(ʺ|<f>ɛ߼~}Ly_U-Q1x0{_0p0

%P \*+O>~'O `_?ys4Y*0NV@Vct5&v]e0P֣G0bc?9~,hus)hjRBn1&FC,`GdAEuGV4DO qkY$[ P^w5Ы\YT C цHH Nw[V0&6œh0B0k , < e,+'!sכ7״_WW ?|L+;;?pE>8>3ŏZ&n1*j8BѓO2777W\Y2ZY~MpW_}_+5*+./.UY e;\*kcps{h uTXF#_+*ztBݕ'+V~? Wp}5כWkc 4 )T%,0 #ZM{!XD#_Lh .kV|!geڋx͏2~0Wf5U캎n1&0ƪ{tiC1\C7+nnhibI'0mVF @oe?{ݕEkZ]`^34`v@4 4d.0/'_!^"|E)zǂ{[;-/+z.S\]a,+ ϞΫ4p5:5S^$chWyo{>wSAjC:2I*%wXoǑ5L: Z+3.Cu Z~m \ԞE '+@qh%ldner񟶽i{#ơII_.QD/. X *f%Z>*VQJ'UPD!I7,CL.f*i Z]̰EQ $PŮubVpeU8Հ47}x$ g" *ڑgXĐ^{ lGSD=\OdGj p) 2Z11L^9\Dӕ;eFHIJ&@=.qteB7w07$j-p^0o9q$+Ff5}oh5XxEbk ZDMȮn1.LgR@9\3Z&k}yWDdz9b,X4S .GJ%Pn1n)5O'z)t:cM$y(k}XzH@&a@#[X-J`$l]XzH \2`u`-A$B %.<5$JNkk&,' \b}'a_4}ݤ5i: ?ZN_|) PJZ,iHڲ[pޖ` Ak;Gm@[pgk{/])66MS>qg;鮳Fc*n!Vv\ͭl߿{)`F#00S@ݞ? /wv\9JoBa[Ur@w6~<\Ƅ8nCb{ swǣ \ ^W ^ox$"V)N\w6vz tu32gUKVrkpA[Į]P.oȮ|lFV!k{.Hh8uxe`s (qpB hՄQ}xO?HVnM]%_&vpLfvz/"- \,\-li ^Q`ի]_&v{eLF{;h"ʊ 6Pwp%}UWۻ(#*+@ޡuKG[p2]?2׭]7=Z7ȎS{_j x ̭A'vEW:ve`B8Q캳i*!5{WI(0ro Z Y2&e`XYre>6*aNV_UUH} )*&JCl&a[$ H;a :$bT$=COY*J u}۾5Op`o?KW@G$+I+[wyIENDB`images/down.gif100644 0 0 70 11074463037 11052 0ustar 0 0 GIF89a s!, h.z޼;images/feather.gif100644 0 0 14507 11074463037 11613 0ustar 0 0 GIF89aFoO5p`Xo3Pps/n6KcJ+ 3PnVFw@qU j :O+8 2$r)7R .8Ѳf喓mi[|}eCCCX7QPK !!!___..-ppof sȣ㍌w츛fVЃk-3"ga^r3͊Wմ@֒ee_xay)Rz?n7hDf8i6[Gt<`3f!,F@ H*\ȰÇ#J8Q3jȱǏ{P A"B0ŏ;ADI$YL/{2"'iz\ʴiS5+ItrǎD` A1RX  B@4$3E,A2D 0E0]N#K|r+@8s9@ԲU ,x-W mA'NTACP̸Q E@؃ !L0̝i4?~lA^X2kI NP\pmПkܵn,DтU&h\%t x܈xPBQpFp,X @tP]D]taDPEvFLFwKzF ELe*A^`% ,[ bn 1!%d` %H⠁`ܜ-ĸp%եjW<|@Q0Al0RBA6 @yM& rBXa -qς2Ga Dpo0z,Ѐkx+lp)Y/$(fIz%Hٛ՛M^0)c#B B ev6l?p9NlAjLt)ddLM9|uőVTncj4,p0H z(L F0+a\@|q &>N#Pp} {@m%0)hA_$4iCpH(8@E@pd^= R: !A 7&.+ '`(̒$.U $J0Le`nh;)%8!Xr8l QE( t@*.G8a\TΡ jW \3+J0no{ۀ`WXSYJ#S[%(o1Yn4; Zf̨gV D) .D~kܧ*-W 1 `f@XUA)J7 ZU,uiV+ۗ L4 )%lb/ -.hYB|s X\Pm3 𙳙hnD+ A T5A`ѭ.Ce33XȮ˱^+ npMw8XtAp4!.sw_BB3`!'mP fm(07,+X ^BJT+hBgÙ pKI` BМ'AD" q<(yp0=EE;8j*?"BЅ%ha ?G QH̴ɏ{3@@~uVF ` A/'Ԁx Kx"H³`lK²(WmE=q;wPc ڞhAoUԠ'Xl@ @# ZйqoR畟́eu&uT |wŋSjz5`E+TnCl Tuo2)!)X/RLk!V%u6>Pez%+<@_7pyA5GBO.j7OdwB"Kr"2P7(.pv~*L.b)Z+g6e\wR)77zRlPz+&-pBFRBPF('!!A-EU4ir&"9"P)`",:E|4NH8Q5QV:c #AWW1}R{#+cX}+30 R(rrP0ȆA w~2Tul&2W'84ug/mᄎi/o"YSg%IBy9Qg0`d/P]6A0;cFQ^-R+ŊA0Rw73E/cUUdB P3g.sr/na2PGgA]cg8u5`bQpuAs6:0AW4M;Ǐx+7c81U /IUYOYkqZceWi1hA`E.@!p$ggML6•60C3@RrÓ;i,%+}X3pQ3]#9+8ViL" RVm]a_(@U:&ިopUcP^QW)ZP`)dL0de`! =GL@XP|!>!{yi^`A^ePVp$3VDw =Yq=E'ih >nH4ptdv66>&A=!JFa i Q-lZ;%G'Eeg'yu?EY`GS``ah́K o :oY"7YA<MD@gw&BjP83ˤKwXS m#"U CdW×0rZ3N(a[y"\b/_ۡ?QHa?C6*u@1:8Aql ZIQrn"#P1?FP"?ƩG'P*%SbqQbuT' kh-Oʫws}d*tp$:v֮gB2,g-PtO)šLR0OP 5#!6Y[Ŋ:MCB\qE*`;h+~ۦ,d'-;5KrH jbJs}Z:@5vJ}NA[, {@@!@Ғ"3RGZmY`FR.AHC@TFi胢TBlmu{D)h~ ,2'G(;(zp=0nEP\n!rpp0U䁤KjÆt8bt4xk,(zn{OGiG"v @]pQPQnS4=[@Tc{t/@/q<:0NRzRWE8oR3pmmQ{(;(ptPő'.rxQ#RZErk6һ` Z>;)y֤NU͆g[JgWG bǻ~-p{S2HC&*w $X`nfڥ4`GIiV&aUN`#u":I3Ie] Tt9cWvkOQ;"F+Fj/" Rww@c>J}#k; YIp8v.@&}v%;{m\n(!rX!e[.dw&/4Xy^cȂsk@`3:dg!׼wր±=P.pu6,2'%;KBMEq.h&3r_+$p~@RLQbPigdI$r%Xm"+-@h{zM{<{pBd.ҷRv7~Y5$M@rt`hs>3Lμb}& F׆]篮4vhuôX"b{%@F,ԋw{`UT/J}h:ea9)\N=nd75ª(AӮ..c,ª)'oi!aSqtR8!B2:Z+8L:T? yW6`7Ap71E"[uIGƣ,,pRF,iԴ'wˋvB31Ј"WT/KSۗn"}u78*RB8m ?B&.vk'2=vw;h(Gqh12=({.VQ[ńTـJM:ZW"0_pI+|RUfB]'zG͒"8rB-Ⱦ0^UWձ@L5?eU9` E&Fh`OPcRd*5UXfx"孃Yq(H TQy=YGJ3/ԭSnYO:g1`%P8H}Ծ60`/pX R؏W}7-=.B2E#.,θUX xy=,2$ Y/955`ygMc%ns70BfRþ銲X2;iHB")`ұg=mqg[NqQ~}E{)?BX̣&5yI W9VC󳮒,:&hS'5)8 B0#7/*`HX2557gt8jA,4%__ꙥ/10|]bXZNmuI:w>A/( c;.6v5i7D9Xr5SzCg[4c5XI0u偨ހ{ @9e[:dkD+CH\;ɫEN1ŞR]/1UlP~88ko8s_ Wڑf0n1qYxx;6Ņ;Ya;!D hDAA .dC%NX1&lQ#Gp$n( M, )Y nTPtME,ȱ"O:. , A8||4"8FDEyw3x F 0Š+HHqE -X ]򸐴'9PȜ gI$G=o'n1,ťON< ;images/feather.png100644 0 0 14311 11074463037 11623 0ustar 0 0 PNG  IHDRFϩ<sRGBgAMA a cHRMz&u0`:pQ<PLTEoO5p`Xo3Pps/n6KcJ+ 3PnVFw@qU j :O+8 2$r)7R .8Ѳf喓mi[|}eCCCX7QPK !!!___..-ppof sȣ㍌w츛fVЃk-3"ga^r3͊Wմ@֒ee_xay)Rz?n7hDf8i6[Gt<`3f15 pHYs+&IDATx^[_T &6,(`MԌ1d&;3/U1ѨIf^ 8:uꜯ]'!騶)ݿ'?oK_'ǭvǐϯ?^ix]>im݈|I}x/|~{wzpu^9rOw`f}zROjᳳ7P÷ W {^xT?ٯ֪խã?yX,PdS ssڬ5ÓR 6zϹܐT Ufjs{k|Z]׷ZMSޏAx PV X T10DnYijQmV/^j}zn^n?~9|QR ===YJb)kÃfVM-vaaoo/ sYJjd2F&c:?VkyrI+K7/WG܁Vfa\=5욌]v[n4{Y;\ BpWTԵB툽n^zzu^0']e㽽P(;k|.R܄̒6ͦ@TQ]q5>ảo 8O}#Ե1=%d{f9eq 3n~Rc}5=Ϟ=H{Q*?>i`q3L_Z>M]Ì&(kT9b=w'ِq9{{^+Z%7?2wB9R nZ?`3^\ei]&pw/H'JQ)smkaeT\%׽Nj%l>b~Wkψ'b +m.F5~*@:}$;lEhs}k}esO.;)쁂 f2#6č< w7ehtb$:>*gg7wcHyrhCը׳:+'MبחqZcdLD'%oK1hgyeoD+ J6S1ۍBZ uQH"3O'7O:']B9gYKK93eh wR0ET=×r^t abϮ(<6IȒO$dgp3"qtl7<=;Zc'nG1U<_{=ˍR`> *{ ]\ٳŽSãQ=Ễ?{>hlxm|xp⻅P1ȵBX|)XPf5(\af#Qˤ~7/yj5;Ge_? r?^;_Ccfx2yy 3 ȡ1fK$6W0f!LI>I;As9H s;Yn4jT5Ľ_/>أ};KFu]?|];:|}-*?9\)eòN(::;[5vc~ }_ EM.>=ΐ;GGoj'jZοW 8*3:õD&mzV:o Y)Ɠd|os8m-']+ H?:1 )`qzkI}ˮNBH{{s^Е='׸)H$l (oRJ1dINI(!WN0{mXߠaƽjArݪV['~!Ƒ<˕ќĪؑqE*v gV_!ƻe4 Ƥ[%XiawMkdϪ㣛-JsPn^֛Fypprp*@֊@^lʌ6kfϰgŝ M GikQ߲M`iǦ.#80mW'ҾV|e᯿~;vIUf#zF9( P/3MaBv?/1@/Fm1 7@ܛ4yZ XR.قr Ju6Yd++Vg 3V/b(`fþQdo)ic(U3sI3K+Rx=CJpg Wu?ٲKjD_úA s2:dµ>"8'-Drכ?A}FDcv"38jBG!'^!&Ԃ(㒨-B1a\]d{ueb(l\8hujZ>Me[/os`^.k&SOOd1N~הD6k'N% P9Hΰ"քsF5DX%}lZg9,n/Zl BƨX,nn=!v!Y j>NA 3 e:0MCT4Kpw0p`k 3Qr 9o?w benn%"_/n74;vSpd m6ja=Wt fE=cSc/櫙 7_ Ac'䳸,rQ@0ُW}9f6:+̓ c<\c:ÇEYհ^$YTW8(hO8U\ [-\,3j5UYv?/,[a- Öa=H&@EhP 7NJ?7&؆XTEfQtYkuC?!08&IyC=cCA21EHUsY UT(z3kRI2 7 Z/nr oq5ݣ,Lh*B(|2w-\rsa';cgZ/o* rɮԠuAN@7 _/tؐ`2C|Tgľ|%)SOC- PV 0lBɎiy툜`$ŅݨGG 1Z;o1r/'I'/Kh5e>9c)@ ۱{􁹅î%`s𾔃ip/UtK1( a܂Dc?fVT`Ans_,`\N49t: aD@lRXƠٴ`yVqc$d v /=? 5 u[Y09 @ XKB]eY_诬޸WG2଻ahz I )Bv*CMSUB[rM.)%W W6p1E&Ґ1z1m˰Mdh4jlA+b'Yk2)N=RϖUƚ(`[ǜJ}rW#@ q1,J ZnVxB3}h]kDȌ :`a(Y J"nh^EmhI{ct#yx1gff z$m68+;2ED8\Xh`{~HgܒBLWn6IA9sX9>!c<E`3dEcKpuTcЂ+bqZA$9MHGdN"cf|tj6#<;`Hq#z# \Db%i=4%xԐ*Ɨddg궧pZga)p9V~(PEɘ8: {/&7Lcpt.H\re6[R󤸒TP8= W(aöϒ`Z[j_̟|H`arF*fq∹#Ō:dzl]\l0[^Ka`}sXzrf(4d\*aQLK,yc2HFB`P2Rbr=@;o!c-ϼ*ATB@x"= MǨ R廩'4Ek0)S.H!8+ SU(-ud}e  46 @>P!ɇLùEX| ʼ9c @N<ʡ x.ǝؓql 0\q?L({WxMre Ah@-(|}W,;X`/`3 x τ\D i:K!'p.%IU>2Q  n06L,  9vS+}ߵ{0:{;lJۣ)"9 ˇGAX76J*w#!|I\F#v7$60҃AUh yxcZP(Z8[۞` H"n!pr7΂&\$ZIENDB`images/left.gif100644 0 0 74 11074463037 11041 0ustar 0 0 GIF89a @Xq!, iLre zJ;images/mod_rewrite_fig1.gif100644 0 0 6705 11074463037 13404 0ustar 0 0 GIF87a,ڋ޼H扦ʶ L ĢL*̦ JԪjܮ N (8HXhx)9IYiy  jGzږ +;K[k{;ؚ L\l|7-]Bm -^@n/?ONmߝ0 <8-TᴇrJ9i#vבG[(6^_$7LFV`ִyg![^$["km)u{큺bM@50ֻ0w᷂dW"iqaG. 3vNxb9!֬u\NyƔu88ɗ7E͸c.6eТ"YxRi7Ԫ{e9|ʡd΃l!yfkXVpY69Rzީg^e(^p@ fDl8{gX-ƈo&\Z:bv"QuٵEbSgyXq}d_PZne^~ fbIff)h暽f.py˜tb睳g,|f_JhG>(.h0ioT .c| **"\|6jƭꫢN3V룰JJl3Tˌ=笶F.n >.C\o& o pLps7!>o=gF/gx/~ᗯ觩`ǟ[دC¿*B " \@,@0,lR>(t FHl [R"P%@^H򘟐@.# ,:$*s ,qTLbC< Ub [B,(z+ZhE2b>BaXŏGa҇x$;Lz);f d`ʢ(d"'g+]HZdA46$mʷҒLk6tHukiCrԈ44z:9PV2&4]I9@/zRlg ;tj(zLBrĦ>C3T@V6Wf`D:'H@le(xK iy{F)b<ʀڈ3 ACJ!wj?=I HIQQ8"NMKU>t@MpRE#qwrȠ4Tj#t ғB)c5cBGIDźL䰭K#$%N6Ȏ=jRal JA;+ &h*eB [ϞI¬H[&^DP\k5ad~IKo+vRq!7K˕oz,5Hui\]\ٝvF]Z껻.ț\!7  u v[/ x<+Xz| a88`roeKJn 1<  şP2 Ş1h Ʈб1x 7 ǜ2؈ #&p$ %ʍl#YR#dn9];di̘(5+932/;?Fc%|b=3S썳[ pc>=&NU6(ĩThD)Q>Ɏ-zOXt5)iqV)A Bqq>nf׫~/dWureMhG$^u|[ N3̲'k=t{w?>h{*kgTԋ>}ex>нOރ͟iOgv?o ?7G_ 6(@`J 2ӀB9-G7f7+",Fr!*8!X6(x.d+#XW‚z?3v#'rFIC6?ȁ+ C893/4X+o\7 E38KӅql|3w0&Gl$ɑCtA(9@yl:)iGUin REvyRiB"JxboRbqXV钥xPnPNE%hsaEBɕ+;xIuٖԴ?"Mt1vA)x`PqL'WNi_ uqɗGk`v3R7P{PetTy9nA|S67rرyRV8sqgsug5FB2Y*Dc;tjćb"N"Qc%ꊾhEZPspuq ,dfgҸ**^xՔT~}ÛIEPQp)73):R"Bs҃=1DWXsSteuQx"eKZt1UHo'qRkE 6i/?+;S 1,aVVXTIm_^F\ְdޔtKa3+K^?M0-/M=IV]]֯wJZj#D*89'ɡLvIjTUL{:qM|mPz><[1fr`:z"Ք==,VS hFXM3â `5%8?o{`*q>`m{`*q>`m{`*q>`m{3<+wCqzNLqNg`M >5{rO&a8mu#CwX%|~>kcK($˕: 6Pճgu= =wdg}wMYMF_*K熆DYM6`5*wǷG'|<`]+a/ըW5R:LNbf&XcT^d+Vf%z; 7 epϲrEZ7X=48ڠ VGVXCgŞ?|T֜~[g.X +8e5ߦ䞚ueg^W=Z~CXtYLZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{Àe2LZ{ÝG5˕Y}C U5yk&CL cNjxnECx)eC$aw3D~G#Mh je܈w+kM`%>AT~6â]+4!OP8?ժ5S&sM3Oi8[w#5𕴲y"@D: _coҿSPGd0Y$ǘ9,,IwNVP'!IYfg4T?E>iIyn"/UWz`99t|$9E۔V͎ۅJ`/>r՝봰Jsp,U3XRys+&xlWE {")~Q cNZ5%}2$o'Q+=_D K-HxyyҕI]asYiz:ş*Kc!p|qYn{CXmC!FgoX꘶Q!WZ␂';5vXX5XX5XX5XX5XX5XX5XX5XX5XX5Xֳřgm oӵ#wMY/o_D'֤jfrQY֫X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2X6X"2~t٥ S.NA}U~"ڃ ^)Li]ʹ/%]u,Krk짗blY]Pz.y>u/(oj?Iȕ9X{VjVk\G2Vڌ/-&JkUVt.]mUYº![%yE$/P-[)Tox2Y2Lj4aډ (}]Ѥ]cV1'5Nu(Ir-8}VZQf=I֦}/5rx,>1++kb])hWaGvc.dN+7a#s۔-i:^b ݪbn7ܰr%yq7Rۡ OMX?Ŧ8NjdH  9OU kzI/[v]!d;CW̶5#5(ځV[׌נhXm^3^`5zz v 5#5(ځV[׌נhXm^3^`5zz v 5#5(ځV[׌נhXm^3^`5zz v 5#5(ځV[׌נhXm^3^j^Jv@[m.z.NF~)&OQx8`M=9KiX?g@W|42?*n)>jaW OA3=~3F$ mt&l};,UL`W["`d#+g e,ttYSA]Y=aQi8+KP.uSKkaU?/~X"le*¥4]ck{aUYEX| Pg|r=K}S'{lhW MPŦRXܮ .uo>UrTFU֒Xc+`cFaxW@eI%b`mR`TfN=9}6Cs V#'՞>g5Y=o\>Gl| ƭyױǸHo[`|#` Kw0 &&X )(TT`9RQ,rPC1`9RQ,rPQYHGˑB;£”f>X׉8cZ2Sv*eguq93kRۤKfX*LYH`?`>um"gZ[j>n]8m)ZR4/։>Aۊ|'a6/h꿵>SpN:N,(@i}ūDL/P >Y3@OVe ; @Lw!7 R+TR| pOүOQi19y7D׷G:YG&bK7Z ģ-"ejPRhI:+v:Z^^eZne^~ fbIffn)%Vf fl)gGig;g0g%*hjhLĠVy h`8ʉ/az)[(-kb^)D.]%eLYT:hjZ̝"\.|fNJ&1gj-XB-~GAʧQF3.y~I@S_>O?w"W\ V*5חnE7Wq2g/ae]&_Ce"vՙG+u7΄ǹR]}&KGlݽv0mqtOe!GXr)>|0_o_ ln,Tm\K5BV jt4d-vF[c5v Hbri?Fiւs/ I *uؽ.Ynɀ?Њ0y+fۋ.L/j'BDᠢP,aVo9:f~~_OcwA߿E?{/ M ^=8` *00E&h"+i?@ODpAP! _pb i8C8|G цSDjL|`&J \DE?pA_DP5 glRAP61*s# 1\#A@6-`#vd0HB|@"C  $y4rCL&/TN,'UJ#AL% I m/he,kHDj/ `. ԥ oY "\L!B38&5ghk0,&YLn9TyN5L%c괄¹xf05LVpUis$d8) BoL?pʳ<>UC #<& i,Zxv9|]"*-:*QLֲBå NK6ҙKO|KCHgGN 4]F 碌'O&MMLzNsnՎt2łu9]m:g7A 3Ԯ/ۤe=jQs};6:UgiC28Ņ+Z pi]̅KW͆0mժnͳ6r{b{ VegSֱ3t{Ul\q삎Ekgɺ& KE/hs{Cs Kz^Ҥ۠:eb'`rEn*QHjbC踯X-T)ؽåNUؖpm(Hכ,$)/qHF``q7#׀_0'ˀ^p+]/\ @-iš,qZM{=wO?ԗk+oKԯ ;images/mod_rewrite_fig2.png100644 0 0 10060 11074463037 13431 0ustar 0 0 PNG  IHDR}R2<sRGBgAMA a cHRMz&u0`:pQ<PLTE y pHYs+ IDATx^흋v* ENz‘\G]k :N韟G>A/; ]/; ]/; ]/; h|c=dWx̮I$ә퇹Hz ZSI80c A޴d&Q/8W--925 o3@7,A;hcD6~"HVA,W<5gEъq<8uYHAY@fҸ(r ˁ5y G, CpNiŗ(͹?ת& &R:ztE1y?)<} Ak:<R'IhI>JzRm 9<mt] A}K^-vA gNճ:b}2J}"L\0I4PxDd)8I J"cr?/4‘A<'Yt/<48xUӺmg$5}> R 8>Ig=9_9̹WధɭAZқtE?+iOG0XқtE?+5|/I\r%?)[EQwN_w黴_w黴ml5 txG&ja`6.f6N szE?fSoz,><~{"^'X  YmV {l"?Z bD1?Q$49$)PO E< U]>_EOPD9K^껭IQh*h_~9jw_zv)I2IONQt`ow~-o2>M޲4QG9RfI3jG9_z#[5]Q:S֤ pw@z[\0Vя*&}ϤU2LQ[V5ЏI Z3ZE bE$wi$wi2eȌgS;d"(lnϱBA-(1 ewRs3_k ƌA?7ec*S wYaJ!nhwJy5})B};೏"XmO6AaVaq&z), "iڀUz[xU3ƭF=⾴ zt9 {+CS7ѥqBOydj@6*$׸I<~6@FBO{C*c>@RhBV!  ۑq~3=4{A8FMM$|(2!Vz?듈3LX?#Gʁ[N_ XT($hAO; KA; pvXH^i}KkGRz$6"C4c3̷e>5_#/^!FEGOʾ!.S . (Ү.\N5yiҽNSl.!&W, пĞ{\*_RΓ oh!:~Y]G$[ע4_cLU/; ]/; ]/; ]/; ]/; W?_9i?t7e?E]BǢqD_Fб'@\6Q%t, Met ~eE]BǢqD_Fб'@\6Q%t, Met ~eE]BǢqD_Fб?<~>:DzxV'T#x%Px^4dPe3+Oa=oe`vuȩyڜ?vKCPᾏ581J>c=Мf;WEhVAވEmG)٦B6 8r!8>pش UBB)v  "qσ%#|a\ۏ1G/3z_D teNQ}ekRMЇʖ ab kߎڑDQD 儾ښqiH&QyC?#R8nŢ mqڍt$ Jb)~;4j4PRp:.GH_ eo MNMx.XATxyiu_+Uzﴺ,{ n@`;).&U=}.&RipZǰt'&'?dsO cx/|ރ4Gcӏcy֨VW*?=2Yؒ|$bf~&<[E?eRя3QX-8E?eRя3QX-8kd@[IENDB`images/right.gif100644 0 0 73 11074463037 11223 0ustar 0 0 GIF89a s!, lcrJ%6;images/ssl_intro_fig1.gif100644 0 0 13152 11074463037 13112 0ustar 0 0 GIF89aG!GIF SmartSaver Ver1.1a,GI8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzxL.zn|N5;{0'9%˧7#5~}!3 -ஂ & |}"&a4qUG}'v ) mDB SN3"6A,SgGѬ$t[]Ҥ1=p>%fvkVZZ`;ۈd/5;-YOlѦnٜYԗX*^韗.7>6#]ϟmoצNZ9y}=[`9*ߓq}'*Q is[Z7tsή]vŏ<Ễ1/YKzk~wyg^z7[wY:8{wb'be`Wxg[yf`f(F݉U0 :FpJ!;HԒ"nQ8l6h[]-Ȣdlyԓitu[:W\|V'~`Z|gnF< PS*Hq zjj{cjjB뮼묷+$$쳗±V˨ ̨mLwSZk9(I{r(ʻz2kuv-ꟄjהokSXօ[;of,avZm㦲2b796 H32*:2}"nWԸ?z)QR"DID`6p}<4¨۠Ҷ}Cyt Xz%q@.o΂a = ֤24D"@&~;T&%.`X֝u*+ڝh0Ű\"8:QBdx28s. [g8eYj\ U2ms* )8ͅI덯&IJZj&H9Z[甆(6[`9@R>l9MN+-2* +F񘦬HIZH\!!q*svdrӌȀl&y/6f D:i.wkEϷSU53~^OM(|UDu=jF9ϋq HGJҒ"=(%V T,)\RXCtz5J?=R+) FMJ!58E]TԞaW*U} ^*XǚկUg Zɺմm+\UU@iMӾA{=LEJXVMl{|)+_S e9 ⥰jֺ,fٖp|4JD;–bAqkn S깯PpD&Y0' ƣ„qg%Q|8ܙPnrCRzwB+q[%v5sX% kS&Myu;dJܨ=5 !G%~ q,I))n[LGu8ơ'OdSeXLAdM *0Ϻ ZbD1<$'y`$41_\،ʖ2&H4{ ыrqأ8zrQ]ְ81ey~7d/t-I@34BP3NƓ +zα[x93҈9ZK&ۼsEq*$߸fj|ӟb!=j@78iazCvҊ\VDij%f.kͺvq*E Uxѭ>N]RNhf*#ʾT 4}Jgꁶ`lFpi ځW5ތ+⛍|qK_8Q!ҫR?!}6DpC< b?3-Hŗ_% dF'1ҏx `W#ЁC:W9M QQ=q8ouW;y?۱(:8ݯԧCI-*ˣYK&;;h,%j,Xd7UWoKaL]eq=S9B>p28nnQ&lň;4>f4wB֒[ZM;<?c.9}& HFjd9B+Ζv(Lg&kG6| q+j(c3'D1s5b'ZD%B-(vz}^ru@tvOƃs|@XEGZgGԄ%PPRHPTXIx c^O``bAql؆nxVAxL\P_sl`CWp~D{؇qBW{ȇ${#>3?v>G=I"uEqHU?"QAT^CBr1舛Uae'EB8\ys_%B]ͅHev'>vys7dzw^}Td[E'TRrը^'8Ɖ=iH]}]o v5Vtc(Wpy-[فِT )ly-8ȑ%DG(ib&p-/y 1kV8i P} @yn?)ATSՓETvVxuWKyMɔOVuUNiRP99ɕQXX3]5W*i,YFpjWcɊoySl)gn9APS7AOx)SlYZSguq, "ń#bh$%gydXgrshg@wO\Lgg] Śu'ChɒID˘]8^cbkRF*qԃ.i::諿zq"$yI_`y7[Uy.H3'0iHt9"•Cjg4䪚txx^iuhI;Ģ׬!Ww1vY{v|b~5NhC J9WsmBZǍG靊Ha9Ԉ~gE*@^J0 Xo{⭬PhB[T[ ǫṵZ5*EصrgbGjm붎/١sKš1ڷz-Zx`~{{r{+UŞw<H6Oe[:k빛{b4 ֺ{kKka{Yy;9FT:HYLu+JT` ۻ;֛ػ]K`˻|PKo5 {X`*an0U8r(G-~Y+[wJp .%v# Ț66 t!ҍ+k_r U'\t |[~ǀ,lLvOǮDĻT ;.]|Nw4eҘwO|wh:V^JrQ#'[\c,*<6`PNJla0_Þ wT<ȧ[ɉ_ȔNȁZɳ'ʟ| _dʣ|=}Z~|_²;@hy뿦˗Hs6ʻl,HUˋSKLiy9l ,ɋ[F',D,|>|V,`+{{[3y2x}=~&=T(˙}3d@4vxٴe{XS%ق*b%/zWzsG,oЇHs{mT&קgi *%v *8Ʊ4l 'Ӥ:+꣔sHP <$5r>U jmMjoydKay% (| JEM K"@Ec"hj6)o X~"H)L=՗ ڜLЛ{<1̀к]uʒ|MڷΕXZSE,) ck {Lŧ y=,8> y(_ە>h#mN1l0ˌ| ,S:y5yUL"[%VS@@S5.PaROS"DUD_V=phV_T>uJ&TUCPp U@NZ:1#KDSu=E0&Xs}{Wu2#x&@XE>KjzfZ[J޳Edvn#vy:$,tXXDl44T4kDc  %-5=EMU]emu}&.6>FNV^fnv~V;images/ssl_intro_fig1.png100644 0 0 16235 11074463037 13136 0ustar 0 0 PNG  IHDRG2us(sRGBgAMA a cHRMz&u0`:pQ<PLTE-J pHYs+IDATx^]*7<-Q$Q*wu-U' !?H R)@J %H R)@J %H R)~S“688-4>?hwn]Cɧ!|[A)Eb\۱aNM`>!LLd~_?FT TErC}|khL ^x-7յր Q 6g{Bt[a V:8E' NȄ%ƃjae6[ڭ[ n08YXO >!D"$w ܄o0ULagtWJN{2>Y8я$e)&{JfB3uc靜QgQFdMRwDk&*$Xi,l=;5YXW7r'f*L.mrM;(6O4?bKDW&Re5Ǐ }X!4l͌Whj+be)<V4BC.ԑ'z}S-'O < jOiFJ!pi|6~pFKku iTβO=_Js[7 ܨNط 8Єvb|Sd>8'pb߷U@w@=C:1.Zq.{N]E'V綶? 'A'4Rs |Uޫy$Rʼnm6~-( =+@O+“%<|uRkWM0ա^Ֆ `ZVk'1 @w/[#T`kV9|% HKYOt6~M9|VJWLkD}k pJìJ8 { Qs .UHy4'Vt=SY]sQst=Jް9|D.NB.JGMG8'II9p͟'9q-4 L:|y*$%,' x%>2nRKNڋ "*{N"?UcFXX&CFpe\J]>%JY!1@YW?Tp Fe1W4] pb418OzY ĩGK-ubh $%L\yVf8N%鎫AvI8U D~>}=>1 ϔ+ ԧ\F:E8>mǧ|ؖE*=[޻+GᴏZ< )O|rZ]*qZ/჈ōFxjc`eWNJ4‰Ӡ1i8mju逰8[c8^L^J'N$7qkUicp\FI9n!W{L_9Ә$ ZLT@(g/mHi*2ƦX~ FU@&X.oS꽑zb?x!%;8.HNĪBE%NcpRgT_꽡VUn{Ojqo;8G@Q_]QzlsG qɎ84|Nqi5uaKpka}>,>>}@x180FTH> ?㤍[p]HG{:}ENiGfd8ז#8as$Nj4{ DlA˿VA:YQS*JK؞(~/w wdq;` N@inAgoU;GwDDk%8xkQl⌖nKTPEO§6NIj"VI *>f$ûIɚQ,@iVQ(L(AmH{=F=}",Et 'CƯ>UFM4 WVR(.GϏS6n1ZϞ΁bEN`夜A` +9y<j Cwjo >~.r'VS{9|s\U@8P`^$>1BT=mA:|fQ'э}~3DjN)`)+h 1 d>4o-]̸dHrT=*KNAS5I5p$jy)3St>GeUg}̟B NJfu^@ZN5Z-<'2I'TNX g:f2Q%J^ Mh$1Ojiqz5 Mz{V&:T L`"Jy0:/PrIHzSQQ6^~'! =\ *TBGؾϏW66icSeM<,n\:%n)| Yzg "j l7YF utq>Dh#!"0(1Z/}=#9(5:<>O{]\9 t G`*qa$ЁmhFq,av\ MD<"`HVQ.*x}:5gT0 VnfGk`G5>,/dv]㩿#'XICr].}kç iaժĩ#r{as-Kx߻aj3D/<7CՋGtGtҾT8YyƖz#exF8yL'֗Ic#BBW9V=s=v$bZU:qZ%XSL^J'N$7qkUN[W]ɹf-N? 89H(=ƩbSU {k7w򽣺"r~8朏{o=]Tp1{wݜE8cnhmLl=.4ď $v 28!٢[>5Gs|j#Ds@.N_yX5:,H]t fy ;VS]굑yEyJO;Σs-c~̳/:OvV'.Fr=`hO[>-* E ceEuп>FS)룅O':jԊu!HƠEc2.[էZLg32uCewȹ(4#_l#T@ŧϼ.mCW>72?"`tENqR,3#>[Ϻ> >@6|@o3[~yƪ&XO",UUHʃ@{RQGa* B\@ (O8/'z5Kx&ulTL߅S]CQ%k>\)qrhIjOu{kHt}>B1-J\)lLtqh{ן.$rרzP ɺcٵ0OWWZ80s]YVȇ<ʇc(iJawdT'%pV20wz|RĪf9"VNgdbF6Ϊ#B*LCz>8wLE7g.ԶӉ`:g>)-X ]XNcsU)Y&t-qAaEG 0ZP`tYr;K+%Ҵ V\nOCdKF (D pW3Dd!kPa: V:'15ޏ)dB$CtMvpr6>Xܟ- 5wq֟YޙMh*43yA=}P㻚çm XNM# lFȑw @ N!yjQ4x4i͎: _. tc$NgQ|3q8[Ng:$ eAJZ h҂RBodrm#$?ҧ|!8;5Xn0L>#D:@)8VH#DB |C9 # dׁ`"VlMt qZqK>Q<hiW%A,kkj'zșY%i)H-CG9c/=8Qve;my{=Aol̊o,mهez8-D 5OcI>#=>A~>]ij~Gܗ$N}. w`i(N`&nνQFh ^^;.jm+r4TQH|,` TV7OeIO4yp@SY8I>j0q%݀8qsC|vm7b`)7• FIx(%"lJ %H R)@J %H R)@J %H R)@J %pC[BSʍ_U 4R1 x!؈h== h ">Hz Uݼb6+db@dT EX@N b7voԨ^$rħF8LhFp^!NJ` 캘J+ FWKDleOIC$V8y辰+O.8V_=szXϱR)@J %H R)@J %H R)r ]oHIENDB`images/ssl_intro_fig2.gif100644 0 0 5214 11074463037 13073 0ustar 0 0 GIF89a!GIF SmartSaver Ver1.1a,PI8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzసE(zn|N~ϯ%SQbŮȆͺO`յذߞM^۬K\%E032ȈaD*H1#DLxLU$)Qœ2Qi䬗H)ʛXIEfB?9 Yd+8o T Ѡ jt]uIh+zjYwZz։ˎpFpAJ`.ݐTML|»5#C-R$o;zSKR^}Ld 364<7#1+Ā<7cܼO s/WM;6l+j5b|ߖ`5D`]Y}B jIVcWa_f[ BWauM @"0ymMk~9]B8ckx\q8X@,Vgbo#EM $Yh!SMoP$X郖f}4'|qz1yd3f)h)c~4f"$n$ru\r>p.ʣ0ŀ s8ttziݝ,s 0|15 |b<9gupnYL3^x3Y]$25N32@KFBbp"wm:퐊j}RH'Jx;/z>n륔}y@7пJϤtӤm5ʫ$ ޻,WU#x $'3%sT ol}_#>>e>g^ï|_Ni*Ck" g.̀kPπrg+ nN )gr Fp3sac`u Q Qh 0%7C'>1H7E*.Xb9H/|bB15h/@:x̣>Q IB/L" !$'9GR̤ YFMzl%CIR<<*WJY,Y$.wO겗 &$)bs<2)b2<3Ijc̦6ŗmz&8IɈ$'6iY}v|'<~H\VCSUaXZִ:]UP@iV(G4|G!l;lo7?B,WZ֘fzhyњv=jYպ}l=ږn֐pXw=ry:W}tZ*ѽvz8xy?Mz|Kͯ~LN<_N2'L [3{ G (NW0gL8αwc߸@HNl%;P|,*[92.X^`0hNsѥ653L+˹xs>y|mc6jh}C/9Ў1;)[F3MJ_t|Ei C6/AiTԮV1WPԛ5U4չ5gka 1ymdήEiZG{Ⱦ6iZkq{>u{~y{}?q ;\ [Ᾰƕ{ȟґ!?e񕻼)OI8Ϲws5|@q˃NtHѓt.PϣN?I:֋^9}f?Ӯ;7._v8]m4}6{ m/m+~ތ/w{wG}]헺45O.Ͽ8Xx ؀8X?;images/ssl_intro_fig2.png100644 0 0 6166 11074463037 13121 0ustar 0 0 PNG  IHDRKXsRGBgAMA a cHRMz&u0`:pQ<PLTEy pHYs+IDATx^흋 Dgf߼hQT ՔNL,􏰀v", J HR,DX/ޞP`뱎+yp{u:\UC !tuan8gJY[YG}E};tVsҔ]1 謶z?$}GXkN ak4QJ&TV@C1&=9܋`(y\EBz47X` *ZXU+FHmjKq =u6`؀g0$`Hbǹ W?IFܛ66h㤗+Z V!\3"d g-E٠,'YY6꧳$[DA%;u+{'{"BB%y\`WX3B sNE򔞔!$rž&Vѷ綰#VCXQfκʼnٹS Sx0 .k@`35s̝̯[) >51VbH451{ ]"ﷶ5W0sVkbn4?/&fšq k2,9w&1 XT1 '4aa.\m8v# ^ ~gsuG`l7xY,/KX9ºe kw6GXw,a z%aQo5X;#; ^ ~gskRP%qח.5z}hNO*̠a_?_4;VU1ªWK,hh)a97ՠx 2pRP ڠ~QBk/e+~+88r0( - ˻Кҩ&]z[֫DGm )ֆ庒<* 5B&YXAP! Q🖝o}~9vpig n7R}t&XU&xfȁ٥0n"LJ}G @qD,  ,= HR,RT:*", J HR,RT:*", Jax K֤Hۢ ֢`rea)T*EX@ Jg@YPta)T*EX@ Jg@YP9|`p<{fA6Gd_֒9`бp'Kb2cymdS鈴/85 ;(^@Ki[ji,a",RT:*", J HR,RT:*", J HR,RT: ;~n,M 65w0aտi$5WV\s\NXMrLXso:a55w0aտi$5WV\s\NXMrLXso:a55wU!7–G6~].ݴ絛,].4Hg͝lmjƤq ;|sg+j!I_쾰28 <", J HR,RT:*", J HR,RT:*", Ja-{K\S^ [+ ,} HR,RTulTWJX@W<hIENDB`images/ssl_intro_fig3.gif100644 0 0 7664 11074463037 13107 0ustar 0 0 GIF89aC̙fff!GIF SmartSaver Ver1.1a,CI8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzx5zn|NxDB&l Ùr["Nе8l2aӰbu.jڋro.p\ްoRyW\pD wY󰿮Fܱ/L)怯ɥؼ3qn,0ss64+ IeZ3 )WP,!+pH%ωXCEXbX\i./ Ad.a`kƥq#HmuqvLx8-4P3F-fScH,ЃE)$m؎'r'AuytAK=1pg fCI$$]cH j!d+=PeF>`/FI2#!sTqt9#GN=(;I^Α[#M2 !-]IcN$8 7RҘlif&bvP"Ja YC3]<(q0 1yӋ.HFDɏ9A7rk>Jړ8LqNbc֫ÄmؾCr]Lg)9R1eexy^1h&+?Ʈ'39l׼g:0"[x=yφ>=9ǂˣeҕ3i`ӛt(R;XĘy,izƢMDzwjoGh&󼤜sOl سu`*!Yu;i0N7kJԛAidݢf6Wԝj櫋mdx6]o`׋z I޴jr0h;_fGP{{˵|sMqyere<0坣<(+C':ܥhN/+ԣ*QVRs(L^ϩX^ 훿_:hIGoZ.LϿDS}{5'v&7vKU3CfxSq3'h(AȈiusQE!Q<7hHf\UvkGOWdaP%}~;Gp MEsy%ЎtXA4WAȊlց5MFwe"9O**h,֨/-w0;$^Qq8BY$vfrajC҇1fIxBYӔs? Ty{XN;>ȕ]镉r`b9fGJiɖ@qRrIyuI&tyk—n(,~I~I{),iYm;axYYb.?hO&2&:(Z Z*5tpu(h<:BZDzFzQ;jMCc<4zVz7ʤ+= enD} (6fZ'2ƥq2J\$OrhZej8`> A҆3PJjI:z:dl wKZHWgzr60G$e`ʪԥʌ'QSl5Ko)|΂MtZfka w;.|?@<=A¾@ĿC7JKL1O-P2QS2IVWؑҞZ۟\([]] `a7cdefghibklmnopqrstuvwxyz{|}~3D;images/ssl_intro_fig3.png100644 0 0 12557 11074463037 13143 0ustar 0 0 PNG  IHDRC1>sRGBgAMA a cHRMz&u0`:pQ<PLTE̙fff$ pHYs+IDATx^흍b( ޟ#( DE p:LX_+ + +  |ſ~+pl-/Y'{qgDD^\rZɢىB,8$cNjCy^ak ]Ɠx-'&^W9YbDh##jTroejj5))`X $r ,BVp(8-0I?$4AuIh&R{PI%V $a7SxOYNqAP(~d@yo" N,OӮY&w'{Dfݱ *BZ,q D}L eZHPaaNކ%X{Q20ЉsG.44omIȺs:U4tNI,t.5Oɩ" ټw8Jk3찻FA׏!|y_ Cx)p >_|&(!##(F IIx<Ja!*R翼sf޶1->~1^sDAvrYRYs=u"~>x<"uvG@~9R sR77=n$UkN&RU 1;pPy_4]nVj8?Щ4K*uae{eN TaUSE# nnwIi3#$t'B .|omD=ォauCU),{GJV5uk^T1;e$b2()8o3ەߓW[hu!}#^hTcSUA' 6Q@d#6ENm5LYtRMڕP_^ˉO NE'hm%'Z_ S/=?,"~ W$IG`SS elrov%4?RߴE7Dirc֜TN:?)8Q(PluA<}'1]ٕ֣E'-NO~rD . pU.bNSzV_k 5ZCW$aFdt%9H8'duz5ϋ׻8(htNްFP 9&u׎Dy@u)i9ꋲ. *ގskjaqCPCln8(F&we1¤sBhoc@P!ulأ}}@.] ԶD9n7q*˩or 'ZR@9M4=l>0eCM@V흟OSR_.yGzrAY~~y;`}S$;ш1Ch bPclw]P8yWq9ٓ$cm3?>Ib.NDHQ\='ڣ-\A s|?Uh(O5'b ˩0ȩ&FC7*z)IM A9uʜɡobt*٫SS?V\RSsC1xrNc(0Oi 9^z<91K'4cxP` /= Ǔ綪 evu[[̮t-.Vbg6(b(6]PdaoVsD"Mn)S(V%p{$C9D QTHjŵ$iGG1ѭ(Slp}q-PiHTÏw{4P` /= ǓsC1xrNc(0OplMs:ǃ5n:1P;18ѥ8n:cwNcprGlF_>Z)IɆOT.Qy`3)5ehO!ݝOYNO˚۫9ϹK=&hvix:WgXwr2W(T; %# D50)8b,z{ޫdi&*17Mm6M;ZNSvw6g]7T {ՃZp\Wp\Wp\WYV؁<IENDB`images/up.gif100644 0 0 71 11074463037 10530 0ustar 0 0 GIF89a @Xq!,  4{n;index.html100644 0 0 12766 11074463123 10237 0ustar 0 0 Apache HTTP Server Version 2.0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

Apache HTTP Server Version 2.0

ǥ

ħ

How-To / 丮

÷

ٸ

install.html100644 0 0 40141 11074463123 10562 0ustar 0 0 ϰ ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ϰ ġ

ֽ ƴմϴ. ֱٿ ϼ.

н н ýۿ ġ ϰ ġϴ ͸ ٷ.  ϰ ġϴ ũμƮ  ġ ϶. ٸ ÷ ؼ ÷ ϶.

ġ 2.0 ġ ȯ 1.3 ſ ٸ. ġ 1.3 ġ ü ũƮ ߴ. ġ 2.0 ٸ ¼ҽ Ʈ ȯ libtool autoconf Ѵ.

Ѵܰ ׷̵Ѵٸ ( , 2.0.50 2.0.51), ׷̵ ٷ ٶ.

top

ٿε $ lynx http://httpd.apache.org/download.cgi
Ǯ $ gzip -d httpd-2_0_NN.tar.gz
$ tar xvf httpd-2_0_NN.tar
$ ./configure --prefix=PREFIX
$ make
ġ $ make install
$ vi PREFIX/conf/httpd.conf
˻ $ PREFIX/bin/apachectl start

NN ڷ, PREFIX ġ Ͻý η üؾ Ѵ. PREFIX/usr/local/apache2 Ѵ.

Ʒ ġ ϰ ġϱ 䱸׺ ϰ ġ ڼ Ѵ.

top

ġ ϱ ͵ ʿϴ:

ũ
ũ ּ 50 MB ̻ Ȯ϶. ġ ġ 10 MB ũ Ѵ. ʿ ũ ɼǰ ߰ ⿡ ̰ .
ANSI-C Ϸ ý
ANSI-C Ϸ ġִ Ȯ϶. Free Software Foundation (FSF) GNU C compiler (GCC) õѴ. ( 2.7.2 ȴ.) GCC ٸ ּ ϴ Ϸ ANSI ȣȯ Ȯ϶. ߰ PATH ȯ溯 make ⺻ ؾ Ѵ.
Ȯ ð
HTTP ݿ Ϸ ð ǥϴ κ ִ. ׷ ý ð ȭ 캼 ð̴. ̸ Network Time Protocol (NTP) ntpdate xntpd Ѵ. NTP Ʈ ð ׷ comp.protocols.time.ntp NTP Ȩ ϶.
Perl 5 [û]
(Perl ) apxs dbmmanage ũƮ Perl 5 Ͱ ʿϴ. ( 5.003 ̸̻ ȴ.) `configure' ũƮ ͸ ã ص ġ 2.0 ϰ ġ ִ. ٸ ũƮ ̴. Perl Ͱ ġִٸ (Ƹ 춧 Ե Perl 4 Perl 5) ./configure ùٸ ã --with-perl ɼ (Ʒ ) ϱ ٶ.
top

ٿε

ġ ̷ ִ ġ ٿε Ʈ ٿε ִ. н ý Ѵٸ ҽڵ带 ٿ޾Ƽ ϴ . (Ʒ ) ְ, ڽ 뵵 ˸° ִ. , ֽ ̳ʸ 쵵 . ̳ʸ ٿ޴´ٸ ִ INSTALL.bindist ø .

ٿε ٿ ϰ ġ Ȯϴ ߿ϴ. PGP ٿε Ÿ(tarball) ˻Ͽ ȮѴ. ڼ ٿε ְ, PGP ϴ ִ.

top

Ǯ

ġ Ÿ ҽ Ǫ ۾ ܼ tar Ǫ ̴:

$ gzip -d httpd-2_0_NN.tar.gz
$ tar xvf httpd-2_0_NN.tar

׷ 丮 Ʒ ҽڵ带 ο 丮 . ϱ 丮 cdؾ Ѵ.

top

ҽ Ʈ ϱ

Ư ÷ ʿ信 ġ ҽ Ʈ ϴ ̴. ̸ ֻ 丮 ִ configure ũƮ Ѵ. (ġ ҽ Ʈ CVS ٿε ڴ ̹ autoconf libtool ġְ, Ѿ buildconf ؾ Ѵ. ̴ ʿ.)

⺻ ɼ Ͽ ҽ Ʈ Ϸ ./configure Էϸȴ. ⺻ ɼ Ϸ ./configure ɼ Ѵ.

߿ ɼ ġ ۵ϱ ġ ϰ ġ --prefix. ٸ configure ɼǵ Ͽ ġ ڼ ִ.

ϰų ġ Ѵ. Base ⺻ ġ Եȴ. ٸ --enable-module ɼ Ͽ Ѵ. ⼭ module ̸ mod_ ȣ . --enable-module=shared ɼ ϸ ߿ ϰų ִ ü(shared object, DSO) Ѵ. , --disable-module ɼ Ͽ Base ִ.  configure ʰ ׳ ϱ⶧ ̸ Ȯ Է϶.

configure ũƮ Ϸ, ̺귯, ġ ˷ 찡 ִ. ȯ溯 configure ɼ Ͽ Ѵ. ڼ configure manpage ϶.

ִ ɼ ֱ Ư Ϸ ÷׸ ϰ ߿ DSO о mod_rewrite mod_speling ߰Ͽ /sw/pkg/apache ġ ġ ϴ ̴:

$ CC="pgcc" CFLAGS="-O2" \
./configure --prefix=/sw/pkg/apache \
--enable-rewrite=shared \
--enable-speling=shared

configure ϸ а ý ˻Ͽ ߿ Ҷ Makefile .

configure ɼǵ鿡 ڼ configure manpage ִ.

top

ɾ ϳ ġ κ ִ:

$ make

⼭ ٷ. Ƽ III/ 2.2 ýۿ ⺻ ϴµ 3 ɸ. ð ϵ ũ Ѵ.

top

ġ

ɾ Ű ( --prefix ɼ ) ġ ġ PREFIX ġѴ:

$ make install

׷̵Ѵٸ ġ ̳  ʴ´.

top

PREFIX/conf/ ִ Ͽ ġ Ѵ.

$ vi PREFIX/conf/httpd.conf

þ ֱ docs/manual/̳ http://httpd.apache.org/docs/2.0/ ִ ġ ϶.

top

˻

ġ ִ:

$ PREFIX/bin/apachectl start

׸ URL http://localhost/ ù ûѴ. Ե Ƹ PREFIX/htdocs/ DocumentRoot Ʒ ִ. ׸ ɾ ٽ ߴѴ:

$ PREFIX/bin/apachectl stop

top

׷̵

׷̵Ѵٸ Ʈ ִ ȭ ִ ˾ƺ ǥ ҽ CHANGES д´. ( , 1.3 2.0̳ 2.0 2.2 ) ū ɼǰ ؾ ū ȭ ̴. ⵵ API ȭ ˸° ׷̵ؾ Ѵ.

Ѵܰ ׷̵ϴ ( , 2.0.55 2.0.57) . make install ۾ , α, ʴ´. , ڴ configure ɼ, , API ȣȯ ȭ ִ ´. κ configure , ְ, 鵵 ̴. ( 2.0.41 شѴ. 鿡 ȣȯ ȭ ִ.)

ġߴ ҽ ִٸ, ׷̵尡 . ҽ ֻ ִ config.nice Ͽ ҽ ߴ configure ɼ ״ ִ. ׷ ׷̵Ѵٸ ο ҽ config.nice ϰ, Ѵٸ , Ѵ:

$ ./config.nice
$ make
$ make install
$ PREFIX/bin/apachectl stop
$ PREFIX/bin/apachectl start

ο ϱ ׻ ˻غ Ѵ. , ׷̵带 ġ ȣȯ ִ ˾ƺ ٸ --prefix (Listen þ) ٸ Ʈ Ͽ ο ġ غ ִ.
invoking.html100644 0 0 16170 11074463123 10745 0ustar 0 0 ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ

ֽ ƴմϴ. ֱٿ ϼ.

ġ Windows NT, 2000, XP 񽺷, Windows 95 ME ܼ α׷ ȴ. ڼ 񽺷 ġ ϱ ܼ α׷ ġ ϱ.

н httpd α׷ ׶忡 û óϴ ȴ. httpd ϴ Ѵ.

top

 ġ ϳ

Ͽ Listen ⺻ 80(Ȥ 1024 ٸ Ʈ)̶ Ư Ʈ ϱ root ʿϴ. Ͽ α ۾ ģ, Ŭ̾Ʈ û ٸ ϴ ڽ(child) μ . httpd μ root ڷ , ڽ μ ڷ ȴ. ̴ ó Ѵ.

apachectl ũƮ Ͽ httpd ϱ Ѵ. ũƮ httpd ü ϱ ʿ ȯ溯 ϰ httpd Ѵ. apachectl ƱԸƮ ״ ѱ⶧, httpd  ɼ̶ apachectl 밡ϴ. , apachectl ũƮ պκп HTTPD httpd ִ ġ ׻ ƱԸƮ ִ.

httpd ϸ httpd.conf ãƼ д´. ġ ߿ ϳ, -f ɼ ִ.

/usr/local/apache2/bin/apachectl -f /usr/local/apache2/conf/httpd.conf

ϴ ٸ, ͹̳ο Ʈ Եȴ. ̴ ǹѴ. Ͽ DocumentRoot 丮 ִ ׽Ʈ ũ (ī) ִ.

top

ġ ϴ ߿ ɰ ߻ϸ, ϱ ˸ ܼ̳ ErrorLog . ϳ "Unable to bind to Port ..."̴. ޼ 쿡 ߻Ѵ:

  • root ڷ α ʰ Ư Ʈ Ϸ . Ȥ
  • ̹ ġ ٸ Ʈ Ϸ .

Ÿ ذ ġ FAQ ϶.

top

Ҷ ϱ

ý Ŀ DZ ٶٸ, ý ( rc.local̳ rc.N 丮 ִ ) apachectl ߰ؾ Ѵ. ġ root ۵ȴ. ̳ (ϱ) ùٷ Ǿ Ȯ϶.

apachectl ǥ SysV init ũƮ ϰ ϵ . ũƮ ƱԸƮ start, restart, stop ñ׳ httpd . ׷ apachectl init 丮 ũ ɸȴ. ׷ ϴ ý Ȯ 䱸 Ȯ϶.

top

߰

httpd apachectl, Ÿ Ե α׷ ɼ α׷ ϶. ġ ׵ ϴ þ ִ.

license.html100644 0 0 32120 11074463123 10534 0ustar 0 0 The Apache License, Version 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

The Apache License, Version 2.0

Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

  1. Definitions

    "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

    "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

    "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

    "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

    "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

    "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

    "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

    "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

    "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."

    "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

  2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
  3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
  4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
    1. You must give any other recipients of the Work or Derivative Works a copy of this License; and
    2. You must cause any modified files to carry prominent notices stating that You changed the files; and
    3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
    4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

  5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
  6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
  7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
  8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
  9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
logs.html100644 0 0 63433 11074463123 10071 0ustar 0 0 α - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

α

ֽ ƴմϴ. ֱٿ ϼ.

ȿ Ϸ ߻ϴ Բ Ȱ ɿ ˾ƾ Ѵ. ġ ſ ̰ α Ѵ. α ϴ α׿  Ѵ.

top

ġ α ִ 丮 ִٸ ( root) ϴ uid Ȯ ִ. ̸ ʰ αװ 丮 . ڼ ϶.

, Ŭ̾Ʈ αϿ ״ ϵȴ. ׷ ǰ ִ Ŭ̾Ʈ αϿ ڸ Ƿ, α׸ ٷ궧 ؾ Ѵ.

top

α (Error Log)

õ õ þ

ErrorLog þ ߿ α α ̸ ġ Ѵ. ġ Ͽ û óϴ ߻ Ѵ. ϰų ϴµ ִٸ ߸Ǿ  ġ ˷ִ ̰ Ѵ.

α״ ( н ýۿ error_log, OS/2 error.log) Ͽ ϵȴ. н ýۿ syslog Ͽ ٸ α׷ ִ.

α Ӱ ڼϴ. ׷ κ α ׸ ִ. , ׸ .

[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test

α ׸񿡼 ù° ׸ ¥ ð̴. ι° ׸ ϴ ɰ Ÿ. LogLevel þ α׿ ϵǴ ɰ ִ. ° ׸ ߻ Ŭ̾Ʈ IP ̴ּ. , Ŭ̾Ʈ źϵ Ǿٰ ִ. û ( ΰ ƴ) Ͻý ε δ.

α׿ ſ پ ִ. κ ϴ. CGI ũƮ µ α׿ ϵȴ. CGI ũƮ stderr ״ α׷ ȴ.

α׿ ߰ϰ . ׷ û α α ϴ ׸ . , ڵ尡 403 α ׸ . α״ Ƿ Ͽ Ȳ ߰ ִ.

˻Ҷ  α׸ 캸 . н ýۿ Ѵ:

tail -f error_log

top

α (Access Log)

õ õ þ

α״ óϴ û Ѵ. CustomLog þ α ġ Ѵ. LogFormat þ Ͽ α׿ ִ. α׿ ϴ Ѵ.

α׿ ϴ α ̴. ܰ мϿ 踦 ̴. Ϲ α м ؼ ٷ , α м ƴϴ. α м α׸ мϴ Ʈ ؼ Open Directory Yahoo ϶.

ġ mod_log_referer, mod_log_agent, CustomLog þ Ͽ α׸ ٷ. CustomLog þ þ ̾޾Ҵ.

α ſ ϴ. C printf(1) Ĺڿ ſ Ĺڿ Ͽ Ѵ. . Ĺڿ 밡 ˷ mod_log_config Ĺڿ ϶.

Common α

α .

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common

׷ α Ĺڿ common Ѵ. Ĺڿ ۼƮ þ Ǹ,  ˸. Ĺڿ Ϲ ڸ ״ α׿ µȴ. ǥ (") ϰ ʹٸ 齽 տ ٿ Ĺڿ ƴ ǥѴ. Ĺڿ ٹٲ "\n", "\t" Ư ڸ ִ.

CustomLog þ ϴ ο α . α ϸ ServerRoot ̴.

α(Common Log Format, CLF)̶ α ׸ Ѵ. ٸ 鵵 ̷ ǥ α׸ , α м α׷ ִ. CLF α ׸ :

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

α ׸ κ Ѵ.

127.0.0.1 (%h)
û Ŭ̾Ʈ( ȣƮ) IP ̴ּ. HostnameLookups On̶ ȣƮ ãƼ IP ּ ڸ . ׷ ſ Ƿ õ ʴ´. ȣƮ ˷ ߿ logresolve α׸ óϴ α׷ ϴ . ⿡ IP ּҴ ڰ ϴ ǻ ּҰ ƴ ִ. Ͻ ڿ ̿ Ѵٸ, ǻ ּҰ ƴ϶ Ͻ ּҰ ϵ ̴.
- (%l)
¿ "ȣ" û Ÿ. ⿡ Ŭ̾Ʈ ǻ identd Ŭ̾Ʈ RFC 1413 ſ̴. ſ ⶧, Ǵ Ʈ ƴ϶ ϸ ȵȴ. IdentityCheck On ƴ϶ ġ ˾ƺ õ ʴ´.
frank (%u)
̴ HTTP ˾Ƴ û userid̴. CGI ũƮ REMOTE_USER ȯ溯 Ѱ. û ڵ尡 401̶ (Ʒ ) ڰ ġ ʾǷ ȵȴ. ȣ ȣ ʴ´ٸ ׸ ׸ "-"̴.
[10/Oct/2000:13:55:36 -0700] (%t)
ûó ģ ð. :

[day/month/year:hour:minute:second zone]
day = 2
month = 3
year = 4
hour = 2
minute = 2
second = 2
zone = (`+' | `-') 4

α Ĺڿ %{format}t Ͽ ٸ ð ִ. format C ǥ ̺귯 strftime(3) .
"GET /apache_pb.gif HTTP/1.0" (\"%r\")
Ŭ̾Ʈ û ֵǥ ִ. û ſ ִ. ù°, Ŭ̾Ʈ ޽ GET̴. °, Ŭ̾Ʈ ڿ /apache_pb.gif ûѴ. °, Ŭ̾Ʈ HTTP/1.0 Ѵ. û κ α ִ. , Ĺڿ "%m %U%q %H" "%r" Ȱ ޽, , ǹڿ, αѴ.
200 (%>s)
̴ Ŭ̾Ʈ ڵ̴. (2 ϴ ڵ) û Ͽ, (4 ϴ ڵ) Ŭ̾Ʈ ִ, (5 ϴ ڵ) ִ ˷ֹǷ ſ ߿ϴ. ڵ ü HTTP Ծ (RFC2616 section 10) ã ִ.
2326 (%b)
׸ ϰ Ŭ̾Ʈ ũ⸦ Ÿ. Ŭ̾Ʈ ٸ "-"̴. "0" αϷ %B Ѵ.

Combined α

Ǵ ٸ Ĺڿ յȷα(Combined Log Format)̴. Ѵ.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/access_log combined

׸ ߰ ϰ Common α İ . ߰ ׸ ۼƮ þ %{header}i Ѵ. ⼭ header ڸ HTTP û ̸ ִ. α״ :

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"

߰ ׸:

"http://www.example.com/start.html" (\"%{Referer}i\")
"Referer" ( Ʋʾ) HTTP û . Ŭ̾Ʈ ߴٰ ˸ Ʈ̴. (, /apache_pb.gif ũϿų Ʈ̴.)
"Mozilla/4.08 [en] (Win98; I ;Nav)" (\"%{User-agent}i\")
User-Agent HTTP û . Ŭ̾Ʈ ڽſ ˸ ĺ̴.

α

Ͽ CustomLog þ ϸ αװ . , α׸ . ù° ⺻ CLF ϰ, ι° ° referer Ѵ. CustomLogReferLog AgentLog þ 䳻 ִ ش.

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common
CustomLog logs/referer_log "%{Referer}i -> %U"
CustomLog logs/agent_log "%{User-agent}i"

, LogFormat ݵ ʿ ش. CustomLog þ α ִ.

Ǻ α

Ŭ̾Ʈ û ݿ ش ׸ α׿ ʰ ִ. ȯ溯 ϸ ذȴ. , Ŭ̾Ʈ Ư ϸ ȯ溯 Ѵ. ۾ SetEnvIf Ѵ. ׸ CustomLog þ env= Ͽ ȯ溯 û ְų . :

# loop-back ̽ û ǥѴ
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
# robots.txt Ͽ û ǥѴ
SetEnvIf Request_URI "^/robots\.txt$" dontlog
# α׿
CustomLog logs/access_log common env=!dontlog

ٸ û αϿ ϰ, 񿵾 û ٸ αϿ ϴ 츦 غ.

SetEnvIf Accept-Language "en" english
CustomLog logs/english_log common env=english
CustomLog logs/non_english_log common env=!english

Ǻ α״ ſ ϰ , ̰ α ϴ ƴϴ. α ൿ Ҷ ϴ. ߿ ʴ û ϰ α мϴ .

top

α ȯ (Log Rotation)

ٻ αϿ Ǵ ſ . α״ û 1MB ̻ Ѵ. α׸ űų α׸ ֱ Ȱ ʿ䰡 ִ. ġ ִ ȿ αϿ ⶧ ϶ α׸ ȯ . α űų Ͽ, α Ѵ.

ϸ Ŭ̾Ʈ Ȥ ʰ α ִ. ׷ ̸ û 񽺸 α ؾ Ѵ. ׷Ƿ α óϱ 󸶰 ٸ ʿ䰡 ִ. Ϲ α׸ ȯϰ, ũ ϱ α׸ Ѵ:

mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
gzip access_log.old error_log.old

α׸ ȯϴ ٸ α ϴ ̴.

top

α׸

ġ α׿ α׸ Ͽ ʰ ٸ μ ִ. ϸ ڵ带 ߰ʰ ſ ϰ α׸ ó ִ. α׸ ϸ ڸ "|" ڿ ǥԷ α ׸ ϸ ȴ. ġ Ҷ α μ ϰ, Ǵ μ ٽ Ѵ. ( ɶ 츮 " ִ α" θ.)

α μ θ ġ httpd μ , μ userid . , α α׷ root ȴ. ׷Ƿ α׷ ϰ ϰ ſ ߿ϴ.

θ ü ɾ ǥ ϶. α׿ , α׵ .

ʰ α׸ ȯ ִ α׸ ϴ ߿ . ġ ̸ rotatelogs α׷ Ѵ. 24ð α׸ ȯѴٸ:

CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common

ٸ Ʈ cronolog ξ α ȯ α׷ ִ.

Ǻ α׿ α״ ſ , ߿ óϴ ؼ ȵȴ.

top

ȣƮ

ȣƮ ִ Ҷ α ٷ ִ. , ȣƮ Ѱ α׸ ִ. <VirtualHost> ƴ ּ α þ θ û α׿ α׷ ϵȴ. ȣƮ ó .

<VirtualHost> ȿ CustomLog ErrorLog þ ϸ ش ȣƮ û Ͽ ϵȴ. α þ ٸ ȣƮ ּ α׿ α׸ Ѵ. ȣƮ ſ , ȣƮ ٸ ϱ . , ϱڰ ߻Ѵ.

α ſ ذå ִ. α Ĺڿ ȣƮ ߰ϸ ȣƮ α׸ ϰ, ߿ α׸ ȣƮ ִ. , þ .

LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost
CustomLog logs/access_log comonvhost

%v û ϴ ȣƮ ̸ Ѵ. ߿ split-logfile α׷ α׸ ȣ ִ.

top

ٸ α

õ õ þ

PID

ġ Ҷ logs/httpd.pid Ͽ θ httpd μ process id Ѵ. ϸ PidFile þ ִ. process-id ڰ θ μ ñ׳ ϰų ϶ Ѵ.  -k ɼ Ѵ. ڼ ߴܰ ϶.

ũƮ α

ScriptLog þ Ͽ CGI ũƮ Է° ִ. þ ׽Ʈθ ؾ Ѵ. ϴ ϸ ȵȴ. ڼ mod_cgi ϶.

ۼ α

mod_rewrite ϰ Ѵٸ ׻ RewriteLog ʿ䰡 ִ. α ۼ  û ȯϴ ڼ ˷ش. ڼ RewriteLogLevel þ Ѵ.

misc/custom_errordocs.html100644 0 0 60202 11074463123 13443 0ustar 0 0 International Customized Server Error Messages - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

International Customized Server Error Messages

Warning:

This document has not been fully updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

This document describes an easy way to provide your Apache HTTP Server with a set of customized error messages which take advantage of Content Negotiation and mod_include to return error messages generated by the server in the client's native language.

top

Introduction

By using SSI, all ErrorDocument messages can share a homogenous and consistent style and layout, and maintenance work (changing images, changing links) is kept to a minimum because all layout information can be kept in a single file.

Error documents can be shared across different servers, or even hosts, because all varying information is inserted at the time the error document is returned on behalf of a failed request.

Content Negotiation then selects the appropriate language version of a particular error message text, honoring the language preferences passed in the client's request. (Users usually select their favorite languages in the preferences options menu of today's browsers). When an error document in the client's primary language version is unavailable, the secondary languages are tried or a default (fallback) version is used.

You have full flexibility in designing your error documents to your personal taste (or your company's conventions). For demonstration purposes, we present a simple generic error document scheme. For this hypothetic server, we assume that all error messages...

  • possibly are served by different virtual hosts (different host name, different IP address, or different port) on the server machine,
  • show a predefined company logo in the right top of the message (selectable by virtual host),
  • print the error title first, followed by an explanatory text and (depending on the error context) help on how to resolve the error,
  • have some kind of standardized background image,
  • display an apache logo and a feedback email address at the bottom of the error message.

An example of a "document not found" message for a german client might look like this:

[Needs graphics capability to display]

All links in the document as well as links to the server's administrator mail address, and even the name and port of the serving virtual host are inserted in the error document at "run-time", i.e., when the error actually occurs.

top

Creating an ErrorDocument directory

For this concept to work as easily as possible, we must take advantage of as much server support as we can get:

  1. By defining the MultiViews Options, we enable the language selection of the most appropriate language alternative (content negotiation).
  2. By setting the LanguagePriority directive we define a set of default fallback languages in the situation where the client's browser did not express any preference at all.
  3. By enabling mod_include (and disallowing execution of cgi scripts for security reasons), we allow the server to include building blocks of the error message, and to substitute the value of certain environment variables into the generated document (dynamic HTML) or even to conditionally include or omit parts of the text.
  4. The AddHandler and AddType directives are useful for automatically SSI-expanding all files with a .shtml suffix to text/html.
  5. By using the Alias directive, we keep the error document directory outside of the document tree because it can be regarded more as a server part than part of the document tree.
  6. The <Directory> block restricts these "special" settings to the error document directory and avoids an impact on any of the settings for the regular document tree.
  7. For each of the error codes to be handled (see RFC2068 for an exact description of each error code, or look at src/main/http_protocol.c if you wish to see apache's standard messages), an ErrorDocument in the aliased /errordocs directory is defined. Note that we only define the basename of the document here because the MultiViews option will select the best candidate based on the language suffixes and the client's preferences. Any error situation with an error code not handled by a custom document will be dealt with by the server in the standard way (i.e., a plain error message in english).
  8. Finally, the AllowOverride directive tells apache that it is not necessary to look for a .htaccess file in the /errordocs directory: a minor speed optimization.

The resulting httpd.conf configuration would then look similar to this:

Note

Note that you can define your own error messages using this method for only part of the document tree, e.g., a /~user/ subtree. In this case, the configuration could as well be put into the .htaccess file at the root of the subtree, and the <Directory> and </Directory> directives -but not the contained directives- must be omitted.

LanguagePriority en fr de
Alias /errordocs /usr/local/apache/errordocs

<Directory /usr/local/apache/errordocs>
AllowOverride none
Options MultiViews IncludesNoExec FollowSymLinks
AddType text/html .shtml
<FilesMatch "\.shtml[.$]">
SetOutputFilter INCLUDES
</FilesMatch>
</Directory>

# "400 Bad Request",
ErrorDocument 400 /errordocs/400
# "401 Authorization Required",
ErrorDocument 401 /errordocs/401
# "403 Forbidden",
ErrorDocument 403 /errordocs/403
# "404 Not Found",
ErrorDocument 404 /errordocs/404
# "500 Internal Server Error",
ErrorDocument 500 /errordocs/500

The directory for the error messages (here: /usr/local/apache/errordocs/) must then be created with the appropriate permissions (readable and executable by the server uid or gid, only writable for the administrator).

Naming the Individual Error Document files

By defining the MultiViews option, the server was told to automatically scan the directory for matching variants (looking at language and content type suffixes) when a requested document was not found. In the configuration, we defined the names for the error documents to be just their error number (without any suffix).

The names of the individual error documents are now determined like this (I'm using 403 as an example, think of it as a placeholder for any of the configured error documents):

  • No file errordocs/403 should exist. Otherwise, it would be found and served (with the DefaultType, usually text/plain), all negotiation would be bypassed.
  • For each language for which we have an internationalized version (note that this need not be the same set of languages for each error code - you can get by with a single language version until you actually have translated versions), a document errordocs/403.shtml.lang is created and filled with the error text in that language (see below).
  • One fallback document called errordocs/403.shtml is created, usually by creating a symlink to the default language variant (see below).

The Common Header and Footer Files

By putting as much layout information in two special "include files", the error documents can be reduced to a bare minimum.

One of these layout files defines the HTML document header and a configurable list of paths to the icons to be shown in the resulting error document. These paths are exported as a set of SSI environment variables and are later evaluated by the "footer" special file. The title of the current error (which is put into the TITLE tag and an H1 header) is simply passed in from the main error document in a variable called title.

By changing this file, the layout of all generated error messages can be changed in a second. (By exploiting the features of SSI, you can easily define different layouts based on the current virtual host, or even based on the client's domain name).

The second layout file describes the footer to be displayed at the bottom of every error message. In this example, it shows an apache logo, the current server time, the server version string and adds a mail reference to the site's webmaster.

For simplicity, the header file is simply called head.shtml because it contains server-parsed content but no language specific information. The footer file exists once for each language translation, plus a symlink for the default language.

for English, French and German versions (default english)

foot.shtml.en,
foot.shtml.fr,
foot.shtml.de,
foot.shtml symlink to
foot.shtml.en

Both files are included into the error document by using the directives <!--#include virtual="head" --> and <!--#include virtual="foot" --> respectively: the rest of the magic occurs in mod_negotiation and in mod_include.

See the listings below to see an actual HTML implementation of the discussed example.

Creating ErrorDocuments in Different Languages

After all this preparation work, little remains to be said about the actual documents. They all share a simple common structure:

<!--#set var="title" value="error description title" -->
<!--#include virtual="head" -->
explanatory error text
<!--#include virtual="foot" -->

In the listings section, you can see an example of a [400 Bad Request] error document. Documents as simple as that certainly cause no problems to translate or expand.

The Fallback Language

Do we need a special handling for languages other than those we have translations for? We did set the LanguagePriority, didn't we?!

Well, the LanguagePriority directive is for the case where the client does not express any language priority at all. But what happens in the situation where the client wants one of the languages we do not have, and none of those we do have?

Without doing anything, the Apache server will usually return a [406 no acceptable variant] error, listing the choices from which the client may select. But we're in an error message already, and important error information might get lost when the client had to choose a language representation first.

So, in this situation it appears to be easier to define a fallback language (by copying or linking, e.g., the english version to a language-less version). Because the negotiation algorithm prefers "more specialized" variants over "more generic" variants, these generic alternatives will only be chosen when the normal negotiation did not succeed.

A simple shell script to do it (execute within the errordocs/ dir):

for f in *.shtml.en
do
ln -s $f `basename $f .en`
done

top

Customizing Proxy Error Messages

As of Apache-1.3, it is possible to use the ErrorDocument mechanism for proxy error messages as well (previous versions always returned fixed predefined error messages).

Most proxy errors return an error code of [500 Internal Server Error]. To find out whether a particular error document was invoked on behalf of a proxy error or because of some other server error, and what the reason for the failure was, you can check the contents of the new ERROR_NOTES CGI environment variable: if invoked for a proxy error, this variable will contain the actual proxy error message text in HTML form.

The following excerpt demonstrates how to exploit the ERROR_NOTES variable within an error document:

<!--#if expr="$REDIRECT_ERROR_NOTES = ''" -->

<p>
The server encountered an unexpected condition
which prevented it from fulfilling the request.
</p>

<p>
<a href="mailto:<!--#echo var="SERVER_ADMIN" -->"
SUBJECT="Error message [<!--#echo var="REDIRECT_STATUS" -->] <!--#echo var="title" --> for <!--#echo var="REQUEST_URI" -->">
Please forward this error screen to <!--#echo var="SERVER_NAME" -->'s
WebMaster</a>; it includes useful debugging information about
the Request which caused the error.

<pre><!--#printenv --></pre>
</p>

<!--#else -->
<!--#echo var="REDIRECT_ERROR_NOTES" -->
<!--#endif -->

top

HTML Listing of the Discussed Example

So, to summarize our example, here's the complete listing of the 400.shtml.en document. You will notice that it contains almost nothing but the error text (with conditional additions). Starting with this example, you will find it easy to add more error documents, or to translate the error documents to different languages.

<!--#set var="title" value="Bad Request"-->
<!--#include virtual="head" -->

<p>
Your browser sent a request that this server could not understand:
<blockquote>
<strong><!--#echo var="REQUEST_URI" --></strong>
 </blockquote>

The request could not be understood by the server due to malformed
syntax. The client should not repeat the request without
modifications.
</p>

<p>
<!--#if expr="$HTTP_REFERER != ''" -->
Please inform the owner of
<a href="<!--#echo var="HTTP_REFERER" -->">the referring page</a> about
the malformed link.

<!--#else -->
Please check your request for typing errors and retry.

<!--#endif -->
</p>

<!--#include virtual="foot" -->

Here is the complete head.shtml.en file (the funny line breaks avoid empty lines in the document after SSI processing). Note the configuration section at top. That's where you configure the images and logos as well as the apache documentation directory. Look how this file displays two different logos depending on the content of the virtual host name ($SERVER_NAME), and that an animated apache logo is shown if the browser appears to support it (the latter requires server configuration lines of the form

BrowserMatch "^Mozilla/[2-4]" anigif

for browser types which support animated GIFs).

<!--#if expr="$SERVER_NAME = /.*\.mycompany\.com/" -->
<!--#set var="IMG_CorpLogo" value="http://$SERVER_NAME:$SERVER_PORT/errordocs/CorpLogo.gif" -->
<!--#set var="ALT_CorpLogo" value="Powered by Linux!" -->
<!--#else -->
<!--#set var="IMG_CorpLogo" value="http://$SERVER_NAME:$SERVER_PORT/errordocs/PrivLogo.gif" -->
<!--#set var="ALT_CorpLogo" value="Powered by Linux!" -->
<!--#endif-->

<!--#set var="IMG_BgImage" value="http://$SERVER_NAME:$SERVER_PORT/errordocs/BgImage.gif" -->
<!--#set var="DOC_Apache" value="http://$SERVER_NAME:$SERVER_PORT/Apache/" -->

<!--#if expr="$anigif" -->
<!--#set var="IMG_Apache" value="http://$SERVER_NAME:$SERVER_PORT/icons/apache_anim.gif" -->
<!--#else-->
<!--#set var="IMG_Apache" value="http://$SERVER_NAME:$SERVER_PORT/icons/apache_pb.gif" -->
 <!--#endif-->

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
<html>
<head>
<title>
[<!--#echo var="REDIRECT_STATUS" -->] <!--#echo var="title" -->
</title>
</head>

<body bgcolor="white" background="<!--#echo var="IMG_BgImage" -->">
<h1 align="center">
[<!--#echo var="REDIRECT_STATUS" -->] <!--#echo var="title" -->
<img src="<!--#echo var="IMG_CorpLogo" -->"
  alt="<!--#echo var="ALT_CorpLogo" -->" align="right">
</h1>

<hr /> <!-- ======================================================== -->
<div>

and this is the foot.shtml.en file:

</div>
<hr />

<div align="right">
<small>Local Server time: <!--#echo var="DATE_LOCAL" --></small>
</div>

<div align="center">
<a href="<!--#echo var="DOC_Apache" -->">
<img src="<!--#echo var="IMG_Apache" -->" border="0" align="bottom"
  alt="Powered by <!--#echo var="SERVER_SOFTWARE" -->"></a>
<br />
<small><!--#set var="var" value="Powered by $SERVER_SOFTWARE --
File last modified on $LAST_MODIFIED" -->
<!--#echo var="var" --></small>
</div>

<p>If the indicated error looks like a misconfiguration, please inform
<a href="mailto:<!--#echo var="SERVER_ADMIN" -->"
subject="Feedback about Error message [<!--#echo var="REDIRECT_STATUS" -->]
<!--#echo var="title" -->, req=<!--#echo var="REQUEST_URI" -->">
<!--#echo var="SERVER_NAME" -->'s WebMaster</a>.
</p>
</body>
</html>

If you have tips to contribute, send mail to martin@apache.org

misc/descriptors.html100644 0 0 27306 11074463123 12420 0ustar 0 0 Descriptors and Apache - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Descriptors and Apache

Warning:

This document has not been fully updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

A descriptor, also commonly called a file handle is an object that a program uses to read or write an open file, or open network socket, or a variety of other devices. It is represented by an integer, and you may be familiar with stdin, stdout, and stderr which are descriptors 0, 1, and 2 respectively. Apache needs a descriptor for each log file, plus one for each network socket that it listens on, plus a handful of others. Libraries that Apache uses may also require descriptors. Normal programs don't open up many descriptors at all, and so there are some latent problems that you may experience should you start running Apache with many descriptors (i.e., with many virtual hosts).

The operating system enforces a limit on the number of descriptors that a program can have open at a time. There are typically three limits involved here. One is a kernel limitation, depending on your operating system you will either be able to tune the number of descriptors available to higher numbers (this is frequently called FD_SETSIZE). Or you may be stuck with a (relatively) low amount. The second limit is called the hard resource limit, and it is sometimes set by root in an obscure operating system file, but frequently is the same as the kernel limit. The third limit is called the soft resource limit. The soft limit is always less than or equal to the hard limit. For example, the hard limit may be 1024, but the soft limit only 64. Any user can raise their soft limit up to the hard limit. Root can raise the hard limit up to the system maximum limit. The soft limit is the actual limit that is used when enforcing the maximum number of files a process can have open.

To summarize:

#open files <= soft limit <= hard limit <= kernel limit

You control the hard and soft limits using the limit (csh) or ulimit (sh) directives. See the respective man pages for more information. For example you can probably use ulimit -n unlimited to raise your soft limit up to the hard limit. You should include this command in a shell script which starts your webserver.

Unfortunately, it's not always this simple. As mentioned above, you will probably run into some system limitations that will need to be worked around somehow. Work was done in version 1.2.1 to improve the situation somewhat. Here is a partial list of systems and workarounds (assuming you are using 1.2.1 or later).

top

BSDI 2.0

Under BSDI 2.0 you can build Apache to support more descriptors by adding -DFD_SETSIZE=nnn to EXTRA_CFLAGS (where nnn is the number of descriptors you wish to support, keep it less than the hard limit). But it will run into trouble if more than approximately 240 Listen directives are used. This may be cured by rebuilding your kernel with a higher FD_SETSIZE.

top

FreeBSD 2.2, BSDI 2.1+

Similar to the BSDI 2.0 case, you should define FD_SETSIZE and rebuild. But the extra Listen limitation doesn't exist.

top

Linux

By default Linux has a kernel maximum of 256 open descriptors per process. There are several patches available for the 2.0.x series which raise this to 1024 and beyond, and you can find them in the "unofficial patches" section of the Linux Information HQ. None of these patches are perfect, and an entirely different approach is likely to be taken during the 2.1.x development. Applying these patches will raise the FD_SETSIZE used to compile all programs, and unless you rebuild all your libraries you should avoid running any other program with a soft descriptor limit above 256. As of this writing the patches available for increasing the number of descriptors do not take this into account. On a dedicated webserver you probably won't run into trouble.

top

Solaris through 2.5.1

Solaris has a kernel hard limit of 1024 (may be lower in earlier versions). But it has a limitation that files using the stdio library cannot have a descriptor above 255. Apache uses the stdio library for the ErrorLog directive. When you have more than approximately 110 virtual hosts (with an error log and an access log each) you will need to build Apache with -DHIGH_SLACK_LINE=256 added to EXTRA_CFLAGS. You will be limited to approximately 240 error logs if you do this.

top

AIX

AIX version 3.2?? appears to have a hard limit of 128 descriptors. End of story. Version 4.1.5 has a hard limit of 2000.

top

SCO OpenServer

Edit the /etc/conf/cf.d/stune file or use /etc/conf/cf.d/configure choice 7 (User and Group configuration) and modify the NOFILES kernel parameter to a suitably higher value. SCO recommends a number between 60 and 11000, the default is 110. Relink and reboot, and the new number of descriptors will be available.

top

Compaq Tru64 UNIX/Digital UNIX/OSF

  1. Raise open_max_soft and open_max_hard to 4096 in the proc subsystem. Do a man on sysconfig, sysconfigdb, and sysconfigtab.
  2. Raise max-vnodes to a large number which is greater than the number of apache processes * 4096 (Setting it to 250,000 should be good for most people). Do a man on sysconfig, sysconfigdb, and sysconfigtab.
  3. If you are using Tru64 5.0, 5.0A, or 5.1, define NO_SLACK to work around a bug in the OS. CFLAGS="-DNO_SLACK" ./configure
top

Others

If you have details on another operating system, please submit it through our Bug Report Page.

In addition to the problems described above there are problems with many libraries that Apache uses. The most common example is the bind DNS resolver library that is used by pretty much every unix, which fails if it ends up with a descriptor above 256. We suspect there are other libraries that similar limitations. So the code as of 1.2.1 takes a defensive stance and tries to save descriptors less than 16 for use while processing each request. This is called the low slack line.

Note that this shouldn't waste descriptors. If you really are pushing the limits and Apache can't get a descriptor above 16 when it wants it, it will settle for one below 16.

In extreme situations you may want to lower the low slack line, but you shouldn't ever need to. For example, lowering it can increase the limits 240 described above under Solaris and BSDI 2.0. But you'll play a delicate balancing game with the descriptors needed to serve a request. Should you want to play this game, the compile time parameter is LOW_SLACK_LINE and there's a tiny bit of documentation in the header file httpd.h.

Finally, if you suspect that all this slack stuff is causing you problems, you can disable it. Add -DNO_SLACK to EXTRA_CFLAGS and rebuild. But please report it to our Bug Report Page so that we can investigate.

misc/fin_wait_2.html100644 0 0 47302 11074463123 12076 0ustar 0 0 Connections in the FIN_WAIT_2 state and Apache - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Connections in the FIN_WAIT_2 state and Apache

Warning:

This document has not been fully updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

Starting with the Apache 1.2 betas, people are reporting many more connections in the FIN_WAIT_2 state (as reported by netstat) than they saw using older versions. When the server closes a TCP connection, it sends a packet with the FIN bit set to the client, which then responds with a packet with the ACK bit set. The client then sends a packet with the FIN bit set to the server, which responds with an ACK and the connection is closed. The state that the connection is in during the period between when the server gets the ACK from the client and the server gets the FIN from the client is known as FIN_WAIT_2. See the TCP RFC for the technical details of the state transitions.

The FIN_WAIT_2 state is somewhat unusual in that there is no timeout defined in the standard for it. This means that on many operating systems, a connection in the FIN_WAIT_2 state will stay around until the system is rebooted. If the system does not have a timeout and too many FIN_WAIT_2 connections build up, it can fill up the space allocated for storing information about the connections and crash the kernel. The connections in FIN_WAIT_2 do not tie up an httpd process.

top

Why Does It Happen?

There are numerous reasons for it happening, some of them may not yet be fully clear. What is known follows.

Buggy Clients and Persistent Connections

Several clients have a bug which pops up when dealing with persistent connections (aka keepalives). When the connection is idle and the server closes the connection (based on the KeepAliveTimeout), the client is programmed so that the client does not send back a FIN and ACK to the server. This means that the connection stays in the FIN_WAIT_2 state until one of the following happens:

  • The client opens a new connection to the same or a different site, which causes it to fully close the older connection on that socket.
  • The user exits the client, which on some (most?) clients causes the OS to fully shutdown the connection.
  • The FIN_WAIT_2 times out, on servers that have a timeout for this state.

If you are lucky, this means that the buggy client will fully close the connection and release the resources on your server. However, there are some cases where the socket is never fully closed, such as a dialup client disconnecting from their provider before closing the client. In addition, a client might sit idle for days without making another connection, and thus may hold its end of the socket open for days even though it has no further use for it. This is a bug in the browser or in its operating system's TCP implementation.

The clients on which this problem has been verified to exist:

  • Mozilla/3.01 (X11; I; FreeBSD 2.1.5-RELEASE i386)
  • Mozilla/2.02 (X11; I; FreeBSD 2.1.5-RELEASE i386)
  • Mozilla/3.01Gold (X11; I; SunOS 5.5 sun4m)
  • MSIE 3.01 on the Macintosh
  • MSIE 3.01 on Windows 95

This does not appear to be a problem on:

  • Mozilla/3.01 (Win95; I)

It is expected that many other clients have the same problem. What a client should do is periodically check its open socket(s) to see if they have been closed by the server, and close their side of the connection if the server has closed. This check need only occur once every few seconds, and may even be detected by a OS signal on some systems (e.g., Win95 and NT clients have this capability, but they seem to be ignoring it).

Apache cannot avoid these FIN_WAIT_2 states unless it disables persistent connections for the buggy clients, just like we recommend doing for Navigator 2.x clients due to other bugs. However, non-persistent connections increase the total number of connections needed per client and slow retrieval of an image-laden web page. Since non-persistent connections have their own resource consumptions and a short waiting period after each closure, a busy server may need persistence in order to best serve its clients.

As far as we know, the client-caused FIN_WAIT_2 problem is present for all servers that support persistent connections, including Apache 1.1.x and 1.2.

A necessary bit of code introduced in 1.2

While the above bug is a problem, it is not the whole problem. Some users have observed no FIN_WAIT_2 problems with Apache 1.1.x, but with 1.2b enough connections build up in the FIN_WAIT_2 state to crash their server. The most likely source for additional FIN_WAIT_2 states is a function called lingering_close() which was added between 1.1 and 1.2. This function is necessary for the proper handling of persistent connections and any request which includes content in the message body (e.g., PUTs and POSTs). What it does is read any data sent by the client for a certain time after the server closes the connection. The exact reasons for doing this are somewhat complicated, but involve what happens if the client is making a request at the same time the server sends a response and closes the connection. Without lingering, the client might be forced to reset its TCP input buffer before it has a chance to read the server's response, and thus understand why the connection has closed. See the appendix for more details.

The code in lingering_close() appears to cause problems for a number of factors, including the change in traffic patterns that it causes. The code has been thoroughly reviewed and we are not aware of any bugs in it. It is possible that there is some problem in the BSD TCP stack, aside from the lack of a timeout for the FIN_WAIT_2 state, exposed by the lingering_close code that causes the observed problems.

top

What Can I Do About it?

There are several possible workarounds to the problem, some of which work better than others.

Add a timeout for FIN_WAIT_2

The obvious workaround is to simply have a timeout for the FIN_WAIT_2 state. This is not specified by the RFC, and could be claimed to be a violation of the RFC, but it is widely recognized as being necessary. The following systems are known to have a timeout:

  • FreeBSD versions starting at 2.0 or possibly earlier.
  • NetBSD version 1.2(?)
  • OpenBSD all versions(?)
  • BSD/OS 2.1, with the K210-027 patch installed.
  • Solaris as of around version 2.2. The timeout can be tuned by using ndd to modify tcp_fin_wait_2_flush_interval, but the default should be appropriate for most servers and improper tuning can have negative impacts.
  • Linux 2.0.x and earlier(?)
  • HP-UX 10.x defaults to terminating connections in the FIN_WAIT_2 state after the normal keepalive timeouts. This does not refer to the persistent connection or HTTP keepalive timeouts, but the SO_LINGER socket option which is enabled by Apache. This parameter can be adjusted by using nettune to modify parameters such as tcp_keepstart and tcp_keepstop. In later revisions, there is an explicit timer for connections in FIN_WAIT_2 that can be modified; contact HP support for details.
  • SGI IRIX can be patched to support a timeout. For IRIX 5.3, 6.2, and 6.3, use patches 1654, 1703 and 1778 respectively. If you have trouble locating these patches, please contact your SGI support channel for help.
  • NCR's MP RAS Unix 2.xx and 3.xx both have FIN_WAIT_2 timeouts. In 2.xx it is non-tunable at 600 seconds, while in 3.xx it defaults to 600 seconds and is calculated based on the tunable "max keep alive probes" (default of 8) multiplied by the "keep alive interval" (default 75 seconds).
  • Sequent's ptx/TCP/IP for DYNIX/ptx has had a FIN_WAIT_2 timeout since around release 4.1 in mid-1994.

The following systems are known to not have a timeout:

  • SunOS 4.x does not and almost certainly never will have one because it as at the very end of its development cycle for Sun. If you have kernel source should be easy to patch.

There is a patch available for adding a timeout to the FIN_WAIT_2 state; it was originally intended for BSD/OS, but should be adaptable to most systems using BSD networking code. You need kernel source code to be able to use it.

Compile without using lingering_close()

It is possible to compile Apache 1.2 without using the lingering_close() function. This will result in that section of code being similar to that which was in 1.1. If you do this, be aware that it can cause problems with PUTs, POSTs and persistent connections, especially if the client uses pipelining. That said, it is no worse than on 1.1, and we understand that keeping your server running is quite important.

To compile without the lingering_close() function, add -DNO_LINGCLOSE to the end of the EXTRA_CFLAGS line in your Configuration file, rerun Configure and rebuild the server.

Use SO_LINGER as an alternative to lingering_close()

On most systems, there is an option called SO_LINGER that can be set with setsockopt(2). It does something very similar to lingering_close(), except that it is broken on many systems so that it causes far more problems than lingering_close. On some systems, it could possibly work better so it may be worth a try if you have no other alternatives.

To try it, add -DUSE_SO_LINGER -DNO_LINGCLOSE to the end of the EXTRA_CFLAGS line in your Configuration file, rerun Configure and rebuild the server.

NOTE

Attempting to use SO_LINGER and lingering_close() at the same time is very likely to do very bad things, so don't.

Increase the amount of memory used for storing connection state

BSD based networking code:
BSD stores network data, such as connection states, in something called an mbuf. When you get so many connections that the kernel does not have enough mbufs to put them all in, your kernel will likely crash. You can reduce the effects of the problem by increasing the number of mbufs that are available; this will not prevent the problem, it will just make the server go longer before crashing.

The exact way to increase them may depend on your OS; look for some reference to the number of "mbufs" or "mbuf clusters". On many systems, this can be done by adding the line NMBCLUSTERS="n", where n is the number of mbuf clusters you want to your kernel config file and rebuilding your kernel.

Disable KeepAlive

If you are unable to do any of the above then you should, as a last resort, disable KeepAlive. Edit your httpd.conf and change "KeepAlive On" to "KeepAlive Off".

top

Appendix

Below is a message from Roy Fielding, one of the authors of HTTP/1.1.

Why the lingering close functionality is necessary with HTTP

The need for a server to linger on a socket after a close is noted a couple times in the HTTP specs, but not explained. This explanation is based on discussions between myself, Henrik Frystyk, Robert S. Thau, Dave Raggett, and John C. Mallery in the hallways of MIT while I was at W3C.

If a server closes the input side of the connection while the client is sending data (or is planning to send data), then the server's TCP stack will signal an RST (reset) back to the client. Upon receipt of the RST, the client will flush its own incoming TCP buffer back to the un-ACKed packet indicated by the RST packet argument. If the server has sent a message, usually an error response, to the client just before the close, and the client receives the RST packet before its application code has read the error message from its incoming TCP buffer and before the server has received the ACK sent by the client upon receipt of that buffer, then the RST will flush the error message before the client application has a chance to see it. The result is that the client is left thinking that the connection failed for no apparent reason.

There are two conditions under which this is likely to occur:

  1. sending POST or PUT data without proper authorization
  2. sending multiple requests before each response (pipelining) and one of the middle requests resulting in an error or other break-the-connection result.

The solution in all cases is to send the response, close only the write half of the connection (what shutdown is supposed to do), and continue reading on the socket until it is either closed by the client (signifying it has finally read the response) or a timeout occurs. That is what the kernel is supposed to do if SO_LINGER is set. Unfortunately, SO_LINGER has no effect on some systems; on some other systems, it does not have its own timeout and thus the TCP memory segments just pile-up until the next reboot (planned or not).

Please note that simply removing the linger code will not solve the problem -- it only moves it to a different and much harder one to detect.

misc/index.html100644 0 0 11470 11074463123 11161 0ustar 0 0 Apache Miscellaneous Documentation - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Miscellaneous Documentation

Below is a list of additional documentation pages that apply to the Apache web server development project.

Warning

Some of the documents below have not been fully updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

How to use XSSI and Negotiation for custom ErrorDocuments

Describes a solution which uses XSSI and negotiation to custom-tailor the Apache ErrorDocuments to taste, adding the advantage of returning internationalized versions of the error messages depending on the client's language preferences.

File Descriptor use in Apache

Describes how Apache uses file descriptors and talks about various limits imposed on the number of descriptors available by various operating systems.

FIN_WAIT_2

A description of the causes of Apache processes going into the FIN_WAIT_2 state, and what you can do about it.

Known Client Problems

A list of problems in HTTP clients which can be mitigated by Apache.

Performance Notes - Apache Tuning

Notes about how to (run-time and compile-time) configure Apache for highest performance. Notes explaining why Apache does some things, and why it doesn't do other things (which make it slower/faster).

Security Tips

Some "do"s - and "don't"s - for keeping your Apache web site secure.

URL Rewriting Guide

This document supplements the mod_rewrite reference documentation. It describes how one can use Apache's mod_rewrite to solve typical URL-based problems webmasters are usually confronted with in practice.

Apache Tutorials

A list of external resources which help to accomplish common tasks with the Apache HTTP server.

Relevant Standards

This document acts as a reference page for most of the relevant standards that Apache follows.

misc/known_client_problems.html100644 0 0 50431 11074463123 14447 0ustar 0 0 Known Problems in Clients - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Known Problems in Clients

Warning:

This document has not been fully updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

Over time the Apache Group has discovered or been notified of problems with various clients which we have had to work around, or explain. This document describes these problems and the workarounds available. It's not arranged in any particular order. Some familiarity with the standards is assumed, but not necessary.

For brevity, Navigator will refer to Netscape's Navigator product (which in later versions was renamed "Communicator" and various other names), and MSIE will refer to Microsoft's Internet Explorer product. All trademarks and copyrights belong to their respective companies. We welcome input from the various client authors to correct inconsistencies in this paper, or to provide us with exact version numbers where things are broken/fixed.

For reference, RFC1945 defines HTTP/1.0, and RFC2068 defines HTTP/1.1. Apache as of version 1.2 is an HTTP/1.1 server (with an optional HTTP/1.0 proxy).

Various of these workarounds are triggered by environment variables. The admin typically controls which are set, and for which clients, by using mod_browser. Unless otherwise noted all of these workarounds exist in versions 1.2 and later.

top

Trailing CRLF on POSTs

This is a legacy issue. The CERN webserver required POST data to have an extra CRLF following it. Thus many clients send an extra CRLF that is not included in the Content-Length of the request. Apache works around this problem by eating any empty lines which appear before a request.

top

Broken KeepAlive

Various clients have had broken implementations of keepalive (persistent connections). In particular the Windows versions of Navigator 2.0 get very confused when the server times out an idle connection. The workaround is present in the default config files:

BrowserMatch Mozilla/2 nokeepalive

Note that this matches some earlier versions of MSIE, which began the practice of calling themselves Mozilla in their user-agent strings just like Navigator.

MSIE 4.0b2, which claims to support HTTP/1.1, does not properly support keepalive when it is used on 301 or 302 (redirect) responses. Unfortunately Apache's nokeepalive code prior to 1.2.2 would not work with HTTP/1.1 clients. You must apply this patch to version 1.2.1. Then add this to your config:

BrowserMatch "MSIE 4\.0b2;" nokeepalive

top

Incorrect interpretation of HTTP/1.1 in response

To quote from section 3.1 of RFC1945:

HTTP uses a "<MAJOR>.<MINOR>" numbering scheme to indicate versions of the protocol. The protocol versioning policy is intended to allow the sender to indicate the format of a message and its capacity for understanding further HTTP communication, rather than the features obtained via that communication.

Since Apache is an HTTP/1.1 server, it indicates so as part of its response. Many client authors mistakenly treat this part of the response as an indication of the protocol that the response is in, and then refuse to accept the response.

The first major indication of this problem was with AOL's proxy servers. When Apache 1.2 went into beta it was the first wide-spread HTTP/1.1 server. After some discussion, AOL fixed their proxies. In anticipation of similar problems, the force-response-1.0 environment variable was added to Apache. When present Apache will indicate "HTTP/1.0" in response to an HTTP/1.0 client, but will not in any other way change the response.

The pre-1.1 Java Development Kit (JDK) that is used in many clients (including Navigator 3.x and MSIE 3.x) exhibits this problem. As do some of the early pre-releases of the 1.1 JDK. We think it is fixed in the 1.1 JDK release. In any event the workaround:

BrowserMatch Java/1.0 force-response-1.0
BrowserMatch JDK/1.0 force-response-1.0

RealPlayer 4.0 from Progressive Networks also exhibits this problem. However they have fixed it in version 4.01 of the player, but version 4.01 uses the same User-Agent as version 4.0. The workaround is still:

BrowserMatch "RealPlayer 4.0" force-response-1.0

top

Requests use HTTP/1.1 but responses must be in HTTP/1.0

MSIE 4.0b2 has this problem. Its Java VM makes requests in HTTP/1.1 format but the responses must be in HTTP/1.0 format (in particular, it does not understand chunked responses). The workaround is to fool Apache into believing the request came in HTTP/1.0 format.

BrowserMatch "MSIE 4\.0b2;" downgrade-1.0 force-response-1.0

This workaround is available in 1.2.2, and in a patch against 1.2.1.

top

Boundary problems with header parsing

All versions of Navigator from 2.0 through 4.0b2 (and possibly later) have a problem if the trailing CRLF of the response header starts at offset 256, 257 or 258 of the response. A BrowserMatch for this would match on nearly every hit, so the workaround is enabled automatically on all responses. The workaround implemented detects when this condition would occur in a response and adds extra padding to the header to push the trailing CRLF past offset 258 of the response.

top

Multipart responses and Quoted Boundary Strings

On multipart responses some clients will not accept quotes (") around the boundary string. The MIME standard recommends that such quotes be used. But the clients were probably written based on one of the examples in RFC2068, which does not include quotes. Apache does not include quotes on its boundary strings to workaround this problem.

top

Byterange Requests

A byterange request is used when the client wishes to retrieve a portion of an object, not necessarily the entire object. There was a very old draft which included these byteranges in the URL. Old clients such as Navigator 2.0b1 and MSIE 3.0 for the MAC exhibit this behaviour, and it will appear in the servers' access logs as (failed) attempts to retrieve a URL with a trailing ";xxx-yyy". Apache does not attempt to implement this at all.

A subsequent draft of this standard defines a header Request-Range, and a response type multipart/x-byteranges. The HTTP/1.1 standard includes this draft with a few fixes, and it defines the header Range and type multipart/byteranges.

Navigator (versions 2 and 3) sends both Range and Request-Range headers (with the same value), but does not accept a multipart/byteranges response. The response must be multipart/x-byteranges. As a workaround, if Apache receives a Request-Range header it considers it "higher priority" than a Range header and in response uses multipart/x-byteranges.

The Adobe Acrobat Reader plugin makes extensive use of byteranges and prior to version 3.01 supports only the multipart/x-byterange response. Unfortunately there is no clue that it is the plugin making the request. If the plugin is used with Navigator, the above workaround works fine. But if the plugin is used with MSIE 3 (on Windows) the workaround won't work because MSIE 3 doesn't give the Range-Request clue that Navigator does. To workaround this, Apache special cases "MSIE 3" in the User-Agent and serves multipart/x-byteranges. Note that the necessity for this with MSIE 3 is actually due to the Acrobat plugin, not due to the browser.

Netscape Communicator appears to not issue the non-standard Request-Range header. When an Acrobat plugin prior to version 3.01 is used with it, it will not properly understand byteranges. The user must upgrade their Acrobat reader to 3.01.

top

Set-Cookie header is unmergeable

The HTTP specifications say that it is legal to merge headers with duplicate names into one (separated by commas). Some browsers that support Cookies don't like merged headers and prefer that each Set-Cookie header is sent separately. When parsing the headers returned by a CGI, Apache will explicitly avoid merging any Set-Cookie headers.

top

Expires headers and GIF89A animations

Navigator versions 2 through 4 will erroneously re-request GIF89A animations on each loop of the animation if the first response included an Expires header. This happens regardless of how far in the future the expiry time is set. There is no workaround supplied with Apache, however there are hacks for 1.2 and for 1.3.

top

POST without Content-Length

In certain situations Navigator 3.01 through 3.03 appear to incorrectly issue a POST without the request body. There is no known workaround. It has been fixed in Navigator 3.04, Netscapes provides some information. There's also some information about the actual problem.

top

JDK 1.2 betas lose parts of responses.

The http client in the JDK1.2beta2 and beta3 will throw away the first part of the response body when both the headers and the first part of the body are sent in the same network packet AND keep-alive's are being used. If either condition is not met then it works fine.

See also Bug-ID's 4124329 and 4125538 at the java developer connection.

If you are seeing this bug yourself, you can add the following BrowserMatch directive to work around it:

BrowserMatch "Java1\.2beta[23]" nokeepalive

We don't advocate this though since bending over backwards for beta software is usually not a good idea; ideally it gets fixed, new betas or a final release comes out, and no one uses the broken old software anymore. In theory.

top

Content-Type change is not noticed after reload

Navigator (all versions?) will cache the content-type for an object "forever". Using reload or shift-reload will not cause Navigator to notice a content-type change. The only work-around is for the user to flush their caches (memory and disk). By way of an example, some folks may be using an old mime.types file which does not map .htm to text/html, in this case Apache will default to sending text/plain. If the user requests the page and it is served as text/plain. After the admin fixes the server, the user will have to flush their caches before the object will be shown with the correct text/html type.

top

MSIE Cookie problem with expiry date in the year 2000

MSIE versions 3.00 and 3.02 (without the Y2K patch) do not handle cookie expiry dates in the year 2000 properly. Years after 2000 and before 2000 work fine. This is fixed in IE4.01 service pack 1, and in the Y2K patch for IE3.02. Users should avoid using expiry dates in the year 2000.

top

Lynx incorrectly asking for transparent content negotiation

The Lynx browser versions 2.7 and 2.8 send a "negotiate: trans" header in their requests, which is an indication the browser supports transparent content negotiation (TCN). However the browser does not support TCN. As of version 1.3.4, Apache supports TCN, and this causes problems with these versions of Lynx. As a workaround future versions of Apache will ignore this header when sent by the Lynx client.

top

MSIE 4.0 mishandles Vary response header

MSIE 4.0 does not handle a Vary header properly. The Vary header is generated by mod_rewrite in apache 1.3. The result is an error from MSIE saying it cannot download the requested file. There are more details in PR#4118.

A workaround is to add the following to your server's configuration files:

BrowserMatch "MSIE 4\.0" force-no-vary

(This workaround is only available with releases after 1.3.6 of the Apache Web server.)

misc/perf-tuning.html100644 0 0 126701 11074463123 12334 0ustar 0 0 ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ

ֽ ƴմϴ. ֱٿ ϼ.

ġ 2.0 ɰ ðɼ µ ̴. ġũ ʾ ġ 2.0 .

ġ 1.3 ؼ 2.0 ó Ȯ强(scalability) ̱ ȭ ߴ. ⺻ κ ȭ Ѵ. ׷ Ͻ Ȥ ɿ ū ִ. ġ 2.0 ϱ ڰ ִ ɼ Ѵ.  ɼ ϵ ü Ȱϵ ϴ ݸ,  ɼ ӵ Ѵ.

top

ϵ ü ؼ

ɿ ū ִ ޸𸮴. û ð ڰ " ٰ" ϰ ø⶧ ϸ ȵȴ. ڴ ϰ ٽ Ͽ ϰ Ѵ. MaxClients þ Ͽ ڽ ʵ ؾ Ѵ. ϴ: top μ ġ μ ޸ 뷮 ˾Ƴ, ü 밡 ޸𸮿 ٸ μ .

ϴ: CPU, Ʈī, ũ, ⼭ " " ؼ ؾ Ѵ.

ü ˾Ƽ ̴. ׷ Ϲ ϴٰ Ǹ  ħ ִ:

  • ü ֽ ġ Ѵ. ü ۻ ֱ TCP ð ̺귯 ӵ ߴ.

  • ü sendfile(2) ýȣ Ѵٸ, ̸ ϱ ̳ ġ ġϿ ȮѴ. ( , 2.4 ̻ Ѵ. Solaris 8 ʱ ġ ʿϴ.) ϴ ý̶ ġ 2 sendfile Ͽ CPU ϸ մ.

top

ؼ

õ õ þ

HostnameLookups DNS

ġ 1.3 HostnameLookupsOn̿. û ġ DNS ˻ ϹǷ û . ġ 1.3 ⺻ Off Ǿ. α ּҸ ȣƮ ȯϷ αó α׷ ϳ, ġ Ե logresolve α׷ ϶.

αó ۾ ɿ ǿ ġǷ ϴ ƴ ٸ ǻͿ α óϱ ٶ.

Allow from domain̳ Deny from domain þ Ѵٸ (, IP ּҰ ƴ ȣƮ̳ θ Ѵٸ) ε ߺ- DNS ˻ (˻ Ƿ Ǿ Ȯϱ ٽ ˻) ؾ Ѵ. ׷Ƿ ̱ ̷ þ ϸ ̸ IP ּҸ Ѵ.

<Location /server-status> þ ϶. ǿ ´ û DNS ȸ Ѵ. .html .cgi ϸ DNS ˻ ϴ :

HostnameLookups off
<Files ~ "\.(html|cgi)$">
HostnameLookups on
 </Files>

׷ CGI DNS ʿ ̶, ʿ Ư CGI gethostbyname ȣ ϵ غ ִ.

FollowSymLinks SymLinksIfOwnerMatch

URL Options FollowSymLinks ʰ Options SymLinksIfOwnerMatch ϸ ġ ɺũ ˻ϱ ýȣ ѹ ؾ Ѵ. ϸ κи ѹ ȣ Ѵ. , :

DocumentRoot /www/htdocs
<Directory />
Options SymLinksIfOwnerMatch
 </Directory>

/index.html URI û ִٰ . ׷ ġ /www, /www/htdocs, /www/htdocs/index.html lstat(2) ȣѴ. lstats ij ʱ⶧ û Ź ۾ Ѵ. ¥ ɺũ ˻縦 Ѵٸ ִ:

DocumentRoot /www/htdocs
<Directory />
Options FollowSymLinks
 </Directory>

<Directory /www/htdocs>
Options -FollowSymLinks +SymLinksIfOwnerMatch
 </Directory>

ּ DocumentRoot δ ˻ ʴ´. DocumentRoot ۿ ִ η Alias RewriteRule 쿡 ʿϴ. ɺũ ʰ ְ , FollowSymLinks ϰ, SymLinksIfOwnerMatch ȵȴ.

AllowOverride

URL overrides Ѵٸ ( .htaccess ) ġ ϸ κи .htaccess õѴ. ,

DocumentRoot /www/htdocs
<Directory />
AllowOverride all
 </Directory>

/index.html URI û ִٰ . ġ /.htaccess, /www/.htaccess, /www/htdocs/.htaccess õѴ. ذå Options FollowSymLinks ϴ. ְ Ͻýۿ ؼ ׻ AllowOverride None Ѵ.

ϰ ¥ 󿡵 ִٸ ´. ̵ Ϻ ۴. ִ. ϵī带 ϴ :

DirectoryIndex index

Ѵ:

DirectoryIndex index.cgi index.pl index.shtml index.html

տ д.

, 丮 ϵ ã MultiViews ٴ, ϸ ʿ ִ type-map ϶.

Ʈ ʿϴٸ Options MultiViews þ ϱ⺸ type-map ϶. ڼ type-map ϶.

޸𸮴 (memory-mapping)

, server-side-include óϴ ġ 2.0 ü mmap(2) Ѵٸ ޸𸮴Ѵ.

÷ ޸𸮴 Ѵ. ׷ ޸𸮴 Ʈ ġ 찡 ִ:

  •  ü mmap CPU read(2) ŭ Ȯ强 ʴ. , μ Solaris ġ 2.0 mmap ó Ѵ.

  • NFS Ʈ Ͻýۿ ִ ޸𸮴ϴ ߿ ٸ NFS Ŭ̾Ʈ ִ μ ų ũ⸦ ̸, μ ޸𸮴 ϳ bus error ߻ ִ.

ǿ شϸ ϴ ޸𸮴 ʵ EnableMMAP off ؾ Ѵ. (: þ 丮 ִ.)

Sendfile

ġ ü sendfile(2) ϸ Ŀ sendfile Ͽ -- , Ҷ -- ִ.

÷ sendfile ϸ read send ʿ䰡  . ׷ sendfile ϸ ġԵǴ 찡 ִ:

  • sendfile ߸Ǿ ý ߰ ϴ ÷ ִ. Ư ٸ ǻͿ Ͽ sendfile ߸ ǻͷ 쿡 ϴ.

  • Ŀ ڽ ij Ͽ NFS Ʈ 찡 ִ.

ǿ شϸ sendfile ʵ EnableSendfile off ؾ Ѵ. (: þ 丮 ִ.)

μ

ġ 1.3 MinSpareServers, MaxSpareServers, StartServers ġũ ū ƴ. Ư ġ ۾ ϱ ڽļ ٴٸ "" Ⱓ ʿߴ. ó StartServers ڽ , MinSpareServers ʴ ڽ ϳ . ׷ StartServers5 Ŭ̾Ʈ 100 ÿ ϸ ϸ óϱ⿡ ڽ 95ʰ ɷȴ. ʴ , 10а ϴ ġũ ſ ڰ ´.

ʴ Ѱ Ģ ڽ ϸ鼭 ߴ. ǻͰ ڽ ϴ ٻڸ û . ׷ Ģ ġ ü ɿ ǿ ־ Ͽ. ġ 1.3 ʴ Ѱ Ģ ȭǾ. ڵ ڽ Ѱ , 1 , ΰ , 1 , װ , ̷ ʴ ڽ 32 鶧 Ѵ. ڽļ MinSpareServers ٴٸ ߴѴ.

ӵ MinSpareServers, MaxSpareServers, StartServers ʿ䰡 . ʿ ڽ 4 ̻ ϸ ErrorLog Ѵ. ̷ ̸ ϱ ٶ. mod_status ̴.

μ Ͽ MaxRequestsPerChild μ Ѵ. ⺻ ڽĴ ó û ٴ 0̴. 30 ſ ִٸ, ʿ䰡 ִ. SunOS Solaris Ѵٸ, ޸⶧ 10000 ϶.

(keep-alive) Ѵٸ ڽĵ ̹ ῡ ߰ û ٸ ƹ͵ ʱ⶧ ٻڴ. KeepAliveTimeout15 ʴ ̷ ּȭѴ. Ʈ 뿪 ڿ ° Ѵ. κ ⶧  쿡 60 ̻ ø .

top

Ͻ ؼ

MPM

ġ 2.x ó (MPMs)̶ ü ִ ȭ Ѵ. ġ Ҷ MPM ؾ Ѵ. beos, mpm_netware, mpmt_os2, mpm_winnt Ư ÷ ִ MPM ִ. Ϲ н ý MPM ߿ ϳ ִ. ӵ Ȯ强(scalability)  MPM ߳Ŀ ޷ȴ:

  • worker MPM ڽ μ 带 Ѵ. ѹ Ѵ. Ϲ worker prefork MPM ޸𸮸 ϹǷ ŷ ϴ.
  • prefork MPM 尡 Ѱ ڽ μ Ѵ. μ ѹ Ѵ. ýۿ prefork ӵ worker , ޸𸮸 Ѵ. Ȳ 带 ʴ prefork worker : 忡 (thread-safe) ڰ ְ, ÷ ִ.

MPM ٸ MPM ڼ MPM ϱ ٶ.

޸ 뷮 ɿ ߿ ̱⶧ ʴ غ. DSO ߴٸ ⿡ LoadModule þ ּóϸ ȴ. ׷ ϰ Ͽ Ʈ ̵ ϴ 캼 ִ.

ݴ ġ Ͽ ũִٸ ʴ ϱ ġ ؾ Ѵ.

⼭ 翬  ϰ ǹ . Ʈ ٸ. ׷ Ƹ ּ mod_mime, mod_dir, mod_log_config ̴. Ʈ α ʿٸ mod_log_config  ȴ. ׷ õ ʴ´.

Atomic

mod_cache ֱ worker MPM APR atomic API Ѵ. API 淮 ȭ atomic Ѵ.

⺻ APR ü/CPU ÷ ȿ Ͽ Ѵ. , ֽ CPU ϵ atomic compare-and-swap (CAS) ϴ ɾ ִ. ׷  ÷ APR ̷ ɾ CPU ȣȯ mutex ⺻ Ѵ. ̷ ÷ ġ Ҷ ġ ֽ CPU ȹ̶, ġ Ҷ --enable-nonportable-atomics ɼ Ͽ atomic ִ:

./buildconf
./configure --with-mpm=worker --enable-nonportable-atomics=yes

--enable-nonportable-atomics ɼ ÷ ִ:

  • SPARC Solaris
    ⺻ APR Solaris/SPARC mutex atomic Ѵ. ׷ Ҷ --enable-nonportable-atomics ϸ APR ϵ compare-and-swap SPARC v8plus ɾ Ѵ. ɼ ϸ atomic ȿ (CPU ϰ ȭ ϴ), UltraSPARC Ĩ ִ.
  • Linux on x86
    ⺻ APR mutex atomic Ѵ. ׷ Ҷ --enable-nonportable-atomics ϸ APR ϵ compare-and-swap 486 ɾ Ѵ. ȿ atomic , 486 ̻ Ĩ (386 ȵȴ) ִ.

mod_status ExtendedStatus On

ġ Ҷ mod_status ϰ Ҷ ExtendedStatus On ϸ ġ û gettimeofday(2)(Ȥ ü times(2)) ι ȣϰ (1.3 ) time(2) ߰ ȣѴ. ۽ð ʿϱ ̴. ֻ (⺻) ExtendedStatus off Ѵ.

accept ȭ -

:

Ʒ ġ 2.0 ʴ. ȿ , ؼ ϱ ٶ.

н API Ѵ. Ʈ Ȥ ּҸ ٸ Listen Ѵٰ . ˻ϱ ġ select(2) Ѵ. select(2) Ͽ ٸ ִ Ȥ ּ Ѱ ִ ˷ش. ġ ڽ ְ, ִ ڽ ÿ ο ˻Ѵ. ϴ ( ڵ忡 ʾҴ. ϱ 뵵 .):

for (;;) {
for (;;) {
fd_set accept_fds;

FD_ZERO (&accept_fds);
for (i = first_socket; i <= last_socket; ++i) {
FD_SET (i, &accept_fds);
 }
rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
if (rc < 1) continue;
new_connection = -1;
for (i = first_socket; i <= last_socket; ++i) {
if (FD_ISSET (i, &accept_fds)) {
new_connection = accept (i, NULL, NULL);
if (new_connection != -1) break;
 }
 }
if (new_connection != -1) break;
 }
process the new_connection;
 }

׷ ܼ ɰ (starvation) ִ. ڽ ÿ ݺ ϸ, û ٸ select . ̶  Ͽ û ϳ ڽ  ( ڽ ü Ÿֿ̹ ٸ). ̵ acceptϱ õѴ. ׷ ( Ḹ ̶) ڽĸ ϰ, accept . ׷ ڽĵ û ϵ , ο û ͼ ڽ ﶧ ִ. ̷ PR#467 ó Ǿ. ּ ΰ ذå ִ.

Ѱ ʵ (non-blocking) ̴. ڽ accept ص ʰ, ִ. ׷ CPU ð Ѵ. select ڽ 10 ְ, Ѱ Դٰ . ׷ ڽ 9  acceptϱ õϰ ϸ ƹ ϵ ʰ ٽ select ݺѴ. ٽ select ƿ  ڽĵ ٸ Ͽ û ʴ´. (μ ǻͿ) ڽ ŭ CPU ִ 幮 찡 ƴ϶ ذå ƺ ʴ´.

ٸ ġ ϴ ݺ ڽĸ 鿩. ݺ (̸ ):

for (;;) {
accept_mutex_on ();
for (;;) {
fd_set accept_fds;

FD_ZERO (&accept_fds);
for (i = first_socket; i <= last_socket; ++i) {
FD_SET (i, &accept_fds);
 }
rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
if (rc < 1) continue;
new_connection = -1;
for (i = first_socket; i <= last_socket; ++i) {
if (FD_ISSET (i, &accept_fds)) {
new_connection = accept (i, NULL, NULL);
if (new_connection != -1) break;
 }
 }
if (new_connection != -1) break;
 }
accept_mutex_off ();
process the new_connection;
 }

accept_mutex_on accept_mutex_off Լ mutex  Ѵ. ѹ ڽĸ mutex ִ. mutex ϴ ̴. (1.3 ) src/conf.h (1.3 ) src/include/ap_config.h ǵִ.  ŰĴ (locking) ʱ⶧, ̷ ŰĿ Listen þ ϸ ϴ.

AcceptMutex þ Ͽ mutex ִ.

AcceptMutex flock

ױ flock(2) ýȣ Ѵ ( ġ LockFile þ ).

AcceptMutex fcntl

ױ fcntl(2) ýȣ Ѵ ( ġ LockFile þ ).

AcceptMutex sysvsem

(1.3 ) SysV  Ͽ mutex Ѵ. SysV ۿ ִ. ϳ ġ  ʰ ִ ̴ (ipcs(8) manpage ). ٸ ϳ uid ϴ CGI (, suexec cgiwrapper ʴ CGI) API Ͽ 񽺰źΰ ִ ̴. ̷ IRIX ŰĿ ʴ´ (κ IRIX ǻͿ ġ ̴).

AcceptMutex pthread

(1.3 ) POSIX mutex ϱ⶧ POSIX Ծ ŰĶ 밡, (2.5 ) Solaris װ͵ Ư ϴ ϴ. õغٸ 缭 ϴ Ѵ. 븸 ϴ ϴ .

AcceptMutex posixsem

(2.0 ) POSIX  Ѵ. mutex μ 尡 ״´ٸ(segfault) ȸ ʾƼ .

ýۿ Ͽ ȭ(serialization) ִٸ ϴ ڵ带 APR ߰ ġ ִ.

غ ٸ κ ݺ ȭϴ ̴. , μ  鿩 ̴. ڽ ÿ ־ ȭ ü 뿪 Ȱ ϴ μ ǻͿ ִ. 캼 κ, ſ ȭ ʾƼ 켱 .

ֻ ؼ Listen ʴ ̴̻. ׷ Ѵ.

accept ȭ - Ѱ

߼ , Ѱ ? Ҷ ڽ accept(2) ֱ⶧ ̷л ߻ ʰ, . ׷ δ տ ʴ (non-blocking) ߻ϴ "ȸ(spinning)" ߰ ִ. κ TCP ϸ Ŀ accept ִ ڽ 쵵 ִ. μ Ѱ ڿ ư, Ŀο ȸϿ ߰ϸ ٽ ܴ. ڿ ڵ忡 ̷ ȸ , и Ѵ. ׷ ߼ ʴ ϰ ϸ ̴ ʿ ൿ Ͼ.

׷ 츮 ŰĿ Ѱ 쿡 ȭϸ "" ߰ߴ. ׷ κ ⺻ ȭ Ѵ. (Ŀ 2.0.30, 128Mb ޸𸮿 Pentium pro) Ѱ ȭϸ 쿡 ʴ û 3% ̸ پ. ׷ ȭ û 100ms ߻ߴ. Ƹ LAN ߻ϴ ἱ ̴. Ѱ ȭ SINGLE_LISTEN_UNSERIALIZED_ACCEPT Ѵ.

Close (lingering)

draft-ietf-http-connection-00.txt 8 ϵ Ƿ, ־ Ѵ (TCP ֹ̰, ̴). ٸ , ġ 1.2 Ȯ ؿԴ.

ϰ ġ ߰ н ߻ߴ. TCP Ծ FIN_WAIT_2 ŸӾƿ ִٰ ʾ, ʾҴ. ŸӾƿ ýۿ ġ 1.2 FIN_WAIT_2 · . ۻ簡 ϴ ֽ TCP/IP ġ Ͽ ذ ִ. ׷ ۻ簡 ġ ǥ ʴ 찡 (, SunOS4 -- ҽ ̼ ִ ġ ) ֱ⶧ ʱ ߴ.

ΰ. ϳ ɼ SO_LINGER ϴ ̴. ׷ κ TCP/IP ɼ ùٷ ʾҴ. ùٷ ÿ (, 2.0.31) cpu ƸԴ´.

ġ (http_main.c ִ) lingering_close Լ Ѵ. Լ :

void lingering_close (int s)
{
char junk_buffer[2048];

/* shutdown the sending side */
shutdown (s, 1);

signal (SIGALRM, lingering_death);
alarm (30);

for (;;) {
select (s for reading, 2 second timeout);
if (error) break;
if (s is ready for reading) {
if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) {
break;
 }
/* just toss away whatever is here */
 }
 }

close (s);
 }

ڵ CPU , ʿϴ. HTTP/1.1 θ Ѵٸ(persistent), ޴ û óϸ鼭 ̴. ϰԵ NO_LINGCLOSE Ͽ , ʴ´. Ư HTTP/1.1 (; ¿ ٸ ʰ û ) lingering_close ʼ̴ (׸ ϱ ٶ ̴).

Scoreboard

ġ θ ڽ scoreboard Ѵ. ̻δ scoreboard ޸𸮷 ؾ Ѵ. 츮 ڰ ش ü ְų ޸𸮸 Ͽ Ѵ. ũ ִ Ͽ Ѵ. ũ ִ ŷڵ (ɵ ). src/main/conf.h Ͽ ϴ Űĸ ãƼ USE_MMAP_SCOREBOARD Ȥ USE_SHMGET_SCOREBOARD ȮѴ. ϳ ( Բ HAVE_MMAP̳ HAVE_SHMGET ) ϸ ޸ ڵ带 Ѵ. ý ٸ ޸𸮸 Ѵٸ src/main/http_main.c Ͽ ġ ޸𸮸 ֵ (hook) ߰϶. ( ġ 츮 ֱ ٶ.)

: ġ ġ 1.2 ޸𸮸 ϱ ߴ. ʱ ġ ŷڵ ̴.

DYNAMIC_MODULE_LIMIT

о ʴ´ٸ ( ̶ ̱ д´ٸ Ƹ о ̴), Ҷ -DDYNAMIC_MODULE_LIMIT=0 ߰Ѵ. ׷ о̱ Ҵϴ ޸𸮸 Ѵ.

top

η: ýȣ ڼ мϱ

Solaris 8 worker MPM ġ 2.0.38 ýȣ (trace)̴. Ʒ ɾ Ͽ :

truss -l -p httpd_child_pid.

-l ɼ ϸ truss ýȣ ϴ LWP (lightweight process, 淮 μ--Solaris Ŀμ ) ID Ѵ.

ٸ ýۿ strace, ktrace, par ýȣ ִ. ϴ.

Ŭ̾Ʈ ũⰡ 10KB ûѴ. û ʰų ϴ û ſ ٸ (δ ſ ˾ƺ ).

/67:    accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
/67:    accept(3, 0x00200BEC, 0x00200C0C, 1)            = 9

(listener) 尡 LWP #67 ִ.

accept(2) ȭ ָ϶. Ʈ ٸʴ ÷ worker MPM ⺻ ȭ accept Ѵ.
/65:    lwp_park(0x00000000, 0)                         = 0
/67:    lwp_unpark(65, 1)                               = 0

޾Ƶ̰(accept) worker 带 û óϰ Ѵ. Ʒ Ͽ û óϴ worker 尡 LWP #65 ִ.

/65:    getsockname(9, 0x00200BA4, 0x00200BC4, 1)       = 0

ȣƮ ϱ ġ ޾Ƶ (local) ּҸ ˾ƾ Ѵ. (ȣƮ ʰų Listen þ ϵī ּҸ ) ȣ ִ. ׷ ̷ ȭ ۾ ȵִ. 

/65:    brk(0x002170E8)                                 = 0
/65:    brk(0x002190E8)                                 = 0

brk(2) ȣ (heap) ޸𸮸 ҴѴ. κ û ó ü ޸ Ҵ(apr_pool apr_bucket_alloc) ϱ⶧ ýȣ Ͽ ýȣ Ⱑ 幰. Ͽ ڸ ü ޸ Ҵڰ ޸𸮺 malloc(3) ȣѴ.

/65:    fcntl(9, F_GETFL, 0x00000000)                   = 2
/65:    fstat64(9, 0xFAF7B818)                          = 0
/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
/65:    fstat64(9, 0xFAF7B818)                          = 0
/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
/65:    setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
/65:    fcntl(9, F_SETFL, 0x00000082)                   = 0

worker Ŭ̾Ʈ (ϱ 9) (non-blocking) · ٲ۴. setsockopt(2) getsockopt(2) ȣ Solaris libc Ͽ fcntl(2)  óϴ ش.

/65:    read(9, " G E T   / 1 0 k . h t m".., 8000)     = 97

worker Ŭ̾Ʈ û д´.

/65:    stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
/65:    open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10

Options FollowSymLinks AllowOverride None̴. ׷ û ϰ 丮 lstat(2)ϰų .htaccess ˻ ʿ䰡 . ˻ϱ, 1) ִ, 2) 丮 ƴ Ϲ, stat(2) ȣ⸸ ϸ ȴ.

/65:    sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C)      = 10269

ѹ sendfilev(2) ýȣ HTTP û ִ. Sendfile δ ü ٸ. ٸ ý̶ sendfile(2) ȣϱ write(2) writev(2) ȣ Ѵ.

/65:    write(4, " 1 2 7 . 0 . 0 . 1   -  ".., 78)      = 78

write(2) ȣ ٷα(access log) û Ѵ. Ͽ time(2) ȣ ָ϶. ġ 1.3 ޸ ġ 2.0 ð ˱ gettimeofday(3) Ѵ. gettimeofday ȭ Solaris ü Ϲ ýȣ δ .

/65:    shutdown(9, 1, 1)                               = 0
/65:    poll(0xFAF7B980, 1, 2000)                       = 1
/65:    read(9, 0xFAF7BC20, 512)                        = 0
/65:    close(9)                                        = 0

worker ݱ(lingering close)Ѵ.

/65:    close(10)                                       = 0
/65:    lwp_park(0x00000000, 0)         (sleeping...)

worker ݰ, (listener) 尡 ٸ Ҵ Ѵ.

/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)

׵ ( worker ۾̸ 带 ߴ worker MPM 帧 ɿ ) worker 忡 Ҵڸ ٸ ޾Ƶ ִ. Ͽ , worker 尡 óϴ accept(2) (û ſ ׻) Ͼ ִ.

misc/relevant_standards.html100644 0 0 17537 11074463123 13747 0ustar 0 0 ǥ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-
top

HTTP ǰ

 ϰ ϴ ⺻ ġ IETF ǰ(recommendation) :

RFC 1945 (Informational)
ؽƮ (Hypertext Transfer Protocol, HTTP) л, , ۸ü ýۿ ʿ ø̼ (application-level) ̴. HTTP/1.0 Ѵ.
RFC 2616 (Standards Track)
ؽƮ (Hypertext Transfer Protocol, HTTP) л, , ۸ü ý ø̼ ̴. HTTP/1.1 Ѵ.
RFC 2396 (Standards Track)
ǥ ڿ ĺ (Uniform Resource Identifier, URI) ߻ Ȥ ڿ ĺϱ ª ڿ̴.
top

HTML ǰ

ؽƮ ũ (Hypertext Markup Language, HTML) Ͽ ġ IETF ǰ W3C ǰ :

RFC 2854 (Informational)
HTML ߰ ϰ, W3C ǰ "text/html" MIME type Ѵ.
HTML 4.01 Ծ (Errata)
Ծ ̵ Ǿ ؽƮ ũ (Hypertext Markup Language, HTML) Ѵ. Ծ HTML 4 HTML 4.01 Ѵ.
HTML 3.2 Ծ
ؽƮ ũ (Hypertext Markup Language, HTML) ÷ ؽƮ ũ ̴. HTML SGML ̱⵵ ϴ.
XHTML 1.1 - XHTML (ǥ)
ǰ Modularization of XHTML ÷ӿũ ο XHTML document type Ѵ.
XHTML 1.0 Ȯ ؽƮ ũ (Extensible HyperText Markup Language) (Second Edition) (ǥ)
HTML 4 XML 1.0 籸 XHTML 1.0 ι° HTML 4 شϴ DTD Ѵ.
top

ġ IETF ǰ :

RFC 2617 (Draft standard)
Basic Access Authentication Ծ "HTTP/1.0".
top

/ ڵ

Ʒ ũ ISO ٸ / ڵ ִ:

ISO 639-2
ISO 639 ̸ Ÿ ΰ ڵ带 Ѵ. ϳ (639-1) ڵ̰ ٸ ϳ ( ) ڵ̴.
ISO 3166-1
ISO 3166-1 ISO 3166-1-alpha-2 ڵ忡 ĺ ( ª ̸) Ѵ.
BCP 47 (Best Current Practice), RFC 3066
ü  ˸ ±׿ ±׿ ϴ , ±׸ ã Ѵ.
RFC 3282 (Standards Track)
MIME κа RFC 822 ִ  ˸ "Content-language:" , ȣϴ  Ÿ "Accept-Language:" Ѵ.
misc/rewriteguide.html100644 0 0 174341 11074463123 12600 0ustar 0 0 URL ۼ ħ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

URL ۼ ħ

ֽ ƴմϴ. ֱٿ ϼ.


Ralf S. Engelschall <rse@apache.org>
1997 12

mod_rewrite Ѵ. ڰ ۾ εġԵǴ URL ذϱؼ  ġ mod_rewrite ϴ Ѵ. URL ۼ Ģ Ͽ ذϴ ڼ Ѵ.

top

mod_rewrite Ұ

ġ mod_rewrite ϴ. , URL ִ ϰ Ƿ ̴. ؿԴ URL ϴ. ׷ 밡 ϱ ϴ. mod_rewrite ִ ʺڰ ϰ ϱ ʴٴ ̴. ġ mod_rewrite ο 뵵 ߰Ѵ.

ٸ : mod_rewrite ó ԰ ٽ ʰų, Կ ŷǾ ̴. ù° 츦 ̹ ˷  ʸ ҰϷ Ѵ.

top

ǿ ذå

ų ٸ ǿ ذå ´. URL ۼ 渶 ٶ.

: Ȳ ° ؾ 찡 ִ. , ߰ mod_alias, mod_userdir Ѵٸ [PT] ÷׸ ߰Ѵ. Ȥ ּ/ȣƮ Ұ ƴ .htaccess ҿ ˸° Ģ ִ. ϱ ׻ Ģ  ϴ ϵ ض. ׷ ִ.
top

URL

Ǵ URL

Ȳ:

ҽ URL ִ. ( ϰ ˷ ) Ǵ URL, Ȥ 뵵 URL ִ. ڰ û  URL ϴ Ǵ URL Ѵ.

ذå:

ʴ URL ˵ ġ ܺ HTTP ̷Ѵ. Ʒ Ģ /~user Ǵ /u/user üϰ, /u/user ٸ ߰Ѵ.

RewriteRule   ^/~([^/]+)/?(.*)    /u/$1/$2  [R]
RewriteRule   ^/([uge])/([^/]+)$  /$1/$2/   [R]

Ǵ ȣƮ

Ȳ:
Ģ Ʈ ִ ٸ ȣƮ Ư ȣƮ ϵ Ѵ. , example.com www.example.com ϵ ϰ ʹٸ Ģ ִ.
ذå:
# 80 ƴ Ʈ ϴ Ʈ
RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^/(.*)         http://fully.qualified.domain.name:%{SERVER_PORT}/$1 [L,R]

# ׸, 80 Ʈ ϴ Ʈ
RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://fully.qualified.domain.name/$1 [L,R]

DocumentRoot ű

Ȳ:

DocumentRoot URL "/" ִ. ׷ ̰ ڷᰡ ʰ, ڷᰡ ٸ ִ 찡 ִ. Ʈ Ʈ (ܺθ Ȩ) /e/www/ (Ʈ Ȩ) /e/sww/ ִٰ . DocumentRoot /e/www/̱⶧, û Ե ׸ ̰ ; Ѵ.

ذå:

츮 URL / /e/www/ ̷Ǹ ϸ ȴ. mod_rewrite ؼ ϴ. (mod_alias ϴ) URL Alias պκ ã´. DocumentRoot URL պκ̱⶧ Ͽ ̷ . mod_rewrite ϸ ¥ ϴ:

RewriteEngine on
RewriteRule   ^/$  /e/www/  [R]

Ȳ:

丮 Īϴ URL ٸ ڴ ȯȣ ̴. ٸ, /~quux/foo/ /~quux/foo ϸ foo ã⶧ ߻Ѵ. 丮̱⶧ ޾Ƶ ʴ´. κ ڵ URL ġ, 찡 ִ. , CGI ũƮ URL ۼ Ŀ ׷ϴ.

ذå:

̹ ذ ڵ ߰ϴ ̴. ׸ ùٷ û ֵ, ܺ ̷ ؾ Ѵ. ̷ Ѵٸ 丮 Ͽ URL ϴ ׸ ûҶ ã . , ܺ ̷ /~quux/foo/index.html image.gif ûϸ /~quux/image.gif ûϰ ȴ!

׷ ̸ ذϱ Ѵ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo$  foo/  [R]

Ȩ丮 ֻ .htaccess Ͽ ִ. ׷ óϴµ δ ȴ.

RewriteEngine  on
RewriteBase    /~quux/
RewriteCond    %{REQUEST_FILENAME}  -d
RewriteRule    ^(.+[^/])$           $1/  [R]

ϰ URL Ŭ

Ȳ:

Ʈ ϰ ϰ URL ʹ. , (ǻ Ͽ !) URL ! ̸ οؾ Ѵ: URL Īϸ ȵȴ. ڵ Ѵ.

ذå:

, ׷, ü ġ (л) ܺθʿ ´. ܺθ ̴

user1  server_of_user1
user2  server_of_user2
:      :

map.xxx-to-host Ͽ ߴ. URL ٸ URL,

/u/user/anypath
/g/group/anypath
/e/entity/anypath

̷Ѵ

http://physical-host/u/user/anypath
http://physical-host/g/group/anypath
http://physical-host/e/entity/anypath

Ʒ Ģ Ͽ ۾ Ѵ (server0 ʿ ׸ ⺻ Ѵ):

RewriteEngine on

RewriteMap      user-to-host   txt:/path/to/map.user-to-host
RewriteMap     group-to-host   txt:/path/to/map.group-to-host
RewriteMap    entity-to-host   txt:/path/to/map.entity-to-host

RewriteRule   ^/u/([^/]+)/?(.*)   http://${user-to-host:$1|server0}/u/$1/$2
RewriteRule   ^/g/([^/]+)/?(.*)  http://${group-to-host:$1|server0}/g/$1/$2
RewriteRule   ^/e/([^/]+)/?(.*) http://${entity-to-host:$1|server0}/e/$1/$2

RewriteRule   ^/([uge])/([^/]+)/?$          /$1/$2/.www/
RewriteRule   ^/([uge])/([^/]+)/([^.]+.+)   /$1/$2/.www/$3\

Ȩ丮 ٸ

Ȳ:

ڴ Ȩ丮 ٸ ذå . ü ο ϴµ ð ɸ 쿡 ʿϴ.

ذå:

mod_rewrite ϸ ϴ. /~user/anypath URL http://newserver/~user/anypath ̷ϸ ȴ.

RewriteEngine on
RewriteRule   ^/~(.+)  http://newserver/~$1  [R,L]

Ȩ丮

Ȳ:

ڰ õ Ʈ Ȩ丮 . , ̸ ڸ ù° 丮 Ȩ丮 д. ׷, /~foo/anypath /home/f/foo/.www/anypath̰, /~bar/anypath /home/b/bar/.www/anypath̴.

ذå:

ǥð ִ URL ȯϱ Ģ Ѵ.

RewriteEngine on
RewriteRule   ^/~(([a-z])[a-z0-9]+)(.*)  /home/$2/$1/.www$3

Ͻý 籸

Ȳ:

Ƿ ϵھ̴: 丮 RewriteRules ſ Ͽ ڷ ü ״ ü ڷḦ ڿ ¡ϵ Ѵ. : 1992 Ӱ ִ н Ʈ net.sw Ƶΰ ־. ̴ ǻͰ ϸ鼭 ص ð ý ڿ Ʈ ڸ ؿԱ⶧ ̴. ָ Ʈ ߰ 丮 Դ:

drwxrwxr-x   2 netsw  users    512 Aug  3 18:39 Audio/
drwxrwxr-x   2 netsw  users    512 Jul  9 14:37 Benchmark/
drwxrwxr-x  12 netsw  users    512 Jul  9 00:34 Crypto/
drwxrwxr-x   5 netsw  users    512 Jul  9 00:41 Database/
drwxrwxr-x   4 netsw  users    512 Jul 30 19:25 Dicts/
drwxrwxr-x  10 netsw  users    512 Jul  9 01:54 Graphic/
drwxrwxr-x   5 netsw  users    512 Jul  9 01:58 Hackers/
drwxrwxr-x   8 netsw  users    512 Jul  9 03:19 InfoSys/
drwxrwxr-x   3 netsw  users    512 Jul  9 03:21 Math/
drwxrwxr-x   3 netsw  users    512 Jul  9 03:24 Misc/
drwxrwxr-x   9 netsw  users    512 Aug  1 16:33 Network/
drwxrwxr-x   2 netsw  users    512 Jul  9 05:53 Office/
drwxrwxr-x   7 netsw  users    512 Jul  9 09:24 SoftEng/
drwxrwxr-x   7 netsw  users    512 Jul  9 12:17 System/
drwxrwxr-x  12 netsw  users    512 Aug  3 20:15 Typesetting/
drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/

1996 7 Ҹ ִ ̽ ϱ ޴. "ִ" , ֻ 丮 CGI ũƮ ʰ, ϱ ٶٴ ̴. ? Ҹ ߿ FTPε ֵ ̿⶧ ̳ CGI õ α Ⱦ.

ذå:

ذå κ : 丮 ؿ ʿ CGI ũƮ ʿϴ. ũƮ /e/netsw/.www/ ξ:

-rw-r--r--   1 netsw  users    1318 Aug  1 18:10 .wwwacl
drwxr-xr-x  18 netsw  users     512 Aug  5 15:51 DATA/
-rw-rw-rw-   1 netsw  users  372982 Aug  5 16:35 LOGFILE
-rw-r--r--   1 netsw  users     659 Aug  4 09:27 TODO
-rw-r--r--   1 netsw  users    5697 Aug  1 18:01 netsw-about.html
-rwxr-xr-x   1 netsw  users     579 Aug  2 10:33 netsw-access.pl
-rwxr-xr-x   1 netsw  users    1532 Aug  1 17:35 netsw-changes.cgi
-rwxr-xr-x   1 netsw  users    2866 Aug  5 14:49 netsw-home.cgi
drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
-rwxr-xr-x   1 netsw  users   24050 Aug  5 15:49 netsw-lsdir.cgi
-rwxr-xr-x   1 netsw  users    1589 Aug  3 18:43 netsw-search.cgi
-rwxr-xr-x   1 netsw  users    1885 Aug  1 17:41 netsw-tree.cgi
-rw-r--r--   1 netsw  users     234 Jul 30 16:35 netsw-unlimit.lst

DATA/ 丮 Ұ ִ. net.sw rdist Ͽ ڵ ´. ι° κ Ҵ:  ϳ ڿ URL ϴ°? ڿ DATA/ 丮 ߰, URL CGI ũƮ ϰ ʹ. ذå : DocumentRoot URL /net.sw/ /e/netsw ۼϱ 丮 Ͽ Ѵ:

RewriteRule  ^net.sw$       net.sw/        [R]
RewriteRule  ^net.sw/(.*)$  e/netsw/$1

ù° Ģ û ؼ ߴ! ι° Ģ ۾ Ѵ. ׸ 丮 /e/netsw/.www/.wwwacl ´:

Options       ExecCGI FollowSymLinks Includes MultiViews

RewriteEngine on

#   κ /net.sw/  Ѵ
RewriteBase   /net.sw/

#   ֻ 丮
#  cgi ũƮ ۼѴ
RewriteRule   ^$                       netsw-home.cgi     [L]
RewriteRule   ^index\.html$            netsw-home.cgi     [L]

#   丮  û 
#  丮 Ѵ
RewriteRule   ^.+/(netsw-[^/]+/.+)$    $1                 [L]

#   ۼ ģ
RewriteRule   ^netsw-home\.cgi.*       -                  [L]
RewriteRule   ^netsw-changes\.cgi.*    -                  [L]
RewriteRule   ^netsw-search\.cgi.*     -                  [L]
RewriteRule   ^netsw-tree\.cgi$        -                  [L]
RewriteRule   ^netsw-about\.html$      -                  [L]
RewriteRule   ^netsw-img/.*$           -                  [L]

#  ٸ cgi ũƮ ó
#  丮 Ҵ
RewriteRule   !^netsw-lsdir\.cgi.*     -                  [C]
RewriteRule   (.*)                     netsw-lsdir.cgi/$1

ؼ Ʈ:

  1. ׹° κп ü ʵ('-') L (last) ÷װ ָ϶
  2. κп ù° Ģ ! (not) ڿ C (chain) ÷׸ ָ϶
  3. Ģ Ÿ ش ʴ 츦 Ƴ ָ϶

NCSA imagemap ġ mod_imap

Ȳ:

NCSA ġ ڿ Űܰ ٶ. ׷ NCSA imagemap α׷ ġ mod_imap óϱ ٶ. imagemap α׷ /cgi-bin/imagemap/path/to/page.map ϴ ۸ũ ٴ ̴. ġ /path/to/page.map û ޾ƾ Ѵ.

ذå:

û պκ ϴ Ģ Ѵ:

RewriteEngine  on
RewriteRule    ^/cgi-bin/imagemap(.*)  $1  [PT]

丮 ˻

Ȳ:

丮 ãƾ ִ. MultiViews ٸ ȵȴ.

ذå:

丮 ã Ģ α׷Ѵ.

RewriteEngine on

#    custom/ ã õϰ...
#   ...ã !
RewriteCond         /your/docroot/dir1/%{REQUEST_FILENAME}  -f
RewriteRule  ^(.+)  /your/docroot/dir1/$1  [L]

#   ι° pub/ ã õѴ...
#   ...ã !
RewriteCond         /your/docroot/dir2/%{REQUEST_FILENAME}  -f
RewriteRule  ^(.+)  /your/docroot/dir2/$1  [L]

#   ã ٸ Alias ScriptAlias þ  Ѵ.
RewriteRule   ^(.+)  -  [PT]

URL ȯ溯 Ѵ

Ȳ:

û鰣 ϱ URL ڵϴ ִ. ׷ ϱ CGI wrapper ϰ ʴ.

ذå:

ۼ Ģ Ͽ ϰ, ߿ XSSI CGI ϱ ȯ溯 Ѵ. ׷ URL /foo/S=java/bar/ /foo/bar/ ȯǰ STATUS ȯ溯 "java" Ѵ.

RewriteEngine on
RewriteRule   ^(.*)/S=([^/]+)/(.*)    $1/$3 [E=STATUS:$2]

ȣƮ

Ȳ:

ȣƮ ʰ ǻͷ DNS A ڵ带 Ͽ www.username.host.domain.com Ȩ ϰ ʹ.

ذå:

HTTP/1.0 û , Host: HTTP HTTP/1.1 û Ģ Ͽ http://www.username.host.com/anypath /home/username/anypath ۼ ִ:

RewriteEngine on
RewriteCond   %{HTTP_HOST}                 ^www\.[^.]+\.host\.com$
RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
RewriteRule   ^www\.([^.]+)\.host\.com(.*) /home/$1$2

Ȩ丮 ܺ ̷

Ȳ:

ourdomain.com ۿ û Ȩ丮 URL ٸ www.somewhere.com ٸϱ ٶ. ȣƮ ҿ Ѵ.

ذå:

ۼ ϸ ȴ:

RewriteEngine on
RewriteCond   %{REMOTE_HOST}  !^.+\.ourdomain\.com$
RewriteRule   ^(/~.+)         http://www.somewhere.com/$1 [R,L]

URL ٸ ̷

Ȳ:

URL ۼ ؼ A ش B û ̷ϴ . Perl ۼ ErrorDocument CGI ũƮ , mod_rewrite ϴ ִ. ׷ ErrorDocument CGI ũƮ ϶!

ذå:

ù° ʴ:

RewriteEngine on
RewriteCond   /your/docroot/%{REQUEST_FILENAME} !-f
RewriteRule   ^(.+)                             http://webserverB.dom/$1

DocumentRoot ȿ ִ ϴٴ ̴. ( Ȩ丮 ) ߰ , ִ:

RewriteEngine on
RewriteCond   %{REQUEST_URI} !-U
RewriteRule   ^(.+)          http://webserverB.dom/$1

mod_rewrite URL (look-ahead) Ѵ. ׷ URL ϰ ϴ. ׷ û û ѹ ϱ⶧ ɿ ǿ ش. ׷ CPU Ѵٸ ϶. ǻͰ ٸ ù° ̳ ErrorDocument CGI ũƮ ϶.

Ȯ ̷

Ȳ:

̷ϴ URL ʿ䰡 ִ. ġ URL escape Լ "url#anchor" URL anchor escapeѴ. ġ uri_escape() Լ 칰(#) escapeϹǷ . ׷  ̷ URL ̷ ֳ?

ذå:

̷ϴ NPH-CGI ũƮ ذå ʿϴ. escape ʱ⶧̴ (NPH=non-parseable headers). Ͽ (ۼ Ģ κп ؾ Ѵ) ο URL scheme xredirect: Ѵ:

RewriteRule ^xredirect:(.+) /path/to/nph-xredirect.cgi/$1 \
            [T=application/x-httpd-cgi,L]

׷ xredirect: ϴ URL nph-xredirect.cgi α׷ ϰ ȴ. α׷ :

#!/path/to/perl
##
##  nph-xredirect.cgi -- NPH/CGI script for extended redirects
##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
##

$| = 1;
$url = $ENV{'PATH_INFO'};

print "HTTP/1.0 302 Moved Temporarily\n";
print "Server: $ENV{'SERVER_SOFTWARE'}\n";
print "Location: $url\n";
print "Content-type: text/html\n";
print "\n";
print "<html>\n";
print "<head>\n";
print "<title>302 Moved Temporarily (EXTENDED)</title>\n";
print "</head>\n";
print "<body>\n";
print "<h1>Moved Temporarily (EXTENDED)</h1>\n";
print "The document has moved <a HREF=\"$url\">here</a>.<p>\n";
print "</body>\n";
print "</html>\n";

##EOF##

׷ mod_rewrite ϴ URL scheme ̷ ִ. , news:newsgroup ̷ ִ

RewriteRule ^anyurl  xredirect:news:newsgroup
: Ư "" Ģ Ͽ xredirect: Ȯؾ ϱ⶧ Ģ [R]̳ [R,L] ϸ ȵȴ.

߰(multiplexer)

Ȳ:

http://www.perl.com/CPAN ִ CPAN (Comprehensive Perl Archive Network) ƴ°? ּҴ 迡 CPAN ̷ FTP Ŭ̾Ʈ ִ ̷Ѵ. ̸ FTP ߰ 񽺶 Ѵ. CPAN CGI ũƮ , mod_rewrite Ͽ ϰ ?

ذå:

mod_rewrite 3.0.0 ̷ǿ "ftp:" scheme ִ. Ŭ̾Ʈ ֻ RewriteMap Ͽ ġ ִ. Ģ ֻ ߰ Ű Ѵ.

RewriteEngine on
RewriteMap    multiplex                txt:/path/to/map.cxan
RewriteRule   ^/CxAN/(.*)              %{REMOTE_HOST}::$1                 [C]
RewriteRule   ^.+\.([a-zA-Z]+)::(.*)$  ${multiplex:$1|ftp.default.dom}$2  [R,L]

##
##  map.cxan -- Multiplexing Map for CxAN
##

de        ftp://ftp.cxan.de/CxAN/
uk        ftp://ftp.cxan.uk/CxAN/
com       ftp://ftp.cxan.com/CxAN/
 :
##EOF##

ð ۼ

Ȳ:

ð ٸ ϴ ڴ Ư ̷ϱ CGI ũƮ Ѵ. mod_rewriteδ  ִ°?

ذå:

ۼ ǿ ִ TIME_xxx ִ. Ư <STRING, >STRING, =STRING Ͽ ð ̷ ִ:

RewriteEngine on
RewriteCond   %{TIME_HOUR}%{TIME_MIN} >0700
RewriteCond   %{TIME_HOUR}%{TIME_MIN} <1900
RewriteRule   ^foo\.html$             foo.day.html
RewriteRule   ^foo\.html$             foo.night.html

URL foo.html ûϸ 07:00-19:00 foo.day.html ϰ, ð foo.night.html Ѵ. Ȩ ϱ ̴...

YYYY XXXX ȣȯ

Ȳ:

.html .phtml ȯϴ document.YYYY document.XXXX ȣȯ(backward compatibility) URL ( ϰ) ֳ?

ذå:

̸ ⺻̸ ۼ ο Ȯڸ ִ ˻Ѵ. ִٸ ϸ ϰ, URL · ۼѴ.

#   .html  
#   .phtml  ִ 
#   .html  .phtml 
#   ۼϴ ȣȯ Ģ
RewriteEngine on
RewriteBase   /~quux/
#   ⺻̸ ã, ãҴٴ  Ѵ
RewriteRule   ^(.*)\.html$              $1      [C,E=WasHTML:yes]
#    ִٸ .phtml  ۼѴ
RewriteCond   %{REQUEST_FILENAME}.phtml -f
RewriteRule   ^(.*)$ $1.phtml                   [S=1]
#   ƴϸ տ ã ⺻̸ ǵ
RewriteCond   %{ENV:WasHTML}            ^yes$
RewriteRule   ^(.*)$ $1.html
top

ٷ

(߱)

Ȳ:

ֱ foo.html bar.html ϰ ȣȯ URL ϰ ʹٰ . ڴ URL Ǿٴ ġä Ѵ.

ذå:

Ģ URL ο URL ۼѴ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo\.html$  bar.html

(˸)

Ȳ:

ٽ foo.html bar.html ϰ ȣȯ URL ϰ ʹٰ . ׷ URL ϸ ڿ ο URL Ʈ ˷ش. , ּâ Ѵ.

ذå:

ο URL HTTP ̷ϴ. ׷ ο URL ̰ ڰ ˰Եȴ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo\.html$  bar.html  [R]

Ȳ:

ּ ߿ ֻ ȭ ؾ 찡 ִ. , ֽ Netscape Դ ֻ , Lynx Դ , Ѵ.

ذå:

ڽ ʱ⶧ . HTTP "User-Agent" Ѵ. Ģ HTTP "User-Agent" "Mozilla/3" ϸ foo.html foo.NS.html ۼϰ ۼ ߴѴ. "Lynx" "Mozilla" 1 Ȥ 2 URL foo.20.html ȴ. foo.32.html ޴´. Ʒ Ģ ۾ Ѵ:

RewriteCond %{HTTP_USER_AGENT}  ^Mozilla/3.*
RewriteRule ^foo\.html$         foo.NS.html          [L]

RewriteCond %{HTTP_USER_AGENT}  ^Lynx/.*         [OR]
RewriteCond %{HTTP_USER_AGENT}  ^Mozilla/[12].*
RewriteRule ^foo\.html$         foo.20.html          [L]

RewriteRule ^foo\.html$         foo.32.html          [L]

̷

Ȳ:

ܺ ȣƮ 츮 Ʈ ִٰ . FTP ܺ ڷ ֽź纻 ϴ mirror α׷ ְ, HTTP ۾ ϴ webcopy α׷ ִ. ׷ ִ: 纻 α׷ ֽ ȴ. ؾϴ ̷ ƴ϶ ڴ. (ܺ ȣƮ ڷᰡ ŵǸ) ʿҶ ڵ ڷḦ ϴ ̷ ʿϴ.

ذå:

̸ Proxy Throughput[P]) Ͽ ܺ Ȥ ܺ ü 츮 ̸ Ѵ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^hotsheet/(.*)$  http://www.tstimpreso.com/hotsheet/$1  [P]

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^usa-news\.html$   http://www.quux-corp.com/news/index.html  [P]

̷

Ȳ:
...
ذå:
RewriteEngine on
RewriteCond   /mirror/of/remotesite/$1           -U
RewriteRule   ^http://www\.remotesite\.com/(.*)$ /mirror/of/remotesite/$1

ڷḦ Ʈݿ

Ȳ:

ڷḦ ȭ ȣϴ () Ʈ (www2.quux-corp.dom) ϸ鼭, (ܺ) ͳ (www.quux-corp.dom) ϴ ó ̰ Ѵ. ܺ û ڷḦ ´.

ذå:

ȭ ȣϰ ܺ ڷḦ ְ Ѵ. Ŷ͸ ȭ Ѵ:

ALLOW Host www.quux-corp.dom Port >1024 --> Host www2.quux-corp.dom Port 80
DENY  Host *                 Port *     --> Host www2.quux-corp.dom Port 80

˸° Ķ. ڷḦ proxy throughput ûϴ mod_rewrite Ģ ۼѴ:

RewriteRule ^/~([^/]+)/?(.*)          /home/$1/.www/$2
RewriteCond %{REQUEST_FILENAME}       !-f
RewriteCond %{REQUEST_FILENAME}       !-d
RewriteRule ^/home/([^/]+)/.www/?(.*) http://www2.quux-corp.dom/~$1/pub/$2 [P]

ε뷱 ( лϱ)

Ȳ:

www.foo.com ŷ www[0-5].foo.com ( 6) лϰ ʹ.  ϴ°?

ذå:

ſ پ ذ ִ. DNS ˷ ϰ, mod_rewrite ϴ 츦 캸:

  1. DNS Round-Robin

    ε뷱 BIND DNS round-robin ϴ ̴. DNS A(address) ڵ忡 www[0-9].foo.com Ѵ.

    www0   IN  A       1.2.3.1
www1   IN  A       1.2.3.2
www2   IN  A       1.2.3.3
www3   IN  A       1.2.3.4
www4   IN  A       1.2.3.5
www5   IN  A       1.2.3.6

    ׸ ׸ ߰Ѵ:

    www    IN  CNAME   www0.foo.com.
       IN  CNAME   www1.foo.com.
       IN  CNAME   www2.foo.com.
       IN  CNAME   www3.foo.com.
       IN  CNAME   www4.foo.com.
       IN  CNAME   www5.foo.com.
       IN  CNAME   www6.foo.com.

    ߸ ó , BIND ǵ ̴. www.foo.com ã, BIND Ź ݾ ٲ㰡 www0-www6 ȯѴ. ׷ Ŭ̾Ʈ лѴ. ׷ DNS ˻ Ʈ ٸ Ӽ ijǿ www.foo.com ã Ư wwwN.foo.com̸ Ŭ̾Ʈ û鵵 wwwN.foo.com ⶧ Ϻ ε뷱 ƴ ϶. ׷ ũ û лǹǷ ȿ .

  2. DNS ε뷱

    http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html ִ lbnamed α׷ Ͽ DNS ε뷱 ִ. DNS ε뷱 ϵ Perl 5 α׷̴.

  3. Proxy Throughput Round-Robin

    mod_rewrite proxy throughput Ѵ. DNS ׸ Ͽ www0.foo.com www.foo.com ϰ Ѵ

    www    IN  CNAME   www0.foo.com.

    ׸ www0.foo.com Ͻ Ѵ. , URL Ͻø ٸ 5 (www1-www5) Ѵ ⸸ Ѵ. ̸ URL ε뷱 ũƮ lb.pl Ģ .

    RewriteEngine on
RewriteMap    lb      prg:/path/to/lb.pl
RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]

    lb.pl ۼѴ:

    #!/path/to/perl
##
##  lb.pl -- ε뷱 ũƮ
##

$| = 1;

$name   = "www";     # ⺻ ȣƮ
$first  = 1;         # ù°  (ڽ 0̱ , 0  ʴ´)
$last   = 5;         # round-robin  
$domain = "foo.dom"; # θ

$cnt = 0;
while (<STDIN>) {
    $cnt = (($cnt+1) % ($last+1-$first));
    $server = sprintf("%s%d.%s", $name, $cnt+$first, $domain);
    print "http://$server/$_";
}

##EOF##
    : Ѱ? www0.foo.com δ ʴ°? , δ ȴ. ׷ ܼ proxy throughput û ϱ⶧ ! SSI, CGI, ePerl ٸ óѴ. ̰ ٽ̴.
  4. ϵ/TCP Round-Robin

    ϵ ذå ִ. Cisco TCP/IP ؿ ε뷱 ϴ LocalDirector Ǵ. δ մܿ ġϴ ȸμ Ʈ̴. ڱ ϰ ذå ʿϴٸ ̰ ϶.

ο MIME-type, ο

Ȳ:

Ʈ CGI α׷ . ׷ ϱ ŷ ڰ ʴ´. ġ MIME-type Action ڵ鷯 ɵ CGI α׷ Ư URL (Ȯ PATH_INFO QUERY_STRINGS) α׷ Է ϴ. , Ȯڰ (secure CGI ٿ) .scgi cgiwrap α׷ óϱ ο type Ѵ. ( ) ϰ URL ϴ Ȩ丮 /u/user/foo/bar.scgi URL ̴. cgiwrap /~user/foo/bar.scgi/ URL ϱ⶧̴. Ģ ذѴ:

RewriteRule ^/[uge]/([^/]+)/\.www/(.+)\.scgi(.*) ...
... /internal/cgi/user/cgiwrap/~$1/$2.scgi$3  [NS,T=application/x-http-cgi]

ٸ α׷, (URL Ʈ access.log ϴ) wwwlog (URL Ʈ Glimpse ϴ) wwwidx ִٰ . 츮 α׷ ۾ URL ˷ Ѵ. ׷ ûҶ ׻ ϱ⶧ ʴ. , /u/user/foo/ swwidx α׷ Ѵٸ ũ Ѵ

/internal/cgi/user/swwidx?i=/u/user/foo/

ʴ. ũ ġ CGI ġ ϱ⶧̴. 籸Ѵٸ ۸ũ ϴµ ð ɸ ̴.

ذå:

ذå ڵ CGI ϴ ο Ư URL ̴. Ѵ:

RewriteRule   ^/([uge])/([^/]+)(/?.*)/\*  /internal/cgi/user/wwwidx?i=/$1/$2$3/
RewriteRule   ^/([uge])/([^/]+)(/?.*):log /internal/cgi/user/wwwlog?f=/$1/$2$3

/u/user/foo/ ˻ϴ ũ 

HREF="*"
/u/user/foo/* (???)

ڵȯȴ

/internal/cgi/user/wwwidx?i=/u/user/foo/

ũ ڿ :log Ͽ α CGI α׷ ִ.

Ȳ:

 ڰ 𸣰 ڿ foo.html foo.cgi ֳ.

ذå:

URL CGI ũƮ ۼϰ, MIME-type Ͽ CGI ũƮ ϰ Ѵ. ׷ /~quux/foo.html ûϸ /~quux/foo.cgi ϰ ȴ.

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo\.html$  foo.cgi  [T=application/x-httpd-cgi]

Ȳ:

Ƿ ̴: , Ѵ. , ϰ (Ͻýۿ ״) ޵, Ѵ. ׷ (Ȥ cron ۾) ʴ CGI Ѵ. Ѵ.

ذå:
Ģ Ѵ: 
RewriteCond %{REQUEST_FILENAME}   !-s
RewriteRule ^page\.html$          page.cgi   [T=application/x-httpd-cgi,L]

page.html ûҶ page.html ų ũⰡ 0 page.cgi Ѵ. ⼭ page.cgi Ϲ CGI ũƮ STDOUT ϰ, ߰ page.html Ͽ ´. ѹ page.html . ڰ ϰ ʹٸ, ( cron ۾) page.html ⸸ ϸ ȴ.

ڵ ħϴ

Ȳ:

鶧 ڰ ڵ ħϴ 󸶳 ? ҰѰ?

ذå:

ϴ! MIME multipart ɰ NPH , mod_rewrite URL ɷ ϸ ȴ. , ο URL : URL :refresh ߰ϱ⸸ ϸ Ͻýۿ ħѴ.

RewriteRule   ^(/[uge]/[^/]+/?.*):refresh  /internal/cgi/apache/nph-refresh?f=$1

URL ϸ

/u/foo/bar/page.html:refresh

URL θ

/internal/cgi/apache/nph-refresh?f=/u/foo/bar/page.html

NPH-CGI ũƮ Ҵ. "ڿ ܵ"̶ ;-) ̰͵ Ѵ.

#!/sw/bin/perl
##
##  nph-refresh -- NPH/CGI script for auto refreshing pages
##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
##
$| = 1;

#   split the QUERY_STRING variable
@pairs = split(/&/, $ENV{'QUERY_STRING'});
foreach $pair (@pairs) {
    ($name, $value) = split(/=/, $pair);
    $name =~ tr/A-Z/a-z/;
    $name = 'QS_' . $name;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    eval "\$$name = \"$value\"";
}
$QS_s = 1 if ($QS_s eq '');
$QS_n = 3600 if ($QS_n eq '');
if ($QS_f eq '') {
    print "HTTP/1.0 200 OK\n";
    print "Content-type: text/html\n\n";
    print "&lt;b&gt;ERROR&lt;/b&gt;: No file given\n";
    exit(0);
}
if (! -f $QS_f) {
    print "HTTP/1.0 200 OK\n";
    print "Content-type: text/html\n\n";
    print "&lt;b&gt;ERROR&lt;/b&gt;: File $QS_f not found\n";
    exit(0);
}

sub print_http_headers_multipart_begin {
    print "HTTP/1.0 200 OK\n";
    $bound = "ThisRandomString12345";
    print "Content-type: multipart/x-mixed-replace;boundary=$bound\n";
    &print_http_headers_multipart_next;
}

sub print_http_headers_multipart_next {
    print "\n--$bound\n";
}

sub print_http_headers_multipart_end {
    print "\n--$bound--\n";
}

sub displayhtml {
    local($buffer) = @_;
    $len = length($buffer);
    print "Content-type: text/html\n";
    print "Content-length: $len\n\n";
    print $buffer;
}

sub readfile {
    local($file) = @_;
    local(*FP, $size, $buffer, $bytes);
    ($x, $x, $x, $x, $x, $x, $x, $size) = stat($file);
    $size = sprintf("%d", $size);
    open(FP, "&lt;$file");
    $bytes = sysread(FP, $buffer, $size);
    close(FP);
    return $buffer;
}

$buffer = &readfile($QS_f);
&print_http_headers_multipart_begin;
&displayhtml($buffer);

sub mystat {
    local($file) = $_[0];
    local($time);

    ($x, $x, $x, $x, $x, $x, $x, $x, $x, $mtime) = stat($file);
    return $mtime;
}

$mtimeL = &mystat($QS_f);
$mtime = $mtime;
for ($n = 0; $n &lt; $QS_n; $n++) {
    while (1) {
        $mtime = &mystat($QS_f);
        if ($mtime ne $mtimeL) {
            $mtimeL = $mtime;
            sleep(2);
            $buffer = &readfile($QS_f);
            &print_http_headers_multipart_next;
            &displayhtml($buffer);
            sleep(5);
            $mtimeL = &mystat($QS_f);
            last;
        }
        sleep($QS_s);
    }
}

&print_http_headers_multipart_end;

exit(0);

##EOF##

뷮 ȣƮ

Ȳ:

ȣƮ  ִٸ ġ <VirtualHost> Ѵ. ׷ ȣƮ 鰳 ִ ISP ּ ƴϴ.

ذå:

Ϸ Proxy Throughput[P]) Ͽ ܺ Ȥ ü ܺ 츮 ̸ Ѵ:

##
##  vhost.map
##
www.vhost1.dom:80  /path/to/docroot/vhost1
www.vhost2.dom:80  /path/to/docroot/vhost2
     :
www.vhostN.dom:80  /path/to/docroot/vhostN

##
##  httpd.conf
##
    :
#   ̷ƮҶ  ȣƮ Ѵ.
UseCanonicalName on

    :
#   ȣƮ CLF  տ ߰Ѵ
CustomLog  /path/to/access_log  "%{VHOST}e %h %l %u %t \"%r\" %>s %b"
    :

#   ּ ۼ  Ѵ
RewriteEngine on

#     Ѵ: ϳ URL ġ,
#   ٸ ϳ ȣƮ DocumentRoot
#   Ѵ.
RewriteMap    lowercase    int:tolower
RewriteMap    vhost        txt:/path/to/vhost.map

#    ũ  Ģ Ѱ Ͽ
#   ȣƮ Ѵ.
#
#   1. ȣƮ  ϴ ġ  ʴ´
RewriteCond   %{REQUEST_URI}  !^/commonurl1/.*
RewriteCond   %{REQUEST_URI}  !^/commonurl2/.*
    :
RewriteCond   %{REQUEST_URI}  !^/commonurlN/.*
#
#   2. 츮  ϴ  Host 
#      ȣƮ ϹǷ
#      Host  ִ ȮѴ
RewriteCond   %{HTTP_HOST}  !^$
#
#   3. ȣƮ ҹڷ 
RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
#
#   4. vhost.map ȣƮ ã
#      ϶ Ѵ
#      ( "NONE" ƴϴ)
RewriteCond   ${vhost:%1}  ^(/.*)$
#
#   5.  URL  ġ ϰ
#      α׿  ȣƮ  д
RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
    :
top

κ

Ȳ:

 ϸ Ư ܾ κ ֳ? "Robot Exclusion Protocol" ׸ /robots.txt ̷ κ µ ʴ.

ذå:

(Ƹ 丮  κ ƴٴϸ δ ū ) /~quux/foo/arc/ ִ URL źϴ Ģ Ѵ. 츮 Ư κ ƾ Ѵ. , κ ϴ ȣƮ δ ϸ, ȣƮ ڵ ƹ ȴ. User-Agent HTTP Ѵ.

RewriteCond %{HTTP_USER_AGENT}   ^NameOfBadRobot.*
RewriteCond %{REMOTE_ADDR}       ^123\.45\.67\.[8-9]$
RewriteRule ^/~quux/foo/arc/.+   -   [F]

׸ ۰

Ȳ:

http://www.quux-corp.de/~quux/ ִ GIF ׸ Ѵٰ . ׸ ־, ٸ ڽ ũ Ǵ. ʿ δ ǹǷ ʹ.

ذå:

׸ 100% ȣ , ּ HTTP Referer ִ.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$        -                                    [F]

RewriteCond %{HTTP_REFERER}         !^$
RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$   -                        [F]

ȣƮ ź

Ȳ:

 ܺο ȣƮ ֳ?

ذå:

ġ >= 1.3b6:

RewriteEngine on
RewriteMap    hosts-deny  txt:/path/to/hosts.deny
RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule   ^/.*  -  [F]

ġ <= 1.3b6:

RewriteEngine on
RewriteMap    hosts-deny  txt:/path/to/hosts.deny
RewriteRule   ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
RewriteRule   !^NOT-FOUND/.* - [F]
RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1
RewriteRule   !^NOT-FOUND/.* - [F]
RewriteRule   ^NOT-FOUND/(.*)$ /$1

##
##  hosts.deny
##
##  ! ̰ ó   ƴ϶ ̴.
##        mod_rewrite   Ű/  ؼϱ⶧,
##         ׸  ڸ ּ "-" ʿϴ.
##

193.102.180.41 -
bsdti1.sdm.de  -
192.76.162.40  -

Ͻ ź

Ȳ:

 Ư ȣƮ Ȥ Ư ȣƮ ڰ ġ Ͻø ϳ?

ذå:

ġ Ҷ Ͽ mod_rewrite mod_proxy Ʒ(!) ־ Ѵ. ׷ mod_rewrite mod_proxy Ҹ. Ư ȣƮ źϵ Ѵ...

RewriteCond %{REMOTE_HOST} ^badhost\.mydomain\.com$
RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]

...׸ user@host źѴ:

RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST}  ^badguy@badhost\.mydomain\.com$
RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]

Ư

Ȱ:

ſ Ư ʿ ִ. , ̸ ص ˻Ѵ. ̵鿡Ը (mod_auth Basic Auth ޸) ٸ Ѵ.

ذå:

ģ ϵ ۼ Ģ Ѵ:

RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend1@client1.quux-corp\.com$
RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend2@client2.quux-corp\.com$
RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend3@client3.quux-corp\.com$
RewriteRule ^/~quux/only-for-friends/      -                                 [F]

Referer ȯ(deflector)

Ȳ:

"Referer" HTTP ϴ´ ִ URL ȯ⸦ ִ°?

ذå:

Ģ...

RewriteMap  deflector txt:/path/to/deflector.map

RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}} ^-$
RewriteRule ^.* %{HTTP_REFERER} [R,L]

RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]

... ۼ ʰ Ѵ:

##
##  deflector.map
##

http://www.badguys.com/bad/index.html    -
http://www.badguys.com/bad/index2.html   -
http://www.badguys.com/bad/index3.html   http://somewhere.com/

׷ û ڵ (ʿ "-" ) (URL ʿ ִ ι° ƱԸƮ) Ư URL ̷Ѵ.

top

Ÿ

ܺ ۼ

Ȳ:

FAQ:  ̷ Ǯ ִ°? mod_rewriteδ ذå Ⱥδ...

ذå:

ܺ RewriteMap ϶. , α׷ RewriteMap Ѵ. α׷ ġ Ҷ Ͽ STDIN û URL ް, ( !) ( ۼ) URL STDOUT Ѵ.

RewriteEngine on
RewriteMap    quux-map       prg:/path/to/map.quux.pl
RewriteRule   ^/~quux/(.*)$  /~quux/${quux-map:$1}

#!/path/to/perl

#   ġ   ʵ
#    ۸  ʴ´
$| = 1;

#   stdin پ URL а
#   stdout ȯ URL Ѵ
while (<>) {
    s|^foo/|bar/|;
    print $_;
}

ϱ /~quux/foo/... URL /~quux/bar/... ۼϴ ũƮ . α׷ ִ. ׷ Ϲ ڰ ̷ ִٰ ϴ, ý ڸ ؾ ϶.

misc/security_tips.html100644 0 0 36312 11074463123 12762 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ֽ ƴմϴ. ֱٿ ϼ.

Ҷ Ʈ ̴.  Ϲ̰,  ġ شϴ ̴.

top

ֽ ϱ

ġ ü ϴ. ׷ ũ ۰ ǥ ߰ߵǴ . ׷ Ʈ ֽŹ ϴ ߿ϴ. ġ ٿεߴٸ, ο Ʈ ˷ִ ġ ǥ ϸƮ ϱ Ѵ. ġ Ʈ ϴ ڵ鵵 񽺸 Ѵ.

ڵ嶧 ϴ ʴ. ׺ ߰ ڵ, CGI ũƮ, ü ϴ 찡 . ׷Ƿ ׻ ϸ ý Ʈ Ʈؾ Ѵ.

top

ServerRoot 丮

root ڰ ġ , û ϱ User þ ڷ ȯѴ. root ϴ ɾ ִٸ, root ̿ ڰ ϵ ؾ Ѵ. ϵ root ־ ϰ, 丮 丮 . , ServerRoot /usr/local/apache Ѵٸ root ڰ 丮 Ѵ:

mkdir /usr/local/apache
cd /usr/local/apache
mkdir bin conf logs
chown 0 . bin conf logs
chgrp 0 . bin conf logs
chmod 755 . bin conf logs

׷ /, /usr, /usr/local root ִ. httpd ġҶ ȣؾ Ѵ:

cp httpd /usr/local/apache/bin
chown 0 /usr/local/apache/bin/httpd
chgrp 0 /usr/local/apache/bin/httpd
chmod 511 /usr/local/apache/bin/httpd

htdocs 丮 ٸ ڵ ֵ ִ -- root װ ִ , ʾƾ Ѵ.

root ƴ ڰ root ϰų Ⱑ ִٸ ý root ĥ ִ. , httpd Ͽٸ Ҷ ڵ带 ϰ ȴ. logs 丮 (root ƴ ڿ) Ⱑϴٸ α ٸ ýϷ ɺũ ɾ root Ͽ ڷḦ  ִ. α (root ƴ ڿ) Ⱑϴٸ α׿ ̻ ڷḦ ִ.

top

Server Side Includes

Server Side Includes (SSI) ڿ Ȼ  ̴.

ù° ϸ ø ̴. ġ Ͽ SSI þ ִ ο SSI мؾ Ѵ. ϰ , ϴ ȯ濡 ɰ ִ.

, SSI Ϲ CGI ũƮ . SSI Ͽ "exec cmd" ϸ httpd.conf ġ ϵ ڿ ׷ CGI ũƮ α׷ ִ.

Ȱϸ鼭 SSI Ű ִ.

SSI ִ ظ ݸϱ ڴ Ϲ CGI ϴ suexec ִ

.html̳ .htm Ȯڸ SSI Ϸ ϴ ϴ. Ư ϰų ŷ ȯ濡 ϴ. SSI Ϲ ϴ .shtml Ȯڸ Ѵ. ׷ ϸ ּȭϰ Ҹ ִ.

ٸ SSI ũƮ α׷ ϵ ̴. Options þ Includes IncludesNOEXEC Ѵ. ׷ ũƮ ScriptAlias þ 丮 ִٸ <--#include virtual="..." --> Ͽ CGI ũƮ ϶.

top

Ϲ CGI

ᱹ ׻ CGI ũƮ/α׷ ڸ ŷؾ ϰ, ǰ Ǽ̰ CGI Ȼ ߰ ־ Ѵ. ⺻ CGI ũƮ ýۿ  ɾ ֱ⶧ ְ Ȯ ſ ϴ.

CGI ũƮ ڷ DZ⶧ ٸ ũƮ (ǰ Ǽ̰) 浹 ɼ ִ. , A B ſ ȾϿ, B CGI ͺ̽ ũƮ ۼ ִ. ġ 1.2 ԵǾ ġ Ư (hook) ϴ suEXEC ũƮ ٸ ڷ ϴ ϳ. ٸ CGIWrap ִ.

top

ScriptAlias CGI

Ҷ ڰ  丮 CGI ũƮ ϵ ִ:

  • ǰ Ǽ̰ ڰ ý ݿ Ű ũƮ ۼ ʴ´ٰ ϴ´.
  • ý ٸ κ ؼ, ϳ  ٰ ϴ .
  • ڰ , Ƹ ƹ 湮ʴ .
top

ScriptAlias CGI

Ư 丮 CGI ֵ ϸ ڴ ̵ 丮 ִ. scriptalias CGI Ȯ ϴ. , ŷϴ ڸ 丮 ְ, ڰ ο CGI ũƮ/α׷ Ȼ ˻ ̰ ִٸ.

κ Ʈ scriptalias CGI Ѵ.

top

ϴ ٸ

mod_php, mod_perl, mod_tcl, mod_python Ϻη ϴ Ӻ ũƮ ڷ (User þ ) DZ⶧, ũƮ ϴ ũƮ ڰ ִ Ϳ ִ.  ũƮ , ϴٰ ʴ .

top

ý ȣϱ

Ϸ ڰ .htaccess Ͽ ȱ ϱ ٶ ̴. ׷ ִ.

Ͽ ߰Ѵ

<Directory />
AllowOverride None
</Directory>

׷ 밡ϵ 丮 ϰ .htaccess .

top

⺻ ִ ȣϱ

ġ ⺻ ٿ ߸ ˰ִ. , Ϲ URL Ģ Ͽ ã ִٸ, Ư ġ ʴ Ŭ̾Ʈ 񽺵 ִ.

, Ʒ :

# cd /; ln -s / public_html
http://localhost/~root/ Ѵ

׷ Ŭ̾Ʈ ü Ͻý ƴٴ ִ. ̸ ġ Ѵ:

<Directory />
Order Deny,Allow
Deny from all
</Directory>

׷ Ͻý ġ ⺻ źεȴ. ϴ ֵ Directory ߰Ѵ.

<Directory /usr/users/*/public_html>
Order Deny,Allow
Allow from all
</Directory>
<Directory /usr/local/httpd>
Order Deny,Allow
Allow from all
</Directory>

Location Directory þ ϴ Ư Ǹ ←. , <Directory /> źϴ <Location /> þ ̸ ִ

UserDir þ ϴ 쿡 ϶. þ "./" ϸ root ڿ ٷ ߻Ѵ. ġ 1.3 ̻ Ѵٸ Ͽ Ʒ ߰ϱ Ѵ:

UserDir disabled root

top

α 캸

־ ִ ˷ α Ѵ. α ̹ Ͼ ϸ ,  ־ ˷ְ ʿ ŭ Ȯϰ ش.

:

grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log
grep "client denied" error_log | tail -n 10

ù° ߸ Source.JSP û ˾Ƴ ִ Tomcat ̿Ϸ Ƚ ˷ְ, ι° źε ֱ Ŭ̾Ʈ 10 ش:

[Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied by server configuration: /usr/local/apache/htdocs/.htpasswd

α ̹ ߻ Ǹ Ѵ. ׷ Ŭ̾Ʈ .htpasswd Ͽ ־ٸ α ̴:

foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"

, Ͽ κ ּó ̴:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
<Files>

misc/tutorials.html100644 0 0 23462 11074463123 12104 0ustar 0 0 Apache Tutorials - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Tutorials

Warning:

This document has not been fully updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

The following documents give you step-by-step instructions on how to accomplish common tasks with the Apache HTTP server. Many of these documents are located at external sites and are not the work of the Apache Software Foundation. Copyright to documents on external sites is owned by the authors or their assignees. Please consult the official Apache Server documentation to verify what you read on external sites.

top

Installation & Getting Started

top

Basic Configuration

top

Security

top

Logging

top

CGI and SSI

top

Other Features

If you have a pointer to an accurate and well-written tutorial not included here, please let us know by submitting it to the Apache Bug Database.

mod/beos.html100644 0 0 13461 11074463123 10630 0ustar 0 0 beos - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ MPM beos

ֽ ƴմϴ. ֱٿ ϼ.
:BeOS ȭ ó .
:MPM
:mpm_beos_module
ҽ:beos.c

ó (MPM) BeOS ⺻ Ѵ. μ û ó .

top

MaxRequestsPerThread þ

: 尡 ϴ ó û Ѱ
:MaxRequestsPerThread number
⺻:MaxRequestsPerThread 0
:ּ
:MPM
:beos

MaxRequestsPerThread þ 尡 ó û Ѵ. MaxRequestsPerThread û ó ״´. MaxRequestsPerThread 0̸ 带 ʴ´.

MaxRequestsPerThread 0 ƴ ϸ ΰ ִ:

  • (쿬 ߻) ޸ (memory leakage) 尡 ޸𸮷 Ѵ;
  • Ͽ ϰ Ҷ δ.

:

KeepAlive û ù° û . ׷ þ ϰ ȴ.

mod/core.html100644 0 0 532576 11074463123 10665 0ustar 0 0 core - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Core Features

Description:Core Apache HTTP Server features that are always available
Status:Core
top

AcceptPathInfo Directive

Description:Resources accept trailing pathname information
Syntax:AcceptPathInfo On|Off|Default
Default:AcceptPathInfo Default
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in Apache 2.0.30 and later

This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.

For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO.

The three possible arguments for the AcceptPathInfo directive are:

Off
A request will only be accepted if it maps to a literal path that exists. Therefore a request with trailing pathname information after the true filename such as /test/here.html/more in the above example will return a 404 NOT FOUND error.
On
A request will be accepted if a leading path component maps to a file that exists. The above example /test/here.html/more will be accepted if /test/here.html maps to a valid file.
Default
The treatment of requests with trailing pathname information is determined by the handler responsible for the request. The core handler for normal files defaults to rejecting PATH_INFO requests. Handlers that serve scripts, such as cgi-script and isapi-handler, generally accept PATH_INFO by default.

The primary purpose of the AcceptPathInfo directive is to allow you to override the handler's choice of accepting or rejecting PATH_INFO. This override is required, for example, when you use a filter, such as INCLUDES, to generate content based on PATH_INFO. The core handler would usually reject the request, so you can use the following configuration to enable such a script:

<Files "mypaths.shtml">
Options +Includes
SetOutputFilter INCLUDES
AcceptPathInfo On
 </Files>

top

AccessFileName Directive

Description:Name of the distributed configuration file
Syntax:AccessFileName filename [filename] ...
Default:AccessFileName .htaccess
Context:server config, virtual host
Status:Core
Module:core

While processing a request the server looks for the first existing configuration file from this list of names in every directory of the path to the document, if distributed configuration files are enabled for that directory. For example:

AccessFileName .acl

before returning the document /usr/local/web/index.html, the server will read /.acl, /usr/.acl, /usr/local/.acl and /usr/local/web/.acl for directives, unless they have been disabled with

<Directory />
AllowOverride None
 </Directory>

See also

top

AddDefaultCharset Directive

Description:Default charset parameter to be added when a response content-type is text/plain or text/html
Syntax:AddDefaultCharset On|Off|charset
Default:AddDefaultCharset Off
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

This directive specifies a default value for the media type charset parameter (the name of a character encoding) to be added to a response if and only if the response's content-type is either text/plain or text/html. This should override any charset specified in the body of the response via a META element, though the exact behavior is often dependent on the user's client configuration. A setting of AddDefaultCharset Off disables this functionality. AddDefaultCharset On enables a default charset of iso-8859-1. Any other value is assumed to be the charset to be used, which should be one of the IANA registered charset values for use in MIME media types. For example:

AddDefaultCharset utf-8

AddDefaultCharset should only be used when all of the text resources to which it applies are known to be in that character encoding and it is too inconvenient to label their charset individually. One such example is to add the charset parameter to resources containing generated content, such as legacy CGI scripts, that might be vulnerable to cross-site scripting attacks due to user-provided data being included in the output. Note, however, that a better solution is to just fix (or delete) those scripts, since setting a default charset does not protect users that have enabled the "auto-detect character encoding" feature on their browser.

See also

top

AddOutputFilterByType Directive

Description:assigns an output filter to a particular MIME-type
Syntax:AddOutputFilterByType filter[;filter...] MIME-type [MIME-type] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in Apache 2.0.33 and later

This directive activates a particular output filter for a request depending on the response MIME-type.

The following example uses the DEFLATE filter, which is provided by mod_deflate. It will compress all output (either static or dynamic) which is labeled as text/html or text/plain before it is sent to the client.

AddOutputFilterByType DEFLATE text/html text/plain

If you want the content to be processed by more than one filter, their names have to be separated by semicolons. It's also possible to use one AddOutputFilterByType directive for each of these filters.

The configuration below causes all script output labeled as text/html to be processed at first by the INCLUDES filter and then by the DEFLATE filter.

<Location /cgi-bin/>
Options Includes
AddOutputFilterByType INCLUDES;DEFLATE text/html
 </Location>

Note

Enabling filters with AddOutputFilterByType may fail partially or completely in some cases. For example, no filters are applied if the MIME-type could not be determined and falls back to the DefaultType setting, even if the DefaultType is the same.

However, if you want to make sure, that the filters will be applied, assign the content type to a resource explicitly, for example with AddType or ForceType. Setting the content type within a (non-nph) CGI script is also safe.

The by-type output filters are never applied on proxy requests.

See also

top

AllowEncodedSlashes Directive

Description:Determines whether encoded path separators in URLs are allowed to be passed through
Syntax:AllowEncodedSlashes On|Off
Default:AllowEncodedSlashes Off
Context:server config, virtual host
Status:Core
Module:core
Compatibility:Available in Apache 2.0.46 and later

The AllowEncodedSlashes directive allows URLs which contain encoded path separators (%2F for / and additionally %5C for \ on according systems) to be used. Normally such URLs are refused with a 404 (Not found) error.

Turning AllowEncodedSlashes On is mostly useful when used in conjunction with PATH_INFO.

Note

Allowing encoded slashes does not imply decoding. Occurrences of %2F or %5C (only on according systems) will be left as such in the otherwise decoded URL string.

See also

top

AllowOverride Directive

Description:Types of directives that are allowed in .htaccess files
Syntax:AllowOverride All|None|directive-type [directive-type] ...
Default:AllowOverride All
Context:directory
Status:Core
Module:core

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier configuration directives.

Only available in <Directory> sections

AllowOverride is valid only in <Directory> sections specified without regular expressions, not in <Location>, <DirectoryMatch> or <Files> sections.

When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.

When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.

The directive-type can be one of the following groupings of directives.

AuthConfig
Allow use of the authorization directives (AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, etc.).
FileInfo
Allow use of the directives controlling document types (DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, and mod_mime Add* and Remove* directives, etc.).
Indexes
Allow use of the directives controlling directory indexing (AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.).
Limit
Allow use of the directives controlling host access (Allow, Deny and Order).
Options
Allow use of the directives controlling specific directory features (Options and XBitHack).

Example:

AllowOverride AuthConfig Indexes

In the example above all directives that are neither in the group AuthConfig nor Indexes cause an internal server error.

See also

top

AuthName Directive

Description:Authorization realm for use in HTTP authentication
Syntax:AuthName auth-domain
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.

For example:

AuthName "Top Secret"

The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

See also

top

AuthType Directive

Description:Type of user authentication
Syntax:AuthType Basic|Digest
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

This directive selects the type of user authentication for a directory. Only Basic and Digest are currently implemented. It must be accompanied by AuthName and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.

See also

top

CGIMapExtension Directive

Description:Technique for locating the interpreter for CGI scripts
Syntax:CGIMapExtension cgi-path .extension
Context:directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:NetWare only

This directive is used to control how Apache finds the interpreter used to run CGI scripts. For example, setting CGIMapExtension sys:\foo.nlm .foo will cause all CGI script files with a .foo extension to be passed to the FOO interpreter.

top

ContentDigest Directive

Description:Enables the generation of Content-MD5 HTTP Response headers
Syntax:ContentDigest On|Off
Default:ContentDigest Off
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Core
Module:core

This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068.

MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.

The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit. Example header:

Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==

Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).

Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.

top

DefaultType Directive

Description:MIME content-type that will be sent if the server cannot determine a type in any other way
Syntax:DefaultType MIME-type
Default:DefaultType text/plain
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

There will be times when the server is asked to provide a document whose type cannot be determined by its MIME types mappings.

The server must inform the client of the content-type of the document, so in the event of an unknown type it uses the DefaultType. For example:

DefaultType image/gif

would be appropriate for a directory which contained many GIF images with filenames missing the .gif extension.

Note that unlike ForceType, this directive only provides the default mime-type. All other mime-type definitions, including filename extensions, that might identify the media type will override this default.

top

<Directory> Directive

Description:Enclose a group of directives that apply only to the named file-system directory and sub-directories
Syntax:<Directory directory-path> ... </Directory>
Context:server config, virtual host
Status:Core
Module:core

<Directory> and </Directory> are used to enclose a group of directives that will apply only to the named directory and sub-directories of that directory. Any directive that is allowed in a directory context may be used. Directory-path is either the full path to a directory, or a wild-card string using Unix shell-style matching. In a wild-card string, ? matches any single character, and * matches any sequences of characters. You may also use [] character ranges. None of the wildcards match a `/' character, so <Directory /*/public_html> will not match /home/user/public_html, but <Directory /home/*/public_html> will match. Example:

<Directory /usr/local/httpd/htdocs>
Options Indexes FollowSymLinks
 </Directory>

Be careful with the directory-path arguments: They have to literally match the filesystem path which Apache uses to access the files. Directives applied to a particular <Directory> will not apply to files accessed from that same directory via a different path, such as via different symbolic links.

Extended regular expressions can also be used, with the addition of the ~ character. For example:

<Directory ~ "^/www/.*/[0-9]{3}">

would match directories in /www/ that consisted of three numbers.

If multiple (non-regular expression) <Directory> sections match the directory (or one of its parents) containing a document, then the directives are applied in the order of shortest match first, interspersed with the directives from the .htaccess files. For example, with

<Directory />
AllowOverride None
 </Directory>

<Directory /home/>
AllowOverride FileInfo
 </Directory>

for access to the document /home/web/dir/doc.html the steps are:

  • Apply directive AllowOverride None (disabling .htaccess files).
  • Apply directive AllowOverride FileInfo (for directory /home).
  • Apply any FileInfo directives in /home/.htaccess, /home/web/.htaccess and /home/web/dir/.htaccess in that order.

Regular expressions are not considered until after all of the normal sections have been applied. Then all of the regular expressions are tested in the order they appeared in the configuration file. For example, with

<Directory ~ abc$>
# ... directives here ...
 </Directory>

the regular expression section won't be considered until after all normal <Directory>s and .htaccess files have been applied. Then the regular expression will match on /home/abc/public_html/abc and the corresponding <Directory> will be applied.

Note that the default Apache access for <Directory /> is Allow from All. This means that Apache will serve any file mapped from an URL. It is recommended that you change this with a block such as

<Directory />
Order Deny,Allow
Deny from All
 </Directory>

and then override this for directories you want accessible. See the Security Tips page for more details.

The directory sections occur in the httpd.conf file. <Directory> directives cannot nest, and cannot appear in a <Limit> or <LimitExcept> section.

See also

top

<DirectoryMatch> Directive

Description:Enclose directives that apply to file-system directories matching a regular expression and their subdirectories
Syntax:<DirectoryMatch regex> ... </DirectoryMatch>
Context:server config, virtual host
Status:Core
Module:core

<DirectoryMatch> and </DirectoryMatch> are used to enclose a group of directives which will apply only to the named directory and sub-directories of that directory, the same as <Directory>. However, it takes as an argument a regular expression. For example:

<DirectoryMatch "^/www/(.+/)?[0-9]{3}">

would match directories in /www/ that consisted of three numbers.

See also

top

DocumentRoot Directive

Description:Directory that forms the main document tree visible from the web
Syntax:DocumentRoot directory-path
Default:DocumentRoot /usr/local/apache/htdocs
Context:server config, virtual host
Status:Core
Module:core

This directive sets the directory from which httpd will serve files. Unless matched by a directive like Alias, the server appends the path from the requested URL to the document root to make the path to the document. Example:

DocumentRoot /usr/web

then an access to http://www.my.host.com/index.html refers to /usr/web/index.html.

The DocumentRoot should be specified without a trailing slash.

See also

top

EnableMMAP Directive

Description:Use memory-mapping to read files during delivery
Syntax:EnableMMAP On|Off
Default:EnableMMAP On
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

This directive controls whether the httpd may use memory-mapping if it needs to read the contents of a file during delivery. By default, when the handling of a request requires access to the data within a file -- for example, when delivering a server-parsed file using mod_include -- Apache memory-maps the file if the OS supports it.

This memory-mapping sometimes yields a performance improvement. But in some environments, it is better to disable the memory-mapping to prevent operational problems:

  • On some multiprocessor systems, memory-mapping can reduce the performance of the httpd.
  • With an NFS-mounted DocumentRoot, the httpd may crash due to a segmentation fault if a file is deleted or truncated while the httpd has it memory-mapped.

For server configurations that are vulnerable to these problems, you should disable memory-mapping of delivered files by specifying:

EnableMMAP Off

For NFS mounted files, this feature may be disabled explicitly for the offending files by specifying:

<Directory "/path-to-nfs-files"> EnableMMAP Off </Directory>

top

EnableSendfile Directive

Description:Use the kernel sendfile support to deliver files to the client
Syntax:EnableSendfile On|Off
Default:EnableSendfile On
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in version 2.0.44 and later

This directive controls whether httpd may use the sendfile support from the kernel to transmit file contents to the client. By default, when the handling of a request requires no access to the data within a file -- for example, when delivering a static file -- Apache uses sendfile to deliver the file contents without ever reading the file if the OS supports it.

This sendfile mechanism avoids separate read and send operations, and buffer allocations. But on some platforms or within some filesystems, it is better to disable this feature to avoid operational problems:

  • Some platforms may have broken sendfile support that the build system did not detect, especially if the binaries were built on another box and moved to such a machine with broken sendfile support.
  • On Linux the use of sendfile triggers TCP-checksum offloading bugs on certain networking cards when using IPv6.
  • With a network-mounted DocumentRoot (e.g., NFS or SMB), the kernel may be unable to serve the network file through its own cache.

For server configurations that are vulnerable to these problems, you should disable this feature by specifying:

EnableSendfile Off

For NFS or SMB mounted files, this feature may be disabled explicitly for the offending files by specifying:

<Directory "/path-to-nfs-files"> EnableSendfile Off </Directory>

top

ErrorDocument Directive

Description:What the server will return to the client in case of an error
Syntax:ErrorDocument error-code document
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Quoting syntax for text messages is different in Apache 2.0

In the event of a problem or error, Apache can be configured to do one of four things,

  1. output a simple hardcoded error message
  2. output a customized message
  3. redirect to a local URL-path to handle the problem/error
  4. redirect to an external URL to handle the problem/error

The first option is the default, while options 2-4 are configured using the ErrorDocument directive, which is followed by the HTTP response code and a URL or a message. Apache will sometimes offer additional information regarding the problem/error.

URLs can begin with a slash (/) for local web-paths (relative to the DocumentRoot), or be a full URL which the client can resolve. Alternatively, a message can be provided to be displayed by the browser. Examples:

ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can't allow you access today"

Additionally, the special value default can be used to specify Apache's simple hardcoded message. While not required under normal circumstances, default will restore Apache's simple hardcoded message for configurations that would otherwise inherit an existing ErrorDocument.

ErrorDocument 404 /cgi-bin/bad_urls.pl

<Directory /web/docs>
ErrorDocument 404 default
 </Directory>

Note that when you specify an ErrorDocument that points to a remote URL (ie. anything with a method such as http in front of it), Apache will send a redirect to the client to tell it where to find the document, even if the document ends up being on the same server. This has several implications, the most important being that the client will not receive the original error status code, but instead will receive a redirect status code. This in turn can confuse web robots and other clients which try to determine if a URL is valid using the status code. In addition, if you use a remote URL in an ErrorDocument 401, the client will not know to prompt the user for a password since it will not receive the 401 status code. Therefore, if you use an ErrorDocument 401 directive then it must refer to a local document.

Microsoft Internet Explorer (MSIE) will by default ignore server-generated error messages when they are "too small" and substitute its own "friendly" error messages. The size threshold varies depending on the type of error, but in general, if you make your error document greater than 512 bytes, then MSIE will show the server-generated error rather than masking it. More information is available in Microsoft Knowledge Base article Q294807.

Although most error messages can be overriden, there are certain circumstances where the internal messages are used regardless of the setting of ErrorDocument. In particular, if a malformed request is detected, normal request processing will be immediately halted and the internal error message returned. This is necessary to guard against security problems caused by bad requests.

Prior to version 2.0, messages were indicated by prefixing them with a single unmatched double quote character.

See also

top

ErrorLog Directive

Description:Location where the server will log errors
Syntax: ErrorLog file-path|syslog[:facility]
Default:ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)
Context:server config, virtual host
Status:Core
Module:core

The ErrorLog directive sets the name of the file to which the server will log any errors it encounters. If the file-path is not absolute then it is assumed to be relative to the ServerRoot.

Example

ErrorLog /var/log/httpd/error_log

If the file-path begins with a pipe (|) then it is assumed to be a command to spawn to handle the error log.

Example

ErrorLog "|/usr/local/bin/httpd_errors"

Using syslog instead of a filename enables logging via syslogd(8) if the system supports it. The default is to use syslog facility local7, but you can override this by using the syslog:facility syntax where facility can be one of the names usually documented in syslog(1).

Example

ErrorLog syslog:user

SECURITY: See the security tips document for details on why your security could be compromised if the directory where log files are stored is writable by anyone other than the user that starts the server.

Note

When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.

See also

top

FileETag Directive

Description:File attributes used to create the ETag HTTP response header
Syntax:FileETag component ...
Default:FileETag INode MTime Size
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

The FileETag directive configures the file attributes that are used to create the ETag (entity tag) response header field when the document is based on a file. (The ETag value is used in cache management to save network bandwidth.) In Apache 1.3.22 and earlier, the ETag value was always formed from the file's inode, size, and last-modified time (mtime). The FileETag directive allows you to choose which of these -- if any -- should be used. The recognized keywords are:

INode
The file's i-node number will be included in the calculation
MTime
The date and time the file was last modified will be included
Size
The number of bytes in the file will be included
All
All available fields will be used. This is equivalent to:

FileETag INode MTime Size

None
If a document is file-based, no ETag field will be included in the response

The INode, MTime, and Size keywords may be prefixed with either + or -, which allow changes to be made to the default setting inherited from a broader scope. Any keyword appearing without such a prefix immediately and completely cancels the inherited setting.

If a directory's configuration includes FileETag INode MTime Size, and a subdirectory's includes FileETag -INode, the setting for that subdirectory (which will be inherited by any sub-subdirectories that don't override it) will be equivalent to FileETag MTime Size.

top

<Files> Directive

Description:Contains directives that apply to matched filenames
Syntax:<Files filename> ... </Files>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <Files> directive limits the scope of the enclosed directives by filename. It is comparable to the <Directory> and <Location> directives. It should be matched with a </Files> directive. The directives given within this section will be applied to any object with a basename (last component of filename) matching the specified filename. <Files> sections are processed in the order they appear in the configuration file, after the <Directory> sections and .htaccess files are read, but before <Location> sections. Note that <Files> can be nested inside <Directory> sections to restrict the portion of the filesystem they apply to.

The filename argument should include a filename, or a wild-card string, where ? matches any single character, and * matches any sequences of characters. Extended regular expressions can also be used, with the addition of the ~ character. For example:

<Files ~ "\.(gif|jpe?g|png)$">

would match most common Internet graphics formats. <FilesMatch> is preferred, however.

Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside .htaccess files. This allows users to control access to their own files, at a file-by-file level.

See also

top

<FilesMatch> Directive

Description:Contains directives that apply to regular-expression matched filenames
Syntax:<FilesMatch regex> ... </FilesMatch>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <FilesMatch> directive limits the scope of the enclosed directives by filename, just as the <Files> directive does. However, it accepts a regular expression. For example:

<FilesMatch "\.(gif|jpe?g|png)$">

would match most common Internet graphics formats.

See also

top

ForceType Directive

Description:Forces all matching files to be served with the specified MIME content-type
Syntax:ForceType MIME-type|None
Context:directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Moved to the core in Apache 2.0

When placed into an .htaccess file or a <Directory>, or <Location> or <Files> section, this directive forces all matching files to be served with the content type identification given by MIME-type. For example, if you had a directory full of GIF files, but did not want to label them all with .gif, you might want to use:

ForceType image/gif

Note that unlike DefaultType, this directive overrides all mime-type associations, including filename extensions, that might identify the media type.

You can override any ForceType setting by using the value of None:

# force all files to be image/gif:
<Location /images>
ForceType image/gif
 </Location>

# but normal mime-type associations here:
<Location /images/mixed>
ForceType None
 </Location>

top

HostnameLookups Directive

Description:Enables DNS lookups on client IP addresses
Syntax:HostnameLookups On|Off|Double
Default:HostnameLookups Off
Context:server config, virtual host, directory
Status:Core
Module:core

This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). The value Double refers to doing double-reverse DNS lookup. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the IP addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called PARANOID.)

Regardless of the setting, when mod_access is used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you set HostnameLookups Double. For example, if only HostnameLookups On and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.

The default is Off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive Off, since DNS lookups can take considerable amounts of time. The utility logresolve, compiled by default to the bin subdirectory of your installation directory, can be used to look up host names from logged IP addresses offline.

top

IdentityCheck Directive

Description:Enables logging of the RFC1413 identity of the remote user
Syntax:IdentityCheck On|Off
Default:IdentityCheck Off
Context:server config, virtual host, directory
Status:Core
Module:core

This directive enables RFC1413-compliant logging of the remote user name for each connection, where the client machine runs identd or something similar. This information is logged in the access log.

The information should not be trusted in any way except for rudimentary usage tracking.

Note that this can cause serious latency problems accessing your server since every request requires one of these lookups to be performed. When firewalls are involved each lookup might possibly fail and add 30 seconds of latency to each hit. So in general this is not very useful on public servers accessible from the Internet.

top

<IfDefine> Directive

Description:Encloses directives that will be processed only if a test is true at startup
Syntax:<IfDefine [!]parameter-name> ... </IfDefine>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <IfDefine test>...</IfDefine> section is used to mark directives that are conditional. The directives within an <IfDefine> section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.

The test in the <IfDefine> section directive can be one of two forms:

  • parameter-name
  • !parameter-name

In the former case, the directives between the start and end markers are only processed if the parameter named parameter-name is defined. The second format reverses the test, and only processes the directives if parameter-name is not defined.

The parameter-name argument is a define as given on the httpd command line via -Dparameter- , at the time the server was started.

<IfDefine> sections are nest-able, which can be used to implement simple multiple-parameter tests. Example:

httpd -DReverseProxy ...

# httpd.conf
<IfDefine ReverseProxy>
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/libproxy.so
 </IfDefine>

top

<IfModule> Directive

Description:Encloses directives that are processed conditional on the presence or absence of a specific module
Syntax:<IfModule [!]module-name> ... </IfModule>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <IfModule test>...</IfModule> section is used to mark directives that are conditional on the presence of a specific module. The directives within an <IfModule> section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.

The test in the <IfModule> section directive can be one of two forms:

  • module name
  • !module name

In the former case, the directives between the start and end markers are only processed if the module named module name is included in Apache -- either compiled in or dynamically loaded using LoadModule. The second format reverses the test, and only processes the directives if module name is not included.

The module name argument is the file name of the module, at the time it was compiled. For example, mod_rewrite.c. If a module consists of several source files, use the name of the file containing the string STANDARD20_MODULE_STUFF.

<IfModule> sections are nest-able, which can be used to implement simple multiple-module tests.

This section should only be used if you need to have one configuration file that works whether or not a specific module is available. In normal operation, directives need not be placed in <IfModule> sections.
top

Include Directive

Description:Includes other configuration files from within the server configuration files
Syntax:Include file-path|directory-path
Context:server config, virtual host, directory
Status:Core
Module:core
Compatibility:Wildcard matching available in 2.0.41 and later

This directive allows inclusion of other configuration files from within the server configuration files.

Shell-style (fnmatch()) wildcard characters can be used to include several files at once, in alphabetical order. In addition, if Include points to a directory, rather than a file, Apache will read all files in that directory and any subdirectory. But including entire directories is not recommended, because it is easy to accidentally leave temporary files in a directory that can cause httpd to fail.

The file path specified may be an absolute path, or may be relative to the ServerRoot directory.

Examples:

Include /usr/local/apache2/conf/ssl.conf
Include /usr/local/apache2/conf/vhosts/*.conf

Or, providing paths relative to your ServerRoot directory:

Include conf/ssl.conf
Include conf/vhosts/*.conf

Running apachectl configtest will give you a list of the files that are being processed during the configuration check:

root@host# apachectl configtest
Processing config file: /usr/local/apache2/conf/ssl.conf
Processing config file: /usr/local/apache2/conf/vhosts/vhost1.conf
Processing config file: /usr/local/apache2/conf/vhosts/vhost2.conf
Syntax OK

See also

top

KeepAlive Directive

Description:Enables HTTP persistent connections
Syntax:KeepAlive On|Off
Default:KeepAlive On
Context:server config, virtual host
Status:Core
Module:core

The Keep-Alive extension to HTTP/1.0 and the persistent connection feature of HTTP/1.1 provide long-lived HTTP sessions which allow multiple requests to be sent over the same TCP connection. In some cases this has been shown to result in an almost 50% speedup in latency times for HTML documents with many images. To enable Keep-Alive connections, set KeepAlive On.

For HTTP/1.0 clients, Keep-Alive connections will only be used if they are specifically requested by a client. In addition, a Keep-Alive connection with an HTTP/1.0 client can only be used when the length of the content is known in advance. This implies that dynamic content such as CGI output, SSI pages, and server-generated directory listings will generally not use Keep-Alive connections to HTTP/1.0 clients. For HTTP/1.1 clients, persistent connections are the default unless otherwise specified. If the client requests it, chunked encoding will be used in order to send content of unknown length over persistent connections.

See also

top

KeepAliveTimeout Directive

Description:Amount of time the server will wait for subsequent requests on a persistent connection
Syntax:KeepAliveTimeout seconds
Default:KeepAliveTimeout 15
Context:server config, virtual host
Status:Core
Module:core

The number of seconds Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the Timeout directive applies.

Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.

top

<Limit> Directive

Description:Restrict enclosed access controls to only certain HTTP methods
Syntax:<Limit method [method] ... > ... </Limit>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Access controls are normally effective for all access methods, and this is the usual desired behavior. In the general case, access control directives should not be placed within a <Limit> section.

The purpose of the <Limit> directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket will have no effect. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected:

<Limit POST PUT DELETE>
Require valid-user
 </Limit>

The method names listed can be one or more of: GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests. The TRACE method cannot be limited.

A <LimitExcept> section should always be used in preference to a <Limit> section when restricting access, since a <LimitExcept> section provides protection against arbitrary methods.
top

<LimitExcept> Directive

Description:Restrict access controls to all HTTP methods except the named ones
Syntax:<LimitExcept method [method] ... > ... </LimitExcept>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

<LimitExcept> and </LimitExcept> are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the arguments; i.e., it is the opposite of a <Limit> section and can be used to control both standard and nonstandard/unrecognized methods. See the documentation for <Limit> for more details.

For example:

<LimitExcept POST GET>
Require valid-user
 </LimitExcept>

top

LimitInternalRecursion Directive

Description:Determine maximum number of internal redirects and nested subrequests
Syntax:LimitInternalRecursion number [number]
Default:LimitInternalRecursion 10
Context:server config, virtual host
Status:Core
Module:core
Compatibility:Available in Apache 2.0.47 and later

An internal redirect happens, for example, when using the Action directive, which internally redirects the original request to a CGI script. A subrequest is Apache's mechanism to find out what would happen for some URI if it were requested. For example, mod_dir uses subrequests to look for the files listed in the DirectoryIndex directive.

LimitInternalRecursion prevents the server from crashing when entering an infinite loop of internal redirects or subrequests. Such loops are usually caused by misconfigurations.

The directive stores two different limits, which are evaluated on per-request basis. The first number is the maximum number of internal redirects, that may follow each other. The second number determines, how deep subrequests may be nested. If you specify only one number, it will be assigned to both limits.

Example

LimitInternalRecursion 5

top

LimitRequestBody Directive

Description:Restricts the total size of the HTTP request body sent from the client
Syntax:LimitRequestBody bytes
Default:LimitRequestBody 0
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

This directive specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body.

The LimitRequestBody directive allows the user to set a limit on the allowed size of an HTTP request message body within the context in which the directive is given (server, per-directory, per-file or per-location). If the client request exceeds that limit, the server will return an error response instead of servicing the request. The size of a normal request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. CGI scripts typically use the message body for retrieving form information. Implementations of the PUT method will require a value at least as large as any representation that the server wishes to accept for that resource.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

If, for example, you are permitting file upload to a particular location, and wish to limit the size of the uploaded file to 100K, you might use the following directive:

LimitRequestBody 102400

top

LimitRequestFields Directive

Description:Limits the number of HTTP request header fields that will be accepted from the client
Syntax:LimitRequestFields number
Default:LimitRequestFields 100
Context:server config
Status:Core
Module:core

Number is an integer from 0 (meaning unlimited) to 32767. The default value is defined by the compile-time constant DEFAULT_LIMIT_REQUEST_FIELDS (100 as distributed).

The LimitRequestFields directive allows the server administrator to modify the limit on the number of request header fields allowed in an HTTP request. A server needs this value to be larger than the number of fields that a normal client request might include. The number of request header fields used by a client rarely exceeds 20, but this may vary among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. Optional HTTP extensions are often expressed using request header fields.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.

For example:

LimitRequestFields 50

top

LimitRequestFieldSize Directive

Description:Limits the size of the HTTP request header allowed from the client
Syntax:LimitRequestFieldsize bytes
Default:LimitRequestFieldsize 8190
Context:server config
Status:Core
Module:core

This directive specifies the number of bytes that will be allowed in an HTTP request header.

The LimitRequestFieldSize directive allows the server administrator to reduce or increase the limit on the allowed size of an HTTP request header field. A server needs this value to be large enough to hold any one header field from a normal client request. The size of a normal request header field will vary greatly among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. SPNEGO authentication headers can be up to 12392 bytes.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

For example:

LimitRequestFieldSize 4094

Under normal conditions, the value should not be changed from the default.
Apache 2.0.53 or higher is required for increasing the limit above the compiled-in value of DEFAULT_LIMIT_REQUEST_FIELDSIZE (8190 as distributed).
top

LimitRequestLine Directive

Description:Limit the size of the HTTP request line that will be accepted from the client
Syntax:LimitRequestLine bytes
Default:LimitRequestLine 8190
Context:server config
Status:Core
Module:core

This directive sets the number of bytes from 0 to the value of the compile-time constant DEFAULT_LIMIT_REQUEST_LINE (8190 as distributed) that will be allowed on the HTTP request-line.

The LimitRequestLine directive allows the server administrator to reduce the limit on the allowed size of a client's HTTP request-line below the normal input buffer size compiled with the server. Since the request-line consists of the HTTP method, URI, and protocol version, the LimitRequestLine directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

For example:

LimitRequestLine 4094

Under normal conditions, the value should not be changed from the default.
top

LimitXMLRequestBody Directive

Description:Limits the size of an XML-based request body
Syntax:LimitXMLRequestBody bytes
Default:LimitXMLRequestBody 1000000
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Limit (in bytes) on maximum size of an XML-based request body. A value of 0 will disable any checking.

Example:

LimitXMLRequestBody 0

top

<Location> Directive

Description:Applies the enclosed directives only to matching URLs
Syntax:<Location URL-path|URL> ... </Location>
Context:server config, virtual host
Status:Core
Module:core

The <Location> directive limits the scope of the enclosed directives by URL. It is similar to the <Directory> directive, and starts a subsection which is terminated with a </Location> directive. <Location> sections are processed in the order they appear in the configuration file, after the <Directory> sections and .htaccess files are read, and after the <Files> sections.

<Location> sections operate completely outside the filesystem. This has several consequences. Most importantly, <Location> directives should not be used to control access to filesystem locations. Since several different URLs may map to the same filesystem location, such access controls may by circumvented.

When to use <Location>

Use <Location> to apply directives to content that lives outside the filesystem. For content that lives in the filesystem, use <Directory> and <Files>. An exception is <Location />, which is an easy way to apply a configuration to the entire server.

For all origin (non-proxy) requests, the URL to be matched is a URL-path of the form /path/. No scheme, hostname, port, or query string may be included. For proxy requests, the URL to be matched is of the form scheme://servername/path, and you must include the prefix.

The URL may use wildcards. In a wild-card string, ? matches any single character, and * matches any sequences of characters.

Extended regular expressions can also be used, with the addition of the ~ character. For example:

<Location ~ "/(extra|special)/data">

would match URLs that contained the substring /extra/data or /special/data. The directive <LocationMatch> behaves identical to the regex version of <Location>.

The <Location> functionality is especially useful when combined with the SetHandler directive. For example, to enable status requests, but allow them only from browsers at foo.com, you might use:

<Location /status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from .foo.com
 </Location>

Note about / (slash)

The slash character has special meaning depending on where in a URL it appears. People may be used to its behavior in the filesystem where multiple adjacent slashes are frequently collapsed to a single slash (i.e., /home///foo is the same as /home/foo). In URL-space this is not necessarily true. The <LocationMatch> directive and the regex version of <Location> require you to explicitly specify multiple slashes if that is your intention.

For example, <LocationMatch ^/abc> would match the request URL /abc but not the request URL //abc. The (non-regex) <Location> directive behaves similarly when used for proxy requests. But when (non-regex) <Location> is used for non-proxy requests it will implicitly match multiple slashes with a single slash. For example, if you specify <Location /abc/def> and the request is to /abc//def then it will match.

See also

top

<LocationMatch> Directive

Description:Applies the enclosed directives only to regular-expression matching URLs
Syntax:<LocationMatch regex> ... </LocationMatch>
Context:server config, virtual host
Status:Core
Module:core

The <LocationMatch> directive limits the scope of the enclosed directives by URL, in an identical manner to <Location>. However, it takes a regular expression as an argument instead of a simple string. For example:

<LocationMatch "/(extra|special)/data">

would match URLs that contained the substring /extra/data or /special/data.

See also

top

LogLevel Directive

Description:Controls the verbosity of the ErrorLog
Syntax:LogLevel level
Default:LogLevel warn
Context:server config, virtual host
Status:Core
Module:core

LogLevel adjusts the verbosity of the messages recorded in the error logs (see ErrorLog directive). The following levels are available, in order of decreasing significance:

Level Description Example
emerg Emergencies - system is unusable. "Child cannot open lock file. Exiting"
alert Action must be taken immediately. "getpwuid: couldn't determine user name from uid"
crit Critical Conditions. "socket: Failed to get a socket, exiting child"
error Error conditions. "Premature end of script headers"
warn Warning conditions. "child process 1234 did not exit, sending another SIGHUP"
notice Normal but significant condition. "httpd: caught SIGBUS, attempting to dump core in ..."
info Informational. "Server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers)..."
debug Debug-level messages "Opening config file ..."

When a particular level is specified, messages from all other levels of higher significance will be reported as well. E.g., when LogLevel info is specified, then messages with log levels of notice and warn will also be posted.

Using a level of at least crit is recommended.

For example:

LogLevel notice

Note

When logging to a regular file messages of the level notice cannot be suppressed and thus are always logged. However, this doesn't apply when logging is done using syslog.

top

MaxKeepAliveRequests Directive

Description:Number of requests allowed on a persistent connection
Syntax:MaxKeepAliveRequests number
Default:MaxKeepAliveRequests 100
Context:server config, virtual host
Status:Core
Module:core

The MaxKeepAliveRequests directive limits the number of requests allowed per connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed. We recommend that this setting be kept to a high value for maximum server performance.

For example:

MaxKeepAliveRequests 500

top

NameVirtualHost Directive

Description:Designates an IP address for name-virtual hosting
Syntax:NameVirtualHost addr[:port]
Context:server config
Status:Core
Module:core

The NameVirtualHost directive is a required directive if you want to configure name-based virtual hosts.

Although addr can be hostname it is recommended that you always use an IP address, e.g.

NameVirtualHost 111.22.33.44

With the NameVirtualHost directive you specify the IP address on which the server will receive requests for the name-based virtual hosts. This will usually be the address to which your name-based virtual host names resolve. In cases where a firewall or other proxy receives the requests and forwards them on a different IP address to the server, you must specify the IP address of the physical interface on the machine which will be servicing the requests. If you have multiple name-based hosts on multiple addresses, repeat the directive for each address.

Note

Note, that the "main server" and any _default_ servers will never be served for a request to a NameVirtualHost IP address (unless for some reason you specify NameVirtualHost but then don't define any VirtualHosts for that address).

Optionally you can specify a port number on which the name-based virtual hosts should be used, e.g.

NameVirtualHost 111.22.33.44:8080

IPv6 addresses must be enclosed in square brackets, as shown in the following example:

NameVirtualHost [2001:db8::a00:20ff:fea7:ccea]:8080

To receive requests on all interfaces, you can use an argument of *

NameVirtualHost *

Argument to <VirtualHost> directive

Note that the argument to the <VirtualHost> directive must exactly match the argument to the NameVirtualHost directive.

NameVirtualHost 1.2.3.4
<VirtualHost 1.2.3.4>
# ...
</VirtualHost>

See also

top

Options Directive

Description:Configures what features are available in a particular directory
Syntax:Options [+|-]option [[+|-]option] ...
Default:Options All
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Core
Module:core

The Options directive controls which server features are available in a particular directory.

option can be set to None, in which case none of the extra features are enabled, or one or more of the following:

All
All options except for MultiViews. This is the default setting.
ExecCGI
Execution of CGI scripts using mod_cgi is permitted.
FollowSymLinks
The server will follow symbolic links in this directory.

Even though the server follows the symlink it does not change the pathname used to match against <Directory> sections.

Note also, that this option gets ignored if set inside a <Location> section.

Includes
Server-side includes provided by mod_include are permitted.
IncludesNOEXEC
Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled. It is still possible to #include virtual CGI scripts from ScriptAliased directories.
Indexes
If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.
MultiViews
Content negotiated "MultiViews" are allowed using mod_negotiation.
SymLinksIfOwnerMatch
The server will only follow symbolic links for which the target file or directory is owned by the same user id as the link.

Note

This option gets ignored if set inside a <Location> section.

Normally, if multiple Options could apply to a directory, then the most specific one is used and others are ignored; the options are not merged. (See how sections are merged.) However if all the options on the Options directive are preceded by a + or - symbol, the options are merged. Any options preceded by a + are added to the options currently in force, and any options preceded by a - are removed from the options currently in force.

Warning

Mixing Options with a + or - with those without is not valid syntax, and is likely to cause unexpected results.

For example, without any + and - symbols:

<Directory /web/docs>
Options Indexes FollowSymLinks
 </Directory>

<Directory /web/docs/spec>
Options Includes
 </Directory>

then only Includes will be set for the /web/docs/spec directory. However if the second Options directive uses the + and - symbols:

<Directory /web/docs>
Options Indexes FollowSymLinks
 </Directory>

<Directory /web/docs/spec>
Options +Includes -Indexes
 </Directory>

then the options FollowSymLinks and Includes are set for the /web/docs/spec directory.

Note

Using -IncludesNOEXEC or -Includes disables server-side includes completely regardless of the previous setting.

The default in the absence of any other settings is All.

top

Require Directive

Description:Selects which authenticated users can access a resource
Syntax:Require entity-name [entity-name] ...
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

This directive selects which authenticated users can access a resource. The allowed syntaxes are:

Require user userid [userid] ...
Only the named users can access the resource.
Require group group-name [group-name] ...
Only users in the named groups can access the resource.
Require valid-user
All valid users can access the resource.

Require must be accompanied by AuthName and AuthType directives, and directives such as AuthUserFile and AuthGroupFile (to define users and groups) in order to work correctly. Example:

AuthType Basic
AuthName "Restricted Resource"
AuthUserFile /web/users
AuthGroupFile /web/groups
Require group admin

Access controls which are applied in this way are effective for all methods. This is what is normally desired. If you wish to apply access controls only to specific methods, while leaving other methods unprotected, then place the Require statement into a <Limit> section.

See also

top

RLimitCPU Directive

Description:Limits the CPU consumption of processes launched by Apache children
Syntax:RLimitCPU seconds|max [seconds|max]
Default:Unset; uses operating system defaults
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. Either parameter can be a number, or max to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs.

CPU resource limits are expressed in seconds per process.

See also

top

RLimitMEM Directive

Description:Limits the memory consumption of processes launched by Apache children
Syntax:RLimitMEM bytes|max [bytes|max]
Default:Unset; uses operating system defaults
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. Either parameter can be a number, or max to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs.

Memory resource limits are expressed in bytes per process.

See also

top

RLimitNPROC Directive

Description:Limits the number of processes that can be launched by processes launched by Apache children
Syntax:RLimitNPROC number|max [number|max]
Default:Unset; uses operating system defaults
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. Either parameter can be a number, or max to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs.

Process limits control the number of processes per user.

Note

If CGI processes are not running under user ids other than the web server user id, this directive will limit the number of processes that the server itself can create. Evidence of this situation will be indicated by cannot fork messages in the error_log.

See also

top

Satisfy Directive

Description:Interaction between host-level access control and user authentication
Syntax:Satisfy Any|All
Default:Satisfy All
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core
Compatibility:Influenced by <Limit> and <LimitExcept> in version 2.0.51 and later

Access policy if both Allow and Require used. The parameter can be either All or Any. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case the default behavior (All) is to require that the client passes the address access restriction and enters a valid username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password.

For example, if you wanted to let people on your network have unrestricted access to a portion of your website, but require that people outside of your network provide a password, you could use a configuration similar to the following:

Require valid-user
Allow from 192.168.1
Satisfy Any

Since version 2.0.51 Satisfy directives can be restricted to particular methods by <Limit> and <LimitExcept> sections.

See also

top

ScriptInterpreterSource Directive

Description:Technique for locating the interpreter for CGI scripts
Syntax:ScriptInterpreterSource Registry|Registry-Strict|Script
Default:ScriptInterpreterSource Script
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Win32 only; option Registry-Strict is available in Apache 2.0 and later

This directive is used to control how Apache finds the interpreter used to run CGI scripts. The default setting is Script. This causes Apache to use the interpreter pointed to by the shebang line (first line, starting with #!) in the script. On Win32 systems this line usually looks like:

#!C:/Perl/bin/perl.exe

or, if perl is in the PATH, simply:

#!perl

Setting ScriptInterpreterSource Registry will cause the Windows Registry tree HKEY_CLASSES_ROOT to be searched using the script file extension (e.g., .pl) as a search key. The command defined by the registry subkey Shell\ExecCGI\Command or, if it does not exist, by the subkey Shell\Open\Command is used to open the script file. If the registry keys cannot be found, Apache falls back to the behavior of the Script option.

Security

Be careful when using ScriptInterpreterSource Registry with ScriptAlias'ed directories, because Apache will try to execute every file within this directory. The Registry setting may cause undesired program calls on files which are typically not executed. For example, the default open command on .htm files on most Windows systems will execute Microsoft Internet Explorer, so any HTTP request for an .htm file existing within the script directory would start the browser in the background on the server. This is a good way to crash your system within a minute or so.

The option Registry-Strict which is new in Apache 2.0 does the same thing as Registry but uses only the subkey Shell\ExecCGI\Command. The ExecCGI key is not a common one. It must be configured manually in the windows registry and hence prevents accidental program calls on your system.

top

ServerAdmin Directive

Description:Email address that the server includes in error messages sent to the client
Syntax:ServerAdmin email-address
Context:server config, virtual host
Status:Core
Module:core

The ServerAdmin sets the e-mail address that the server includes in any error messages it returns to the client.

It may be worth setting up a dedicated address for this, e.g.

ServerAdmin www-admin@foo.example.com

as users do not always mention that they are talking about the server!

top

ServerAlias Directive

Description:Alternate names for a host used when matching requests to name-virtual hosts
Syntax:ServerAlias hostname [hostname] ...
Context:virtual host
Status:Core
Module:core

The ServerAlias directive sets the alternate names for a host, for use with name-based virtual hosts.

<VirtualHost *>
ServerName server.domain.com
ServerAlias server server2.domain.com server2
# ...
</VirtualHost>

See also

top

ServerName Directive

Description:Hostname and port that the server uses to identify itself
Syntax:ServerName fully-qualified-domain-name[:port]
Context:server config, virtual host
Status:Core
Module:core
Compatibility:In version 2.0, this directive supersedes the functionality of the Port directive from version 1.3.

The ServerName directive sets the hostname and port that the server uses to identify itself. This is used when creating redirection URLs. For example, if the name of the machine hosting the web server is simple.example.com, but the machine also has the DNS alias www.example.com and you wish the web server to be so identified, the following directive should be used:

ServerName www.example.com:80

If no ServerName is specified, then the server attempts to deduce the hostname by performing a reverse lookup on the IP address. If no port is specified in the ServerName, then the server will use the port from the incoming request. For optimal reliability and predictability, you should specify an explicit hostname and port using the ServerName directive.

If you are using name-based virtual hosts, the ServerName inside a <VirtualHost> section specifies what hostname must appear in the request's Host: header to match this virtual host.

See the description of the UseCanonicalName directive for settings which determine whether self-referential URL's (e.g., by the mod_dir module) will refer to the specified port, or to the port number given in the client's request.

See also

top

ServerPath Directive

Description:Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser
Syntax:ServerPath URL-path
Context:virtual host
Status:Core
Module:core

The ServerPath directive sets the legacy URL pathname for a host, for use with name-based virtual hosts.

See also

top

ServerRoot Directive

Description:Base directory for the server installation
Syntax:ServerRoot directory-path
Default:ServerRoot /usr/local/apache
Context:server config
Status:Core
Module:core

The ServerRoot directive sets the directory in which the server lives. Typically it will contain the subdirectories conf/ and logs/. Relative paths in other configuration directives (such as Include or LoadModule, for example) are taken as relative to this directory.

Example

ServerRoot /home/httpd

See also

top

ServerSignature Directive

Description:Configures the footer on server-generated documents
Syntax:ServerSignature On|Off|EMail
Default:ServerSignature Off
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents (error messages, mod_proxy ftp directory listings, mod_info output, ...). The reason why you would want to enable such a footer line is that in a chain of proxies, the user often has no possibility to tell which of the chained servers actually produced a returned error message.

The Off setting, which is the default, suppresses the footer line (and is therefore compatible with the behavior of Apache-1.2 and below). The On setting simply adds a line with the server version number and ServerName of the serving virtual host, and the EMail setting additionally creates a "mailto:" reference to the ServerAdmin of the referenced document.

After version 2.0.44, the details of the server version number presented are controlled by the ServerTokens directive.

See also

top

ServerTokens Directive

Description:Configures the Server HTTP response header
Syntax:ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
Default:ServerTokens Full
Context:server config
Status:Core
Module:core

This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

After version 2.0.44, this directive also controls the information presented by the ServerSignature directive.

See also

top

SetHandler Directive

Description:Forces all matching files to be processed by a handler
Syntax:SetHandler handler-name|None
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Moved into the core in Apache 2.0

When placed into an .htaccess file or a <Directory> or <Location> section, this directive forces all matching files to be parsed through the handler given by handler-name. For example, if you had a directory you wanted to be parsed entirely as imagemap rule files, regardless of extension, you might put the following into an .htaccess file in that directory:

SetHandler imap-file

Another example: if you wanted to have the server display a status report whenever a URL of http://servername/status was called, you might put the following into httpd.conf:

<Location /status>
SetHandler server-status
 </Location>

You can override an earlier defined SetHandler directive by using the value None.

See also

top

SetInputFilter Directive

Description:Sets the filters that will process client requests and POST input
Syntax:SetInputFilter filter[;filter...]
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

The SetInputFilter directive sets the filter or filters which will process client requests and POST input when they are received by the server. This is in addition to any filters defined elsewhere, including the AddInputFilter directive.

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content.

See also

top

SetOutputFilter Directive

Description:Sets the filters that will process responses from the server
Syntax:SetOutputFilter filter[;filter...]
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

The SetOutputFilter directive sets the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including the AddOutputFilter directive.

For example, the following configuration will process all files in the /www/data/ directory for server-side includes.

<Directory /www/data/>
SetOutputFilter INCLUDES
 </Directory>

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content.

See also

top

TimeOut Directive

Description:Amount of time the server will wait for certain events before failing a request
Syntax:TimeOut seconds
Default:TimeOut 300
Context:server config, virtual host
Status:Core
Module:core

The TimeOut directive currently defines the amount of time Apache will wait for three things:

  1. The total amount of time it takes to receive a GET request.
  2. The amount of time between receipt of TCP packets on a POST or PUT request.
  3. The amount of time between ACKs on transmissions of TCP packets in responses.

We plan on making these separately configurable at some point down the road. The timer used to default to 1200 before 1.2, but has been lowered to 300 which is still far more than necessary in most situations. It is not set any lower by default because there may still be odd places in the code where the timer is not reset when a packet is sent.

top

TraceEnable Directive

Description:Determines the behaviour on TRACE requests
Syntax:TraceEnable [on|off|extended]
Default:TraceEnable on
Context:server config
Status:Core
Module:core
Compatibility:Available in Apache 1.3.34, 2.0.55 and later

This directive overrides the behavior of TRACE for both the core server and mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, which disallows any request body to accompany the request. TraceEnable off causes the core server and mod_proxy to return a 405 (Method not allowed) error to the client.

Finally, for testing and diagnostic purposes only, request bodies may be allowed using the non-compliant TraceEnable extended directive. The core (as an origin server) will restrict the request body to 64k (plus 8k for chunk headers if Transfer-Encoding: chunked is used). The core will reflect the full headers and all chunk headers with the response body. As a proxy server, the request body is not restricted to 64k.

top

UseCanonicalName Directive

Description:Configures how the server determines its own name and port
Syntax:UseCanonicalName On|Off|DNS
Default:UseCanonicalName On
Context:server config, virtual host, directory
Status:Core
Module:core

In many situations Apache must construct a self-referential URL -- that is, a URL that refers back to the same server. With UseCanonicalName On Apache will use the hostname and port specified in the ServerName directive to construct the canonical name for the server. This name is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs.

With UseCanonicalName Off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the canonical name, as defined above). These values are the same that are used to implement name based virtual hosts, and are available with the same clients. The CGI variables SERVER_NAME and SERVER_PORT will be constructed from the client supplied values as well.

An example where this may be useful is on an intranet server where you have users connecting to the machine using short names such as www. You'll notice that if the users type a shortname, and a URL which is a directory, such as http://www/splat, without the trailing slash then Apache will redirect them to http://www.domain.com/splat/. If you have authentication enabled, this will cause the user to have to authenticate twice (once for www and once again for www.domain.com -- see the FAQ on this subject for more information). But if UseCanonicalName is set Off, then Apache will redirect to http://www/splat/.

There is a third option, UseCanonicalName DNS, which is intended for use with mass IP-based virtual hosting to support ancient clients that do not provide a Host: header. With this option Apache does a reverse DNS lookup on the server IP address that the client connected to in order to work out self-referential URLs.

Warning

If CGIs make assumptions about the values of SERVER_NAME they may be broken by this option. The client is essentially free to give whatever value they want as a hostname. But if the CGI is only using SERVER_NAME to construct self-referential URLs then it should be just fine.

See also

top

<VirtualHost> Directive

Description:Contains directives that apply only to a specific hostname or IP address
Syntax:<VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost>
Context:server config
Status:Core
Module:core

<VirtualHost> and </VirtualHost> are used to enclose a group of directives that will apply only to a particular virtual host. Any directive that is allowed in a virtual host context may be used. When the server receives a request for a document on a particular virtual host, it uses the configuration directives enclosed in the <VirtualHost> section. Addr can be:

  • The IP address of the virtual host;
  • A fully qualified domain name for the IP address of the virtual host;
  • The character *, which is used only in combination with NameVirtualHost * to match all IP addresses; or
  • The string _default_, which is used only with IP virtual hosting to catch unmatched IP addresses.

Example

<VirtualHost 10.1.2.3>
ServerAdmin webmaster@host.foo.com
DocumentRoot /www/docs/host.foo.com
ServerName host.foo.com
ErrorLog logs/host.foo.com-error_log
TransferLog logs/host.foo.com-access_log
 </VirtualHost>

IPv6 addresses must be specified in square brackets because the optional port number could not be determined otherwise. An IPv6 example is shown below:

<VirtualHost [2001:db8::a00:20ff:fea7:ccea]>
ServerAdmin webmaster@host.example.com
DocumentRoot /www/docs/host.example.com
ServerName host.example.com
ErrorLog logs/host.example.com-error_log
TransferLog logs/host.example.com-access_log
 </VirtualHost>

Each Virtual Host must correspond to a different IP address, different port number or a different host name for the server, in the former case the server machine must be configured to accept IP packets for multiple addresses. (If the machine does not have multiple network interfaces, then this can be accomplished with the ifconfig alias command -- if your OS supports it).

Note

The use of <VirtualHost> does not affect what addresses Apache listens on. You may need to ensure that Apache is listening on the correct addresses using Listen.

When using IP-based virtual hosting, the special name _default_ can be specified in which case this virtual host will match any IP address that is not explicitly listed in another virtual host. In the absence of any _default_ virtual host the "main" server config, consisting of all those definitions outside any VirtualHost section, is used when no IP-match occurs. (But note that any IP address that matches a NameVirtualHost directive will use neither the "main" server config nor the _default_ virtual host. See the name-based virtual hosting documentation for further details.)

You can specify a :port to change the port that is matched. If unspecified then it defaults to the same port as the most recent Listen statement of the main server. You may also specify :* to match all ports on that address. (This is recommended when used with _default_.)

Security

See the security tips document for details on why your security could be compromised if the directory where log files are stored is writable by anyone other than the user that starts the server.

See also

mod/directive-dict.html100644 0 0 27421 11074463123 12600 0ustar 0 0 þ ϴµ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

þ ϴµ

ġ þ ϴµ Ѵ.

top

(Description)

þ .

top

(Syntax)

Ͽ þ ˷ش. þ ſ ٸ, þ ڼ Ѵ. Ϲ þ ̸ ڿ ƱԸƮ ´. ƱԸƮ Ѵٸ ƱԸƮ ֵǥ Ѵ. ƱԸƮ ߰ȣ ´. ƱԸƮ ϳ "|" Ѵ. ڱ״ κ ⺻ ü , ü ƱԸƮ Ѵ. ƱԸƮ þ ƱԸƮ ݺ Ÿ "..." .

þ ſ پ ƱԸƮ ޴´. ϴ Ʒ .

URL
http://www.example.com/path/to/file.html Ŵ(scheme), ȣƮ, θ Uniform Resource Locator
URL-path
/path/to/file.html url Ŵ ȣƮ ڿ κ. url-path Ͻýۿ ƴ ڷḦ Ÿ.
file-path
/usr/local/apache/htdocs/path/to/file.html root 丮 ϴ Ͻýۻ . , file-path ServerRoot η Ѵ.
directory-path
/usr/local/apache/htdocs/path/to/ root 丮 ϴ Ͻýۻ 丮 .
filename
file.html ϸ.
regex
Perl ǥ(regular expression). þ regex ΰ ˻Ѵ.
extension
Ϲ filename ħǥ ڿ κ̴. ׷ ġ Ȯڸ ν ֱ⶧, filename ħǥ Ե ħǥ е κ Ȯ(extension) óѴ. , ϸ file.html.en .html .en̶ ΰ Ȯڸ . ġ þ extension տ ħǥ ־ ǰ  ȴ. , extension ҹڸ ʴ´.
MIME-type
text/html major format type minor format type Ͽ ϴ .
env-variable
ġ ȯ溯 ̸. ü ȯ溯 ٸ ϶. ڼ ȯ溯 ϶.
top

⺻ (Default)

þ ⺻ ִٸ ( , þ ġ Ѵ.) ׸ ´. ⺻ ٸ ׸ "None"̾ Ѵ. ⺻ Ե ⺻ httpd.conf þ ٸ ϶.

top

(Context)

þ ִ ˷ش. ǥ ̴:

ּ (server config)
þ Ͽ ( , httpd.conf) , <VirtualHost> <Directory> Ѵ. þ .htaccess Ͽ .
ȣƮ (virtual host)
þ <VirtualHost> ȿ Ѵ.
丮 (directory)
þ  Directory, Location, Files ϳ , <Directory>, <Location>, <Files> Ѵ.
.htaccess
þ 丮 .htaccess Ͽ Ѵ. þ ϴ overrides õ ִ.

þ ҿ ִ. ٸ ϸ ߻ϰ κп û ùٷ ó ϰų ۵, , ȵ ִ.

þ ִ Ҵ Ҹ Ҹ(boolean) OR ̴. , "server config, .htaccess" ϴٴ þ httpd.conf ϰ .htaccess Ͽ , <Directory> <VirtualHost> .

top

Override ɼ (Override)

þ .htaccess Ͽ Ϸ  override ɼ ؾ ϴ Ÿ. þ þ .htaccess Ͽ ٰ Ѵٸ  ҵ ʴ´.

Overrides AllowOverride þ ϰ, (丮 ) Ư ٸ AllowOverride þ ٸ ʾҴٸ ״ ȴ. þ 밡 override ̸ ´.

top

(Status)

þ ġ 󸶳 ִ Ÿ. , þ ϱ ٽ ʿ䰡 ִ. :

Core
þ "Core" ¸ , þ ġ ٽɺκп ϰ ׻ 밡 Ѵ.
MPM
"MPM" þ ó Ѵ. ̷ þ þ ŵ MPM ϳ Ҷ ϴ.
Base
⺻ ϵǹǷ ʾҴٸ Ϲ 밡 ǥ ġ ϴ þ "Base" ̴.
Extension
ġ Ե ϵʴ ϴ þ "Extension" ̴. ̷ þ Ϸ ϰ ġ ٽ ؾ Ѵ.
Experimental
"Experimental" þ ġ Ե, ڽ å Ÿ. þ ȭ, ٸ ִ. þ ϴ ⺻ ġ ϵ ȵ ִ. þ ϴ տ ִ .
top

(Module)

ܼ þ ҽ Ѵ.

top

(Compatibility)

þ ġ 2 Ϻΰ ƴϿٸ, þ ߰ϱ ´. ,  ÷ 밡 þ ´.

mod/directives.html100644 0 0 65637 11074463123 12055 0ustar 0 0 þ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

þ

ǥ ġ 밡 þ ̴. ̵ Ͽ, ִ.

þ Ͽ þ ִ.

 A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  K  |  L  |  M  |  N  |  O  |  P  |  R  |  S  |  T  |  U  |  V  |  W  |  X 

mod/index.html100644 0 0 26612 11074463123 11011 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ Ե ̴. ġ þ ϵ ϶.

top

ٽ ɰ ó

core
Core Apache HTTP Server features that are always available
mpm_common
A collection of directives that are implemented by more than one multi-processing module (MPM)
beos
BeOS ȭ ó .
leader
ǥ worker MPM
mpm_netware
Multi-Processing Module implementing an exclusively threaded web server optimized for Novell NetWare
mpmt_os2
Hybrid multi-process, multi-threaded MPM for OS/2
perchild
Multi-Processing Module allowing for daemon processes serving requests to be assigned a variety of different userids
prefork
Implements a non-threaded, pre-forking web server
threadpool
Yet another experimental variant of the standard worker MPM
mpm_winnt
This Multi-Processing Module is optimized for Windows NT.
worker
Multi-Processing Module implementing a hybrid multi-threaded multi-process web server
top

ٸ

 A  |  C  |  D  |  E  |  F  |  H  |  I  |  L  |  M  |  N  |  P  |  R  |  S  |  U  |  V 

mod_access
Provides access control based on client hostname, IP address, or other characteristics of the client request.
mod_actions
̵ û޼忡 CGI ũƮ Ѵ.
mod_alias
Ͻý ٸ κе ϰ, URL ̷ Ѵ
mod_asis
HTTP
mod_auth
User authentication using text files
mod_auth_anon
Allows "anonymous" user access to authenticated areas
mod_auth_dbm
Provides for user authentication using DBM files
mod_auth_digest
MD5 Digest Authentication .
mod_auth_ldap
Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
mod_autoindex
ڵ н ls ɾ Win32 dir ɾ 丮
mod_cache
Content cache keyed to URIs.
mod_cern_meta
CERN Ÿ
mod_cgi
CGI ũƮ
mod_cgid
ܺ CGI Ͽ CGI ũƮ
mod_charset_lite
ȯ
mod_dav
Distributed Authoring and Versioning (WebDAV)
mod_dav_fs
mod_dav Ͻý
mod_deflate
Ŭ̾Ʈ Ѵ
mod_dir
" " ̷ ϰ 丮 index Ѵ
mod_disk_cache
Content cache storage manager keyed to URIs
mod_dumpio
Dumps all I/O to error log as desired.
mod_echo
ϱ echo
mod_env
CGI ũƮ SSI ȯ溯 Ѵ
mod_example
ġ API Ѵ
mod_expires
ڰ ؿ Expires Cache-Control HTTP Ѵ
mod_ext_filter
ܺ α׷ ó Ŭ̾Ʈ
mod_file_cache
޸𸮿 ϵ ij
mod_headers
HTTP û
mod_imap
̹(imagemap) ó
mod_include
Server-parsed html documents (Server Side Includes)
mod_info
ش
mod_isapi
Windows ġ ISAPI Extension
mod_ldap
LDAP connection pooling and result caching services for use by other LDAP modules
mod_log_config
û α׿ Ѵ
mod_log_forensic
Forensic Logging of the requests made to the server
mod_logio
û Ʈ
mod_mem_cache
URI Ű Ͽ ijѴ.
mod_mime
Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)
mod_mime_magic
Determines the MIME type of a file by looking at a few bytes of its contents
mod_negotiation
Provides for content negotiation
mod_nw_ssl
Enable SSL encryption for NetWare
mod_proxy
HTTP/1.1 proxy/gateway server
mod_proxy_connect
mod_proxy extension for CONNECT request handling
mod_proxy_ftp
FTP support module for mod_proxy
mod_proxy_http
HTTP support module for mod_proxy
mod_rewrite
Provides a rule-based rewriting engine to rewrite requested URLs on the fly
mod_setenvif
û ݿ ȯ溯 Ѵ
mod_so
Ҷ Ȥ Ҷ డ ڵ оδ
mod_speling
ڰ ҹڸ ߸ ϰų Ʋ ѹ Ͽ ߸ URL ġ õѴ
mod_ssl
Strong cryptography using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols
mod_status
Ȱ ɿ Ѵ
mod_suexec
CGI ũƮ Ư ڿ ׷ Ѵ
mod_unique_id
û ĺڸ ȯ溯 Ѵ
mod_userdir
ں 丮
mod_usertrack
Clickstream logging of user activity on a site
mod_version
mod_vhost_alias
Provides for dynamically configured mass virtual hosting
mod/leader.html100644 0 0 13106 11074463123 11130 0ustar 0 0 leader - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ MPM leader

ֽ ƴմϴ. ֱٿ ϼ.
:ǥ worker MPM
:MPM
:mpm_leader_module
ҽ:leader.c

MPM ·, Ѵ ִ.

ǥ worker MPM ̴. 尣 Leader/Followers Ѵ. ڼ http://deuce.doc.wustl.edu/doc/pspdfs/lf.pdf ϶.

leader MPM Ϸ, httpd Ҷ configure ũƮ ƱԸƮ --with-mpm=leader Ѵ.

MPM ⸦ APR atomic compare-and-swap Ѵ. x86 386 ʿ䰡 ų, SPARC UltraSPARC Ĩ ʴ´ٸ, configure ũƮ ƱԸƮ --enable-nonportable-atomics=yes ϶. ׷ APR CPU ȿ ɾ Ͽ atomic Ѵ.

mod/mod_access.html100644 0 0 46267 11074463123 12012 0ustar 0 0 mod_access - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_access

Description:Provides access control based on client hostname, IP address, or other characteristics of the client request.
Status:Base
ModuleIdentifier:access_module
SourceFile:mod_access.c
Compatibility:Available only in versions prior to 2.1

Summary

The directives provided by mod_access are used in <Directory>, <Files>, and <Location> sections as well as .htaccess files to control access to particular parts of the server. Access can be controlled based on the client hostname, IP address, or other characteristics of the client request, as captured in environment variables. The Allow and Deny directives are used to specify which clients are or are not allowed access to the server, while the Order directive sets the default access state, and configures how the Allow and Deny directives interact with each other.

Both host-based access restrictions and password-based authentication may be implemented simultaneously. In that case, the Satisfy directive is used to determine how the two sets of restrictions interact.

In general, access restriction directives apply to all access methods (GET, PUT, POST, etc). This is the desired behavior in most cases. However, it is possible to restrict some methods, while leaving other methods unrestricted, by enclosing the directives in a <Limit> section.

Directives

See also

top

Allow Directive

Description:Controls which hosts can access an area of the server
Syntax: Allow from all|host|env=env-variable [host|env=env-variable] ...
Context:directory, .htaccess
Override:Limit
Status:Base
Module:mod_access

The Allow directive affects which hosts can access an area of the server. Access can be controlled by hostname, IP address, IP address range, or by other characteristics of the client request captured in environment variables.

The first argument to this directive is always from. The subsequent arguments can take three different forms. If Allow from all is specified, then all hosts are allowed access, subject to the configuration of the Deny and Order directives as discussed below. To allow only particular hosts or groups of hosts to access the server, the host can be specified in any of the following formats:

A (partial) domain-name

Example:

Allow from apache.org
Allow from .net example.edu

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.apache.org but it will not match fooapache.org. This configuration will cause Apache to perform a double reverse DNS lookup on the client IP address, regardless of the setting of the HostnameLookups directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed.

A full IP address

Example:

Allow from 10.1.2.3
Allow from 192.168.1.104 192.168.1.205

An IP address of a host allowed access

A partial IP address

Example:

Allow from 10.1
Allow from 10 172.20 192.168.2

The first 1 to 3 bytes of an IP address, for subnet restriction.

A network/netmask pair

Example:

Allow from 10.1.0.0/255.255.0.0

A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.

A network/nnn CIDR specification

Example:

Allow from 10.1.0.0/16

Similar to the previous case, except the netmask consists of nnn high-order 1 bits.

Note that the last three examples above match exactly the same set of hosts.

IPv6 addresses and IPv6 subnets can be specified as shown below:

Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10

The third format of the arguments to the Allow directive allows access to the server to be controlled based on the existence of an environment variable. When Allow from env=env-variable is specified, then the request is allowed access if the environment variable env-variable exists. The server provides the ability to set environment variables in a flexible way based on characteristics of the client request using the directives provided by mod_setenvif. Therefore, this directive can be used to allow access based on such factors as the clients User-Agent (browser type), Referer, or other HTTP request header fields.

Example:

SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
<Directory /docroot>
Order Deny,Allow
Deny from all
Allow from env=let_me_in
 </Directory>

In this case, browsers with a user-agent string beginning with KnockKnock/2.0 will be allowed access, and all others will be denied.

top

Deny Directive

Description:Controls which hosts are denied access to the server
Syntax: Deny from all|host|env=env-variable [host|env=env-variable] ...
Context:directory, .htaccess
Override:Limit
Status:Base
Module:mod_access

This directive allows access to the server to be restricted based on hostname, IP address, or environment variables. The arguments for the Deny directive are identical to the arguments for the Allow directive.

top

Order Directive

Description:Controls the default access state and the order in which Allow and Deny are evaluated.
Syntax: Order ordering
Default:Order Deny,Allow
Context:directory, .htaccess
Override:Limit
Status:Base
Module:mod_access

The Order directive, along with the Allow and Deny directives, controls a three-pass access control system. The first pass processes either all Allow or all Deny directives, as specified by the Order directive. The second pass parses the rest of the directives (Deny or Allow). The third pass applies to all requests which do not match either of the first two.

Note that all Allow and Deny directives are processed, unlike a typical firewall, where only the first match is used. The last match is effective (also unlike a typical firewall). Additionally, the order in which lines appear in the configuration files is not significant -- all Allow lines are processed as one group, all Deny lines are considered as another, and the default state is considered by itself.

Ordering is one of:

Allow,Deny
First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.
Deny,Allow
First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted.
Mutual-failure
This order has the same effect as Order Allow,Deny and is deprecated in its favor.

Keywords may only be separated by a comma; no whitespace is allowed between them.

Match Allow,Deny result Deny,Allow result
Match Allow only Request allowed Request allowed
Match Deny only Request denied Request denied
No match Default to second directive: Denied Default to second directive: Allowed
Match both Allow & Deny Final match controls: Denied Final match controls: Allowed

In the following example, all hosts in the apache.org domain are allowed access; all other hosts are denied access.

Order Deny,Allow
Deny from all
Allow from apache.org

In the next example, all hosts in the apache.org domain are allowed access, except for the hosts which are in the foo.apache.org subdomain, who are denied access. All hosts not in the apache.org domain are denied access because the default state is to Deny access to the server.

Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org

On the other hand, if the Order in the last example is changed to Deny,Allow, all hosts will be allowed access. This happens because, regardless of the actual ordering of the directives in the configuration file, the Allow from apache.org will be evaluated last and will override the Deny from foo.apache.org. All hosts not in the apache.org domain will also be allowed access because the default state is Allow.

The presence of an Order directive can affect access to a part of the server even in the absence of accompanying Allow and Deny directives because of its effect on the default access state. For example,

<Directory /www>
Order Allow,Deny
 </Directory>

will Deny all access to the /www directory because the default access state is set to Deny.

The Order directive controls the order of access directive processing only within each phase of the server's configuration processing. This implies, for example, that an Allow or Deny directive occurring in a <Location> section will always be evaluated after an Allow or Deny directive occurring in a <Directory> section or .htaccess file, regardless of the setting of the Order directive. For details on the merging of configuration sections, see the documentation on How Directory, Location and Files sections work.

mod/mod_actions.html100644 0 0 16421 11074463123 12176 0ustar 0 0 mod_actions - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_actions

: ̵ û޼忡 CGI ũƮ Ѵ.
:Base
:actions_module
ҽ:mod_actions.c

⿡ ΰ þ ִ. Action þ ûϴ CGI ũƮ Ѵ. Script þ û Ư ޼带 CGI ũƮ Ѵ. ׷ óϴ ũƮ ſ ִ.

top

Action þ

:Ư ڵ鷯 content-type CGI ũƮ Ѵ
:Action action-type cgi-script
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_actions

þ û action-type̸ cgi-script ϴ ൿ ߰Ѵ. cgi-script ScriptAlias AddHandler Ͽ CGI ũƮ ҽ URL̴. action-type ڵ鷯 MIME content type ִ. þ PATH_INFO PATH_TRANSLATED CGI ǥ ȯ溯 û URL ϰθ Ѵ.

# Ư û:
Action image/gif /cgi-bin/images.cgi

# Ư Ȯڸ
AddHandler my-file-type .xyz
Action my-file-type /cgi-bin/program.cgi

ù° MIME content type image/gif ûϸ cgi ũƮ /cgi-bin/images.cgi óѴ.

ι° Ȯڰ .xyz ûϸ cgi ũƮ /cgi-bin/program.cgi óѴ.

top

Script þ

:Ư û޼忡 CGI ũƮ Ѵ.
:Script method cgi-script
:ּ, ȣƮ, directory
:Base
:mod_actions

þ method ޼带 Ͽ ûϸ cgi-script ϴ ൿ ߰Ѵ. cgi-script ScriptAlias AddHandler Ͽ CGI ũƮ ҽ URL̴. þ PATH_INFO PATH_TRANSLATED CGI ǥ ȯ溯 û URL ϰθ Ѵ.

 ޼ ̸̶ ִ. ޼ ̸ ҹڸ Ѵ. ׷ Script PUT Script put ٸ.

Script ɾ ⺻ ൿ ó ϶. CGI ũƮ Ҹų, û ޼带 ˾Ƽ ó ִ ҽ ״ óѴ. GET ޼ Script ǾƱԸƮ (, foo.html?hi) ϶. ǾƱԸƮ ٸ û óѴ.

# <ISINDEX> ˻
Script GET /cgi-bin/search

# CGI PUT ڵ鷯
Script PUT /~bob/put.cgi

mod/mod_alias.html100644 0 0 45773 11074463123 11643 0ustar 0 0 mod_alias - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_alias

ֽ ƴմϴ. ֱٿ ϼ.
:Ͻý ٸ κе ϰ, URL ̷ Ѵ
:Base
:alias_module
ҽ:mod_alias.c

ϴ þ Ͽ û URL ϰų ִ. Alias ScriptAlias þ URL Ͻý η Ѵ. ׷ DocumentRoot Ʒ ִ. , ScriptAlias þ 丮 CGI ũƮۿ ٰ ˸.

Redirect þ Ŭ̾Ʈ ٸ URL ο û ϵ Ѵ. ڿ ο ҷ ű Ѵ.

mod_alias URL Ǿ. ǹڿ ۰ ۾ mod_rewrite ϴ ̿϶.

top

ó

ٸ ҿ Alias Redirect ϸ ٸ þ ǥ óѴ. ׷ ҿ ( , <VirtualHost> ǿ) Alias Redirect ϸ Ʒ óѴ.

Redirect ó Alias óѴ. ׷ Redirect RedirectMatch شϴ û Alias ʴ´. ׸ Alias Redirect Ͽ ù° Ѵ.

׷ þ ο شϴ þ ϱؼ θ ؾ Ѵ. , ǵѴ Ѵ:

Alias /foo/bar /baz
Alias /foo /gaq

׷ þ ٲٸ /foo/bar Alias /foo Alias ϹǷ ׻ ι° þ Ѵ.

top

Alias þ

:URL Ư Ͻý ҷ Ѵ
:Alias URL-path file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

Alias þ ϸ Ͻýۿ DocumentRoot ۿ ִ ִ. url-path ϴ (% ڵ) URL directory-path ϴ Ͽ Ѵ.

:

Alias /image /ftp/pub/image

http://myserver/image/foo.gif ûϸ /ftp/pub/image/foo.gif Ѱش.

url-path / ϸ, URL / ؾ߸ ϶. , Alias /icons/ /usr/local/apache/icons/ url /icons 谡 .

ϴ <Directory> ʿ 𸥴. þ <Directory> ˻ϱ óϹǷ, ޴´. (׷ <Location> þ óϱ ѹ ˻ϹǷ URL ü ش.)

Ư DocumentRoot ۿ ִ 丮 Alias ٸ, 丮 Ѵ.

:

Alias /image /ftp/pub/image
<Directory /ftp/pub/image>
Order allow,deny
Allow from all
 </Directory>

top

AliasMatch þ

:ǥ Ͽ URL Ͻý ҷ Ѵ
:AliasMatch regex file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

þ Alias , URL պκи ϴ ǥ ǥ Ѵ. ǥ URL ο Ͽ ´ٸ, ȣ κ üϿ ϸ Ѵ. , /icons 丮 ִ:

AliasMatch ^/icons(.*) /usr/local/apache/icons$1

top

Redirect þ

:Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ̷
:Redirect [status] URL-path URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

Redirect þ URL ο URL Ѵ. Ŭ̾Ʈ ο URL , Ŭ̾Ʈ ο ּҷ ٽ ѹ Ѵ. (% ڵ) URL-path ϴ û (% ڵ) URL ϴ ο URL ̷ .

:

Redirect /service http://foo2.bar.com/service

Ŭ̾Ʈ http://myserver/service/foo.txt ûϸ http://foo2.bar.com/service/foo.txt ϶ ޴´.

Redirect þ Ͽ Alias ScriptAlias þ 켱 . , .htaccess ̳ <Directory> ǿ ϴ URL-path ΰ ƴ϶ ݵ URL ؾ Ѵ.

status ƱԸƮ , "ӽ (temporary)" (HTTP 302) ̷ . , Ŭ̾Ʈ ڿ ӽ÷ Űٰ ˸. status ƱԸƮ Ͽ ٸ HTTP ڵ带 ȯ ִ:

permanent
ڿ Ű ϴ ̷ ¸ (301) ȯѴ.
temp
ӽ ̷ ¸ (302) ȯѴ. ⺻̴.
seeother
ڿ üǾ ϴ " (See Other)" ¸ (303) ȯѴ.
gone
ڿ Ǿ ϴ "Ҹ (Gone)" ¸ (410) ȯѴ. ¸ ϸ URL ƱԸƮ .

status ڵ带 Ͽ ٸ ڵ嵵 ȯ ִ. ° 300 399 ̶ URL ƱԸƮ ؾ ϰ, ƴ϶ ؾ Ѵ. , ġ ڵ忡 ° ǵ־ Ѵ (http_protocol.c send_error_response Լ ).

:

Redirect permanent /one http://example.com/two
Redirect 303 /three http://example.com/other

top

RedirectMatch þ

: URL ǥĿ شϸ ܺ ̷
:RedirectMatch [status] regex URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

þ Redirect , URL պκи ϴ ǥ ǥ Ѵ. ǥ URL ο Ͽ ´ٸ, ȣ κ üϿ ϸ Ѵ. , GIF û ٸ ̸ JPEG Ϸ ̷ :

RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg

top

RedirectPermanent þ

:Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ̷
:RedirectPermanent URL-path URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

þ Ŭ̾Ʈ ̷ ( 301) ˸. Redirect permanent Ȯ .

top

RedirectTemp þ

:Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ӽ ̷
:RedirectTemp URL-path URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

þ Ŭ̾Ʈ ̷ ӽ ( 302) ˸. Redirect temp Ȯ .

top

ScriptAlias þ

:URL Ư Ͻý ҷ ϰ CGI ũƮ ˸
:ScriptAlias URL-path file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

ScriptAlias þ Alias þ , ߰ 丮 mod_cgi cgi-script ڵ鷯 ó CGI ũƮ ִٰ ˸. URL-path ϴ (% ڵ) URL Ͻý ι° ƱԸƮ ϴ ũƮ Ѵ.

:

ScriptAlias /cgi-bin/ /web/cgi-bin/

http://myserver/cgi-bin/foo ûϸ /web/cgi-bin/foo ũƮ Ѵ.

top

ScriptAliasMatch þ

:ǥ Ͽ URL Ư Ͻý ҷ ϰ CGI ũƮ ˸
:ScriptAliasMatch regex file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

þ ScriptAlias , URL պκи ϴ ǥ ǥ Ѵ. ǥ URL ο Ͽ ´ٸ, ȣ κ üϿ ϸ Ѵ. , ǥ /cgi-bin ִ:

ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1

mod/mod_asis.html100644 0 0 11374 11074463123 11477 0ustar 0 0 mod_asis - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_asis

ֽ ƴմϴ. ֱٿ ϼ.
:HTTP
:Base
:asis_module
ҽ:mod_asis.c

ġ Ϲ HTTP κ ߰ʰ send-as-is ڵ鷯 Ѵ.

׷ cgi ũƮ nph ũƮ ʰ ̷ǰ ٸ Ư HTTP  ڷᵵ ִ.

ſ mime type httpd/send-as-is ϵ óߴ.

top

Ͽ ϰ send-as-is ڵ鷯 Ѵ.

AddHandler send-as-is asis

ġ .asis Ȯڸ ʰ Ŭ̾Ʈ . Ŭ̾Ʈ HTTP ʿϹǷ . Status: ʿϴ. ڸ HTTP ڵ ̴.

״ Ŭ̾Ʈ ̷¼ǵǾٰ ˸ ̴.

Status: 301 Now where did I leave that URL
Location: http://xyz.abc.com/foo/bar.html
Content-type: text/html

<html>
<head>
<title>Lame excuses'R'us</title>
</head>
<body>
<h1>Fred's exceptionally wonderful page has moved to
<a href="http://xyz.abc.com/foo/bar.html">Joe's</a> site.
</h1>
</body>
</html>

:

ڷḦ Ŭ̾Ʈ ׻ Date: Server: ߰ϹǷ, Ͽ ȵȴ. Last-Modified ߰ ʴ´. ׷ Ƹ ؾ Ѵ.

mod/mod_auth.html100644 0 0 30033 11074463123 11472 0ustar 0 0 mod_auth - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_auth

Description:User authentication using text files
Status:Base
ModuleIdentifier:auth_module
SourceFile:mod_auth.c
Compatibility:Available only in versions prior to 2.1

Summary

This module allows the use of HTTP Basic Authentication to restrict access by looking up users in plain text password and group files. Similar functionality and greater scalability is provided by mod_auth_dbm. HTTP Digest Authentication is provided by mod_auth_digest.

top

AuthAuthoritative Directive

Description:Sets whether authorization and authentication are passed to lower level modules
Syntax:AuthAuthoritative On|Off
Default:AuthAuthoritative On
Context:directory, .htaccess
Override:AuthConfig
Status:Base
Module:mod_auth

Setting the AuthAuthoritative directive explicitly to Off allows for both authentication and authorization to be passed on to lower level modules (as defined in the modules.c files) if there is no userID or rule matching the supplied userID. If there is a userID and/or rule specified; the usual password and access checks will be applied and a failure will give an "Authentication Required" reply.

So if a userID appears in the database of more than one module; or if a valid Require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthAuthoritative setting.

A common use for this is in conjunction with one of the database modules; such as mod_auth_dbm, mod_auth_msql, and mod_auth_anon. These modules supply the bulk of the user credential checking; but a few (administrator) related accesses fall through to a lower level with a well protected AuthUserFile.

By default control is not passed on and an unknown userID or rule will result in an "Authentication Required" reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.

Security

Do consider the implications of allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database such as mSQL. Make sure that the AuthUserFile and the AuthGroupFile are stored outside the document tree of the web-server; do not put them in the directory that they protect. Otherwise, clients will be able to download the AuthUserFile and the AuthGroupFile.

top

AuthGroupFile Directive

Description:Sets the name of a text file containing the list of user groups for authentication
Syntax:AuthGroupFile file-path
Context:directory, .htaccess
Override:AuthConfig
Status:Base
Module:mod_auth

The AuthGroupFile directive sets the name of a textual file containing the list of user groups for user authentication. File-path is the path to the group file. If it is not absolute, it is treated as relative to the ServerRoot.

Each line of the group file contains a groupname followed by a colon, followed by the member usernames separated by spaces.

Example:

mygroup: bob joe anne

Note that searching large text files is very inefficient; AuthDBMGroupFile provides a much better performance.

Security

Make sure that the AuthGroupFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthGroupFile.

top

AuthUserFile Directive

Description:Sets the name of a text file containing the list of users and passwords for authentication
Syntax:AuthUserFile file-path
Context:directory, .htaccess
Override:AuthConfig
Status:Base
Module:mod_auth

The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

Each line of the user file contains a username followed by a colon, followed by the encrypted password. If the same user ID is defined multiple times, mod_auth will use the first occurrence to verify the password.

The utility htpasswd which is installed as part of the binary distribution, or which can be found in src/support, is used to maintain this password file. See the man page for more details. In short:

Create a password file Filename with username as the initial ID. It will prompt for the password:

htpasswd -c Filename username

Add or modify username2 in the password file Filename:

htpasswd Filename username2

Note that searching large text files is very inefficient; AuthDBMUserFile should be used instead.

Security

Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.

mod/mod_auth_anon.html100644 0 0 33522 11074463123 12513 0ustar 0 0 mod_auth_anon - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_auth_anon

Description:Allows "anonymous" user access to authenticated areas
Status:Extension
ModuleIdentifier:auth_anon_module
SourceFile:mod_auth_anon.c
Compatibility:Available only in versions prior to 2.1

Summary

This module does access control in a manner similar to anonymous-ftp sites; i.e. have a 'magic' user id 'anonymous' and the email address as a password. These email addresses can be logged.

Combined with other (database) access control methods, this allows for effective user tracking and customization according to a user profile while still keeping the site open for 'unregistered' users. One advantage of using Auth-based user tracking is that, unlike magic-cookies and funny URL pre/postfixes, it is completely browser independent and it allows users to share URLs.

top

Example

The example below (when combined with the Auth directives of a htpasswd-file based (or GDM, mSQL etc.) base access control system allows users in as 'guests' with the following properties:

  • It insists that the user enters a userID. (Anonymous_NoUserID)
  • It insists that the user enters a password. (Anonymous_MustGiveEmail)
  • The password entered must be a valid email address, ie. contain at least one '@' and a '.'. (Anonymous_VerifyEmail)
  • The userID must be one of anonymous guest www test welcome and comparison is not case sensitive. (Anonymous)
  • And the Email addresses entered in the passwd field are logged to the error log file. (Anonymous_LogEmail)

Excerpt of httpd.conf:

Anonymous_NoUserID off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
Anonymous_LogEmail on
Anonymous anonymous guest www test welcome

AuthName "Use 'anonymous' & Email address for guest entry"
AuthType basic

# An AuthUserFile/AuthDBUserFile/AuthDBMUserFile
# directive must be specified, or use
# Anonymous_Authoritative for public access.
# In the .htaccess for the public directory, add:
<Files *>
Order Deny,Allow
Allow from all

Require valid-user
 </Files>

top

Anonymous Directive

Description:Specifies userIDs that are allowed access without password verification
Syntax:Anonymous user [user] ...
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_anon

A list of one or more 'magic' userIDs which are allowed access without password verification. The userIDs are space separated. It is possible to use the ' and " quotes to allow a space in a userID as well as the \ escape character.

Please note that the comparison is case-IN-sensitive.
I strongly suggest that the magic username 'anonymous' is always one of the allowed userIDs.

Example:

Anonymous anonymous "Not Registered" "I don't know"

This would allow the user to enter without password verification by using the userIDs "anonymous", "AnonyMous", "Not Registered" and "I Don't Know".

top

Anonymous_Authoritative Directive

Description:Configures if authorization will fall-through to other methods
Syntax:Anonymous_Authoritative On|Off
Default:Anonymous_Authoritative Off
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_anon

When set On, there is no fall-through to other authentication methods. So if a userID does not match the values specified in the Anonymous directive, access is denied.

Be sure you know what you are doing when you decide to switch it on. And remember that the order in which the Authentication modules are queried is defined in the modules.c files at compile time.

top

Anonymous_LogEmail Directive

Description:Sets whether the password entered will be logged in the error log
Syntax:Anonymous_LogEmail On|Off
Default:Anonymous_LogEmail On
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_anon

When set On, the default, the 'password' entered (which hopefully contains a sensible email address) is logged in the error log.

top

Anonymous_MustGiveEmail Directive

Description:Specifies whether blank passwords are allowed
Syntax:Anonymous_MustGiveEmail On|Off
Default:Anonymous_MustGiveEmail On
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_anon

Specifies whether the user must specify an email address as the password. This prohibits blank passwords.

top

Anonymous_NoUserID Directive

Description:Sets whether the userID field may be empty
Syntax:Anonymous_NoUserID On|Off
Default:Anonymous_NoUserID Off
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_anon

When set On, users can leave the userID (and perhaps the password field) empty. This can be very convenient for MS-Explorer users who can just hit return or click directly on the OK button; which seems a natural reaction.

top

Anonymous_VerifyEmail Directive

Description:Sets whether to check the password field for a correctly formatted email address
Syntax:Anonymous_VerifyEmail On|Off
Default:Anonymous_VerifyEmail Off
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_anon

When set On the 'password' entered is checked for at least one '@' and a '.' to encourage users to enter valid email addresses (see the above Anonymous_LogEmail).

mod/mod_auth_dbm.html100644 0 0 32450 11074463123 12321 0ustar 0 0 mod_auth_dbm - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_auth_dbm

Description:Provides for user authentication using DBM files
Status:Extension
ModuleIdentifier:auth_dbm_module
SourceFile:mod_auth_dbm.c
Compatibility:Available only in versions prior to 2.1

Summary

This module provides for HTTP Basic Authentication, where the usernames and passwords are stored in DBM type database files. It is an alternative to the plain text password files provided by mod_auth.

top

AuthDBMAuthoritative Directive

Description:Sets whether authentication and authorization will be passed on to lower level modules
Syntax:AuthDBMAuthoritative On|Off
Default:AuthDBMAuthoritative On
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm

Setting the AuthDBMAuthoritative directive explicitly to Off allows for both authentication and authorization to be passed on to lower level modules (as defined in the modules.c files) if there is no userID or rule matching the supplied userID. If there is a userID and/or rule specified; the usual password and access checks will be applied and a failure will give an "Authentication Required" reply.

So if a userID appears in the database of more than one module; or if a valid Require directive applies to more than one module; then the first module will verify the credentials; and no access is passed on; regardless of the AuthDBMAuthoritative setting.

A common use for this is in conjunction with one of the basic auth modules; such as mod_auth. Whereas this DBM module supplies the bulk of the user credential checking; a few (administrator) related accesses fall through to a lower level with a well protected .htpasswd file.

By default, control is not passed on and an unknown userID or rule will result in an "Authentication Required" reply. Not setting it thus keeps the system secure and forces an NCSA compliant behaviour.

Security:

Do consider the implications of allowing a user to allow fall-through in his .htaccess file; and verify that this is really what you want; Generally it is easier to just secure a single .htpasswd file, than it is to secure a database which might have more access interfaces.

top

AuthDBMGroupFile Directive

Description:Sets the name of the database file containing the list of user groups for authentication
Syntax:AuthDBMGroupFile file-path
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm

The AuthDBMGroupFile directive sets the name of a DBM file containing the list of user groups for user authentication. File-path is the absolute path to the group file.

The group file is keyed on the username. The value for a user is a comma-separated list of the groups to which the users belongs. There must be no whitespace within the value, and it must never contain any colons.

Security: make sure that the AuthDBMGroupFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthDBMGroupFile unless otherwise protected.

Combining Group and Password DBM files: In some cases it is easier to manage a single database which contains both the password and group details for each user. This simplifies any support programs that need to be written: they now only have to deal with writing to and locking a single DBM file. This can be accomplished by first setting the group and password files to point to the same DBM:

AuthDBMGroupFile /www/userbase
AuthDBMUserFile /www/userbase

The key for the single DBM is the username. The value consists of

Unix Crypt-ed Password:List of Groups[:(ignored)]

The password section contains the encrypted password as before. This is followed by a colon and the comma separated list of groups. Other data may optionally be left in the DBM file after another colon; it is ignored by the authentication module. This is what www.telescope.org uses for its combined password and group database.

top

AuthDBMType Directive

Description:Sets the type of database file that is used to store passwords
Syntax:AuthDBMType default|SDBM|GDBM|NDBM|DB
Default:AuthDBMType default
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm
Compatibility:Available in version 2.0.30 and later.

Sets the type of database file that is used to store the passwords. The default database type is determined at compile time. The availability of other types of database files also depends on compile-time settings.

It is crucial that whatever program you use to create your password files is configured to use the same type of database.

top

AuthDBMUserFile Directive

Description:Sets thename of a database file containing the list of users and passwords for authentication
Syntax:AuthDBMUserFile file-path
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_auth_dbm

The AuthDBMUserFile directive sets the name of a DBM file containing the list of users and passwords for user authentication. File-path is the absolute path to the user file.

The user file is keyed on the username. The value for a user is the encrypted password, optionally followed by a colon and arbitrary data. The colon and the data following it will be ignored by the server.

Security:

Make sure that the AuthDBMUserFile is stored outside the document tree of the web-server; do not put it in the directory that it protects. Otherwise, clients will be able to download the AuthDBMUserFile.

Important compatibility note: The implementation of "dbmopen" in the apache modules reads the string length of the hashed values from the DBM data structures, rather than relying upon the string being NULL-appended. Some applications, such as the Netscape web server, rely upon the string being NULL-appended, so if you are having trouble using DBM files interchangeably between applications this may be a part of the problem.

A perl script called dbmmanage is included with Apache. This program can be used to create and update DBM format password files for use with this module.

mod/mod_auth_digest.html100644 0 0 50456 11074463123 13044 0ustar 0 0 mod_auth_digest - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_auth_digest

ֽ ƴմϴ. ֱٿ ϼ.
:MD5 Digest Authentication .
:Experimental
:auth_digest_module
ҽ:mod_auth_digest.c

HTTP Digest Authentication Ѵ. ׷ ׽Ʈ ġ ̴.

top

Digest Authentication ϱ

MD5 Digest authentication ſ ִ. AuthGroupFile AuthDigestGroupFile ϰ, AuthType Basic AuthUserFile AuthType Digest AuthDigestFile Ͽ ִ. ׸ ּ ȣϷ ⺻ URI AuthDigestDomain þ Ѵ.

htdigest Ͽ () ִ.

:

<Location /private/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/
AuthDigestFile /web/auth/.digest_pw
Require valid-user
 </Location>

Digest authentication Basic authentication ȣý , ؾ Ѵ. 2002 11 digest authentication ϴ Opera, (ǹڿ Բ ϸ ȵ - ذ Ʒ "MS Internet Explorer ذϱ" ) MS Internet Explorer, Amaya, Mozilla, 7 Netscape ִ. digest authentication basic authentication ŭ θ ʾұ⶧ ؼ ؾ Ѵ.

top

MS Internet Explorer ذϱ

Internet Explorer Digest authentication ǹڿ ִ GET û RFC ٸ óϴ ִ.  ذ ִ.

ù° α׷ ڷḦ Ѱֱ GET POST û ϴ ̴. ϴٸ ذå̴.

, ġ 2.0.51 AuthDigestEnableQueryStringHack ȯ溯 Ͽ ذѴ. û AuthDigestEnableQueryStringHack ϸ ġ MSIE ׸ ذ ġ ϰ û URI digest 񱳿 Ѵ. Ѵ.

MSIE Digest Authentication ϱ:

BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

ȯ溯 ڼ BrowserMatch þ ϶.

top

AuthDigestAlgorithm þ

:digest authentication challenge response hash ϴ ˰ Ѵ
:AuthDigestAlgorithm MD5|MD5-sess
⺻:AuthDigestAlgorithm MD5
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestAlgorithm þ challenge response hash ϴ ˰ Ѵ.

MD5-sess ʾҴ.
top

AuthDigestDomain þ

:digest authentication ȣ ϴ URI
:AuthDigestDomain URI [URI] ...
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestDomain þ ȣ ִ ( ڸ/ȣ ϴ) URI Ѵ. URI λ Ѵ. , Ŭ̾Ʈ URI "Ʒ" θ ڸ/ȣ ȣѴٰ Ѵ. URI (, Ŵ(scheme), ȣƮ, Ʈ ϴ) URL̰ų URI̴.

þ ׻ ؾ ϸ, ּ ⺻ URI() ؾ Ѵ. ϸ Ŭ̾Ʈ û Authorization Ѵ. ׷ û ũⰡ Ŀ, AuthDigestNcCheck Ѵٸ ɿ ִ.

ٸ URI ϸ, (̸ ϴ) Ŭ̾Ʈ Ź ڿ ʰ ڸ/ȣ ִ.

top

AuthDigestFile þ

:digest authentication ڸ ڵ ȣ ġ
:AuthDigestFile file-path
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestFile þ digest authentication ڸ ڵ ȣ ϴ ϸ Ѵ. File-path ̴.

Ư ִ. ġ support/ 丮 ִ htdigest Ͽ ̷ ִ.

top

AuthDigestGroupFile þ

:digest authentication ׷ ϸ
:AuthDigestGroupFile file-path
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestGroupFile þ ׷ ׷ (ڸ) ϴ ϸ Ѵ. File-path ׷ ̴.

׷ ׷ ڿ ݷ, ׵ڿ ׷쿡 ڸ Ͽ ٷ Ѵ. .

mygroup: bob joe anne

ū ˻ϴ ſ ȿ ϶.

:

AuthGroupFile ۿ ؾ Ѵ. ׷ ȣϴ 丮 ȿ ׷ . ׷ Ŭ̾Ʈ AuthGroupFile ٿ ִ.

top

AuthDigestNcCheck þ

: nonce-count ˻
:AuthDigestNcCheck On|Off
⺻:AuthDigestNcCheck Off
:ּ
:Experimental
:mod_auth_digest
ʾҴ.
top

AuthDigestNonceFormat þ

:nonce Ѵ
:AuthDigestNonceFormat format
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest
ʾҴ.
top

AuthDigestNonceLifetime þ

: nonce ȿ Ⱓ
:AuthDigestNonceLifetime seconds
⺻:AuthDigestNonceLifetime 300
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestNonceLifetime þ nonce ȿ Ⱓ Ѵ. Ŭ̾Ʈ nonce ϸ stale=true Բ 401 ȯѴ. seconds 0 ũ nonce ȿ Ⱓ Ѵ. Ƹ 10 ʺ ۰ ϸ ȵȴ. seconds 0 nonce ʴ´.

top

AuthDigestQop þ

:digest authentication ȣ(quality-of-protection) Ѵ.
:AuthDigestQop none|auth|auth-int [auth|auth-int]
⺻:AuthDigestQop auth
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestQop þ ȣ(quality-of-protection) Ѵ. auth (ڸ/ȣ) ϰ, auth-int ϰἺ ˻縦 (MD5 ؽ Ͽ ˻Ѵ) Ѵ. none (ϰἺ ˻縦 ʴ) RFC-2069 digest ˰ Ѵ. auth auth-int ִ.  Ѵ. challenge ʴ´ٸ none ؾ Ѵ.

auth-int ʾҴ.
top

AuthDigestShmemSize þ

:Ŭ̾Ʈ ϱ Ҵϴ ޸𸮷
:AuthDigestShmemSize size
⺻:AuthDigestShmemSize 1000
:ּ
:Experimental
:mod_auth_digest

AuthDigestShmemSize þ Ŭ̾Ʈ ϱ Ҷ Ҵϴ ޸𸮷 Ѵ. ޸𸮴 ּ ϳ Ŭ̾Ʈ ϱ ʿ ϶. ýۿ ٸ. Ȯ ˷ AuthDigestShmemSize 0 ϰ ϶.

size Ʈ , ڿ K M Ͽ KBytes MBytes Ÿ ִ. , þ :

AuthDigestShmemSize 1048576
AuthDigestShmemSize 1024K
AuthDigestShmemSize 1M

mod/mod_auth_ldap.html100644 0 0 137753 11074463123 12533 0ustar 0 0 mod_auth_ldap - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_auth_ldap

Description:Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
Status:Experimental
ModuleIdentifier:auth_ldap_module
SourceFile:mod_auth_ldap.c
Compatibility:Available in version 2.0.41 and later

Summary

mod_auth_ldap supports the following features:

  • Known to support the OpenLDAP SDK (both 1.x and 2.x), Novell LDAP SDK and the iPlanet (Netscape) SDK.
  • Complex authorization policies can be implemented by representing the policy with LDAP filters.
  • Support for Microsoft FrontPage allows FrontPage users to control access to their webs, while retaining LDAP for user authentication.
  • Uses extensive caching of LDAP operations via mod_ldap.
  • Support for LDAP over SSL (requires the Netscape SDK) or TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).
top

Contents

top

Operation

There are two phases in granting access to a user. The first phase is authentication, in which mod_auth_ldap verifies that the user's credentials are valid. This also called the search/bind phase. The second phase is authorization, in which mod_auth_ldap determines if the authenticated user is allowed access to the resource in question. This is also known as the compare phase.

The Authentication Phase

During the authentication phase, mod_auth_ldap searches for an entry in the directory that matches the username that the HTTP client passes. If a single unique match is found, then mod_auth_ldap attempts to bind to the directory server using the DN of the entry plus the password provided by the HTTP client. Because it does a search, then a bind, it is often referred to as the search/bind phase. Here are the steps taken during the search/bind phase.

  1. Generate a search filter by combining the attribute and filter provided in the AuthLDAPURL directive with the username passed by the HTTP client.
  2. Search the directory using the generated filter. If the search does not return exactly one entry, deny or decline access.
  3. Fetch the distinguished name of the entry retrieved from the search and attempt to bind to the LDAP server using the DN and the password passed by the HTTP client. If the bind is unsuccessful, deny or decline access.

The following directives are used during the search/bind phase

AuthLDAPURL Specifies the LDAP server, the base DN, the attribute to use in the search, as well as the extra search filter to use.
AuthLDAPBindDN An optional DN to bind with during the search phase.
AuthLDAPBindPassword An optional password to bind with during the search phase.

The Authorization Phase

During the authorization phase, mod_auth_ldap attempts to determine if the user is authorized to access the resource. Many of these checks require mod_auth_ldap to do a compare operation on the LDAP server. This is why this phase is often referred to as the compare phase. mod_auth_ldap accepts the following Require directives to determine if the credentials are acceptable:

  • Grant access if there is a Require valid-user directive.
  • Grant access if there is a Require user directive, and the username in the directive matches the username passed by the client.
  • Grant access if there is a Require dn directive, and the DN in the directive matches the DN fetched from the LDAP directory.
  • Grant access if there is a Require group directive, and the DN fetched from the LDAP directory (or the username passed by the client) occurs in the LDAP group.
  • Grant access if there is a Require ldap-attribute directive, and the attribute fetched from the LDAP directory matches the given value.
  • otherwise, deny or decline access

mod_auth_ldap uses the following directives during the compare phase:

AuthLDAPURL The attribute specified in the URL is used in compare operations for the Require user operation.
AuthLDAPCompareDNOnServer Determines the behavior of the Require dn directive.
AuthLDAPGroupAttribute Determines the attribute to use for comparisons in the Require group directive.
AuthLDAPGroupAttributeIsDN Specifies whether to use the user DN or the username when doing comparisons for the Require group directive.
top

The Require Directives

Apache's Require directives are used during the authorization phase to ensure that a user is allowed to access a resource.

Require valid-user

If this directive exists, mod_auth_ldap grants access to any user that has successfully authenticated during the search/bind phase.

Require user

The Require user directive specifies what usernames can access the resource. Once mod_auth_ldap has retrieved a unique DN from the directory, it does an LDAP compare operation using the username specified in the Require user to see if that username is part of the just-fetched LDAP entry. Multiple users can be granted access by putting multiple usernames on the line, separated with spaces. If a username has a space in it, then it must be surrounded with double quotes. Multiple users can also be granted access by using multiple Require user directives, with one user per line. For example, with a AuthLDAPURL of ldap://ldap/o=Airius?cn (i.e., cn is used for searches), the following Require directives could be used to restrict access:

Require user "Barbara Jenson"
Require user "Fred User"
Require user "Joe Manager"

Because of the way that mod_auth_ldap handles this directive, Barbara Jenson could sign on as Barbara Jenson, Babs Jenson or any other cn that she has in her LDAP entry. Only the single Require user line is needed to support all values of the attribute in the user's entry.

If the uid attribute was used instead of the cn attribute in the URL above, the above three lines could be condensed to

Require user bjenson fuser jmanager

Require group

This directive specifies an LDAP group whose members are allowed access. It takes the distinguished name of the LDAP group. Note: Do not surround the group name with quotes. For example, assume that the following entry existed in the LDAP directory:

dn: cn=Administrators, o=Airius
objectClass: groupOfUniqueNames
uniqueMember: cn=Barbara Jenson, o=Airius
uniqueMember: cn=Fred User, o=Airius

The following directive would grant access to both Fred and Barbara:

Require group cn=Administrators, o=Airius

Behavior of this directive is modified by the AuthLDAPGroupAttribute and AuthLDAPGroupAttributeIsDN directives.

Require dn

The Require dn directive allows the administrator to grant access based on distinguished names. It specifies a DN that must match for access to be granted. If the distinguished name that was retrieved from the directory server matches the distinguished name in the Require dn, then authorization is granted. Note: do not surround the distinguished name with quotes.

The following directive would grant access to a specific DN:

Require dn cn=Barbara Jenson, o=Airius

Behavior of this directive is modified by the AuthLDAPCompareDNOnServer directive.

Require ldap-attribute

The Require ldap-attribute directive allows the administrator to grant access based on attributes of the authenticated user in the LDAP directory. If the attribute in the directory matches the value given in the configuration, access is granted.

The following directive would grant access to anyone with the attribute employeeType = active

Require ldap-attribute employeeType=active

Multiple attribute/value pairs can be specified on the same line separated by spaces or they can be specified in multiple Require ldap-attribute directives. The effect of listing multiple attribute/values pairs is an OR operation. Access will be granted if any of the listed attribute values match the value of a corresponding attribute in the user object. If the value of the attribute contains a space, only the value must be within double quotes.

The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"

Require ldap-attribute city="San Jose" status=active

top

Examples

  • Grant access to anyone who exists in the LDAP directory, using their UID for searches.

    AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)
    Require valid-user

  • The next example is the same as above; but with the fields that have useful defaults omitted. Also, note the use of a redundant LDAP server.

    AuthLDAPURL ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius
    Require valid-user

  • The next example is similar to the previous one, but is uses the common name instead of the UID. Note that this could be problematical if multiple people in the directory share the same cn, because a search on cn must return exactly one entry. That's why this approach is not recommended: it's a better idea to choose an attribute that is guaranteed unique in your directory, such as uid.

    AuthLDAPURL ldap://ldap.airius.com/ou=People, o=Airius?cn
    Require valid-user

  • Grant access to anybody in the Administrators group. The users must authenticate using their UID.

    AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid
    Require group cn=Administrators, o=Airius

  • The next example assumes that everyone at Airius who carries an alphanumeric pager will have an LDAP attribute of qpagePagerID. The example will grant access only to people (authenticated via their UID) who have alphanumeric pagers:

    AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)
    Require valid-user

  • The next example demonstrates the power of using filters to accomplish complicated administrative requirements. Without filters, it would have been necessary to create a new LDAP group and ensure that the group's members remain synchronized with the pager users. This becomes trivial with filters. The goal is to grant access to anyone who has a filter, plus grant access to Joe Manager, who doesn't have a pager, but does need to access the same resource:

    AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))
    Require valid-user

    This last may look confusing at first, so it helps to evaluate what the search filter will look like based on who connects, as shown below. The text in blue is the part that is filled in using the attribute specified in the URL. The text in red is the part that is filled in using the filter specified in the URL. The text in green is filled in using the information that is retrieved from the HTTP client. If Fred User connects as fuser, the filter would look like

    (&(|(qpagePagerID=*)(uid=jmanager))(uid=fuser))

    The above search will only succeed if fuser has a pager. When Joe Manager connects as jmanager, the filter looks like

    (&(|(qpagePagerID=*)(uid=jmanager))(uid=jmanager))

    The above search will succeed whether jmanager has a pager or not.

top

Using TLS

To use TLS, see the mod_ldap directives LDAPTrustedCA and LDAPTrustedCAType.

top

Using SSL

To use SSL, see the mod_ldap directives LDAPTrustedCA and LDAPTrustedCAType.

To specify a secure LDAP server, use ldaps:// in the AuthLDAPURL directive, instead of ldap://.

top

Using Microsoft FrontPage with mod_auth_ldap

Normally, FrontPage uses FrontPage-web-specific user/group files (i.e., the mod_auth module) to handle all authentication. Unfortunately, it is not possible to just change to LDAP authentication by adding the proper directives, because it will break the Permissions forms in the FrontPage client, which attempt to modify the standard text-based authorization files.

Once a FrontPage web has been created, adding LDAP authentication to it is a matter of adding the following directives to every .htaccess file that gets created in the web

AuthLDAPURL            "the url"
AuthLDAPAuthoritative  off
AuthLDAPFrontPageHack  on

AuthLDAPAuthoritative must be off to allow mod_auth_ldap to decline group authentication so that Apache will fall back to file authentication for checking group membership. This allows the FrontPage-managed group file to be used.

How It Works

FrontPage restricts access to a web by adding the Require valid-user directive to the .htaccess files. If AuthLDAPFrontPageHack is not on, the Require valid-user directive will succeed for any user who is valid as far as LDAP is concerned. This means that anybody who has an entry in the LDAP directory is considered a valid user, whereas FrontPage considers only those people in the local user file to be valid. The purpose of the hack is to force Apache to consult the local user file (which is managed by FrontPage) - instead of LDAP - when handling the Require valid-user directive.

Once directives have been added as specified above, FrontPage users will be able to perform all management operations from the FrontPage client.

Caveats

  • When choosing the LDAP URL, the attribute to use for authentication should be something that will also be valid for putting into a mod_auth user file. The user ID is ideal for this.
  • When adding users via FrontPage, FrontPage administrators should choose usernames that already exist in the LDAP directory (for obvious reasons). Also, the password that the administrator enters into the form is ignored, since Apache will actually be authenticating against the password in the LDAP database, and not against the password in the local user file. This could cause confusion for web administrators.
  • Apache must be compiled with mod_auth in order to use FrontPage support. This is because Apache will still use the mod_auth group file for determine the extent of a user's access to the FrontPage web.
  • The directives must be put in the .htaccess files. Attempting to put them inside <Location> or <Directory> directives won't work. This is because mod_auth_ldap has to be able to grab the AuthUserFile directive that is found in FrontPage .htaccess files so that it knows where to look for the valid user list. If the mod_auth_ldap directives aren't in the same .htaccess file as the FrontPage directives, then the hack won't work, because mod_auth_ldap will never get a chance to process the .htaccess file, and won't be able to find the FrontPage-managed user file.
top

AuthLDAPAuthoritative Directive

Description:Prevent other authentication modules from authenticating the user if this one fails
Syntax:AuthLDAPAuthoritative on|off
Default:AuthLDAPAuthoritative on
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

Set to off if this module should let other authentication modules attempt to authenticate the user, should authentication with this module fail. Control is only passed on to lower modules if there is no DN or rule that matches the supplied user name (as passed by the client).

top

AuthLDAPBindDN Directive

Description:Optional DN to use in binding to the LDAP server
Syntax:AuthLDAPBindDN distinguished-name
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

An optional DN used to bind to the server when searching for entries. If not provided, mod_auth_ldap will use an anonymous bind.

top

AuthLDAPBindPassword Directive

Description:Password used in conjuction with the bind DN
Syntax:AuthLDAPBindPassword password
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected. You should only use the AuthLDAPBindDN and AuthLDAPBindPassword if you absolutely need them to search the directory.

top

AuthLDAPCharsetConfig Directive

Description:Language to charset conversion configuration file
Syntax:AuthLDAPCharsetConfig file-path
Context:server config
Status:Experimental
Module:mod_auth_ldap

The AuthLDAPCharsetConfig directive sets the location of the language to charset conversion configuration file. File-path is relative to the ServerRoot. This file specifies the list of language extensions to character sets. Most administrators use the provided charset.conv file, which associates common language extensions to character sets.

The file contains lines in the following format:

Language-Extension charset [Language-String] ...

The case of the extension does not matter. Blank lines, and lines beginning with a hash character (#) are ignored.

top

AuthLDAPCompareDNOnServer Directive

Description:Use the LDAP server to compare the DNs
Syntax:AuthLDAPCompareDNOnServer on|off
Default:AuthLDAPCompareDNOnServer on
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

When set, mod_auth_ldap will use the LDAP server to compare the DNs. This is the only foolproof way to compare DNs. mod_auth_ldap will search the directory for the DN specified with the Require dn directive, then, retrieve the DN and compare it with the DN retrieved from the user entry. If this directive is not set, mod_auth_ldap simply does a string comparison. It is possible to get false negatives with this approach, but it is much faster. Note the mod_ldap cache can speed up DN comparison in most situations.

top

AuthLDAPDereferenceAliases Directive

Description:When will the module de-reference aliases
Syntax:AuthLDAPDereferenceAliases never|searching|finding|always
Default:AuthLDAPDereferenceAliases Always
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

This directive specifies when mod_auth_ldap will de-reference aliases during LDAP operations. The default is always.

top

AuthLDAPEnabled Directive

Description:Turn on or off LDAP authentication
Syntax: AuthLDAPEnabled on|off
Default:AuthLDAPEnabled on
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

Set to off to disable mod_auth_ldap in certain directories. This is useful if you have mod_auth_ldap enabled at or near the top of your tree, but want to disable it completely in certain locations.

top

AuthLDAPFrontPageHack Directive

Description:Allow LDAP authentication to work with MS FrontPage
Syntax:AuthLDAPFrontPageHack on|off
Default:AuthLDAPFrontPageHack off
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

See the section on using Microsoft FrontPage with mod_auth_ldap.

top

AuthLDAPGroupAttribute Directive

Description:LDAP attributes used to check for group membership
Syntax:AuthLDAPGroupAttribute attribute
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

This directive specifies which LDAP attributes are used to check for group membership. Multiple attributes can be used by specifying this directive multiple times. If not specified, then mod_auth_ldap uses the member and uniquemember attributes.

top

AuthLDAPGroupAttributeIsDN Directive

Description:Use the DN of the client username when checking for group membership
Syntax:AuthLDAPGroupAttributeIsDN on|off
Default:AuthLDAPGroupAttributeIsDN on
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. For example, assume that the client sent the username bjenson, which corresponds to the LDAP DN cn=Babs Jenson, o=Airius. If this directive is set, mod_auth_ldap will check if the group has cn=Babs Jenson, o=Airius as a member. If this directive is not set, then mod_auth_ldap will check if the group has bjenson as a member.

top

AuthLDAPRemoteUserIsDN Directive

Description:Use the DN of the client username to set the REMOTE_USER environment variable
Syntax:AuthLDAPRemoteUserIsDN on|off
Default:AuthLDAPRemoteUserIsDN off
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

If this directive is set to on, the value of the REMOTE_USER environment variable will be set to the full distinguished name of the authenticated user, rather than just the username that was passed by the client. It is turned off by default.

top

AuthLDAPUrl Directive

Description:URL specifying the LDAP search parameters
Syntax:AuthLDAPUrl url
Context:directory, .htaccess
Override:AuthConfig
Status:Experimental
Module:mod_auth_ldap

An RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is

ldap://host:port/basedn?attribute?scope?filter

ldap
For regular ldap, use the string ldap. For secure LDAP, use ldaps instead. Secure LDAP is only available if Apache was linked to an LDAP library with SSL support.
host:port

The name/port of the ldap server (defaults to localhost:389 for ldap, and localhost:636 for ldaps). To specify multiple, redundant LDAP servers, just list all servers, separated by spaces. mod_auth_ldap will try connecting to each server in turn, until it makes a successful connection.

Once a connection has been made to a server, that connection remains active for the life of the httpd process, or until the LDAP server goes down.

If the LDAP server goes down and breaks an existing connection, mod_auth_ldap will attempt to re-connect, starting with the primary server, and trying each redundant server in turn. Note that this is different than a true round-robin search.

basedn
The DN of the branch of the directory where all searches should start from. At the very least, this must be the top of your directory tree, but could also specify a subtree in the directory.
attribute
The attribute to search for. Although RFC 2255 allows a comma-separated list of attributes, only the first attribute will be used, no matter how many are provided. If no attributes are provided, the default is to use uid. It's a good idea to choose an attribute that will be unique across all entries in the subtree you will be using.
scope
The scope of the search. Can be either one or sub. Note that a scope of base is also supported by RFC 2255, but is not supported by this module. If the scope is not provided, or if base scope is specified, the default is to use a scope of sub.
filter
A valid LDAP search filter. If not provided, defaults to (objectClass=*), which will search for all objects in the tree. Filters are limited to approximately 8000 characters (the definition of MAX_STRING_LEN in the Apache source code). This should be than sufficient for any application.

When doing searches, the attribute, filter and username passed by the HTTP client are combined to create a search filter that looks like (&(filter)(attribute=username)).

For example, consider an URL of ldap://ldap.airius.com/o=Airius?cn?sub?(posixid=*). When a client attempts to connect using a username of Babs Jenson, the resulting search filter will be (&(posixid=*)(cn=Babs Jenson)).

See above for examples of AuthLDAPURL URLs.

mod/mod_autoindex.html100644 0 0 125352 11074463123 12562 0ustar 0 0 mod_autoindex - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_autoindex

ֽ ƴմϴ. ֱٿ ϼ.
:ڵ н ls ɾ Win32 dir ɾ 丮
:Base
:autoindex_module
ҽ:mod_autoindex.c

丮 ΰ:

, Ѵٸ ڵ (Ȥ ü) ִ.

ڵ Options +Indexes ϴ. ڼ Options þ ϶.

IndexOptions þ FancyIndexing ɼ ָ, ̸ ٲٴ ũ . ̸ ũ ϸ ٽ . ̸ ݺؼ ϸ ̸ . IndexOptions þ SuppressColumnSorting ɼ ̷ ̸ ũ ʴ´.

"Size(ũ)" µǴ ƴ϶ ũ ϶. , 1010 Ʈ ϰ 1011 Ʈ Ѵ "1K" ̴ ׻ 1010 Ʈ տ ´.

top

Autoindex û ƱԸƮ

ġ 2.0.23 û ƱԸƮ ϰ, ο ɼǵ ߰ߴ. Ŭ̾Ʈ IndexOptions IgnoreClient ɼ ߰Ǿ.

̸ Ʒ û ɼ ڱ ũ. Ʒ ɼ 丮 ڿ  û ִ.

  • C=N ϸ ̴
  • C=M ֱ , ׸ ϸ ̴
  • C=S ũ , ׸ ϸ ̴
  • C=D , ׸ ϸ ̴
  • O=A Ѵ
  • O=D Ѵ
  • F=0 (FancyIndexed ƴ) ̴
  • F=1 FancyIndexed ̴
  • F=2 HTMLTable FancyIndexed ̴
  • V=0 ʴ´
  • V=1 Ѵ
  • P=pattern ־ pattern شϴ ϸ

'P'attern ƱԸƮ Ϲ IndexIgnore þ ó Ŀ ˻ϱ⶧, ٸ autoindex ϶. mod_autoindex û ƱԸƮ о϶ ɼ ߰ϸ ̻ ʴ´. û ƱԸƮ ǥ Ѵ.

header.html Ͽ ִ Ʒ ɼǵ Ѵ. submit "X" ƱԸƮ mod_autoindex X=Go ƱԸƮ о Ȯϱ ߴ.

<form action="" method="get">
Show me a <select name="F">
<option value="0"> Plain list</option>
<option value="1" selected="selected"> Fancy list</option>
<option value="2"> Table list</option>
 </select>
Sorted by <select name="C">
<option value="N" selected="selected"> Name</option>
<option value="M"> Date Modified</option>
<option value="S"> Size</option>
<option value="D"> Description</option>
 </select>
<select name="O">
<option value="A" selected="selected"> Ascending</option>
<option value="D"> Descending</option>
 </select>
<select name="V">
<option value="0" selected="selected"> in Normal order</option>
<option value="1"> in Version order</option>
 </select>
Matching <input type="text" name="P" value="*" />
<input type="submit" name="X" value="Go" />
 </form>

top

AddAlt þ

:ϸ ܴ
:AddAlt string file [file] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

AddAlt FancyIndexing Ͽ ܴ Ѵ. File Ȯ, ϸ Ϻ, ϵī ǥ, ü ϸ ִ. String ٸ ǥ(" Ȥ ') Ѵ. Ŭ̾Ʈ ̹ ų, ̹ ʰų, ߰ ̰ ȴ.

AddAlt "PDF file" *.pdf
AddAlt Compressed *.gz *.zip *.Z

top

AddAltByEncoding þ

:MIME-encoding ܴ
:AddAltByEncoding string MIME-encoding [MIME-encoding] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

AddAltByEncoding FancyIndexing Ͽ ܴ Ѵ. MIME-encoding x-compress ȿ content-encoding̴. String ٸ ǥ(" Ȥ ') Ѵ. Ŭ̾Ʈ ̹ ų, ̹ ʰų, ߰ ̰ ȴ.

AddAltByEncoding gzip x-gzip

top

AddAltByType þ

:MIME content-type ܴ
:AddAltByType string MIME-type [MIME-type] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

AddAltByType FancyIndexing Ͽ ܴ Ѵ. MIME-type text/html ȿ content-type̴. String ٸ ǥ(" Ȥ ') Ѵ. Ŭ̾Ʈ ̹ ų, ̹ ʰų, ߰ ̰ ȴ.

AddAltByType 'plain text' text/plain

top

AddDescription þ

:Ͽ
:AddDescription string file [file] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing Ͽ Ѵ. File Ȯ, ϸ Ϻ, ϵī ǥ, ü ϸ ִ. String ǥ(") Ѵ.

AddDescription "The planet Mars" /web/pics/mars.gif

⺻ ʵ 23 Ʈ. IndexOptions SuppressIcon ɼ ϸ ⺻ 6 Ʈ ߰ϰ, IndexOptions SuppressSize ɼ 7 Ʈ, IndexOptions SuppressLastModified ɼ 19 Ʈ ߰Ѵ. ׷Ƿ 55 Ʈ.

ʵ ٲٰų ̸ Ѵ DescriptionWidth IndexOptions Ű带 ϶.

AddDescription ۿ ±׳ character entity(; &lt;, &amp; Ī) HTML ִ. ׷ ±װ ִ κ ©ԵǸ ( ü κ ©) 丮 Ͽ ִ.

top

AddIcon þ

:̸ Ͽ
:AddIcon icon name [name] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing name Ѵ. Icon (%-escaped) URL Ȥ (alttext,url) ̴. ⼭ alttext ׸ ܴ ̴.

Name 丮 Ÿ ^^DIRECTORY^^, ( ùٷ ߱) Ÿ ^^BLANKICON^^, Ȯ, ϵī ǥ, ϸ Ϻ Ȥ ü ִ.

AddIcon (IMG,/icons/image.xbm) .gif .jpg .xbm
AddIcon /icons/dir.xbm ^^DIRECTORY^^
AddIcon /icons/backup.xbm *~

ϸ AddIconٴ AddIconByType ؾ Ѵ.

top

AddIconByEncoding þ

:MIME content-encoding Ͽ
:AddIconByEncoding icon MIME-encoding [MIME-encoding] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing Ѵ. Icon (%-escaped) URL Ȥ (alttext,url) ̴. ⼭ alttext ׸ ܴ ̴.

MIME-encoding content-encoding شϴ ϵī ǥ̴.

AddIconByEncoding /icons/compress.xbm x-compress

top

AddIconByType þ

:MIME content-type Ͽ
:AddIconByType icon MIME-type [MIME-type] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing MIME-type Ѵ. Icon (%-escaped) URL Ȥ (alttext,url) ̴. ⼭ alttext ׸ ܴ ̴.

MIME-type mime type شϴ ϵī ǥ̴.

AddIconByType (IMG,/icons/image.xbm) image/*

top

DefaultIcon þ

:Ư Ͽ
:DefaultIcon url-path
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

DefaultIcon þ FancyIndexing Ư ̴. Icon (%-escaped) URL̴.

DefaultIcon /icon/unknown.xbm

top

HeaderName þ

:ϸ ̸
:HeaderName filename
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

HeaderName þ ϸ տ ̸ Ѵ. Filename ϸ̴.

HeaderName HEADER.html

HeaderName ReadmeName Filename Ϸ 丮 URI η ޾Ƶδ. Filename ϸ DocumentRoot η ޾Ƶδ.

HeaderName /include/HEADER.html

Filename major content type text/* ( , text/html, text/plain, ) ؾ Ѵ. , ũƮ ( ƴ) type text/html Ѵٸ filename CGI ũƮ ִ:

AddType text/html .cgi

Options MultiViews ϸ Ѵ. filename (CGI ũƮ ƴ) text/html ̰ options Includes IncludesNOEXEC ϳ Ѵٸ server-side includes óѴ. (mod_include )

HeaderName Ͽ (<html>, <head>, ) HTML ۺκ Եִٸ IndexOptions +SuppressHTMLPreamble Ͽ κ ߰ʴ .

top

IndexIgnore þ

:丮 Ͽ ϸ ߰Ѵ
:IndexIgnore file [file] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexIgnore þ 丮 Ͽ ϸ ߰Ѵ. File ( ϴ) ȭϵī ǥ̳ ü ϸ ִ. IndexIgnore þ ϸ ϸ üʰ Ͽ ϵ ߰Ѵ. ⺻ . ( 丮) Ѵ.

IndexIgnore README .htaccess *.bak *~

top

IndexOptions þ

:
:IndexOptions [+|-]option [[+|-]option] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexOptions þ 丮 Ѵ. Option ϳ̴

DescriptionWidth=[n | *] (ġ 2.0.23 )
DescriptionWidth Ű带 Ͽ ڴ ִ.
-DescriptionWidth ϸ (Ȥ ƹ͵ ) mod_autoindex Ѵ.
DescriptionWidth=n n Ʈ Ѵ.
DescriptionWidth=* ִ¸ŭ ø.
© ִ AddDescription ϶.
FancyIndexing
丮 fancy .
FoldersFirst (ġ 2.0.23 )
ɼ ϸ 丮 ׻ , 丮 ִ Ϲ ڿ ´. ⺻ ϰ 丮 , Ͽ 丮 δ. , ̸ ϰ FoldersFirst Ѵٸ 丮 ZedBeta տ , 丮 Beta Ϲ Gamma Alpha տ ´. ɼ FancyIndexing Բ Ҷ ȿ ִ.
HTMLTable (, ġ 2.0.23 )
FancyIndexing ɼ HTML ǥ fancy 丮 . ɼ ȥ ϶. ɼ WinNT ٸ utf-8 ÷ ϸ̳ б (ʿ Ȥ ʿ ) ٸ Ư ϴ.
IconsAreLinks
fancy Ͽ ϸ ũ Ѵ.
IconHeight[=pixels]
ɼ IconWidth ϸ img ±׿ height width Ӽ Ѵ. ׷ ̹ Ȳ ̸ ִ. ɼǿ ġ ϴ ǥ ̸ Ѵ.
IconWidth[=pixels]
ɼ IconHeight ϸ img ±׿ height width Ӽ Ѵ. ׷ ̹ Ȳ ̸ ִ. ɼǿ ġ ϴ ǥ Ѵ.
IgnoreCase
ɼ ϸ ҹ ʰ ̸ Ѵ. , ̸ ̰ IgnoreCase ϸ Zeta alfa ڿ ´ (: GAMMA ׻ gamma տ ´).
IgnoreClient
ɼ ϸ mod_autoindex Ͽ Ŭ̾Ʈ Ǻ Ѵ. (SuppressColumnSorting Ѵ.)
NameWidth=[n | *]
NameWidth Ű Ʈ ϸ Ѵ.
-NameWidth ϸ (Ȥ ƹ͵ ) mod_autoindex Ѵ.
NameWidth=n n Ʈ Ѵ.
NameWidth=* ʿѸŭ ø.
ScanHTMLTitles
fancy Ͽ HTML title ̴´. Ͽ AddDescription ٸ title Ұ оδ. ۾ CPU ũ Ѵ.
SuppressColumnSorting
ɼ ϸ ġ FancyIndexed 丮 Ͽ ̸ ٲٴ ũ ʴ´. ̸ ũ , ̸ ϸ ִ 丮 . ġ 2.0.23 ƱԸƮ ʾҴ. ġ 2.0.23 IndexOptions IgnoreClient Ͽ ƱԸƮ ʴ´.
SuppressDescription
fancy Ͽ ʴ´. ⺻  ǵʰ, ɼ ϸ 23 ٸ 뵵 Ѵ. ϴ AddDescription ϶. ũ⸦ ϴ DescriptionWidth ɼǵ ϶.
SuppressHTMLPreamble
HeaderName þ ִ ǥ HTML ۺκ (<html>, <head>, et cetera) ڿ ÷Ѵ. ׷ SuppressHTMLPreamble ɼ ϸ ó header Ѵ. header Ͽ HTML ־ Ѵ. header ٸ Ϲ ۺκ .
SuppressIcon (ġ 2.0.23 )
fancy Ͽ . SuppressIcon SuppressRules ϸ, (FancyIndexed ) pre ȿ img hr ǥ HTML 3.2 ˸ ȴ.
SuppressLastModified
fancy Ͽ ǥ ʴ´.
SuppressRules (ġ 2.0.23 )
丮 Ͽ (hr ) ʴ´. SuppressIcon SuppressRules ϸ, (FancyIndexed ) pre ȿ img hr ǥ HTML 3.2 ˸ ȴ.
SuppressSize
fancy Ͽ ũ⸦ ǥ ʴ´.
TrackModified (ġ 2.0.23 )
丮 HTTP Last-Modified ETag Ѵ. ɼ ü Ͻýۿ stat() ȿϴ. н ý۰ OS2 JFS, Win32 NTFS ϴ. , OS2 Win32 FAT Ұϴ. ϸ Ŭ̾Ʈ Ͻô HEAD û Ͽ ϸ ȭ ִ.  ü ο ϰ ùٷ , 丮 ִ ũ⳪ ¥ ȭ ϶. н ÷ ũ⳪ ¥ ȭ Last-Modified ٲʴ´. ̷ ȭ ߿ϴٸ ɼ .
VersionSort (ġ 2.0a3 )
VersionSort Ű ȣ ϸ ڿ Ѵ. κ , ϰ ִ κ ڰ Ѵ.

:

foo-1.7
foo-1.7.2
foo-1.7.12
foo-1.8.2
foo-1.8.2a
foo-1.12

0 ϸ, м Ѵ:

foo-1.001
foo-1.002
foo-1.030
foo-1.04

XHTML (ġ 2.0.49 )
XHTML Ű带 ϸ mod_autoindex HTML 3.2 XHTML 1.0 ڵ带 Ѵ.
IndexOptions

ġ 1.3.3 IndexOptions þ ó ũ ȭǾ. Ư:

  • IndexOptions þ Ѵ. :

    <Directory /foo> IndexOptions HTMLTable
    IndexOptions SuppressColumnsorting     </Directory>

    IndexOptions HTMLTable SuppressColumnsorting

  • ( , Ű տ + - ̴) ߰Ǿ.

Ű տ '+' '-' ش Ű尡 ( 丮 ӵǾ) IndexOptions ݿȴ. ׷ տ ƹ͵ Ű带 ӵǰų . 캸:

IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing
IndexOptions +SuppressSize

տ ƹ͵ FancyIndexing ٽ ߰ǿ IndexOptions FancyIndexing +SuppressSize .

Ư 丮 IndexOptions Ϸ Ű տ + - ӵ .

top

IndexOrderDefault þ

:丮 ⺻ Ѵ
:IndexOrderDefault Ascending|Descending Name|Date|Size|Description
⺻:IndexOrderDefault Ascending Name
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexOrderDefault þ FancyIndexing ɼǰ Բ Ѵ. ⺻ fancyindexed 丮 ϸ ̴. IndexOrderDefault ʱ ִ.

IndexOrderDefault ƱԸƮ ޴´. ù° ϴ Ascending () ̳ Descending () ϳ. ι° ƱԸƮ Ÿ Ű Name, Date, Size, Description ϳ. ׻ ϸ ̴.

þ SuppressColumnSorting ɼ ϸ Ư θ 丮 . Ŭ̾Ʈ ٸ 丮 û Ѵ.

top

ReadmeName þ

:ϸ ̸
:ReadmeName filename
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

ReadmeName þ ϸ ̸ Ѵ. Filename ϸ̰, ġ η ޾Ƶδ. Filename ϸ DocumentRoot η ޾Ƶδ.

ReadmeName FOOTER.html

2

ReadmeName /include/FOOTER.html

ڼ HeaderName ϶.

mod/mod_cache.html100644 0 0 51115 11074463123 11600 0ustar 0 0 mod_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_cache

ֽ ƴմϴ. ֱٿ ϼ.
:Content cache keyed to URIs.
:Experimental
:cache_module
ҽ:mod_cache.c

̴. ۾̴...

mod_cache ǻͿ ִ ̳ Ͻõ ij ִ RFC 2616 ȣȯ HTTP ij Ѵ. mod_cache Ϸ (storage management module) ʿϴ. ⺻ ġ ΰ ִ:

mod_disk_cache
ũ ڸ Ѵ.
mod_mem_cache
޸𸮱 ڸ Ѵ. mod_mem_cache ϱڸ ijϰų (heap) ü ijϴ ΰ Ѱ ϵ ִ. mod_mem_cache ڽ ijϰų, (Ͻ(reverse proxy) ˷) ProxyPass Ͽ mod_proxy ޴ ij ִ.

URI Ű ij ϰ ´. ٺȣ ijʴ´.

top

õ þ

õ õ þ
top

Sample httpd.conf

#
# ij
#
LoadModule cache_module modules/mod_cache.so

<IfModule mod_cache.c>
#LoadModule disk_cache_module modules/mod_disk_cache.so
<IfModule mod_disk_cache.c>
CacheRoot c:/cacheroot
CacheSize 256
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
 </IfModule>

LoadModule mem_cache_module modules/mod_mem_cache.so
<IfModule mod_mem_cache.c>
CacheEnable mem /
MCacheSize 4096
MCacheMaxObjectCount 100
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
 </IfModule>
 </IfModule>

top

CacheDefaultExpire þ

:ð ij ⺻ Ⱓ.
:CacheDefaultExpire seconds
⺻:CacheDefaultExpire 3600 (one hour)
:ּ, ȣƮ
:Experimental
:mod_cache

CacheDefaultExpire þ ð ֱټð ij ʴ ⺻ ð Ѵ. CacheMaxExpire ʴ´.

CacheDefaultExpire 86400

top

CacheDisable þ

:Ư URL ij ʴ´
:CacheDisable url-string
:ּ, ȣƮ
:Experimental
:mod_cache

CacheDisable þ ϸ mod_cache url-string url ij ʴ´.

CacheDisable /local_files

top

CacheEnable þ

: ڸ Ͽ URL ijѴ
:CacheEnable cache_type url-string
:ּ, ȣƮ
:Experimental
:mod_cache

CacheEnable þ ϸ mod_cache url-string url ijѴ. ij ڴ cache_type ƱԸƮ Ѵ. cache_type mem mod_mem_cache ϴ ޸𸮱 ڸ Ѵ. cache_type disk mod_disk_cache ϴ ũ ڸ Ѵ. cache_type fd mod_mem_cache ϴ ϱ ij Ѵ.

(Ʒ ) URL ٸ CacheEnable þ ġ ڰ û óҶ ڸ Ѵ. Ͽ CacheEnable þ ڰ ȴ.

CacheEnable mem /manual
CacheEnable fd /images
CacheEnable disk /

top

CacheForceCompletion þ

:û ҵǴ ijϱ ʿ 񽺷.
:CacheForceCompletion Percentage
⺻:CacheForceCompletion 60
:ּ, ȣƮ
:Experimental
:mod_cache

ijϰ Ŭ̾Ʈ ߿ û ҵǸ ó ߴܵǰ ij ׸ . CacheForceCompletion þ û ҵǴ ij Ѵ.

Ÿ 1 100 ̴. 0 ϸ ⺻ Ѵ. 100 ijѴ. 60 90 õѴ.

CacheForceCompletion 80

:

ʾҴ.
top

CacheIgnoreCacheControl þ

:Ŭ̾Ʈ ijʴ û Ѵ.
:CacheIgnoreCacheControl On|Off
⺻:CacheIgnoreCacheControl Off
:ּ, ȣƮ
:Experimental
:mod_cache

no-cache no-store ij ʴ´. CacheIgnoreCacheControl þ ̷ ൿ Ѵ. CacheIgnoreCacheControl On ϸ no-cache no-store ־ ijѴ. ʿ ij ʴ´.

CacheIgnoreCacheControl On

top

CacheIgnoreNoLastMod þ

:信 Last Modified ٴ Ѵ.
:CacheIgnoreNoLastMod On|Off
⺻:CacheIgnoreNoLastMod Off
:ּ, ȣƮ
:Experimental
:mod_cache

ֱټ ij ʴ´.  ֱټ ( mod_include ó߿) ų ó ִ. CacheIgnoreNoLastMod þ ֱټ ݵ ijϵ . ֱټϰ ð CacheDefaultExpire þ ð Ѵ.

CacheIgnoreNoLastMod On

top

CacheLastModifiedFactor þ

:LastModified ð ð ϴµ ϴ .
:CacheLastModifiedFactor float
⺻:CacheLastModifiedFactor 0.1
:ּ, ȣƮ
:Experimental
:mod_cache

ð ֱټ ִ ֱټ ð ð Ѵ. CacheLastModifiedFactor þ ð ϴ Ŀ factor Ѵ: expiry-period = time-since-last-modified-date * factor expiry-date = current-date + expiry-period , 10 ð Ǿ factor 0.1̶ Ⱓ 10*01 = 1 ð ȴ. ð 3:00pm̶ ð 3:00pm + 1ð = 4:00pm̴. Ⱓ CacheMaxExpire ٸ CacheMaxExpire Ѵ.

CacheLastModifiedFactor 0.5

top

CacheMaxExpire þ

: ijϴ ʴ ִð
:CacheMaxExpire seconds
⺻:CacheMaxExpire 86400 (Ϸ)
:ּ, ȣƮ
:Experimental
:mod_cache

CacheMaxExpire þ ˻ʰ ij HTTP ִ ʴ ִð Ѵ. , ִ ŭ Ǿ. ð Ͽ ִ밪 Ų.

CacheMaxExpire 604800

mod/mod_cern_meta.html100644 0 0 15552 11074463123 12477 0ustar 0 0 mod_cern_meta - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_cern_meta

:CERN Ÿ
:Extension
:cern_meta_module
ҽ:mod_cern_meta.c

CERN Ÿ 䳻. Ÿ ϴ Ͽ Ϲ ܿ ߰ HTTP ִ. ġ .asis ϰ ϰ, Expires: ϰų ٸ ű ϵ ִ. Ÿ ٷ پ, ̹ ϴ CERN ڵ ߴ.

ڼ CERN metafile semantics ϶.

top

MetaDir þ

:CERN Ÿ ã 丮 ̸
:MetaDir directory
⺻:MetaDir .web
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_cern_meta

ġ Ÿ ã 丮 Ѵ. 丮 ִ 丮 '' 丮. "." ϸ 丮 ã´:

MetaDir .

ƴϸ ִ 丮 Ѵ:

MetaDir .meta

top

MetaFiles þ

:CERN Ÿ óѴ
:MetaFiles on|off
⺻:MetaFiles off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_cern_meta

丮 Ÿ óθ Ѵ.

top

MetaSuffix þ

:CERN Ÿ ϴ ̻
:MetaSuffix suffix
⺻:MetaSuffix .meta
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_cern_meta

Ÿ ϴ ̻縦 Ѵ. , þ ⺻ DOCUMENT_ROOT/somedir/index.html ûϸ DOCUMENT_ROOT/somedir/.web/index.html.meta Ͽ MIME ߰Ѵ.

:

MetaSuffix .meta

mod/mod_cgi.html100644 0 0 30753 11074463123 11304 0ustar 0 0 mod_cgi - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_cgi

:CGI ũƮ
:Base
:cgi_module
ҽ:mod_cgi.c

mime type application/x-httpd-cgḭų (ġ 1.1 ) ڵ鷯 cgi-script CGI ũƮ νϿ, ϰ, Ŭ̾Ʈ . AddType þ Ȯڸ ų, ScriptAlias 丮 ȿ CGI óȴ.

CGI ũƮ θ DOCUMENT_ROOT ȯ溯 ߰Ѵ. DocumentRoot .

ġ CGI ũƮ ϴ Ұ CGI 丮 ϶.

н ߾ MPM Ѵٸ mod_cgid ؾ Ѵ. 忡 ⺻ ϴ.

top

CGI ȯ溯

CGI ǥ ϴ CGI ȯ溯 Ѵ:

PATH_INFO
AcceptPathInfo þ off 쿡 Ѵ. AcceptPathInfo ⺻ ִ û 404 NOT FOUND , mod_cgi (URI ũƮ ϸ ڿ /more/path/info) ޴´. AcceptPathInfo þ ϸ mod_cgi û ؼ AcceptPathInfo On Ͱ .
REMOTE_HOST
HostnameLookups on̰ (⺻ off), ȣƮ ּҸ DNS ˻Ͽ ȣƮ ã 쿡 Ѵ.
REMOTE_IDENT
IdentityCheck on̰, ȣƮ ident ϴ 쿡 Ѵ. ֱ⶧ ȵǰ, Ŭ̾Ʈ ̿ Ͻð ִٸ ǹ ϶.
REMOTE_USER
CGI ũƮ ľϴ 쿡 Ѵ.
top

CGI

𿡼 ߸ Ǵ ũƮ (ǥ° ǥؿ) ⶧ CGI ũƮ ϱ . ġ 1.2 Ŀ ߰ þ ϸ ߻ ڼ α׿ ִ.

CGI α

CGI α״ CGI Ѵ. ߻ CGI ũƮ α׿ . ù° ׻ Ʒ ̴:

%% [ð] û
%% HTTP- CGI-ũƮ-ϸ

CGI ũƮ αϿ ߰ Ѵ:

%%error

ũƮ ( ũƮ ׶) ߸ ȯϴ , α׿ Ѵ:

%request
HTTP
(ִٸ) POST PUT
%response
CGI ũƮ
%stdout
CGI ǥ
%stderr
CGI ǥؿ

(ũƮ ǥ̳ ǥؿ ƹ 뵵 ʾҴٸ %stdout %stderr κ ִ).

top

ScriptLog þ

:CGI ũƮ α ġ
:ScriptLog file-path
:ּ, ȣƮ
:Base
:mod_cgi, mod_cgid

ScriptLog þ CGI ũƮ α Ѵ. ScriptLog α׸ ʴ´. ϸ ƱԸƮ Ͽ CGI Ѵ. θ ϸ ServerRoot η ޾Ƶδ.

ScriptLog logs/cgi_log

ڽ μ ϴ , User þ α׸ . ׷ ڰ ũƮ αװ ִ 丮 ִ, ̸  ڿ Ѵ. ũƮ α׸ α 丮 дٸ ڽ μ ϴ ڿ ֱ 丮 .

ũƮ α״ CGI ũƮ ۼҶ 뵵 ϴ ϱ ƴ ϶. ӵ ȿ鿡 ȭ ȵְ, ̿ ϸ Ȼ ִ.

top

ScriptLogBuffer þ

:ũƮ α׿ PUT Ȥ POST û ִ뷮
:ScriptLogBuffer bytes
⺻:ScriptLogBuffer 1024
:ּ, ȣƮ
:Base
:mod_cgi, mod_cgid

ū ޾Ƽ α ʹ Ŀ Ͽ PUT Ȥ POST ũ⸦ Ѵ. ⺻ 1024 Ʈ α׿ , þ Ͽ ִ.

top

ScriptLogLength þ

:CGI ũƮ α ũ
:ScriptLogLength bytes
⺻:ScriptLogLength 10385760
:ּ, ȣƮ
:Base
:mod_cgi, mod_cgid

ScriptLogLength CGI ũƮ α ũ⸦ Ѵ. CGI ߻Ҷ ( û , ũƮ ) α׿ ϵDZ⶧ ſ Ŀ ִ. Ŀ þ Ͽ CGI α ִ ũ⸦ Ѵ. ũⰡ ̻ ʴ´.

mod/mod_cgid.html100644 0 0 12662 11074463123 11447 0ustar 0 0 mod_cgid - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_cgid

:ܺ CGI Ͽ CGI ũƮ
:Base
:cgid_module
ҽ:mod_cgid.c
:н 带 ϴ MPMs

Ʒ ϴ ߰ ScriptSock þ ϰ mod_cgid mod_cgi ϰ Ѵ. ġ CGI ڼ mod_cgi ϶.

 н ü ߾ μ ũ(fork)ϸ ο μ θ μ 带 ؾ ϹǷ δ ȴ. CGI ึ ̷ δ ʱ mod_cgid CGI ũƮ ϴ ڽ μ ũϴ ܺ . ּ н(unix domain socket) Ͽ Ѵ.

Ҷ ߾ MPM ϸ ⺻ mod_cgi Ѵ. 忡 mod_cgi ϴ. cgi ̸ ϴ ScriptSock þ ߰ ̴.

top

ScriptSock þ

:cgi ̸
:ScriptSock file-path
⺻:ScriptSock logs/cgisock
:ּ, ȣƮ
:Base
:mod_cgid

þ CGI ̸ Ѵ. ġ ( root) . CGI ũƮ ٸ ڰ ִ 丮 ʴ ߿ϴ.

ScriptSock /var/run/cgid.sock

mod/mod_charset_lite.html100644 0 0 25027 11074463123 13206 0ustar 0 0 mod_charset_lite - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_charset_lite

: ȯ
:Experimental
:charset_lite_module
ҽ:mod_charset_lite.c

̰, ְ ؾ Ѵ. ϴ ϴ mod_charset_lite غ.

mod_charset_lite Ͽ հ Ŭ̾Ʈ ȯ ִ. mod_charset_lite ڷḦ ȯʰ ġ ȯ϶ ûѴ. mod_charset_lite EBCDIC ASCII ȯ濡 ִ. EBCDIC ȯ濡 ġ ġ μ ڵ ISO-8859-1 ȯѴ. mod_charset_lite Ͽ ٸ ȯ ִ. ASCII ȯ濡 ġ ⺻ ȯ ʱ⶧,  ȯ ؼ mod_charset_lite ʿϴ.

þ ġ mod_charset ϴ Ϻθ Ѵ.

top

Ϲ

߸ ̸

mod_charset_lite ϴ ý ARP CharsetSourceEnc CharsetDefault Ķ ̸ ó ־ Ѵ. ̸ ǥȭ ʾҰ, http ϴ ׻ ʴ. APR iconv(3) ϱ⶧, iconv(1) α׷ Ͽ Ư ̸ ִ ִ:

iconv -f charsetsourceenc-value -t charsetdefault-value

ȯĢ ٸ

ȯĢ Ȳ ȯ ִ:

  • ȯ ȯڵ带 ȯϰ ִ.
  • Է¹۸ ȯ Ҷ ¹ۿ Ư ڸ (, ǥ) ִ.
top

CharsetDefault þ

:ȯ
:CharsetDefault charset
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Experimental
:mod_charset_lite

CharsetDefault þ þ ġ ִ ȯ Ѵ.

charset ƱԸƮ APR ϴ ̸ ؾ Ѵ. Ϲ iconv ϴ ǹѴ.

<Directory /export/home/trawick/apacheinst/htdocs/convert>
CharsetSourceEnc UTF-16BE
CharsetDefault ISO-8859-1
 </Directory>

top

CharsetOptions þ

: ȯ
:CharsetOptions option [option] ...
⺻:CharsetOptions DebugLevel=0 NoImplicitAdd
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Experimental
:mod_charset_lite

CharsetOptions þ mod_charset_lite Ѵ. Option Ʒ ׸ ִ

DebugLevel=n
DebugLevel Ű mod_charset_lite ϴ ׹ Ѵ. ⺻  ͵ ʴ´. ̴ DebugLevel=0 . ڸ Ҽ ׹ ϰԵǾ . ڰ ǹ̴ mod_charset_lite.c պκ DBGLVL_ Ǹ ϶.
ImplicitAdd | NoImplicitAdd
ImplicitAdd Ű ȯ ϸ ڵ mod_charset_lite Ϳ ߰Ѵ. AddOutputFilter þ ͼ Ѵٸ, NoImplicitAdd Ͽ mod_charset_lite ڵ Ϳ ߰ʵ ؾ Ѵ.
top

CharsetSourceEnc þ

:
:CharsetSourceEnc charset
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Experimental
:mod_charset_lite

CharsetSourceEnc þ þ ġ ִ ϵ Ѵ.

charset ƱԸƮ APR ϴ ̸ ؾ Ѵ. Ϲ iconv ϴ ǹѴ.

<Directory /export/home/trawick/apacheinst/htdocs/convert>
CharsetSourceEnc UTF-16BE
CharsetDefault ISO-8859-1
 </Directory>

Solaris 8 iconv Ѵ.

mod/mod_dav.html100644 0 0 33622 11074463123 11312 0ustar 0 0 mod_dav - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_dav

:Distributed Authoring and Versioning (WebDAV)
:Extension
:dav_module
ҽ:mod_dav.c

ġ WebDAV ('Web-based Distributed Authoring and Versioning') class 1 class 2 ߰Ѵ. WebDAV ڿ ݷ(collection) (; ݷ Ͻý 丮 ̴) , ű, ϰ, ֵ HTTP Ȯ ̴.

top

WebDAV ϱ

mod_dav Ϸ httpd.conf Ͽ Ʒ ߰Ѵ:

Dav On

׷ mod_dav_fs ϴ DAV Ͻý (provider) Ѵ. ׷Ƿ ⵵ ϵְų LoadModule þ ߿ о鿩 Ѵ.

, DAV (lock) ͺ̽ ġ httpd.conf κп DavLockDB þ Ͽ ؾ Ѵ:

DavLockDB /usr/local/apache2/var/DavLock

ġ ϴ User Group ͺ̽ ִ 丮 Ѵ.

DAV ϴ ġ ϱ <Location> þ ȿ <Limit> þ ִ. DAV Ŭ̾Ʈ ѹ û ִ ִ Ʈ Ϸ LimitXMLRequestBody þ Ѵ. "Ϲ" LimitRequestBody þ DAV û .

ü

DavLockDB /usr/local/apache2/var/DavLock

<Location /foo>
Dav On

AuthType Basic
AuthName DAV
AuthUserFile user.passwd

<LimitExcept GET OPTIONS>
require user admin
 </LimitExcept>
 </Location>

mod_dav Greg Stein Apache 1.3 mod_dav . ⿡ ڼ Ʈ ϶.

top

DAV ϸ Ŭ̾Ʈ ֱ⶧, mod_dav ϱ Ư Ѵ.

DAV ġ ȣؾ Ѵ. HTTP Basic Authentication õ ʴ´. ּ mod_auth_digest ϴ HTTP Digest Authentication ؾ Ѵ. WebDAV Ŭ̾Ʈ Ѵ. ƴϸ SSL ῡ Basic Authentication ִ.

mod_dav Ϸ, ġ ϴ User Group ش 丮 Ͽ Ѵ. , User Group ϰ ȴ. ׷ ƹ ϶. DAV Ҵ ġ ִٰ Ѵ. ġ ʰ ( FTP Ͻý Ͽ) ϸ ȵȴ.

mod_dav 񽺰ź ִ. LimitXMLRequestBody þ Ͽ ū DAV û ޸𸮷 ִ. DavDepthInfinity þ Ͽ ޸𸮸 Ҹϱ ſ ū PROPFIND û ִ. ܼ Ŭ̾Ʈ ū ϵ ũ ä 񽺰ź ݵ ϴ. ġ ̸ . ׷Ƿ ŷʴ ڿ DAV ʵ϶.

top

Ϲ ϳ (PHP ũƮ, CGI ũƮ ) ۾ mod_dav ϴ ̴. ̴ GET û ٿε ʰ ׻ ũƮ ϹǷ ƴ. ذ ϳ 뿡 ΰ URL ϴ ̴. URL ũƮ ϰ, ٸ URLδ ٿεϿ DAV ۾ ִ.

Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
<Location /php-source> DAV On
ForceType text/plain
 </Location>

http://example.com/phparea PHP ũƮ ְ, http://example.com/php-sourceδ DAV Ŭ̾Ʈ ũƮ ִ.

top

Dav þ

:WebDAV HTTP ޽带 Ѵ
:Dav On|Off|provider-name
⺻:Dav Off
:directory
:Extension
:mod_dav

ġ WebDAV HTTP ޽带 Ϸ Dav þ Ѵ:

<Location /foo>
Dav On
 </Location>

On mod_dav_fs ϴ ⺻ filesystem Ī̴.  ġ DAV ϸ DAV ϵ ϶. ϶.

ϰ Ҷ WebDAV . ׷ й ְ ȴ.
top

DavDepthInfinity þ

:PROPFIND Depth: Infinity û 㰡Ѵ
:DavDepthInfinity on|off
⺻:DavDepthInfinity off
:ּ, ȣƮ, directory
:Extension
:mod_dav

DavDepthInfinity þ ϸ 'Depth: Infinity' PROPFIND û 㰡Ѵ. ̷ û Ͽ 񽺰ź ϱ ⺻ ʴ´.

top

DavMinTimeout þ

: DAV ڿ ּҽð
:DavMinTimeout seconds
⺻:DavMinTimeout 0
:ּ, ȣƮ, directory
:Extension
:mod_dav

Ŭ̾Ʈ DAV ڿ (lock) ûҶ ˾Ƽ ִ ð ˷ ִ. ûϻ̸, Ŭ̾Ʈ û ϰ Ŭ̾Ʈ ð ˷ ִ.

DavMinTimeout þ Ŭ̾Ʈ ּ ð (ʴ) Ѵ. Microsoft Web Folders ⺻ 120 ʸ Ѵ. DavMinTimeout (600 ʿ ) ϸ Ŭ̾Ʈ Ʈ ҰԵǴ 츦 ִ.

<Location /MSWord>
DavMinTimeout 600
 </Location>

mod/mod_dav_fs.html100644 0 0 12101 11074463123 11767 0ustar 0 0 mod_dav_fs - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_dav_fs

:mod_dav Ͻý
:Extension
:dav_fs_module
ҽ:mod_dav_fs.c

mod_dav 񽺿 ʿϴ. mod_dav ϴ Ͻýۿ ִ ڿ ֵ Ѵ. (provider) ĸĪ filesystem̴. Dav þ Ͽ mod_dav ޴ ڸ Ѵ:

Dav filesystem

filesystem mod_dav ⺻ ̹Ƿ On ִ.

top

DavLockDB þ

:DAV ͺ̽ ġ
:DavLockDB file-path
:ּ, ȣƮ
:Extension
:mod_dav_fs

DavLockDB þ ͺ̽ ü θ Ȯڸ ϰ Ѵ. ΰ ƴϸ ServerRoot η óѴ. mod_dav_fs SDBM ͺ̽ Ѵ.

DavLockDB var/DavLock

ġ ϴ User Group ͺ̽ ִ 丮 Ѵ. Ȼ 丮 ٲٱ⺸ٴ ͺ̽ 丮 Ѵ. ġ ServerRoot Ʒ var/ 丮 Ȯ DavLock .

mod/mod_deflate.html100644 0 0 42126 11074463123 12143 0ustar 0 0 mod_deflate - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_deflate

: Ŭ̾Ʈ Ѵ
:Extension
:deflate_module
ҽ:mod_deflate.c

mod_deflate Ʈ Ŭ̾Ʈ ϴ DEFLATE ͸ Ѵ.

top

ϴ

ߺ ̴.

Ϻ type

AddOutputFilterByType DEFLATE text/html text/plain text/xml

Ʒ Ͽ ׷ ϴ. ϶.

̹

<Location />
# ͸ ߰Ѵ
SetOutputFilter DEFLATE

# Netscape 4.x ִ...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 ִ
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE Netscape ڽ ˸,
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# : ġ 2.0.48 mod_setenvif ׶
# ǥ ʴ´. ϴ ȿ
# Ͽ Ѵ:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# ̹ ʴ´
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Ͻð ߸ ʵ Ѵ
Header append Vary User-Agent env=!dont-vary
 </Location>

top

ϱ

DEFLATE Ѵ. þ þ ִ ġ Ѵ:

SetOutputFilter DEFLATE

ϸ ó ϴ ֱ⶧ html ϸ ϱ (Ʒ ) gzip-only-text/html 1 𸥴. ̸ 1 ƴ ϸ Ѵ.

Ư MIME type Ϸ AddOutputFilterByType þ Ѵ. html ϸ Ѵ:

<Directory "/your-server-root/manual">
AddOutputFilterByType DEFLATE text/html
 </Directory>

ó ϴ Դ ʰ BrowserMatch þ no-gzip Ѵ. no-gzip gzip-only-text/html ִ. ڰ ڸ Ѵ. Ϻθ 캸:

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

User-Agent ڿ Netscape Navigator 4.x ˻Ѵ. text/html ƴ type ó Ѵ. 4.06, 4.07, 4.08 html óϴ´뵵 ִ. ׷ 츮 deflate ͸ ʴ´.

° BrowserMatch þ Microsoft Internet Explorer ڽ "Mozilla/4" ˸ û ó ֱ⶧ user agent Ѵ. User-Agent "MSIE" (\b "ܾ " Ѵ) ڿ ߰ϸ տ Ǭ.

DEFLATE ʹ ׻ PHP SSI RESOURCE ڿ . , û(subrequest) ʴ´.

Է Ǯ

mod_deflate gzip û Ǫ ͵ Ѵ. Ϸ SetInputFilter AddInputFilter Ͽ Էͼ DEFLATE ͸ ߰Ѵ.

<Location /dav-area>
SetInputFilter DEFLATE
 </Location>

û Content-Encoding: gzip ִٸ ڵ Ǭ. gzip û ִ 幰. ׷  WebDAV Ŭ̾Ʈ Ư α׷ û Ѵ.

Content-Length

û 캻ٸ, Content-Length ! Content-Length Ŭ̾Ʈ , Ǭ Ʈ ƴϴ.

top

Ͻ ٷ

mod_deflate Ͻð ڽ ij Accept-Encoding û Ŭ̾ƮԸ Vary: Accept-Encoding HTTP ߰Ѵ. ׷ Ŭ̾Ʈ ʵ Ѵ.

, User-Agent  Ư Ѵٸ, Ͻÿ ̷ ˷ֱ Vary ߰ؾ Ѵ. , User-Agent DEFLATE ͸ ߰Ѵٸ Ѵ:

Header append Vary User-Agent

û ٸ ( , HTTP ) ΰ ȴٸ, Vary * ؾ Ѵ. ׷ ǥ Ͻô ij ʰ ȴ.

Header set Vary *

top

DeflateBufferSize þ

:zlib ѹ ũ
:DeflateBufferSize value
⺻:DeflateBufferSize 8096
:ּ, ȣƮ
:Extension
:mod_deflate

DeflateBufferSize þ zlib ѹ Ʈ Ѵ.

top

DeflateCompressionLevel þ

: ϴ°
:DeflateCompressionLevel value
⺻:Zlib's default
:ּ, ȣƮ
:Extension
:mod_deflate
:ġ 2.0.45

DeflateCompressionLevel þ Ѵ. Ŭ , CPU Ѵ.

( ) 1 ( ) 9 Ѵ.

top

DeflateFilterNote þ

: α׿ Ѵ
:DeflateFilterNote [type] notename
:ּ, ȣƮ
:Extension
:mod_deflate
:type ġ 2.0.45

DeflateFilterNote þ û α׿ ϴ ȣ Ѵ. ȣ ̸ þ ̴. 踦 α ȣ ִ.

DeflateFilterNote ratio

LogFormat '"%r" %b (%{ratio}n) "%{User-agent}i"' deflate
CustomLog logs/deflate_log deflate

α׿ Ȯ Ϸ type ƱԸƮ ڷḦ Ѵ. type ϳ̴:

Input
Է½Ʈ Ʈ Ѵ.
Output
½Ʈ Ʈ Ѵ..
Ratio
(output/input * 100) Ѵ. type ƱԸƮ ϸ ϴ ⺻̴.

׷ ̷ α׿ ִ:

α

DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio

LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog logs/deflate_log deflate

top

DeflateMemLevel þ

:zlib Ҷ ϴ ޸𸮷
:DeflateMemLevel value
⺻:DeflateMemLevel 9
:ּ, ȣƮ
:Extension
:mod_deflate

DeflateMemLevel þ zlib Ҷ 󸶸ŭ ޸𸮸 Ѵ. (1 9 )

top

DeflateWindowSize þ

:Zlib window size
:DeflateWindowSize value
⺻:DeflateWindowSize 15
:ּ, ȣƮ
:Extension
:mod_deflate

DeflateWindowSize þ zlib window size (1 15 ) Ѵ. Ϲ window size Ŭ Ѵ.

mod/mod_dir.html100644 0 0 21242 11074463123 11311 0ustar 0 0 mod_dir - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_dir

ֽ ƴմϴ. ֱٿ ϼ.
:" " ̷ ϰ 丮 index Ѵ
:Base
:dir_module
ҽ:mod_dir.c

丮 index Ѱ ȴ:

Ѵٸ ڵ index (Ȥ ü) ִ.

dirname 丮 URL http://servername/foo/dirname û " " ̷ . 丮 ʿϴ. ׷ mod_dir http://servername/foo/dirname/ ̷ .

top

DirectoryIndex þ

:Ŭ̾Ʈ 丮 ûҶ ãƺ ڿ
:DirectoryIndex local-url [local-url] ...
⺻:DirectoryIndex index.html
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_dir

DirectoryIndex þ Ŭ̾Ʈ 丮 / ٿ 丮 index ûҶ ãƺ ڿ Ѵ. Local-url û 丮 (% ڵ) URL̴. 丮 ִ ϸ̴. URL ְ, ù° ã . ڿ ã Indexes ɼ Ͽٸ 丮 .

DirectoryIndex index.html

http://myserver/docs/ ûҶ http://myserver/docs/index.html ̸ , ٸ 丮 .

ݵ 丮 ʿ .

DirectoryIndex index.html index.txt /cgi-bin/index.pl

index.html̳ index.txt CGI ũƮ /cgi-bin/index.pl Ѵ.

top

DirectorySlash þ

: ̷ Ű
:DirectorySlash On|Off
⺻:DirectorySlash On
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_dir
:ġ 2.0.51 ĺ

DirectorySlash þ mod_dir 丮 Ű URL θ Ѵ.

ڰ 丮 شϴ ڿ ûϸ, mod_dir ڸ ڿ ̷Ѵ.

׷ ʰ ſ ˸ ʴٸ ̷ ִ.

# Ʒ !
<Location /some/path>
DirectorySlash Off
SetHandler some-handler
 </Location>

̷ ִ. (Options +Indexes) mod_autoindex ϰ DirectoryIndex (index.html ) ȿ ڿ Ͽ ش URL ٸ Ư ڵ鷯 Ȳ غ. ִ û index.html ش. ׷ û 丮 ش.

mod/mod_disk_cache.html100644 0 0 47777 11074463123 12635 0ustar 0 0 mod_disk_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_disk_cache

:Content cache storage manager keyed to URIs
:Experimental
:disk_cache_module
ҽ:mod_disk_cache.c

̴. ۾̴...

mod_disk_cache ũ ڸ Ѵ. ⺻ mod_proxy Ѵ.

URI Ű ij ϰ ´. ٺȣ ijʴ´.

:

mod_disk_cache mod_cache ʿϴ.

top

CacheDirLength þ

:丮 ڰ
:CacheDirLength length
⺻:CacheDirLength 2
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheDirLength þ ij 丮 ڼ Ѵ.

CacheDirLevels CacheDirLength Ͽ 20 ũ ȵȴ.

CacheDirLength 4

top

CacheDirLevels þ

:ij 丮 .
:CacheDirLevels levels
⺻:CacheDirLevels 3
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheDirLevels þ ij 丮 ̸ Ѵ. ij ڷḦ CacheRoot 丮 Ʒ ̱ Ѵ.

CacheDirLevels CacheDirLength Ͽ 20 ũ ȵȴ.

CacheDirLevels 5

top

CacheExpiryCheck þ

:ij ã ð
:CacheExpiryCheck On|Off
⺻:CacheExpiryCheck On
:ּ, ȣƮ
:Experimental
:mod_disk_cache

Լ Ǹ ڼ ´.

CacheExpiryCheck Off

CacheExpiryCheck þ ʾҴ.
top

CacheGcClean þ

:URL شϴ ij ð
:CacheGcClean hours url-string
⺻:CacheGcClean ?
:ּ, ȣƮ
:Experimental
:mod_disk_cache

Լ Ǹ ڼ ´.

CacheGcClean 12 /daily_scripts

CacheGcClean þ ʾҴ.
top

CacheGcDaily þ

: ÷͸ ݺ ð (24 ð)
:CacheGcDaily time
⺻:CacheGcDaily ?
:ּ, ȣƮ
:Experimental
:mod_disk_cache

Լ Ǹ ڼ ´.

CacheGcDaily 23:59

CacheGcDaily þ ʾҴ.
top

CacheGcInterval þ

:÷͸ ϴ .
:CacheGcInterval hours
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheGcInterval þ ī÷Ͱ ũ ð ð Ѵ.

Լ Ǹ ڼ ´.

CacheGcInterval 24

CacheGcInterval þ ʾҴ.
top

CacheGcMemUsage þ

:÷Ͱ ִ ޸𸮷 (kilobyte )
:CacheGcMemUsage KBytes
⺻:CacheGcMemUsage ?
:ּ, ȣƮ
:Experimental
:mod_disk_cache

Լ Ǹ ڼ ´.

CacheGcMemUsage 16

CacheGcMemUsage þ ʾҴ.
top

CacheGcUnused þ

:URL شϴ ij Ⱓ.
:CacheGcUnused hours url-string
⺻:CacheGcUnused ?
:ּ, ȣƮ
:Experimental
:mod_disk_cache

Լ Ǹ ڼ ´.

CacheGcUnused 12 /local_images

CacheGcUnused þ ʾҴ.
top

CacheMaxFileSize þ

:ij ִũ (Ʈ )
:CacheMaxFileSize bytes
⺻:CacheMaxFileSize 1000000
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheMaxFileSize þ ij ִũ⸦ Ʈ Ѵ.

CacheMaxFileSize 64000

top

CacheMinFileSize þ

:ij ּũ (Ʈ )
:CacheMinFileSize bytes
⺻:CacheMinFileSize 1
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheMinFileSize þ ij ּũ⸦ Ʈ Ѵ.

CacheMinFileSize 64

top

CacheRoot þ

:ij 丮 root
:CacheRoot directory
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheRoot þ ũ ij 丮 Ѵ. mod_disk_cache ġ Ͽų о ݵ þ ؾ Ѵ. CacheRoot ó ʴ´. CacheDirLevels CacheDirLength þ þ root 丮 丮 Ѵ.

CacheRoot c:/cacheroot

top

CacheSize þ

:ij ִ ũ (KByte )
:CacheSize KBytes
⺻:CacheSize 1000000
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheSize þ ij ũ ũ⸦ KByte (1024 Ʈ) Ѵ. þ ij ũ⸦ ʴ´. ÷Ͱ ij 뷮 ۰Եɶ . ׻ 밡 ũ ϶.

CacheSize 5000000

top

CacheTimeMargin þ

: ij ּҽð Ѱ
:CacheTimeMargin ?
⺻:CacheTimeMargin ?
:ּ, ȣƮ
:Experimental
:mod_disk_cache

Լ Ǹ ڼ ´.

CacheTimeMargin X

CacheTimeMargin þ ʾҴ.
mod/mod_dumpio.html100644 0 0 13534 11074463123 12035 0ustar 0 0 mod_dumpio - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_dumpio

Description:Dumps all I/O to error log as desired.
Status:Experimental
ModuleIdentifier:dumpio_module
SourceFile:mod_dumpio.c

Summary

mod_dumpio allows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file.

The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.

top

Enabling dumpio Support

To enable the module, it should be compiled and loaded in to your running Apache configuration. Logging can then be enabled or disabled via the below directives.

In order for dumping to work LogLevel must be set to debug.

top

DumpIOInput Directive

Description:Dump all input data to the error log
Syntax:DumpIOInput On|Off
Default:DumpIOInput Off
Context:server config
Status:Experimental
Module:mod_dumpio
Compatibility:DumpIOInput is only available in Apache 2.0.53 and later.

Enable dumping of all input.

Example

DumpIOInput On

top

DumpIOOutput Directive

Description:Dump all output data to the error log
Syntax:DumpIOOutput On|Off
Default:DumpIOOutput Off
Context:server config
Status:Experimental
Module:mod_dumpio
Compatibility:DumpIOOutput is only available in Apache 2.0.53 and later.

Enable dumping of all output.

Example

DumpIOOutput On

mod/mod_echo.html100644 0 0 7254 11074463123 11440 0ustar 0 0 mod_echo - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_echo

: ϱ echo
:Experimental
:echo_module
ҽ:mod_echo.c
:Apache 2.0 ĺ

ϱ ̴. echo Ѵ. telnetϿ 𰡸 Էϸ, Է ״ ȯѴ.

top

ProtocolEcho þ

:echo Ű
:ProtocolEcho On|Off
:ּ, ȣƮ
:Experimental
:mod_echo
:ProtocolEcho 2.0 Ŀ ִ.

ProtocolEcho þ echo Ű .

ProtocolEcho On

mod/mod_env.html100644 0 0 13747 11074463123 11336 0ustar 0 0 mod_env - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_env

ֽ ƴմϴ. ֱٿ ϼ.
:CGI ũƮ SSI ȯ溯 Ѵ
:Base
:env_module
ҽ:mod_env.c

CGI ũƮ SSI ȯ溯 Ѵ. ȯ溯 ִ. ƴϸ ߿ ȯ溯 ϰ ִ.

top

PassEnv þ

: ȯ溯 ´
:PassEnv env-variable [env-variable] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_env

Ư ȯ溯 CGI ũƮ SSI Ѵ.

PassEnv LD_LIBRARY_PATH

top

SetEnv þ

:ȯ溯 Ѵ
:SetEnv env-variable value
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_env

CGI ũƮ SSI ȯ溯 Ѵ.

SetEnv SPECIAL_PATH /foo/bin

top

UnsetEnv þ

:ȯ溯 Ѵ
:UnsetEnv env-variable [env-variable] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_env

CGI ũƮ SSI ȯ溯 ʴ´.

UnsetEnv LD_LIBRARY_PATH

mod/mod_example.html100644 0 0 14724 11074463123 12175 0ustar 0 0 mod_example - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_example

:ġ API Ѵ
:Experimental
:example_module
ҽ:mod_example.c

ġ 2.0 ʴ. ȿ , ؼ ϱ ٶ.

ġ src/modules/example 丮 ִ ϵ ġ API Ͽ ۼϷ .

mod_example.c ݹ(callback) ȣ ϴ ̴. ⿡ ݹ ʿ䰡 . ݴ!

example ϴ ̴. ϰ Ư ġ "example-handler" ڵ鷯 ҴϿ װ ¡ϸ example ݹ Ȯ ִ.

top

example ϱ

example Ϸ ģ:

  1. src/Configuration Ʒ κп ִ "AddModule modules/example/mod_example" ּó ش. ̷ ٸ, ߰Ѵ.

    AddModule modules/example/mod_example.o

  2. src/Configure ũƮ Ѵ ("cd src; ./Configure"). ׷ ü Makefile , 丮 ִ û ߰ src/modules/Makefile ߰Ѵ.
  3. Ѵ (src 丮 ִ "make" Ѵ).

ڽ ߰Ϸ:

  1. mkdir src/modules/mymodule
  2. cp src/modules/example/* src/modules/mymodule
  3. 丮 ִ Ѵ.
  4. Ͽ [1] [3] Ѵ.
top

mod_example ϱ

example Ϸ srm.conf Ͽ ߰϶:

<Location /example-info>
SetHandler example-handler
</Location>

ƴϸ .htaccess Ͽ ߰ϰ, ġ "test.example" û϶:

AddHandler example-handler .example

ġ ¡ϸ տ Ե ̴.

top

Example þ

:ġ API ϱ þ
:Example
:ּ, ȣƮ, directory, .htaccess
:Experimental
:mod_example

Example þ example ڵ鷯 θ Ѵ. þ ƱԸƮ ʴ´. example ڵ鷯 URL ϸ û ϱ ȿ Լ  ׸  Ҹ ִ. þ ȿ "Example directive declared here: YES/NO" Ȯ ִ.

mod/mod_expires.html100644 0 0 26253 11074463123 12221 0ustar 0 0 mod_expires - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_expires

:ڰ ؿ Expires Cache-Control HTTP Ѵ
:Extension
:expires_module
ҽ:mod_expires.c

Expires HTTP Cache-Control HTTP max-age þ Ѵ. ð Ȥ Ŭ̾Ʈ ð ִ.

HTTP Ŭ̾Ʈ ȿ Ӽ ˷ش. ð ʾҴٸ, ij ͵ ȴ. ٸ ij "ǰ" ȿ ʴٰ Ͽ, ҽ ; Ѵ.

Header þ Ͽ max-age ٸ Cache-Control þ(RFC 2616, 14.9 ) ִ.

top

ٸ

ExpiresDefault ExpiresByType þ б ִ:

ExpiresDefault "<base> [plus] {<num> <type>}*"
ExpiresByType type/encoding "<base> [plus] {<num> <type>}*"

<base> ϳ̴:

  • access
  • now ('access' )
  • modification

plus Ű  ȴ. <num> [atoi() ִ] ̴. <type> ϳ̴:

  • years
  • months
  • weeks
  • days
  • hours
  • minutes
  • seconds

, δ ⺻ ӵ 1Ŀ ȴٰ Ѵ:

ExpiresDefault "access plus 1 month"
ExpiresDefault "access plus 4 weeks"
ExpiresDefault "access plus 30 days"

'<num> <type>' ݺؼ Ͽ ð ڼ ִ:

ExpiresByType text/html "access plus 1 month 15 days 2 hours"
ExpiresByType image/gif "modification plus 5 hours 3 minutes"

ð(modification) ð ϴ ũ ִ Ͽ ʴ´ٸ Expires ʴ´. 뿡 ð ̴.

top

ExpiresActive þ

:Expires Ѵ
:ExpiresActive On|Off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_expires

þ ش (, .htaccess Ͽ Ѵٸ 丮 Ʒ ִ 鸸 شȴ.) Expires Cache-Control Ѵ. (.htaccess ܰ迡 ʴ ) Off̸ ش ִ ̵ ʴ´. On̸ ExpiresByType ExpiresDefault þ (ش ׸ ϶) Ģ Ϸ Ѵ.

þ Expires Cache-Control ʴ´. Ģ ش ʴٸ ġ þ ó ʴ´.

top

ExpiresByType þ

:MIME type Expires Ѵ
:ExpiresByType MIME-type <code>seconds
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_expires

þ Ư ( , text/html) Expires Cache-Control max-age þ Ѵ. ι° ƱԸƮ ð Ҷ ð ʴ Ѵ. Cache-Control: max-age ð û ð ϰ, ʴ ǥѴ.

ð ֱ ð Ȥ Ŭ̾Ʈ ð̴. ̶ <code> ʵ ؾ Ѵ. M ð ֱ ð ϰ, A Ŭ̾Ʈ ð Ѵ.

̴ ̹ϴ. M ϸ ij ִ 纻 ð ȴ. ׷ ׻ URL ãƺ ִ ְ 뵵 . A ϸ 纻 ð ٸ. ̴ ʴ ׸Ͽ, Ư ׸ Ҷ ( , ̹ ª Ⱓ ݺؼ ٵȴ), ϴ.

:

# Ѵ
ExpiresActive On
# Ŭ̾Ʈ ij GIF ׸ Ŀ Ѵ
ExpiresByType image/gif A2592000
# HTML ϰ ȿϴ ExpiresByType text/html M604800

þ ExpiresActive On Ҷ ȿ ϶. ExpiresDefault þ Ͽ Ư MIME type ؼ ð ִ.

տ ٸ Ͽ ð ִ.

top

ExpiresDefault þ

:ð ϴ ⺻ ˰
:ExpiresDefault <code>seconds
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_expires

þ ش ִ ð ϴ ⺻ ˰ Ѵ. ExpiresByType þ Ͽ ִ. ƱԸƮ ڼ þ ٸ ϶.

mod/mod_ext_filter.html100644 0 0 36023 11074463123 12703 0ustar 0 0 mod_ext_filter - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_ext_filter

: ܺ α׷ ó Ŭ̾Ʈ
:Extension
:ext_filter_module
ҽ:mod_ext_filter.c

mod_ext_filter ϸ ϰ ͼ ִ. ǥԷ¿ а ǥ¿ α׷(, н ɾ) ġ ͷ ִ. ̷ ʹ ġ API ġ μ ȿ Ǵ Ϳ ſ , ִ:

  • α׷ ſ ϴ
  • α׷ ǥԷ¿ а ǥ¿ ִٸ  α׷/ũƮ ִ
  • ̹ ִ α׷ ġ ͷ ִ

ϱ⿡ , mod_ext_filter Ͽ ͸  ִ.

top

ٸ type HTML

# mod_ext_filter þ
# ܺ α׷ /usr/bin/enscript Ͽ
# ϰ text/c HTML
# type text/html ϴ ͸ Ѵ
ExtFilterDefine c-to-html mode=output \
intype=text/c outtype=text/html \
cmd="/usr/bin/enscript --color -W html -Ec -o - -"
<Directory "/export/home/trawick/apacheinst/htdocs/c">
# ¿ ο ͸ ϴ core þ
SetOutputFilter c-to-html

# .c type text/c mod_mime
# þ
AddType text/c .c

# û
# ˷ִ α׹ ϴ mod_ext_filter
# þ
ExtFilterOptions DebugLevel=1
 </Directory>

content ڵ ϱ

Note: Ʒ gzip ̴. 񽺿 Ϸ mod_deflate ϱ ٶ.

# ܺ ͸ ϴ mod_ext_filter þ
ExtFilterDefine gzip mode=output cmd=/bin/gzip

<Location /gzipped>
# Ҷ gzip ͸ ϴ core þ
SetOutputFilter gzip

# "Content-Encoding: gzip" ߰ϴ
# mod_header þ
Header set Content-Encoding gzip
 </Location>

ϱ

# cat ϴ ͸ ϴ
# mod_ext_filter þ; cat ƹ͵
# ʴ´; óθ Ͽ ڿ ҸѴ
ExtFilterDefine slowdown mode=output cmd=/bin/cat \
preservescontentlength
<Location />
# Ҷ slowdown ͸ ϴ core þ
#
SetOutputFilter slowdown;slowdown;slowdown
 </Location>

sed Ͽ 信 üϱ

# 信 üϴ ͸ ϴ
# mod_ext_filter þ
#
ExtFilterDefine fixtext mode=output intype=text/html \
cmd="/bin/sed s/verdana/arial/g"
<Location />
# Ҷ fixtext ͸ ϴ core þ
SetOutputFilter fixtext
 </Location>

ٸ ͸ ϱ

# ִ Ư Ŭ̾Ʈ(IP 192.168.1.31)
# mod_deflate а ڷḦ Ѵ.
# ʹ mod_deflate ڷḦ Ѵ.
ExtFilterDefine tracebefore \
cmd="/bin/tracefilter.pl /tmp/tracebefore" \
EnableEnv=trace_this_client
# ʹ mod_deflate ڷḦ Ѵ.
# ftype Ķ͸ ʴ , ⺻
# AP_FTYPE_RESOURCE mod_deflate **
# д. AP_FTYPE_CONTENT_SET ڰ
# ϸ mod_deflate Ŀ Ѵ.
ExtFilterDefine traceafter \
cmd="/bin/tracefilter.pl /tmp/traceafter" \
EnableEnv=trace_this_client ftype=21
<Directory /usr/local/docs>
SetEnvIf Remote_Addr 192.168.1.31 trace_this_client
SetOutputFilter tracebefore;deflate;traceafter
 </Directory>

ڷḦ ϴ ̴:

#!/usr/local/bin/perl -w
use strict;

open(SAVE, ">$ARGV[0]")
or die "can't open $ARGV[0]: $?";
while (<STDIN>) {
print SAVE $_;
print $_;
 }

close(SAVE);

top

ExtFilterDefine þ

:ܺ ͸ Ѵ
:ExtFilterDefine filtername parameters
:ּ
:Extension
:mod_ext_filter

ExtFilterDefine þ ܺ α׷, ƱԸƮ Ѵ.

filtername ̸ Ѵ. ̸ SetOutputFilter þ Ѵ. ͵鰣 ̸ ġ ȵȴ. ͵ API ʴ´. ׷ ڴ ̸ ġ Ѵ.

ܺ ɾ ٸ ϴ ƱԸƮ  ͵ ϴ. , cmd= Ķʹ ݵ ʿϴ. ִ Ķʹ :

cmd=cmdline
cmd= Ű ܺ ɾ Ѵ. α׷ ڿ ƱԸƮ ִٸ ֵǥ Ѵ ( , cmd="/bin/mypgm arg1 arg2"). ġʰ α׷ ϱ⶧ Ϲ ǥ ʿ. α׷ ƱԸƮ Ѵ. α׷ ƱԸƮ ִٸ տ 齽 ؾ Ѵ. 齽 ƱԸƮ Ϻζ 齽 ι ؾ Ѵ. α׷ Ҷ ǥ CGI ȯ溯 ߰ DOCUMENT_URI, DOCUMENT_PATH_INFO, QUERY_STRING_UNESCAPED Ѵ.
mode=mode
mode (⺻) output ϴ. ̷ mode=input Ͽ û óϴ ͸ ̴.
intype=imt
Ķʹ ͷ ó ͳ media type(, MIME type) Ѵ. ⺻ ͷ óѴ. intype= ϸ ٸ type ͷ ó ʴ´.
outtype=imt
Ķʹ ͷ ó ͳ media type(, MIME type) Ѵ. ó ۾߿ ͳ media type Ҷ ϴ. ⺻, ͳ media type ʴ´.
PreservesContentLength
PreservesContentLength Ű Ͱ content length ϵ Ѵ. κ Ͱ content length ϹǷ Ű ⺻ ƴϴ. Ͱ ̸ Ҷ Ű带 ؾ Ѵ.
ftype=filtertype
Ķʹ ڰ Ѵ. κ ⺻ AP_FTYPE_RESOURCE ϴ. ͸ ϴ ڿͿ ޶ϴ ĶͰ ʿϴ. ˷ util_filter.h ִ AP_FTYPE_* Ǹ ϶.
disableenv=env
Ķͷ ȯ溯 ǵǾٸ ͸ ʴ´.
enableenv=env
Ķͷ ȯ溯 ǵ ͸ Ѵ.
top

ExtFilterOptions þ

:mod_ext_filter ɼ Ѵ
:ExtFilterOptions option [option] ...
⺻:ExtFilterOptions DebugLevel=0 NoLogStderr
:directory
:Extension
:mod_ext_filter

ExtFilterOptions þ mod_ext_filter Ư óɼ Ѵ. Option ϳ.

DebugLevel=n
DebugLevel Ű mod_ext_filter ϴ Ѵ. ⺻ ׹ ʴ´. ̴ DebugLevel=0 . ڸ Ҽ, ׹ ϵǰ . ڰ ǹ̴ mod_ext_filter.c պκп ִ DBGLVL_ ǿ ִ.

: α׸ Ϸ core þ LogLevel Ͽ ׹ ġ α׿ ؾ Ѵ.

LogStderr | NoLogStderr
LogStderr Ű ܺ α׷ ǥؿ ϴ ġ α׿ Ѵ. NoLogStderr ʴ´.

ExtFilterOptions LogStderr DebugLevel=0

ϸ Ͱ ǥؿ ϴ ġ α׿ ϰ, mod_ext_filter ü ׹ ʴ´.

mod/mod_file_cache.html100644 0 0 25337 11074463123 12606 0ustar 0 0 mod_file_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_file_cache

:޸𸮿 ϵ ij
:Experimental
:file_cache_module
ҽ:mod_file_cache.c

ؼ ؾ Ѵ. mod_file_cache Ͽ Ʈ ⶧ IJ б ٶ.

ʰ ûǴ ij Ͽ ϸ ִ. mod_file_cache ûǴ ΰ ij Ѵ. þ Ͽ mod_file_cache (open) mmap() ƴϸ ڵ Ѵ. ϱ ʿ ۾ Ϻθ (Ư ۾) û Ź ϴ Ҷ ѹ Ͽ ϰ Ѵ.

: CGI α׷̳ Ư ڵ鷯 ϴ ӵ . ġ core ڵ鷯 ϴ ϹϿ ȴ.

ġ 1.3 ִ mod_mmap_static Ȯ .

top

mod_file_cache ϱ

mod_file_cache ּ MMapFile CacheFile þ Ͽ ϵ ij Ѵ.

÷ þ ϴ ƴϴ. , ġ MMapStatic þ , AIX ٸ ÷ θ Ѵ. ʴ þ α׿ . ʴ þ ص ij ʴ´. þ ϴ ÷ Ѵٸ  غ.

MMapFile þ

mod_file_cache MMapFile þ ϵ mmap() ýȣ Ͽ ޸𸮿 Ѵ. ֽ н ü ýȣ , ü ִ. , mmap() ִ ũ ý Ƿ ̸ غ .

Ҷ Ҷ mmap()Ѵ. ׷ Ͻýۿ ش ϳ Ǹ ؾ Ѵ (ߴܰ ). ٽ ؼ Ǿµ ̻ϰ û 𸥴. (unlink) ڸ ο ؾ Ѵ. rdist mv ټ ̷ Ѵ. Ź ߰ ʿ stat() ˻簡 ʿϰ Ҷ ǵ ϱ⶧ ȭ Ѵ.

CacheFile þ

mod_file_cache CacheFile þ þ ( ϵ)  ڵ(handle) Ȥ (file descriptor) ij Ѵ. ûϸ ij ڵ ãƼ API sendfile() ( TransmitFile()) ѱ.

Ҷ Ҷ ڵ ijѴ. ׷ Ͻýۿ ij ϳ Ǹ ؾ Ѵ (ߴܰ ). ٽ ؼ Ǿµ ̻ϰ û 𸥴. (unlink) ڸ ο ؾ Ѵ. rdist mv ټ ̷ Ѵ.

丮 ij ϴ þ . غ... Include þ Ͽ ɾ Ѵ:

find /www/htdocs -type f -print \
| sed -e 's/.*/mmapfile &/' > /www/conf/mmap.conf

top

CacheFile þ

:۽ ڵ ijѴ
:CacheFile file-path [file-path] ...
:ּ
:Experimental
:mod_file_cache

CacheFile þ Ҷ (open) ϵ ڵ ij Ѵ. ڵ ij ڵ ݴ´(close). Ͻýۿ Ǹ ٽ ijϱ ؾ Ѵ.

file-path ƱԸƮ ض. ƱԸƮ ġ URL-ϸ ȯ ڵ鷯 Ͻý ο Ȯ ġؾ Ѵ. ѹ ʿ stat() ýȣ ʿϱ⶧ inode ɺũ θ . mod_alias mod_rewrite ۼ ϸ ٷ ֱ⵵ ⵵ ϴ.

CacheFile /usr/local/apache/htdocs/index.html

top

MMapFile þ

:۽ ޸𸮿 Ѵ
:MMapFile file-path [file-path] ...
:ּ
:Experimental
:mod_file_cache

MMapFile þ Ҷ ( ƱԸƮ ) ޸𸮿 Ѵ(map). ڵ Ǭ(unmap). Ͻýۿ Ǹ ϵ ٽ mmap()ϱ ּ HUP̳ USR1 ñ׳ Ѵ.

file-path ƱԸƮ ض. ƱԸƮ ġ URL-ϸ ȯ ڵ鷯 Ͻý ο Ȯ ġؾ Ѵ. ѹ ʿ stat() ýȣ ʿϱ⶧ inode ɺũ θ . mod_alias mod_rewrite ۼ ϸ ٷ ֱ⵵ ⵵ ϴ.

MMapFile /usr/local/apache/htdocs/index.html

mod/mod_headers.html100644 0 0 32724 11074463123 12155 0ustar 0 0 mod_headers - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_headers

ֽ ƴմϴ. ֱٿ ϼ.
:HTTP û
:Extension
:headers_module
ҽ:mod_headers.c
:RequestHeader ġ 2.0 ִ

HTTP û ϰ ϴ þ Ѵ. ġų ü, ִ.

top

ó

mod_headers ϴ þ ҿ ִ. þ ּ, ȣƮ , <Directory>, <Location>, <Files> , .htaccess Ͽ ִ.

þ Ʒ óȴ.

  1. ּ
  2. ȣƮ
  3. <Directory> ǰ .htaccess
  4. <Files>
  5. <Location>

߿ϴ. þ ݴ ȿ ޶.

RequestHeader append MirrorID "mirror 12"
RequestHeader unset MirrorID

MirrorID ʴ´. ݴ MirrorID "mirror 12" Ѵ.

top

  1. "TS" ϴ û Ѵ.

    Header echo ^TS

  2. 信 û ð û ϴµ ɸ ð ˷ִ MyHeader ߰Ѵ. Ŭ̾Ʈ ϸ ϰų Ŭ̾Ʈ ã ִ.

    Header add MyHeader "%D %t"

    信 .

    MyHeader: D=3775428 t=991424704447256

  3. Joe ȳ

    Header add MyHeader "Hello Joe. It took %D microseconds \
    for Apache to serve this request."

    信 .

    MyHeader: Hello Joe. It took D=3775428 microseconds for Apache to serve this request.

  4. û "MyRequestHeader" ִ 쿡 信 MyHeader . Ư Ŭ̾ƮԸ 信 ߰Ҷ ϴ. Ϸ mod_setenvif ʿϴ.

    SetEnvIf MyRequestHeader value HAVE_MyRequestHeader
    Header add MyHeader "%D %t mytext" env=HAVE_MyRequestHeader

    HTTP û MyRequestHeader: value ִٸ, 信 .

    MyHeader: D=3775428 t=991424704447256 mytext

top

Header þ

:HTTP Ѵ
:Header [condition] set|append|add|unset|echo header [value] [env=[!]variable]
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Extension
:mod_headers
:Condition ġ 2.0.51

þ HTTP ġų ü, Ѵ. ڵ鷯 Ͱ Ŀ ϱ⶧ ִ.

condition ϸ, onsuccess Ȥ always Ѵ. ̴  ǥ Ѵ. onsuccess 2xx ڵ带 ϰ, always (2xx ) ڵ带 Ѵ. Ư  ϰ ʹٸ,  Ѵ.

ι° ƱԸƮ ٸ. ι° ƱԸƮ Ʒ ϳ ִ.

set
Ѵ. ̸ ̹ ִٸ üѴ. value Ĺڿ ִ.
append
̹ ϴ ̸ ߰Ѵ. ο ġ, ο ̿ ǥ δ. ̴ ϴ HTTP ǥ ̴.
add
̹ ִ ߰Ѵ. ׷ ̸ ΰ (Ȥ ) ִ. ǿ ߻ ֱ⶧ append ؾ Ѵ.
unset
̷ ̸ ִٸ Ѵ. ̸ ִٸ Ѵ.
echo
̷ ̸ û ״ . header ǥ ִ.

ƱԸƮ ڿ header ̸ ´. ڿ ݷ ,  ȴ. set, append, add, unset ҹڴ Ѵ. echo header ̸ ڸ ϰ ǥ ִ.

add, append, set Ҷ ° ƱԸƮ value ʿϴ. value ȿ ִٸ ֵǥ Ѵ. value Ϲ ڿ̳ ϴ ڿ̸, ΰ ִ. value ϴ ıڴ .

%t û ð ǥؽ÷ epoch (1970 1 1) ũ . տ t= ٴ´.
%D û ð Ʈ ɸ ð. û Ⱓ . տ D= ٴ´.
%{FOOBAR}e ȯ溯 FOOBAR .

Header þ add, append, set ƱԸƮ ϴ ׹° ƱԸƮ ۾ ʿ ִ. env=... ƱԸƮ ϸ ش ȯ溯 ϴ 쿡 (ƴϸ env=!... ȯ溯 ʴٸ) Header þ Ѵ. ׷ þ û ƹ ġ ʴ´.

Ʈ Header þ óѴ. ׷ Ͱ ߰ϴ κ ϰų  ִ.

top

RequestHeader þ

:HTTP û Ѵ
:RequestHeader set|append|add|unset header [value]
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Extension
:mod_headers

þ HTTP û ġų ü, Ѵ. ڵ鷯 ϱ ϱ⶧ ִ. ù° ƱԸƮ ٸ. ù° ƱԸƮ Ʒ ϳ ִ.

set
û Ѵ. ̸ ̹ ִٸ üѴ
append
̹ ϴ ̸ û ߰Ѵ. ο ġ, ο ̿ ǥ δ. ̴ ϴ HTTP ǥ ̴.
add
̹ ִ û ߰Ѵ. ׷ ̸ ΰ (Ȥ ) ִ. ǿ ߻ ֱ⶧ append ؾ Ѵ.
unset
̷ ̸ û ִٸ Ѵ. ̸ ִٸ Ѵ.

ƱԸƮ ڿ ´. ڿ ݷ ,  ȴ. ҹڴ Ѵ. add, append, set Ҷ ° ƱԸƮ value ʿϴ. value ȿ ִٸ ֵǥ Ѵ. unset Ҷ value ȵȴ.

fixup ܰ迡 û شϴ ڵ鷯 ϱ RequestHeader þ óѴ. ׷ Ȥ ġ ԷͰ ų ִ.

mod/mod_imap.html100644 0 0 40031 11074463123 11456 0ustar 0 0 mod_imap - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_imap

: ̹(imagemap) ó
:Base
:imap_module
ҽ:mod_imap.c

imagemap CGI α׷ Ͽ .map óѴ. (AddHandler SetHandler Ͽ) imap-file ڵ鷯 ϵ 丮 óѴ.

Ʒ þ .map ̹ Ϸ Ѵ.

AddHandler imap-file map

Ʒ Ѵ.

AddType application/x-httpd-imap map

׷ 츮 " Ư ǹ̰ ִ MIME type" Ϸ ϱ⶧ ̴.

top

ο

̹ ⿡ ̹ α׷  ο ִ.

  • Referer: URL .
  • ο base þ Ͽ ⺻ <base> .
  • imagemap.conf ʿ.
  • (point) .
  • ̹ ޴ .
top

̹

̹ Ʒ ۼѴ.

directive value [x,y ...]
directive value "Menu text" [x,y ...]
directive value x,y ... "Menu text"

directive base, default, poly, circle, rect, point ϳ. value URL̳ URL Ȥ Ʒ Ư Ѵ. ǥ x,y ̴. ǥ ̹ ޴ 鶧 ũ Ѵ. '#' ϴ ̴ּ.

̹ þ

̹ Ͽ 6 þ ִ. þ Ư , ̹ Ͽ óѴ.

base þ

<base href="value"> Ѵ. Ͽ URL URL ƴ϶ URL Ѵ. base þ .htaccess ̳ Ͽ ImapBase Ѵ. ImapBase þ ٸ ⺻ base http://server_name/̴.

base_uri base . URL .

default þ
ش ǥ poly, circle, rect þ ش ʰ point þ ൿ Ѵ. ImapDefault ٸ ⺻ 204 No Content ڵ带 ȯϴ nocontent̴. Ŭ̾Ʈ Ѵ.
poly þ
鰳 ִ. ڰ ̷ ٰ ǥ 쿡 Ѵ.
circle
߽ɰ ǥ ޴´. ڰ ǥ 쿡 Ѵ.
rect þ
簢 𼭸 ǥ ޴´. 簢 ǥ 쿡 Ѵ.
point þ
ǥ ޴´. ٸ þ ڰ ǥ point þ Ѵ. point þ ϰ ȿ ǥ default ʴ´.

þ ִ

þ Ʒ value ִ.

URL

URL̳ URL ִ. URL '..' , base ã´.

base Ҷ base Ѵ. ׷, base mailto: ִ.

map
̹ ü URL . ǥ ImapMenu none ƴ϶ ޴ .
menu
map .
referer
(ũ ) URL . Referer: ٸ ⺻ http://servername/̴.
nocontent
Ŭ̾Ʈ ״ ֶ 204 No Content ڵ带 . base þ ִ.
error
и Ÿ 500 Server Error . base þ , default ܿ .

ǥ

0,0 200,200
ǥ ǥ x y ̴. ǥ Ѵ. ̹ ٷ Ļ Lynx Ǹ ڰ 0,0 ǥ Ͽٸ ǥ ó Ѵ.

ǥ

"Menu Text"

value ڳ ǥ ڿ ֵǥ ִ. ڿ ޴ 鶧 ũ Ѵ.

<a href="http://foo.com/">Menu text</a>

ǥ ٸ ũ ũ Ѵ.

<a href="http://foo.com/">http://foo.com</a>

ֵǥ &quot; Ѵ.

top

#'formatted' 'semiformatted' ޴ ּ Ѵ.
#׸ ּ html ±׸ ִ. <hr>
base referer
poly map "޴ ּ." 0,0 0,10 10,10 10,0
rect .. 0,0 77,27 " ִ 丮"
circle http://www.inetnebr.com/lincoln/feedback/ 195,0 305,27
rect another_file " 丮 ִ" 306,0 419,27
point http://www.zyzzyva.com/ 100,100
point http://www.tripod.com/ 200,200
rect mailto:nate@tripod.com 100,150 200,0 "?"

top

ϱ

HTML

<a href="/maps/imagemap1.map">
<img ismap src="/images/imagemap1.gif">
 </a>

XHTML

<a href="/maps/imagemap1.map">
<img ismap="ismap" src="/images/imagemap1.gif" />
 </a>

top

ImapBase þ

:̹ Ͽ base
:ImapBase map|referer|URL
⺻:ImapBase http://servername/
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_imap

ImapBase þ ̹ Ͽ base ⺻ Ѵ. ̹ ȿ base þ ϸ ⼭ Ѵ. ٸ, basehttp://servername/̴.

top

ImapDefault þ

:̹ʿ ش ʴ ǥ ⺻ ൿ
:ImapDefault error|nocontent|map|referer|URL
⺻:ImapDefault nocontent
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_imap

ImapDefault þ ̹ Ͽ default ⺻ Ѵ. ̹ ȿ default þ ϸ ⼭ Ѵ. ٸ, default ൿ Ŭ̾Ʈ 204 No Content nocontent̴. Ŭ̾Ʈ ״ Ѵ.

top

ImapMenu þ

:ǥ ̹ û ൿ
:ImapMenu none|formatted|semiformatted|unformatted
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_imap

ImapMenu þ ̹ Ͽ ȿ ǥ ൿ Ѵ.

none
ImapMenu none̸, ޴ ʰ default ൿ Ѵ.
formatted
formatted ޴ ޴. ̹ ּ Ѵ. ū ǥ ϰ, ũ پ Ѵ. ޴ ϰǰ ϸ, 丮 ϰ ϴ.
semiformatted
semiformatted ޴ ̹ Ͽ ּ Ѵ. HTML ٲ ȯѴ. ǥ ׸ , formatted ޴ .
unformatted
ּ ϰ, Ѵ. ̹ Ͽ ִ 븸 Ѵ. ̹ ּ ʿ ٲް ǥ Ѵ. ޴ ܰ ٹ , ̹ ǻ Ϲ ƴ HTML Ѵ.
mod/mod_include.html100644 0 0 113711 11074463123 12201 0ustar 0 0 mod_include - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_include

Description:Server-parsed html documents (Server Side Includes)
Status:Base
ModuleIdentifier:include_module
SourceFile:mod_include.c
Compatibility:Implemented as an output filter since Apache 2.0

Summary

This module provides a filter which will process files before they are sent to the client. The processing is controlled by specially formatted SGML comments, referred to as elements. These elements allow conditional text, the inclusion of other files or programs, as well as the setting and printing of environment variables.

top

Enabling Server-Side Includes

Server Side Includes are implemented by the INCLUDES filter. If documents containing server-side include directives are given the extension .shtml, the following directives will make Apache parse them and assign the resulting document the mime type of text/html:

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

The following directive must be given for the directories containing the shtml files (typically in a <Directory> section, but this directive is also valid in .htaccess files if AllowOverride Options is set):

Options +Includes

For backwards compatibility, the server-parsed handler also activates the INCLUDES filter. As well, Apache will activate the INCLUDES filter for any document with mime type text/x-server-parsed-html or text/x-server-parsed-html3 (and the resulting output will have the mime type text/html).

For more information, see our Tutorial on Server Side Includes.

top

PATH_INFO with Server Side Includes

Files processed for server-side includes no longer accept requests with PATH_INFO (trailing pathname information) by default. You can use the AcceptPathInfo directive to configure the server to accept requests with PATH_INFO.

top

Basic Elements

The document is parsed as an HTML document, with special commands embedded as SGML comments. A command has the syntax:

<!--#element attribute=value attribute=value ... -->

The value will often be enclosed in double quotes, but single quotes (') and backticks (`) are also possible. Many commands only allow a single attribute-value pair. Note that the comment terminator (-->) should be preceded by whitespace to ensure that it isn't considered part of an SSI token. Note that the leading <!--# is one token and may not contain any whitespaces.

The allowed elements are listed in the following table:

ElementDescription
config configure output formats
echo print variables
exec execute external programs
fsize print size of a file
flastmod print last modification time of a file
include include a file
printenv print all available variables
set set a value of a variable

SSI elements may be defined by modules other than mod_include. In fact, the exec element is provided by mod_cgi, and will only be available if this module is loaded.

The config Element

This command controls various aspects of the parsing. The valid attributes are:

errmsg
The value is a message that is sent back to the client if an error occurs while parsing the document. This overrides any SSIErrorMsg directives.
sizefmt
The value sets the format to be used which displaying the size of a file. Valid values are bytes for a count in bytes, or abbrev for a count in Kb or Mb as appropriate, for example a size of 1024 bytes will be printed as "1K".
timefmt
The value is a string to be used by the strftime(3) library routine when printing dates.

The echo Element

This command prints one of the include variables, defined below. If the variable is unset, the result is determined by the SSIUndefinedEcho directive. Any dates printed are subject to the currently configured timefmt.

Attributes:

var
The value is the name of the variable to print.
encoding

Specifies how Apache should encode special characters contained in the variable before outputting them. If set to none, no encoding will be done. If set to url, then URL encoding (also known as %-encoding; this is appropriate for use within URLs in links, etc.) will be performed. At the start of an echo element, the default is set to entity, resulting in entity encoding (which is appropriate in the context of a block-level HTML element, e.g. a paragraph of text). This can be changed by adding an encoding attribute, which will remain in effect until the next encoding attribute is encountered or the element ends, whichever comes first.

The encoding attribute must precede the corresponding var attribute to be effective, and only special characters as defined in the ISO-8859-1 character encoding will be encoded. This encoding process may not have the desired result if a different character encoding is in use.

In order to avoid cross-site scripting issues, you should always encode user supplied data.

The exec Element

The exec command executes a given shell command or CGI script. It requires mod_cgi to be present in the server. If Options IncludesNOEXEC is set, this command is completely disabled. The valid attributes are:

cgi

The value specifies a (%-encoded) URL-path to the CGI script. If the path does not begin with a slash (/), then it is taken to be relative to the current document. The document referenced by this path is invoked as a CGI script, even if the server would not normally recognize it as such. However, the directory containing the script must be enabled for CGI scripts (with ScriptAlias or Options ExecCGI).

The CGI script is given the PATH_INFO and query string (QUERY_STRING) of the original request from the client; these cannot be specified in the URL path. The include variables will be available to the script in addition to the standard CGI environment.

Example

<!--#exec cgi="/cgi-bin/example.cgi" -->

If the script returns a Location: header instead of output, then this will be translated into an HTML anchor.

The include virtual element should be used in preference to exec cgi. In particular, if you need to pass additional arguments to a CGI program, using the query string, this cannot be done with exec cgi, but can be done with include virtual, as shown here:

<!--#include virtual="/cgi-bin/example.cgi?argument=value" -->

cmd

The server will execute the given string using /bin/sh. The include variables are available to the command, in addition to the usual set of CGI variables.

The use of #include virtual is almost always prefered to using either #exec cgi or #exec cmd. The former (#include virtual) uses the standard Apache sub-request mechanism to include files or scripts. It is much better tested and maintained.

In addition, on some platforms, like Win32, and on unix when using suexec, you cannot pass arguments to a command in an exec directive, or otherwise include spaces in the command. Thus, while the following will work under a non-suexec configuration on unix, it will not produce the desired result under Win32, or when running suexec:

<!--#exec cmd="perl /path/to/perlscript arg1 arg2" -->

The fsize Element

This command prints the size of the specified file, subject to the sizefmt format specification. Attributes:

file
The value is a path relative to the directory containing the current document being parsed.
virtual
The value is a (%-encoded) URL-path. If it does not begin with a slash (/) then it is taken to be relative to the current document. Note, that this does not print the size of any CGI output, but the size of the CGI script itself.

The flastmod Element

This command prints the last modification date of the specified file, subject to the timefmt format specification. The attributes are the same as for the fsize command.

The include Element

This command inserts the text of another document or file into the parsed file. Any included file is subject to the usual access control. If the directory containing the parsed file has Options IncludesNOEXEC set, then only documents with a text MIME type (text/plain, text/html etc.) will be included. Otherwise CGI scripts are invoked as normal using the complete URL given in the command, including any query string.

An attribute defines the location of the document; the inclusion is done for each attribute given to the include command. The valid attributes are:

file
The value is a path relative to the directory containing the current document being parsed. It cannot contain ../, nor can it be an absolute path. Therefore, you cannot include files that are outside of the document root, or above the current document in the directory structure. The virtual attribute should always be used in preference to this one.
virtual

The value is a (%-encoded) URL-path. The URL cannot contain a scheme or hostname, only a path and an optional query string. If it does not begin with a slash (/) then it is taken to be relative to the current document.

A URL is constructed from the attribute, and the output the server would return if the URL were accessed by the client is included in the parsed output. Thus included files can be nested.

If the specified URL is a CGI program, the program will be executed and its output inserted in place of the directive in the parsed file. You may include a query string in a CGI url:

<!--#include virtual="/cgi-bin/example.cgi?argument=value" -->

include virtual should be used in preference to exec cgi to include the output of CGI programs into an HTML document.

The printenv Element

This prints out a listing of all existing variables and their values. Special characters are entity encoded (see the echo element for details) before being output. There are no attributes.

Example

<!--#printenv -->

The set Element

This sets the value of a variable. Attributes:

var
The name of the variable to set.
value
The value to give a variable.

Example

<!--#set var="category" value="help" -->

top

Include Variables

In addition to the variables in the standard CGI environment, these are available for the echo command, for if and elif, and to any program invoked by the document.

DATE_GMT
The current date in Greenwich Mean Time.
DATE_LOCAL
The current date in the local time zone.
DOCUMENT_NAME
The filename (excluding directories) of the document requested by the user.
DOCUMENT_URI
The (%-decoded) URL path of the document requested by the user. Note that in the case of nested include files, this is not the URL for the current document.
LAST_MODIFIED
The last modification date of the document requested by the user.
QUERY_STRING_UNESCAPED
If a query string is present, this variable contains the (%-decoded) query string, which is escaped for shell usage (special characters like & etc. are preceded by backslashes).
top

Variable Substitution

Variable substitution is done within quoted strings in most cases where they may reasonably occur as an argument to an SSI directive. This includes the config, exec, flastmod, fsize, include, echo, and set directives, as well as the arguments to conditional operators. You can insert a literal dollar sign into the string using backslash quoting:

<!--#if expr="$a = \$test" -->

If a variable reference needs to be substituted in the middle of a character sequence that might otherwise be considered a valid identifier in its own right, it can be disambiguated by enclosing the reference in braces, a la shell substitution:

<!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" -->

This will result in the Zed variable being set to "X_Y" if REMOTE_HOST is "X" and REQUEST_METHOD is "Y".

The below example will print "in foo" if the DOCUMENT_URI is /foo/file.html, "in bar" if it is /bar/file.html and "in neither" otherwise:

<!--#if expr='"$DOCUMENT_URI" = "/foo/file.html"' -->
in foo
 <!--#elif expr='"$DOCUMENT_URI" = "/bar/file.html"' -->
in bar
 <!--#else -->
in neither
 <!--#endif -->

top

Flow Control Elements

The basic flow control elements are:

<!--#if expr="test_condition" -->
<!--#elif expr="test_condition" -->
<!--#else -->
<!--#endif -->

The if element works like an if statement in a programming language. The test condition is evaluated and if the result is true, then the text until the next elif, else or endif element is included in the output stream.

The elif or else statements are be used to put text into the output stream if the original test_condition was false. These elements are optional.

The endif element ends the if element and is required.

test_condition is one of the following:

string
true if string is not empty
string1 = string2
string1 != string2

Compare string1 with string2. If string2 has the form /string2/ then it is treated as a regular expression. Regular expressions are implemented by the PCRE engine and have the same syntax as those in perl 5.

If you are matching positive (=), you can capture grouped parts of the regular expression. The captured parts are stored in the special variables $1 .. $9.

Example

<!--#if expr="$QUERY_STRING = /^sid=([a-zA-Z0-9]+)/" -->
<!--#set var="session" value="$1" -->
 <!--#endif -->

string1 < string2
string1 <= string2
string1 > string2
string1 >= string2
Compare string1 with string2. Note, that strings are compared literally (using strcmp(3)). Therefore the string "100" is less than "20".
( test_condition )
true if test_condition is true
! test_condition
true if test_condition is false
test_condition1 && test_condition2
true if both test_condition1 and test_condition2 are true
test_condition1 || test_condition2
true if either test_condition1 or test_condition2 is true

"=" and "!=" bind more tightly than "&&" and "||". "!" binds most tightly. Thus, the following are equivalent:

<!--#if expr="$a = test1 && $b = test2" -->
<!--#if expr="($a = test1) && ($b = test2)" -->

The boolean operators && and || share the same priority. So if you want to bind such an operator more tightly, you should use parentheses.

Anything that's not recognized as a variable or an operator is treated as a string. Strings can also be quoted: 'string'. Unquoted strings can't contain whitespace (blanks and tabs) because it is used to separate tokens such as variables. If multiple strings are found in a row, they are concatenated using blanks. So,

string1    string2 results in string1 string2

and

'string1    string2' results in string1    string2.

top

SSIEndTag Directive

Description:String that ends an include element
Syntax:SSIEndTag tag
Default:SSIEndTag "-->"
Context:server config, virtual host
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

This directive changes the string that mod_include looks for to mark the end of an include element.

Example

SSIEndTag "%>"

See also

top

SSIErrorMsg Directive

Description:Error message displayed when there is an SSI error
Syntax:SSIErrorMsg message
Default:SSIErrorMsg "[an error occurred while processing this directive]"
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

The SSIErrorMsg directive changes the error message displayed when mod_include encounters an error. For production servers you may consider changing the default error message to "<!-- Error -->" so that the message is not presented to the user.

This directive has the same effect as the <!--#config errmsg=message --> element.

Example

SSIErrorMsg "<!-- Error -->"

top

SSIStartTag Directive

Description:String that starts an include element
Syntax:SSIStartTag tag
Default:SSIStartTag "<!--#"
Context:server config, virtual host
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

This directive changes the string that mod_include looks for to mark an include element to process.

You may want to use this option if you have 2 servers parsing the output of a file each processing different commands (possibly at different times).

Example

SSIStartTag "<%"
SSIEndTag "%>"

The example given above, which also specifies a matching SSIEndTag, will allow you to use SSI directives as shown in the example below:

SSI directives with alternate start and end tags

<%printenv %>

See also

top

SSITimeFormat Directive

Description:Configures the format in which date strings are displayed
Syntax:SSITimeFormat formatstring
Default:SSITimeFormat "%A, %d-%b-%Y %H:%M:%S %Z"
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

This directive changes the format in which date strings are displayed when echoing DATE environment variables. The formatstring is as in strftime(3) from the C standard library.

This directive has the same effect as the <!--#config timefmt=formatstring --> element.

Example

SSITimeFormat "%R, %B %d, %Y"

The above directive would cause times to be displayed in the format "22:26, June 14, 2002".

top

SSIUndefinedEcho Directive

Description:String displayed when an unset variable is echoed
Syntax:SSIUndefinedEcho string
Default:SSIUndefinedEcho "(none)"
Context:server config, virtual host
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.34 and later.

This directive changes the string that mod_include displays when a variable is not set and "echoed".

Example

SSIUndefinedEcho "<!-- undef -->"

top

XBitHack Directive

Description:Parse SSI directives in files with the execute bit set
Syntax:XBitHack on|off|full
Default:XBitHack off
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Base
Module:mod_include

The XBitHack directive controls the parsing of ordinary html documents. This directive only affects files associated with the MIME type text/html. XBitHack can take on the following values:

off
No special treatment of executable files.
on
Any text/html file that has the user-execute bit set will be treated as a server-parsed html document.
full
As for on but also test the group-execute bit. If it is set, then set the Last-modified date of the returned file to be the last modified time of the file. If it is not set, then no last-modified date is sent. Setting this bit allows clients and proxies to cache the result of the request.

Note

You would not want to use the full option, unless you assure the group-execute bit is unset for every SSI script which might #include a CGI or otherwise produces different output on each hit (or could potentially change on subsequent requests).

mod/mod_info.html100644 0 0 13050 11074463123 11464 0ustar 0 0 mod_info - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_info

ֽ ƴմϴ. ֱٿ ϼ.
: ش
:Extension
:info_module
ҽ:mod_info.c

mod_info Ϸ httpd.conf Ͽ ߰Ѵ.

<Location /server-info>
SetHandler server-info
 </Location>

ƹ <Location> þ ȿ <Limit> ߰ ִ.

̷ ϸ http://your.host.dom/server-info Ͽ ִ.

Ҷ б⶧, Ŀ Ͽٸ ȭ鿡 ǥõ ٸ ִ. , ϴ (User þ ) ־ Ѵ. ٸ þ Ѵ.

mod_info ϵִٸ, 丮 ( , .htaccess) Ͽ ڵ鷯 ִ. ׷ Ʈ Ȱ ִ.

Ư ý , ڸ/ȣ, ͺ̽ ̸ ġ þ ΰ ִ. ϴ Ļ ̸ . ׷ ׻ ؾ ϸ ȯ濡 ؾ Ѵ.

top

AddModuleInfo þ

:⿡ ߰ server-info ڵ鷯 ֵ ߰Ѵ
:AddModuleInfo module-name string
:ּ, ȣƮ
:Extension
:mod_info
:ġ 1.3

module-name߰ string HTML ش. ,

AddModuleInfo mod_auth.c 'See <a \
href="http://www.apache.org/docs/2.0/mod/mod_auth.html">\
http://www.apache.org/docs/2.0/mod/mod_auth.html</a>'

mod/mod_isapi.html100644 0 0 44047 11074463123 11650 0ustar 0 0 mod_isapi - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_isapi

ֽ ƴմϴ. ֱٿ ϼ.
:Windows ġ ISAPI Extension
:Base
:isapi_module
ҽ:mod_isapi.c
:Win32 only

Internet Server extension API Ѵ. ׷ Windows ġ Internet Server extension (, ISAPI .dll ) ִ.

ISAPI extension (.dll ) ڰ ۼѴ. Apache Group ̵ ʾ, ʴ´. ISAPI extension 뿡 ISAPI ڿ ϱ ٶ. ̷ ġ ϸƮ ׺ ø .

top

Ͽ AddHandler þ Ͽ ISAPI Ȯڿ isapi-isa ڵ鷯 Ѵ. .dll ISAPI extension óϷ httpd.conf Ͽ ߰Ѵ.

AddHandler isapi-isa .dll

ġ û ޸𸮿 . ׷ httpd.conf Ư ̸ о ִ.

ISAPICacheFile c:/WebWork/Scripts/ISAPI/mytest.dll

ISAPI extension ̸ о̴ ̸ о ʴ ISAPI extension CGI ũƮ Ѱ . , ISAPI .dll ִ 丮 Options ExecCGI ʿϴ.

mod_isapi ISAPI ڼ ߰ ϶.

top

߰

ġ ISAPI 񵿱 ¿ "ũμƮ Ư" Ȯ ISAPI 2.0 Ծ Ѵ. ġ δ ISAPI ִ 񵿱 . ISA 񵿱 ° ʴ Ϸ Ѵٸ, 뿡 ֱ α׿ . αװ ſ Ŀ ֱ⶧ ISAPILogNotSupported Off þ ϸ α׿ ʴ´.

Microsoft IIS ISAPI extension ޸𸮷 о鿩 ޸ 뷮 ſ ʰų Ư ʴ ״ ޸𸮿 д. ġ ISAPICacheFile þ ʴ´ٸ û ISAPI extension ޸𸮿 о̰ . ȿ, ġ ޸ ̰ ȿ ̴. ISAPI ġ ణ ȣȯ ȸ±⶧ ޸𸮿 .

, ġ ISAPI Extension , ISAPI Filter ϶. ߿ ͸ , ȹ .

top

ġ 2.0 mod_isapi α׷Ѵٸ, ServerSupportFunction ȣ þ ؾ Ѵ.

HSE_REQ_SEND_URL_REDIRECT_RESP
ڸ ٸ ġ ̷Ѵ.
URL ؾ Ѵ ( , http://server/location).
HSE_REQ_SEND_URL
ڸ ٸ ġ ̷Ѵ.
URL ƴϸ, ݰ ѱ ( , /location ͸ ).
ƴ϶ ̷ óѴ.

ֱ Microsoft HSE_REQ_SEND_URL ɰ ̸ ó δ. ġ ƱԸƮ ǰ ൿ ٸ ó ̴.

HSE_REQ_SEND_RESPONSE_HEADER
headers ڿ ƱԸƮ (ٹٲ޹ڰ ι ) ִٸ ġ Ѵ. headers ƱԸƮ NULL ⶧, 뿡 NULL .
HSE_REQ_DONE_WITH_SESSION
ISAPI ó ġ ⶧ ġ ƹ ϵ ʴ´.
HSE_REQ_MAP_URL_TO_PATH
ġ ̸ () ̸ ȯѴ.
HSE_APPEND_LOG_PARAMETER
Ʒ α Ѱ .

ù° %{isapi-parameter}n ׸ Ѵ.

HSE_REQ_IS_KEEP_CONN
Keep-Alive ¸ ȯѴ.
HSE_REQ_SEND_RESPONSE_HEADER_EX
fKeepConn ɼ ϴ ϰ µ Ѵ.
HSE_REQ_IS_CONNECTED
û ߰ ٸ false ȯѴ.

ʴ ServerSupportFunction ȣ ϸ ġ FALSE ȯϰ GetLastError ERROR_INVALID_PARAMETER Ѵ.

ReadClient (ISAPIReadAheadBuffer ) ʱũ⸦ Ѿ û ´. ISAPIReadAheadBuffer (ISAPI ڵ鷯 θ Ʈ) ª û extension θ ޵ȴ. û , ISAPI extension ReadClient û ; Ѵ.

WriteClient , HSE_IO_SYNC ɼǸ ϰų (0 ) ƹ ɼǵ ʾƾ Ѵ. ٸ WriteClient û FALSE ȯϸ ϰ, GetLastError ERROR_INVALID_PARAMETER ȴ.

GetServerVariable , (ٸ ϴ) Ȯ . GetServerVariable Ϲ ġ CGI ȯ溯 ALL_HTTP, ALL_RAW ִ.

ġ 2.0 mod_isapi ISAPI Ծ࿡ ߰ ϰ, 񵿱 ° TransmitFile 䳻. , ISAPI .dll ̸ о鿩 ̴ ġ 1.3 mod_isapi Ѵ.

top

ISAPIAppendLogToErrors þ

:ISAPI exntension HSE_APPEND_LOG_PARAMETER û α׿ Ѵ
:ISAPIAppendLogToErrors on|off
⺻:ISAPIAppendLogToErrors off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI exntension HSE_APPEND_LOG_PARAMETER û α׿ Ѵ.

top

ISAPIAppendLogToQuery þ

:ISAPI exntension HSE_APPEND_LOG_PARAMETER û ǹڿ Ѵ
:ISAPIAppendLogToQuery on|off
⺻:ISAPIAppendLogToQuery on
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI exntension HSE_APPEND_LOG_PARAMETER û ǹڿ Ѵ (CustomLog %q ׸ δ).

top

ISAPICacheFile þ

: Ҷ ޸𸮷 о ISAPI .dll ϵ
:ISAPICacheFile file-path [file-path] ...
:ּ, ȣƮ
:Base
:mod_isapi

ġ Ҷ ޸𸮷 о鿩 Ҷ ޸𸮿 ϸ Ͽ Ѵ. þ ISAPI .dll Ϻ ִ. ü θ ´. ΰ ƴϸ ServerRoot η ޾Ƶδ.

top

ISAPIFakeAsync þ

:񵿱 ISAPI ݹ ϴ ôѴ
:ISAPIFakeAsync on|off
⺻:ISAPIFakeAsync off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

on ϸ 񵿱 ISAPI ݹ 䳻.

top

ISAPILogNotSupported þ

:ISAPI extension ʴ ûϸ α׿ Ѵ
:ISAPILogNotSupported on|off
⺻:ISAPILogNotSupported off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI extension ʴ ûϸ α׿ Ѵ. ߿ ڰ ϴµ ȴ. ϴ ISAPI ϸ ٽ off ǵ Ѵ.

top

ISAPIReadAheadBuffer þ

:ISAPI extension ̸б(read ahead buffer) ũ
:ISAPIReadAheadBuffer size
⺻:ISAPIReadAheadBuffer 49152
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI extension ó ȣҶ ̸б ִ ũ⸦ Ѵ. ( ũ⺸ ū) ڷ ReadClient ݹ Ͽ о Ѵ.  ISAPI extension ReadClient ʴ´. ISAPI extension ڿ ϶.

mod/mod_ldap.html100644 0 0 57001 11074463123 11455 0ustar 0 0 mod_ldap - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_ldap

Description:LDAP connection pooling and result caching services for use by other LDAP modules
Status:Experimental
ModuleIdentifier:ldap_module
SourceFile:util_ldap.c
Compatibility:Available in version 2.0.41 and later

Summary

This module was created to improve the performance of websites relying on backend connections to LDAP servers. In addition to the functions provided by the standard LDAP libraries, this module adds an LDAP connection pool and an LDAP shared memory cache.

To enable this module, LDAP support must be compiled into apr-util. This is achieved by adding the --with-ldap flag to the configure script when building Apache.

SSL support requires that mod_ldap be linked with one of the following LDAP SDKs: OpenLDAP SDK (both 1.x and 2.x), Novell LDAP SDK or the iPlanet(Netscape) SDK.

top

Example Configuration

The following is an example configuration that uses mod_ldap to increase the performance of HTTP Basic authentication provided by mod_auth_ldap.

# Enable the LDAP connection pool and shared
# memory cache. Enable the LDAP cache status
# handler. Requires that mod_ldap and mod_auth_ldap
# be loaded. Change the "yourdomain.example.com" to
# match your domain.

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600

<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
AuthLDAPEnabled on
AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one
AuthLDAPAuthoritative on
Require valid-user
 </Location>

top

LDAP Connection Pool

LDAP connections are pooled from request to request. This allows the LDAP server to remain connected and bound ready for the next request, without the need to unbind/connect/rebind. The performance advantages are similar to the effect of HTTP keepalives.

On a busy server it is possible that many requests will try and access the same LDAP server connection simultaneously. Where an LDAP connection is in use, Apache will create a new connection alongside the original one. This ensures that the connection pool does not become a bottleneck.

There is no need to manually enable connection pooling in the Apache configuration. Any module using this module for access to LDAP services will share the connection pool.

top

LDAP Cache

For improved performance, mod_ldap uses an aggressive caching strategy to minimize the number of times that the LDAP server must be contacted. Caching can easily double or triple the throughput of Apache when it is serving pages protected with mod_auth_ldap. In addition, the load on the LDAP server will be significantly decreased.

mod_ldap supports two types of LDAP caching during the search/bind phase with a search/bind cache and during the compare phase with two operation caches. Each LDAP URL that is used by the server has its own set of these three caches.

The Search/Bind Cache

The process of doing a search and then a bind is the most time-consuming aspect of LDAP operation, especially if the directory is large. The search/bind cache is used to cache all searches that resulted in successful binds. Negative results (i.e., unsuccessful searches, or searches that did not result in a successful bind) are not cached. The rationale behind this decision is that connections with invalid credentials are only a tiny percentage of the total number of connections, so by not caching invalid credentials, the size of the cache is reduced.

mod_ldap stores the username, the DN retrieved, the password used to bind, and the time of the bind in the cache. Whenever a new connection is initiated with the same username, mod_ldap compares the password of the new connection with the password in the cache. If the passwords match, and if the cached entry is not too old, mod_ldap bypasses the search/bind phase.

The search and bind cache is controlled with the LDAPCacheEntries and LDAPCacheTTL directives.

Operation Caches

During attribute and distinguished name comparison functions, mod_ldap uses two operation caches to cache the compare operations. The first compare cache is used to cache the results of compares done to test for LDAP group membership. The second compare cache is used to cache the results of comparisons done between distinguished names.

The behavior of both of these caches is controlled with the LDAPOpCacheEntries and LDAPOpCacheTTL directives.

Monitoring the Cache

mod_ldap has a content handler that allows administrators to monitor the cache performance. The name of the content handler is ldap-status, so the following directives could be used to access the mod_ldap cache information:

<Location /server/cache-info>
SetHandler ldap-status
 </Location>

By fetching the URL http://servername/cache-info, the administrator can get a status report of every cache that is used by mod_ldap cache. Note that if Apache does not support shared memory, then each httpd instance has its own cache, so reloading the URL will result in different information each time, depending on which httpd instance processes the request.

top

Using SSL

The ability to create an SSL connections to an LDAP server is defined by the directives LDAPTrustedCA and LDAPTrustedCAType. These directives specify the certificate file or database and the certificate type. Whenever the LDAP url includes ldaps://, mod_ldap will establish a secure connection to the LDAP server.

# Establish an SSL LDAP connection. Requires that
# mod_ldap and mod_auth_ldap be loaded. Change the
# "yourdomain.example.com" to match your domain.

LDAPTrustedCA /certs/certfile.der
LDAPTrustedCAType DER_FILE

<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
AuthLDAPEnabled on
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
AuthLDAPAuthoritative on
Require valid-user
 </Location>

If mod_ldap is linked against the Netscape/iPlanet LDAP SDK, it will not talk to any SSL server unless that server has a certificate signed by a known Certificate Authority. As part of the configuration mod_ldap needs to be told where it can find a database containing the known CAs. This database is in the same format as Netscape Communicator's cert7.db database. The easiest way to get this file is to start up a fresh copy of Netscape, and grab the resulting $HOME/.netscape/cert7.db file.

top

LDAPCacheEntries Directive

Description:Maximum number of entries in the primary LDAP cache
Syntax:LDAPCacheEntries number
Default:LDAPCacheEntries 1024
Context:server config
Status:Experimental
Module:mod_ldap

Specifies the maximum size of the primary LDAP cache. This cache contains successful search/binds. Set it to 0 to turn off search/bind caching. The default size is 1024 cached searches.

top

LDAPCacheTTL Directive

Description:Time that cached items remain valid
Syntax:LDAPCacheTTL seconds
Default:LDAPCacheTTL 600
Context:server config
Status:Experimental
Module:mod_ldap

Specifies the time (in seconds) that an item in the search/bind cache remains valid. The default is 600 seconds (10 minutes).

top

LDAPConnectionTimeout Directive

Description:Specifies the socket connection timeout in seconds
Syntax:LDAPConnectionTimeout seconds
Context:server config
Status:Experimental
Module:mod_ldap

Specifies the timeout value (in seconds) in which the module will attempt to connect to the LDAP server. If a connection is not successful with the timeout period, either an error will be returned or the module will attempt to connect to a secondary LDAP server if one is specified. The default is 10 seconds.

top

LDAPOpCacheEntries Directive

Description:Number of entries used to cache LDAP compare operations
Syntax:LDAPOpCacheEntries number
Default:LDAPOpCacheEntries 1024
Context:server config
Status:Experimental
Module:mod_ldap

This specifies the number of entries mod_ldap will use to cache LDAP compare operations. The default is 1024 entries. Setting it to 0 disables operation caching.

top

LDAPOpCacheTTL Directive

Description:Time that entries in the operation cache remain valid
Syntax:LDAPOpCacheTTL seconds
Default:LDAPOpCacheTTL 600
Context:server config
Status:Experimental
Module:mod_ldap

Specifies the time (in seconds) that entries in the operation cache remain valid. The default is 600 seconds.

top

LDAPSharedCacheFile Directive

Description:Sets the shared memory cache file
Syntax:LDAPSharedCacheFile directory-path/filename
Context:server config
Status:Experimental
Module:mod_ldap

Specifies the directory path and file name of the shared memory cache file. If not set, anonymous shared memory will be used if the platform supports it.

top

LDAPSharedCacheSize Directive

Description:Size in bytes of the shared-memory cache
Syntax:LDAPSharedCacheSize bytes
Default:LDAPSharedCacheSize 102400
Context:server config
Status:Experimental
Module:mod_ldap

Specifies the number of bytes to allocate for the shared memory cache. The default is 100kb. If set to 0, shared memory caching will not be used.

top

LDAPTrustedCA Directive

Description:Sets the file containing the trusted Certificate Authority certificate or database
Syntax:LDAPTrustedCA directory-path/filename
Context:server config
Status:Experimental
Module:mod_ldap

It specifies the directory path and file name of the trusted CA mod_ldap should use when establishing an SSL connection to an LDAP server. If using the Netscape/iPlanet Directory SDK, the file name should be cert7.db.

top

LDAPTrustedCAType Directive

Description:Specifies the type of the Certificate Authority file
Syntax:LDAPTrustedCAType type
Context:server config
Status:Experimental
Module:mod_ldap

The following types are supported:
DER_FILE - file in binary DER format
BASE64_FILE - file in Base64 format
CERT7_DB_PATH - Netscape certificate database file ")

mod/mod_log_config.html100644 0 0 51254 11074463123 12647 0ustar 0 0 mod_log_config - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_log_config

ֽ ƴմϴ. ֱٿ ϼ.
: û α׿ Ѵ
:Base
:log_config_module
ҽ:mod_log_config.c

Ŭ̾Ʈ û α׿ Ӱ Ѵ. ڽ ϴ α׸ ְ, ̳ ܺ α׷ α׸ ִ. α׸ ϸ û ݿ û α׿ ߰ϰų ִ.

þ Ѵ. TransferLog α , LogFormat ϴ ϰ, CustomLog ѹ αϰ Ѵ. TransferLog CustomLog þ ϸ û Ͽ ִ.

top

α ϱ

LogFormat CustomLog þ ƱԸƮ ڿ̴. ڿ û αϿ Ѵ. ڿ αϿ ״ Ǵ ڿ ٲް Ÿ C "\n" "\t" ڸ ִ. αϿ ǥ 齽 տ ݵ 齽 Ѵ.

û Ư¡ ڿ "%" þ Ͽ Ѵ. þ αϿ ȴ.

 ڿ
%% ۼƮ ȣ (ġ 2.0.44 )
%...a IP-ּ
%...A () IP-ּ
%...B HTTP Ʈ.
%...b HTTP Ʈ. CLF İ 0 '-' ´.
%...{Foobar}C û Foobar Ű .
%...D û óϴµ ɸ ð (ũ ).
%...{FOOBAR}e ȯ溯 FOOBAR
%...f ϸ
%...h ȣƮ
%...H û
%...{Foobar}i û Foobar: .
%...l (ִٸ identd ) αθ. IdentityCheck On ƴϸ ȣ Ѵ.
%...m û ޽
%...{Foobar}n ٸ Foobar Ʈ(note) .
%...{Foobar}o Foobar: .
%...p û ϴ Ʈ
%...P û ϴ ڽ μ ID.
%...{format}P û ϴ ڽ μ ID Ȥ ID. format pid tid ϴ. (ġ 2.0.46 )
%...q ǹڿ (ǹڿ ִٸ տ ? ̰, ٸ ڿ)
%...r û ù°
%...s (status). ̷ǵ û ** û ̴. û ´ %...>s.
%...t common log format ð (ǥ ) ð
%...{format}t strftime(3) format ð. (ð )
%...T û óϴµ ɸ ð ( ).
%...u (auth ϸ, (%s) 401 ̻ )
%...U ǹڿ û URL .
%...v û ServerName.
%...V UseCanonicalName .
%...X .
X = ġ .
+ = Ŀ ִ(keep alive).
- = .

(ġ 1.3 Ĺ þ %...c, ssl %...{var}c ļ ߴ.)

%...I û Ʈ 0 . ̸ Ϸ mod_logio ʿϴ.
%...O ۽ Ʈ 0 . ̸ Ϸ mod_logio ʿϴ.

"..." ( , "%h %u %r %s %b") ƹ͵ ų, ׸ ´ ( ڸ "-" Ѵ). տ "!" ̰ų Ⱥ HTTP ڵ ۼѴ. , "%400,501{User-agent}i" 400 (Bad Request) 501 (Not Implemented) ϶ User-agent: α׿ , "%!200,304,302{Referer}i" ° ƴ û Referer: α׿ .

"<" ">" ̷ǵ û ó û û Ѵ. ⺻ %s, %U, %T, %D, %r ó û , % þ û . ׷ %>s û (status) ϰ, %<u ȣ ʴ ڿ ̷ǵ 쿡 ó ڸ Ѵ.

2.0.46 httpd 2.0 %...r, %...i, %...o ڿ ״ ξ. Common Log Format 䱸 ؼ. , Ŭ̾Ʈ ڸ α׿ ֱ⶧ α ״ ٷ ؾ Ѵ.

Ȼ 2.0.46 ڳ ٸ Ưڸ \xhh ǥѴ. ⼭ hh ش Ʈ 16 ǥ Ÿ. Ģ ܴ 齽 տ ̴ " \, ׸ C 鹮ڵ(\n, \t )̴.

Ϲ ϴ α .

Common Log Format (CLF)
"%h %l %u %t \"%r\" %>s %b"
ȣƮ Common Log Format
"%v %h %l %u %t \"%r\" %>s %b"
NCSA extended/combined α
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
Referer α
"%{Referer}i -> %U"
Agent () α
"%{User-agent}i"

û ϴ ServerName Listen %v %p Ѵ. α׺м α׷ û ϴ ȣƮ ˱ ȣƮ ã ˰ ʿ ̵ UseCanonicalName ϴ.

top

Ȼ

ϴ ڿܿ ٸ ڰ α ϴ 丮 ȿ ϶.

top

CookieLog þ

:Ű α׿ ϸ Ѵ
:CookieLog filename
:ּ, ȣƮ
:Base
:mod_log_config
: þ ʴ´.

CookieLog þ Ű α׿ ϸ Ѵ. ϸ ServerRoot ̴. þ mod_cookies ȣȯ , ʴ´.

top

CustomLog þ

:α ̸ Ѵ
:CustomLog file|pipe format|nickname [env=[!]environment-variable]
:ּ, ȣƮ
:Base
:mod_log_config

û α׿ 涧 CustomLog þ Ѵ. α ϰ, ȯ溯 Ͽ û Ư¡ α׸ ִ.

α׸ Ҹ ϴ ù° ƱԸƮ ϳ Ѵ.

file
ServerRoot ϸ.
pipe
"|"ڿ α ǥԷ α׷ θ ´.

:

α׷ Ѵٸ α׷ ȴ. root Ѵٸ α׷ root ϹǷ α׷ Ȯ϶.

н ƴ ÷ ϰθ ԷҶ ÷ 齽 ϴ ݵ ؾ Ѵ. Ϲ Ͽ ׻ ϴ .

ι° ƱԸƮ αϿ Ѵ. LogFormat nickname ϰų α format ڿ ִ.

, þ Ȱ Ѵ.

# Ī CustomLog
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common

# ڿ CustomLog
CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"

° ƱԸƮ  Ǹ, Ư ȯ溯 û α׿ θ Ѵ. û ȯ溯 ǵִٸ (Ȥ 'env=!name' ٸ) û α׿ Ѵ.

mod_setenvif mod_rewrite Ͽ û ȯ溯 ִ. , GIF ׸ û ּ αװ ƴ ٸ αϿ Ϸ,

SetEnvIf Request_URI \.gif$ gif-image
CustomLog gif-requests.log common env=gif-image
CustomLog nongif-requests.log common env=!gif-image

top

LogFormat þ

:αϿ Ѵ
:LogFormat format|nickname [nickname]
⺻:LogFormat "%h %l %u %t \"%r\" %>s %b"
:ּ, ȣƮ
:Base
:mod_log_config

þ α Ѵ.

LogFormat þ ΰ Ѵ. ù° ƱԸƮ Ѱ Ͽ TransferLog þ α Ѵ. ƱԸƮ α ϱ format ϰų, LogFormat þ ̸ (α Īϴ) nickname ִ.

LogFormat þ ι° format nickname Ѵ. ׷ ڿ ϴ LogFormat̳ CustomLog þ ݺؼ ڿ Էϴ nickname ִ. Ī ϴ LogFormat þ ܿ ƹ ʴ´. , Ī ϸ, ϰų ⺻ ʴ´. ׷Ƿ TransferLog þ ʴ´. , LogFormat Ī ٸ Ī ִ. Ī ̸ ۼƮ ȣ(%) ϶.

LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

top

TransferLog þ

:α ġ Ѵ
:TransferLog file|pipe
:ּ, ȣƮ
:Base
:mod_log_config

þ CustomLog þ ƱԸƮ , α ϰų û ǿ α׿ . ֱ (Ī ) LogFormat þ α Ѵ. ̸ ʾҴٸ Common Log Format Ѵ.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
TransferLog logs/access_log

mod/mod_log_forensic.html100644 0 0 22525 11074463123 13211 0ustar 0 0 mod_log_forensic - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_log_forensic

Description:Forensic Logging of the requests made to the server
Status:Extension
ModuleIdentifier:log_forensic_module
SourceFile:mod_log_forensic.c
Compatibility:Available in version 2.0.50 and later

Summary

This module provides for forensic logging of client requests. Logging is done before and after processing a request, so the forensic log contains two log lines for each request. The forensic logger is very strict, which means:

  • The format is fixed. You cannot modify the logging format at runtime.
  • If it cannot write its data, the child process exits immediately and may dump core (depending on your CoreDumpDirectory configuration).

The check_forensic script, which can be found in the distribution's support directory, may be helpful in evaluating the forensic log output.

This module was backported from version 2.1 which uses a more powerful APR version in order to generate the forensic IDs. If you want to run mod_log_forensic in version 2.0, you need to include mod_unique_id as well.
top

Forensic Log Format

Each request is logged two times. The first time is before it's processed further (that is, after receiving the headers). The second log entry is written after the request processing at the same time where normal logging occurs.

In order to identify each request, a unique request ID is assigned. This forensic ID can be cross logged in the normal transfer log using the %{forensic-id}n format string. If you're using mod_unique_id, its generated ID will be used.

The first line logs the forensic ID, the request line and all received headers, separated by pipe characters (|). A sample line looks like the following (all on one line):

+yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/images/down.gif HTTP/1.1|Host:localhost%3a8080|User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; rv%3a1.6) Gecko/20040216 Firefox/0.8|Accept:image/png, etc...

The plus character at the beginning indicates that this is the first log line of this request. The second line just contains a minus character and the ID again:

-yQtJf8CoAB4AAFNXBIEAAAAA

The check_forensic script takes as its argument the name of the logfile. It looks for those +/- ID pairs and complains if a request was not completed.

top

Security Considerations

See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.

top

ForensicLog Directive

Description:Sets filename of the forensic log
Syntax:ForensicLog filename|pipe
Context:server config, virtual host
Status:Extension
Module:mod_log_forensic

The ForensicLog directive is used to log requests to the server for forensic analysis. Each log entry is assigned a unique ID which can be associated with the request using the normal CustomLog directive. mod_log_forensic takes the unique ID from mod_unique_id, so you need to load this module as well. (This requirement will not be necessary in version 2.1 and later, because of a more powerful APR version.) The ID token is attached to the request under the name forensic-id, which can be added to the transfer log using the %{forensic-id}n format string.

The argument, which specifies the location to which the logs will be written, can take one of the following two types of values:

filename
A filename, relative to the ServerRoot.
pipe
The pipe character "|", followed by the path to a program to receive the log information on its standard input. The program name can be specified relative to the ServerRoot directive.

Security:

If a program is used, then it will be run as the user who started httpd. This will be root if the server was started by root; be sure that the program is secure or switches to a less privileged user.

Note

When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.

mod/mod_logio.html100644 0 0 7552 11074463123 11634 0ustar 0 0 mod_logio - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_logio

:û Ʈ
:Extension
:logio_module
ҽ:mod_logio.c

û Ʈ Ѵ. ڴ Ʈ ְ Ʈ Ÿ, û Ѵ. Է SSL/TLS , SSL/TLS Ŀ ⶧ ȣȭ ùٷ ݿȴ.

Ϸ mod_log_config ʿϴ.

þ

⿡ þ ϴ.

top

α

ΰ ο αþ ߰Ѵ. ûü Ư Ĺڿ "%" þ Ͽ Ѵ. þ αϿ Ѵ:

Ĺڿ
%...I û Ͽ Ʈ. 0 .
%...O Ͽ Ʈ. 0 .

Ѵ:

յ α :
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %I %O"
mod/mod_mem_cache.html100644 0 0 33144 11074463123 12440 0ustar 0 0 mod_mem_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_mem_cache

:URI Ű Ͽ ijѴ.
:Experimental
:mem_cache_module
ҽ:mod_mem_cache.c

̴. ۾̴...

Ϸ mod_cache ʿϴ. mod_cache ϸ ޸𸮱 ڸ Ѵ. mod_mem_cache ϱڸ ij ϰų ü ijϴ ΰ Ѵ. mod_mem_cache ijϰų ProxyPass (Ͻ(reverse proxy)) mod_proxy ޴ ijҶ ַ Ѵ.

URI Ű Ͽ ij ϰ ´. ϴ ij ʴ´.

top

MCacheMaxObjectCount þ

:ij ִ ִ ü
:MCacheMaxObjectCount value
⺻:MCacheMaxObjectCount 1009
:ּ
:Experimental
:mod_mem_cache

MCacheMaxObjectCount þ ij ִ ִ ü Ѵ. ؽ̺ 鶧 Ѵ. ο ü ij ߰ؾ ϴµ ִ ü Ͽٸ, ο ü ij ֵ ٸ ü Ѵ. MCacheRemovalAlgorithm ˰ Ͽ ü Ѵ.

MCacheMaxObjectCount 13001

top

MCacheMaxObjectSize þ

:ij ִ ũ (Ʈ )
:MCacheMaxObjectSize bytes
⺻:MCacheMaxObjectSize 10000
:ּ
:Experimental
:mod_mem_cache

MCacheMaxObjectSize þ ij ִ ũ⸦ Ʈ Ѵ.

MCacheMaxObjectSize 6400000

Note

MCacheMaxObjectSize MCacheMinObjectSize þ Ŀ Ѵ.

top

MCacheMaxStreamingBuffer þ

: ijѴٰ ϱ ޸ ۿ Ʈ ִ ũ
:MCacheMaxStreamingBuffer size_in_bytes
⺻:MCacheMaxStreamingBuffer 100000 MCacheMaxObjectSize ߿
:ּ
:Experimental
:mod_mem_cache

MCacheMaxStreamingBuffer þ ʹ Ŀ ij ۿ Ʈ ִ Ʈ Ѵ. Ʈ (streamed response) ü Content-Length 𸣴 ̴. Ͻõ ̳ CGI ũƮ Ʈ 信 Ѵ. ⺻ Content-Length ٸ Ʈ ij ʴ´. ij ϱ⿡ ʹ ū Ϻθ ۿ ϱ ޸𸮸 ʱؼ̴. MCacheMaxStreamingBuffer þ ϸ Content-Length Ʈ ũ ۿ Ѵ. ִ ũ⸦ Ѿ ij ʴ´.

:

MCacheMaxStreamingBuffer 0 ƴ Ͽ Ŭ̾Ʈ ʰ ʴ´. mod_mem_cache Ʈ Ϻθ ۿ ڸ Ŭ̾Ʈ ͷ .

# Ʈ 64KB ijѴ:
MCacheMaxStreamingBuffer 65536

top

MCacheMinObjectSize þ

:ij ּ ũ (Ʈ )
:MCacheMinObjectSize bytes
⺻:MCacheMinObjectSize 0
:ּ
:Experimental
:mod_mem_cache

MCacheMinObjectSize þ ij ּ ũ⸦ Ʈ Ѵ.

MCacheMinObjectSize 10000

top

MCacheRemovalAlgorithm þ

:ij ã ˰
:MCacheRemovalAlgorithm LRU|GDSF
⺻:MCacheRemovalAlgorithm GDSF
:ּ
:Experimental
:mod_mem_cache

MCacheRemovalAlgorithm þ ij ã ˰ Ѵ.

LRU (Least Recently Used)
LRU Ѵ.
GDSF (GreadyDual-Size)
GDSF ij (cache miss) ũ⸦ ij 켱 οѴ. 켱 Ѵ.

MCacheRemovalAlgorithm GDSF
MCacheRemovalAlgorithm LRU

top

MCacheSize þ

:ij ִ ޸𸮷 (KByte )
:MCacheSize KBytes
⺻:MCacheSize 100
:ּ
:Experimental
:mod_mem_cache

MCacheSize þ ij ִ ޸𸮷 KByte (1024 Ʈ ) Ѵ. ο ü ij ߰ؾ ϴµ ü ũⰡ ޸𸮺 ũٸ ο ü ij ٸ ü Ѵ. MCacheRemovalAlgorithm ˰ Ͽ ü Ѵ.

MCacheSize 700000

MCacheSize MCacheMaxObjectSize þ Ŀ Ѵ.

mod/mod_mime.html100644 0 0 160471 11074463123 11512 0ustar 0 0 mod_mime - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_mime

Description:Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)
Status:Base
ModuleIdentifier:mime_module
SourceFile:mod_mime.c

Summary

This module is used to associate various bits of "meta information" with files by their filename extensions. This information relates the filename of the document to it's mime-type, language, character set and encoding. This information is sent to the browser, and participates in content negotiation, so the user's preferences are respected when choosing one of several possible files to serve. See mod_negotiation for more information about content negotiation.

The directives AddCharset, AddEncoding, AddLanguage and AddType are all used to map file extensions onto the meta-information for that file. Respectively they set the character set, content-encoding, content-language, and MIME-type (content-type) of documents. The directive TypesConfig is used to specify a file which also maps extensions onto MIME types.

In addition, mod_mime may define the handler and filters that originate and process content. The directives AddHandler, AddOutputFilter, and AddInputFilter control the modules or scripts that serve the document. The MultiviewsMatch directive allows mod_negotiation to consider these file extensions to be included when testing Multiviews matches.

While mod_mime associates meta-information with filename extensions, the core server provides directives that are used to associate all the files in a given container (e.g., <Location>, <Directory>, or <Files>) with particular meta-information. These directives include ForceType, SetHandler, SetInputFilter, and SetOutputFilter. The core directives override any filename extension mappings defined in mod_mime.

Note that changing the meta-information for a file does not change the value of the Last-Modified header. Thus, previously cached copies may still be used by a client or proxy, with the previous headers. If you change the meta-information (language, content type, character set or encoding) you may need to 'touch' affected files (updating their last modified date) to ensure that all visitors are receive the corrected content headers.

top

Files with Multiple Extensions

Files can have more than one extension, and the order of the extensions is normally irrelevant. For example, if the file welcome.html.fr maps onto content type text/html and language French then the file welcome.fr.html will map onto exactly the same information. If more than one extension is given which maps onto the same type of meta-information, then the one to the right will be used, except for languages and content encodings. For example, if .gif maps to the MIME-type image/gif and .html maps to the MIME-type text/html, then the file welcome.gif.html will be associated with the MIME-type text/html.

Languages and content encodings are treated accumulative, because one can assign more than one language or encoding to a particular resource. For example, the file welcome.html.en.de will be delivered with Content-Language: en, de and Content-Type: text/html.

Care should be taken when a file with multiple extensions gets associated with both a MIME-type and a handler. This will usually result in the request being by the module associated with the handler. For example, if the .imap extension is mapped to the handler imap-file (from mod_imap) and the .html extension is mapped to the MIME-type text/html, then the file world.imap.html will be associated with both the imap-file handler and text/html MIME-type. When it is processed, the imap-file handler will be used, and so it will be treated as a mod_imap imagemap file.

top

Content encoding

A file of a particular MIME type can additionally be encoded a particular way to simplify transmission over the Internet. While this usually will refer to compression, such as gzip, it can also refer to encryption, such a pgp or to an encoding such as UUencoding, which is designed for transmitting a binary file in an ASCII (text) format.

The HTTP/1.1 RFC, section 14.11 puts it this way:

The Content-Encoding entity-header field is used as a modifier to the media-type. When present, its value indicates what additional content codings have been applied to the entity-body, and thus what decoding mechanisms must be applied in order to obtain the media-type referenced by the Content-Type header field. Content-Encoding is primarily used to allow a document to be compressed without losing the identity of its underlying media type.

By using more than one file extension (see section above about multiple file extensions), you can indicate that a file is of a particular type, and also has a particular encoding.

For example, you may have a file which is a Microsoft Word document, which is pkzipped to reduce its size. If the .doc extension is associated with the Microsoft Word file type, and the .zip extension is associated with the pkzip file encoding, then the file Resume.doc.zip would be known to be a pkzip'ed Word document.

Apache sends a Content-encoding header with the resource, in order to tell the client browser about the encoding method.

Content-encoding: pkzip

top

Character sets and languages

In addition to file type and the file encoding, another important piece of information is what language a particular document is in, and in what character set the file should be displayed. For example, the document might be written in the Vietnamese alphabet, or in Cyrillic, and should be displayed as such. This information, also, is transmitted in HTTP headers.

The character set, language, encoding and mime type are all used in the process of content negotiation (See mod_negotiation) to determine which document to give to the client, when there are alternative documents in more than one character set, language, encoding or mime type. All filename extensions associations created with AddCharset, AddEncoding, AddLanguage and AddType directives (and extensions listed in the MimeMagicFile) participate in this select process. Filename extensions that are only associated using the AddHandler, AddInputFilter or AddOutputFilter directives may be included or excluded from matching by using the MultiviewsMatch directive.

Charset

To convey this further information, Apache optionally sends a Content-Language header, to specify the language that the document is in, and can append additional information onto the Content-Type header to indicate the particular character set that should be used to correctly render the information.

Content-Language: en, fr
Content-Type: text/plain; charset=ISO-8859-1

The language specification is the two-letter abbreviation for the language. The charset is the name of the particular character set which should be used.

top

AddCharset Directive

Description:Maps the given filename extensions to the specified content charset
Syntax:AddCharset charset extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddCharset directive maps the given filename extensions to the specified content charset. charset is the MIME charset parameter of filenames containing extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension.

Example

AddLanguage ja .ja
AddCharset EUC-JP .euc
AddCharset ISO-2022-JP .jis
AddCharset SHIFT_JIS .sjis

Then the document xxxx.ja.jis will be treated as being a Japanese document whose charset is ISO-2022-JP (as will the document xxxx.jis.ja). The AddCharset directive is useful for both to inform the client about the character encoding of the document so that the document can be interpreted and displayed appropriately, and for content negotiation, where the server returns one from several documents based on the client's charset preference.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

See also

top

AddEncoding Directive

Description:Maps the given filename extensions to the specified encoding type
Syntax:AddEncoding MIME-enc extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddEncoding directive maps the given filename extensions to the specified encoding type. MIME-enc is the MIME encoding to use for documents containing the extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension.

Example

AddEncoding x-gzip .gz
AddEncoding x-compress .Z

This will cause filenames containing the .gz extension to be marked as encoded using the x-gzip encoding, and filenames containing the .Z extension to be marked as encoded with x-compress.

Old clients expect x-gzip and x-compress, however the standard dictates that they're equivalent to gzip and compress respectively. Apache does content encoding comparisons by ignoring any leading x-. When responding with an encoding Apache will use whatever form (i.e., x-foo or foo) the client requested. If the client didn't specifically request a particular form Apache will use the form given by the AddEncoding directive. To make this long story short, you should always use x-gzip and x-compress for these two specific encodings. More recent encodings, such as deflate should be specified without the x-.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

top

AddHandler Directive

Description:Maps the filename extensions to the specified handler
Syntax:AddHandler handler-name extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

Files having the name extension will be served by the specified handler-name. This mapping is added to any already in force, overriding any mappings that already exist for the same extension. For example, to activate CGI scripts with the file extension .cgi, you might use:

AddHandler cgi-script .cgi

Once that has been put into your httpd.conf file, any file containing the .cgi extension will be treated as a CGI program.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

See also

top

AddInputFilter Directive

Description:Maps filename extensions to the filters that will process client requests
Syntax:AddInputFilter filter[;filter...] extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:AddInputFilter is only available in Apache 2.0.26 and later.

AddInputFilter maps the filename extension extension to the filters which will process client requests and POST input when they are received by the server. This is in addition to any filters defined elsewhere, including the SetInputFilter directive. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content. Both the filter and extension arguments are case-insensitive, and the extension may be specified with or without a leading dot.

See also

top

AddLanguage Directive

Description:Maps the given filename extension to the specified content language
Syntax:AddLanguage MIME-lang extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddLanguage directive maps the given filename extension to the specified content language. MIME-lang is the MIME language of filenames containing extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension.

Example

AddEncoding x-compress .Z
AddLanguage en .en
AddLanguage fr .fr

Then the document xxxx.en.Z will be treated as being a compressed English document (as will the document xxxx.Z.en). Although the content language is reported to the client, the browser is unlikely to use this information. The AddLanguage directive is more useful for content negotiation, where the server returns one from several documents based on the client's language preference.

If multiple language assignments are made for the same extension, the last one encountered is the one that is used. That is, for the case of:

AddLanguage en .en
AddLanguage en-gb .en
AddLanguage en-us .en

documents with the extension .en would be treated as being en-us.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

See also

top

AddOutputFilter Directive

Description:Maps filename extensions to the filters that will process responses from the server
Syntax:AddOutputFilter filter[;filter...] extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:AddOutputFilter is only available in Apache 2.0.26 and later.

The AddOutputFilter directive maps the filename extension extension to the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including SetOutputFilter and AddOutputFilterByType directive. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.

For example, the following configuration will process all .shtml files for server-side includes and will then compress the output using mod_deflate.

AddOutputFilter INCLUDES;DEFLATE shtml

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content. Both the filter and extension arguments are case-insensitive, and the extension may be specified with or without a leading dot.

See also

top

AddType Directive

Description:Maps the given filename extensions onto the specified content type
Syntax:AddType MIME-type extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddType directive maps the given filename extensions onto the specified content type. MIME-type is the MIME type to use for filenames containing extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension. This directive can be used to add mappings not listed in the MIME types file (see the TypesConfig directive).

Example

AddType image/gif .gif

It is recommended that new MIME types be added using the AddType directive rather than changing the TypesConfig file.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

See also

top

DefaultLanguage Directive

Description:Sets all files in the given scope to the specified language
Syntax:DefaultLanguage MIME-lang
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The DefaultLanguage directive tells Apache that all files in the directive's scope (e.g., all files covered by the current <Directory> container) that don't have an explicit language extension (such as .fr or .de as configured by AddLanguage) should be considered to be in the specified MIME-lang language. This allows entire directories to be marked as containing Dutch content, for instance, without having to rename each file. Note that unlike using extensions to specify languages, DefaultLanguage can only specify a single language.

If no DefaultLanguage directive is in force, and a file does not have any language extensions as configured by AddLanguage, then that file will be considered to have no language attribute.

Example

DefaultLanguage en

See also

top

ModMimeUsePathInfo Directive

Description:Tells mod_mime to treat path_info components as part of the filename
Syntax:ModMimeUsePathInfo On|Off
Default:ModMimeUsePathInfo Off
Context:directory
Status:Base
Module:mod_mime
Compatibility:Available in Apache 2.0.41 and later

The ModMimeUsePathInfo directive is used to combine the filename with the path_info URL component to apply mod_mime's directives to the request. The default value is Off - therefore, the path_info component is ignored.

This directive is recommended when you have a virtual filesystem.

Example

ModMimeUsePathInfo On

If you have a request for /bar/foo.shtml where /bar is a Location and ModMimeUsePathInfo is On, mod_mime will treat the incoming request as /bar/foo.shtml and directives like AddOutputFilter INCLUDES .shtml will add the INCLUDES filter to the request. If ModMimeUsePathInfo is not set, the INCLUDES filter will not be added.

See also

top

MultiviewsMatch Directive

Description:The types of files that will be included when searching for a matching file with MultiViews
Syntax:MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters]
Default:MultiviewsMatch NegotiatedOnly
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:Available in Apache 2.0.26 and later.

MultiviewsMatch permits three different behaviors for mod_negotiation's Multiviews feature. Multiviews allows a request for a file, e.g. index.html, to match any negotiated extensions following the base request, e.g. index.html.en, index.html.fr, or index.html.gz.

The NegotiatedOnly option provides that every extension following the base name must correlate to a recognized mod_mime extension for content negotation, e.g. Charset, Content-Type, Language, or Encoding. This is the strictest implementation with the fewest unexpected side effects, and is the default behavior.

To include extensions associated with Handlers and/or Filters, set the MultiviewsMatch directive to either Handlers, Filters, or both option keywords. If all other factors are equal, the smallest file will be served, e.g. in deciding between index.html.cgi of 500 bytes and index.html.pl of 1000 bytes, the .cgi file would win in this example. Users of .asis files might prefer to use the Handler option, if .asis files are associated with the asis-handler.

You may finally allow Any extensions to match, even if mod_mime doesn't recognize the extension. This was the behavior in Apache 1.3, and can cause unpredicatable results, such as serving .old or .bak files the webmaster never expected to be served.

For example, the following configuration will allow handlers and filters to participate in Multviews, but will exclude unknown files:

MultiviewsMatch Handlers Filters

See also

top

RemoveCharset Directive

Description:Removes any character set associations for a set of file extensions
Syntax:RemoveCharset extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveCharset is only available in Apache 2.0.24 and later.

The RemoveCharset directive removes any character set associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

Example

RemoveCharset .html .shtml

top

RemoveEncoding Directive

Description:Removes any content encoding associations for a set of file extensions
Syntax:RemoveEncoding extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The RemoveEncoding directive removes any encoding associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files. An example of its use might be:

/foo/.htaccess:

AddEncoding x-gzip .gz
AddType text/plain .asc
<Files *.gz.asc>
RemoveEncoding .gz
 </Files>

This will cause foo.gz to be marked as being encoded with the gzip method, but foo.gz.asc as an unencoded plaintext file.

Note

RemoveEncoding directives are processed after any AddEncoding directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

top

RemoveHandler Directive

Description:Removes any handler associations for a set of file extensions
Syntax:RemoveHandler extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The RemoveHandler directive removes any handler associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files. An example of its use might be:

/foo/.htaccess:

AddHandler server-parsed .html

/foo/bar/.htaccess:

RemoveHandler .html

This has the effect of returning .html files in the /foo/bar directory to being treated as normal files, rather than as candidates for parsing (see the mod_include module).

The extension argument is case-insensitive, and can be specified with or without a leading dot.

top

RemoveInputFilter Directive

Description:Removes any input filter associations for a set of file extensions
Syntax:RemoveInputFilter extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveInputFilter is only available in Apache 2.0.26 and later.

The RemoveInputFilter directive removes any input filter associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

See also

top

RemoveLanguage Directive

Description:Removes any language associations for a set of file extensions
Syntax:RemoveLanguage extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveLanguage is only available in Apache 2.0.24 and later.

The RemoveLanguage directive removes any language associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

top

RemoveOutputFilter Directive

Description:Removes any output filter associations for a set of file extensions
Syntax:RemoveOutputFilter extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveOutputFilter is only available in Apache 2.0.26 and later.

The RemoveOutputFilter directive removes any output filter associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

Example

RemoveOutputFilter shtml

See also

top

RemoveType Directive

Description:Removes any content type associations for a set of file extensions
Syntax:RemoveType extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The RemoveType directive removes any MIME type associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files. An example of its use might be:

/foo/.htaccess:

RemoveType .cgi

This will remove any special handling of .cgi files in the /foo/ directory and any beneath it, causing the files to be treated as being of the DefaultType.

Note

RemoveType directives are processed after any AddType directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration.

The extension argument is case-insensitive, and can be specified with or without a leading dot.

top

TypesConfig Directive

Description:The location of the mime.types file
Syntax:TypesConfig file-path
Default:TypesConfig conf/mime.types
Context:server config
Status:Base
Module:mod_mime

The TypesConfig directive sets the location of the MIME types configuration file. File-path is relative to the ServerRoot. This file sets the default list of mappings from filename extensions to content types. Most administrators use the provided mime.types file, which associates common filename extensions with IANA registered content types. The current list is maintained at http://www.iana.org/assignments/media-types/index.html. This simplifies the httpd.conf file by providing the majority of media-type definitions, and may be overridden by AddType directives as needed. You should not edit the mime.types file, because it may be replaced when you upgrade your server.

The file contains lines in the format of the arguments to an AddType directive:

MIME-type [extension] ...

The case of the extension does not matter. Blank lines, and lines beginning with a hash character (#) are ignored.

Please do not send requests to the Apache HTTP Server Project to add any new entries in the distributed mime.types file unless (1) they are already registered with IANA, and (2) they use widely accepted, non-conflicting filename extensions across platforms. category/x-subtype requests will be automatically rejected, as will any new two-letter extensions as they will likely conflict later with the already crowded language and character set namespace.

See also

mod/mod_mime_magic.html100644 0 0 32242 11074463123 12624 0ustar 0 0 mod_mime_magic - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_mime_magic

Description:Determines the MIME type of a file by looking at a few bytes of its contents
Status:Extension
ModuleIdentifier:mime_magic_module
SourceFile:mod_mime_magic.c

Summary

This module determines the MIME type of files in the same way the Unix file(1) command works: it looks at the first few bytes of the file. It is intended as a "second line of defense" for cases that mod_mime can't resolve.

This module is derived from a free version of the file(1) command for Unix, which uses "magic numbers" and other hints from a file's contents to figure out what the contents are. This module is active only if the magic file is specified by the MimeMagicFile directive.

top

Format of the Magic File

The contents of the file are plain ASCII text in 4-5 columns. Blank lines are allowed but ignored. Commented lines use a hash mark (#). The remaining lines are parsed for the following columns:

ColumnDescription
1 byte number to begin checking from
">" indicates a dependency upon the previous non-">" line
2

type of data to match

byte single character
short machine-order 16-bit integer
long machine-order 32-bit integer
string arbitrary-length string
date long integer date (seconds since Unix epoch/1970)
beshort big-endian 16-bit integer
belong big-endian 32-bit integer
bedate big-endian 32-bit integer date
leshort little-endian 16-bit integer
lelong little-endian 32-bit integer
ledate little-endian 32-bit integer date
3 contents of data to match
4 MIME type if matched
5 MIME encoding if matched (optional)

For example, the following magic file lines would recognize some audio formats:

# Sun/NeXT audio data
0      string      .snd
>12    belong      1       audio/basic
>12    belong      2       audio/basic
>12    belong      3       audio/basic
>12    belong      4       audio/basic
>12    belong      5       audio/basic
>12    belong      6       audio/basic
>12    belong      7       audio/basic
>12    belong     23       audio/x-adpcm

Or these would recognize the difference between *.doc files containing Microsoft Word or FrameMaker documents. (These are incompatible file formats which use the same file suffix.)

# Frame
0  string  \<MakerFile        application/x-frame
0  string  \<MIFFile          application/x-frame
0  string  \<MakerDictionary  application/x-frame
0  string  \<MakerScreenFon   application/x-frame
0  string  \<MML              application/x-frame
0  string  \<Book             application/x-frame
0  string  \<Maker            application/x-frame

# MS-Word
0  string  \376\067\0\043            application/msword
0  string  \320\317\021\340\241\261  application/msword
0  string  \333\245-\0\0\0           application/msword

An optional MIME encoding can be included as a fifth column. For example, this can recognize gzipped files and set the encoding for them.

# gzip (GNU zip, not to be confused with
#       [Info-ZIP/PKWARE] zip archiver)

0  string  \037\213  application/octet-stream  x-gzip
top

Performance Issues

This module is not for every system. If your system is barely keeping up with its load or if you're performing a web server benchmark, you may not want to enable this because the processing is not free.

However, an effort was made to improve the performance of the original file(1) code to make it fit in a busy web server. It was designed for a server where there are thousands of users who publish their own documents. This is probably very common on intranets. Many times, it's helpful if the server can make more intelligent decisions about a file's contents than the file name allows ...even if just to reduce the "why doesn't my page work" calls when users improperly name their own files. You have to decide if the extra work suits your environment.

top

Notes

The following notes apply to the mod_mime_magic module and are included here for compliance with contributors' copyright restrictions that require their acknowledgment.

mod_mime_magic: MIME type lookup via file magic numbers
Copyright (c) 1996-1997 Cisco Systems, Inc.

This software was submitted by Cisco Systems to the Apache Group in July 1997. Future revisions and derivatives of this source code must acknowledge Cisco Systems as the original contributor of this module. All other licensing and usage conditions are those of the Apache Group.

Some of this code is derived from the free version of the file command originally posted to comp.sources.unix. Copyright info for that program is included below as required.

- Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.

This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California.

Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it freely, subject to the following restrictions:

  1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it.
  2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation.
  3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation.
  4. This notice may not be removed or altered.

For compliance with Mr Darwin's terms: this has been very significantly modified from the free "file" command.

  • all-in-one file for compilation convenience when moving from one version of Apache to the next.
  • Memory allocation is done through the Apache API's pool structure.
  • All functions have had necessary Apache API request or server structures passed to them where necessary to call other Apache API routines. (i.e., usually for logging, files, or memory allocation in itself or a called function.)
  • struct magic has been converted from an array to a single-ended linked list because it only grows one record at a time, it's only accessed sequentially, and the Apache API has no equivalent of realloc().
  • Functions have been changed to get their parameters from the server configuration instead of globals. (It should be reentrant now but has not been tested in a threaded environment.)
  • Places where it used to print results to stdout now saves them in a list where they're used to set the MIME type in the Apache request record.
  • Command-line flags have been removed since they will never be used here.
top

MimeMagicFile Directive

Description:Enable MIME-type determination based on file contents using the specified magic file
Syntax:MimeMagicFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_mime_magic

The MimeMagicFile directive can be used to enable this module, the default file is distributed at conf/magic. Non-rooted paths are relative to the ServerRoot. Virtual hosts will use the same file as the main server unless a more specific setting is used, in which case the more specific setting overrides the main server's file.

Example

MimeMagicFile conf/magic

mod/mod_negotiation.html100644 0 0 40433 11074463123 13056 0ustar 0 0 mod_negotiation - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_negotiation

Description:Provides for content negotiation
Status:Base
ModuleIdentifier:negotiation_module
SourceFile:mod_negotiation.c

Summary

Content negotiation, or more accurately content selection, is the selection of the document that best matches the clients capabilities, from one of several available documents. There are two implementations of this.

  • A type map (a file with the handler type-map) which explicitly lists the files containing the variants.
  • A MultiViews search (enabled by the MultiViews Options), where the server does an implicit filename pattern match, and choose from amongst the results.
top

Type maps

A type map has a format similar to RFC822 mail headers. It contains document descriptions separated by blank lines, with lines beginning with a hash character ('#') treated as comments. A document description consists of several header records; records may be continued on multiple lines if the continuation lines start with spaces. The leading space will be deleted and the lines concatenated. A header record consists of a keyword name, which always ends in a colon, followed by a value. Whitespace is allowed between the header name and value, and between the tokens of value. The headers allowed are:

Content-Encoding:
The encoding of the file. Apache only recognizes encodings that are defined by an AddEncoding directive. This normally includes the encodings x-compress for compress'd files, and x-gzip for gzip'd files. The x- prefix is ignored for encoding comparisons.
Content-Language:
The language(s) of the variant, as an Internet standard language tag (RFC 1766). An example is en, meaning English. If the variant contains more than one language, they are separated by a comma.
Content-Length:
The length of the file, in bytes. If this header is not present, then the actual length of the file is used.
Content-Type:
The MIME media type of the document, with optional parameters. Parameters are separated from the media type and from one another by a semi-colon, with a syntax of name=value. Common parameters include:
level
an integer specifying the version of the media type. For text/html this defaults to 2, otherwise 0.
qs
a floating-point number with a value in the range 0.0 to 1.0, indicating the relative 'quality' of this variant compared to the other available variants, independent of the client's capabilities. For example, a jpeg file is usually of higher source quality than an ascii file if it is attempting to represent a photograph. However, if the resource being represented is ascii art, then an ascii file would have a higher source quality than a jpeg file. All qs values are therefore specific to a given resource.

Example

Content-Type: image/jpeg; qs=0.8

URI:
uri of the file containing the variant (of the given media type, encoded with the given content encoding). These are interpreted as URLs relative to the map file; they must be on the same server (!), and they must refer to files to which the client would be granted access if they were to be requested directly.
Body:
New in Apache 2.0, the actual content of the resource may be included in the type-map file using the Body header. This header must contain a string that designates a delimiter for the body content. Then all following lines in the type map file will be considered part of the resource body until the delimiter string is found.

Example:

Body:----xyz----
<html>
<body>
<p>Content of the page.</p>
</body>
</html>
----xyz----

top

MultiViews

A MultiViews search is enabled by the MultiViews Options. If the server receives a request for /some/dir/foo and /some/dir/foo does not exist, then the server reads the directory looking for all files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements, and returns that document.

The MultiViewsMatch directive configures whether Apache will consider files that do not have content negotiation meta-information assigned to them when choosing files.

top

CacheNegotiatedDocs Directive

Description:Allows content-negotiated documents to be cached by proxy servers
Syntax:CacheNegotiatedDocs On|Off
Default:CacheNegotiatedDocs Off
Context:server config, virtual host
Status:Base
Module:mod_negotiation
Compatibility:The syntax changed in version 2.0.

If set, this directive allows content-negotiated documents to be cached by proxy servers. This could mean that clients behind those proxys could retrieve versions of the documents that are not the best match for their abilities, but it will make caching more efficient.

This directive only applies to requests which come from HTTP/1.0 browsers. HTTP/1.1 provides much better control over the caching of negotiated documents, and this directive has no effect in responses to HTTP/1.1 requests.

Prior to version 2.0, CacheNegotiatedDocs did not take an argument; it was turned on by the presence of the directive by itself.

top

ForceLanguagePriority Directive

Description:Action to take if a single acceptable document is not found
Syntax:ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback]
Default:ForceLanguagePriority Prefer
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_negotiation
Compatibility:Available in version 2.0.30 and later

The ForceLanguagePriority directive uses the given LanguagePriority to satisfy negotation where the server could otherwise not return a single matching document.

ForceLanguagePriority Prefer uses LanguagePriority to serve a one valid result, rather than returning an HTTP result 300 (MULTIPLE CHOICES) when there are several equally valid choices. If the directives below were given, and the user's Accept-Language header assigned en and de each as quality .500 (equally acceptable) then the first matching variant, en, will be served.

LanguagePriority en fr de
ForceLanguagePriority Prefer

ForceLanguagePriority Fallback uses LanguagePriority to serve a valid result, rather than returning an HTTP result 406 (NOT ACCEPTABLE). If the directives below were given, and the user's Accept-Language only permitted an es language response, but such a variant isn't found, then the first variant from the LanguagePriority list below will be served.

LanguagePriority en fr de
ForceLanguagePriority Fallback

Both options, Prefer and Fallback, may be specified, so either the first matching variant from LanguagePriority will be served if more than one variant is acceptable, or first available document will be served if none of the variants matched the client's acceptable list of languages.

See also

top

LanguagePriority Directive

Description:The precendence of language variants for cases where the client does not express a preference
Syntax:LanguagePriority MIME-lang [MIME-lang] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_negotiation

The LanguagePriority sets the precedence of language variants for the case where the client does not express a preference, when handling a MultiViews request. The list of MIME-lang are in order of decreasing preference.

Example:

LanguagePriority en fr de

For a request for foo.html, where foo.html.fr and foo.html.de both existed, but the browser did not express a language preference, then foo.html.fr would be returned.

Note that this directive only has an effect if a 'best' language cannot be determined by any other means or the ForceLanguagePriority directive is not None. In general, the client determines the language preference, not the server.

See also

mod/mod_nw_ssl.html100644 0 0 14164 11074463123 12045 0ustar 0 0 mod_nw_ssl - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_nw_ssl

Description:Enable SSL encryption for NetWare
Status:Base
ModuleIdentifier:nwssl_module
SourceFile:mod_nw_ssl.c
Compatibility:NetWare only

Summary

This module enables SSL encryption for a specified port. It takes advantage of the SSL encryption functionality that is built into the NetWare operating system.

top

NWSSLTrustedCerts Directive

Description:List of additional client certificates
Syntax:NWSSLTrustedCerts filename [filename] ...
Context:server config
Status:Base
Module:mod_nw_ssl

Specifies a list of client certificate files (DER format) that are used when creating a proxied SSL connection. Each client certificate used by a server must be listed separately in its own .der file.

top

NWSSLUpgradeable Directive

Description:Allows a connection to be upgraded to an SSL connection upon request
Syntax:NWSSLUpgradeable [IP-address:]portnumber
Context:server config
Status:Base
Module:mod_nw_ssl

Allow a connection that was created on the specified address and/or port to be upgraded to an SSL connection upon request from the client. The address and/or port must have already be defined previously with a Listen directive.

top

SecureListen Directive

Description:Enables SSL encryption for the specified port
Syntax:SecureListen [IP-address:]portnumber Certificate-Name [MUTUAL]
Context:server config
Status:Base
Module:mod_nw_ssl

Specifies the port and the eDirectory based certificate name that will be used to enable SSL encryption. An optional third parameter also enables mutual authentication.

mod/mod_proxy.html100644 0 0 165423 11074463123 11746 0ustar 0 0 mod_proxy - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_proxy

Description:HTTP/1.1 proxy/gateway server
Status:Extension
ModuleIdentifier:proxy_module
SourceFile:mod_proxy.c

Summary

Warning

Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

This module implements a proxy/gateway for Apache. It implements proxying capability for FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. The module can be configured to connect to other proxy modules for these and other protocols.

Apache's proxy features are divided into several modules in addition to mod_proxy: mod_proxy_http, mod_proxy_ftp and mod_proxy_connect. Thus, if you want to use one or more of the particular proxy functions, load mod_proxy and the appropriate module(s) into the server (either statically at compile-time or dynamically via the LoadModule directive).

In addition, extended features are provided by other modules. Caching is provided by mod_cache and related modules. The ability to contact remote servers using the SSL/TLS protocol is provided by the SSLProxy* directives of mod_ssl. These additional modules will need to be loaded and configured to take advantage of these features.

top

Forward and Reverse Proxies

Apache can be configured in both a forward and reverse proxy mode.

An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall. The forward proxy can also use caching (as provided by mod_cache) to reduce network usage.

The forward proxy is activated using the ProxyRequests directive. Because forward proxys allow clients to access arbitrary sites through your server and to hide their true origin, it is essential that you secure your server so that only authorized clients can access the proxy before activating a forward proxy.

A reverse proxy, by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the name-space of the reverse proxy. The reverse proxy then decides where to send those requests, and returns the content as if it was itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers, or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

A reverse proxy is activated using the ProxyPass directive or the [P] flag to the RewriteRule directive. It is not necessary to turn ProxyRequests on in order to configure a reverse proxy.

top

Basic Examples

The examples below are only a very basic idea to help you get started. Please read the documentation on the individual directives.

In addition, if you wish to have caching enabled, consult the documentation from mod_cache.

Forward Proxy

ProxyRequests On
ProxyVia On

<Proxy *>
Order deny,allow
Deny from all
Allow from internal.example.com
 </Proxy>

Reverse Proxy

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
 </Proxy>

ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar

top

Controlling access to your proxy

You can control who can access your proxy via the <Proxy> control block as in the following example:

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
 </Proxy>

For more information on access control directives, see mod_access.

Strictly limiting access is essential if you are using a forward proxy (using the ProxyRequests directive). Otherwise, your server can be used by any client to access arbitrary hosts while hiding his or her true identity. This is dangerous both for your network and for the Internet at large. When using a reverse proxy (using the ProxyPass directive with ProxyRequests Off), access control is less critical because clients can only contact the hosts that you have specifically configured.

top

FTP Proxy

Why doesn't file type xxx download via FTP?

You probably don't have that particular file type defined as application/octet-stream in your proxy's mime.types configuration file. A useful line can be

application/octet-stream   bin dms lha lzh exe class tgz taz

How can I force an FTP ASCII download of File xxx?

In the rare situation where you must download a specific file using the FTP ASCII transfer method (while the default transfer is in binary mode), you can override mod_proxy's default by suffixing the request with ;type=a to force an ASCII transfer. (FTP Directory listings are always executed in ASCII mode, however.)

How can I access FTP files outside of my home directory?

An FTP URI is interpreted relative to the home directory of the user who is logging in. Alas, to reach higher directory levels you cannot use /../, as the dots are interpreted by the browser and not actually sent to the FTP server. To address this problem, the so called Squid %2f hack was implemented in the Apache FTP proxy; it is a solution which is also used by other popular proxy servers like the Squid Proxy Cache. By prepending /%2f to the path of your request, you can make such a proxy change the FTP starting directory to / (instead of the home directory). For example, to retrieve the file /etc/motd, you would use the URL:

ftp://user@host/%2f/etc/motd

How can I hide the FTP cleartext password in my browser's URL line?

To log in to an FTP server by username and password, Apache uses different strategies. In absense of a user name and password in the URL altogether, Apache sends an anonymous login to the FTP server, i.e.,

user: anonymous
password: apache_proxy@

This works for all popular FTP servers which are configured for anonymous access.

For a personal login with a specific username, you can embed the user name into the URL, like in:

ftp://username@host/myfile

If the FTP server asks for a password when given this username (which it should), then Apache will reply with a 401 (Authorization required) response, which causes the Browser to pop up the username/password dialog. Upon entering the password, the connection attempt is retried, and if successful, the requested resource is presented. The advantage of this procedure is that your browser does not display the password in cleartext (which it would if you had used

ftp://username:password@host/myfile

in the first place).

Note

The password which is transmitted in such a way is not encrypted on its way. It travels between your browser and the Apache proxy server in a base64-encoded cleartext string, and between the Apache proxy and the FTP server as plaintext. You should therefore think twice before accessing your FTP server via HTTP (or before accessing your personal files via FTP at all!) When using unsecure channels, an eavesdropper might intercept your password on its way.

top

Slow Startup

If you're using the ProxyBlock directive, hostnames' IP addresses are looked up and cached during startup for later match test. This may take a few seconds (or more) depending on the speed with which the hostname lookups occur.

top

Intranet Proxy

An Apache proxy server situated in an intranet needs to forward external requests through the company's firewall (for this, configure the ProxyRemote directive to forward the respective scheme to the firewall proxy). However, when it has to access resources within the intranet, it can bypass the firewall when accessing hosts. The NoProxy directive is useful for specifying which hosts belong to the intranet and should be accessed directly.

Users within an intranet tend to omit the local domain name from their WWW requests, thus requesting "http://somehost/" instead of http://somehost.example.com/. Some commercial proxy servers let them get away with this and simply serve the request, implying a configured local domain. When the ProxyDomain directive is used and the server is configured for proxy service, Apache can return a redirect response and send the client to the correct, fully qualified, server address. This is the preferred method since the user's bookmark files will then contain fully qualified hosts.

top

Protocol Adjustments

For circumstances where you have a application server which doesn't implement keepalives or HTTP/1.1 properly, there are 2 environment variables which when set send a HTTP/1.0 with no keepalive. These are set via the SetEnv directive.

These are the force-proxy-request-1.0 and proxy-nokeepalive notes.

<Location /buggyappserver/>
ProxyPass http://buggyappserver:7001/foo/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
 </Location>

top

AllowCONNECT Directive

Description:Ports that are allowed to CONNECT through the proxy
Syntax:AllowCONNECT port [port] ...
Default:AllowCONNECT 443 563
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The AllowCONNECT directive specifies a list of port numbers to which the proxy CONNECT method may connect. Today's browsers use this method when a https connection is requested and proxy tunneling over HTTP is in effect.

By default, only the default https port (443) and the default snews port (563) are enabled. Use the AllowCONNECT directive to override this default and allow connections to the listed ports only.

Note that you'll need to have mod_proxy_connect present in the server in order to get the support for the CONNECT at all.

top

NoProxy Directive

Description:Hosts, domains, or networks that will be connected to directly
Syntax:NoProxy host [host] ...
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This directive is only useful for Apache proxy servers within intranets. The NoProxy directive specifies a list of subnets, IP addresses, hosts and/or domains, separated by spaces. A request to a host which matches one or more of these is always served directly, without forwarding to the configured ProxyRemote proxy server(s).

Example

ProxyRemote * http://firewall.mycompany.com:81
NoProxy .mycompany.com 192.168.112.0/21

The host arguments to the NoProxy directive are one of the following type list:

Domain

A Domain is a partially qualified DNS domain name, preceded by a period. It represents a list of hosts which logically belong to the same DNS domain or zone (i.e., the suffixes of the hostnames are all ending in Domain).

Examples

.com .apache.org.

To distinguish Domains from Hostnames (both syntactically and semantically; a DNS domain can have a DNS A record, too!), Domains are always written with a leading period.

Note

Domain name comparisons are done without regard to the case, and Domains are always assumed to be anchored in the root of the DNS tree, therefore two domains .MyDomain.com and .mydomain.com. (note the trailing period) are considered equal. Since a domain comparison does not involve a DNS lookup, it is much more efficient than subnet comparison.

SubNet

A SubNet is a partially qualified internet address in numeric (dotted quad) form, optionally followed by a slash and the netmask, specified as the number of significant bits in the SubNet. It is used to represent a subnet of hosts which can be reached over a common network interface. In the absence of the explicit net mask it is assumed that omitted (or zero valued) trailing digits specify the mask. (In this case, the netmask can only be multiples of 8 bits wide.) Examples:

192.168 or 192.168.0.0
the subnet 192.168.0.0 with an implied netmask of 16 valid bits (sometimes used in the netmask form 255.255.0.0)
192.168.112.0/21
the subnet 192.168.112.0/21 with a netmask of 21 valid bits (also used in the form 255.255.248.0)

As a degenerate case, a SubNet with 32 valid bits is the equivalent to an IPAddr, while a SubNet with zero valid bits (e.g., 0.0.0.0/0) is the same as the constant _Default_, matching any IP address.

IPAddr

A IPAddr represents a fully qualified internet address in numeric (dotted quad) form. Usually, this address represents a host, but there need not necessarily be a DNS domain name connected with the address.

Example

192.168.123.7

Note

An IPAddr does not need to be resolved by the DNS system, so it can result in more effective apache performance.

Hostname

A Hostname is a fully qualified DNS domain name which can be resolved to one or more IPAddrs via the DNS domain name service. It represents a logical host (in contrast to Domains, see above) and must be resolvable to at least one IPAddr (or often to a list of hosts with different IPAddrs).

Examples

prep.ai.mit.edu
www.apache.org

Note

In many situations, it is more effective to specify an IPAddr in place of a Hostname since a DNS lookup can be avoided. Name resolution in Apache can take a remarkable deal of time when the connection to the name server uses a slow PPP link.

Hostname comparisons are done without regard to the case, and Hostnames are always assumed to be anchored in the root of the DNS tree, therefore two hosts WWW.MyDomain.com and www.mydomain.com. (note the trailing period) are considered equal.

See also

top

<Proxy> Directive

Description:Container for directives applied to proxied resources
Syntax:<Proxy wildcard-url> ...</Proxy>
Context:server config, virtual host
Status:Extension
Module:mod_proxy

Directives placed in <Proxy> sections apply only to matching proxied content. Shell-style wildcards are allowed.

For example, the following will allow only hosts in yournetwork.example.com to access content via your proxy server:

<Proxy *>
Order Deny,Allow
Deny from all
Allow from yournetwork.example.com
 </Proxy>

The following example will process all files in the foo directory of example.com through the INCLUDES filter when they are sent through the proxy server:

<Proxy http://example.com/foo/*>
SetOutputFilter INCLUDES
 </Proxy>

top

ProxyBadHeader Directive

Description:Determines how to handle bad header lines in a response
Syntax:ProxyBadHeader IsError|Ignore|StartBody
Default:ProxyBadHeader IsError
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.44 and later

The ProxyBadHeader directive determines the behaviour of mod_proxy if it receives syntactically invalid header lines (i.e. containing no colon). The following arguments are possible:

IsError
Abort the request and end up with a 502 (Bad Gateway) response. This is the default behaviour.
Ignore
Treat bad header lines as if they weren't sent.
StartBody
When receiving the first bad header line, finish reading the headers and treat the remainder as body. This helps to work around buggy backend servers which forget to insert an empty line between the headers and the body.
top

ProxyBlock Directive

Description:Words, hosts, or domains that are banned from being proxied
Syntax:ProxyBlock *|word|host|domain [word|host|domain] ...
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyBlock directive specifies a list of words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and FTP document requests to sites whose names contain matched words, hosts or domains are blocked by the proxy server. The proxy module will also attempt to determine IP addresses of list items which may be hostnames during startup, and cache them for match test as well. That may slow down the startup time of the server.

Example

ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu

rocky.wotsamattau.edu would also be matched if referenced by IP address.

Note that wotsamattau would also be sufficient to match wotsamattau.edu.

Note also that

ProxyBlock *

blocks connections to all sites.

top

ProxyDomain Directive

Description:Default domain name for proxied requests
Syntax:ProxyDomain Domain
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This directive is only useful for Apache proxy servers within intranets. The ProxyDomain directive specifies the default domain which the apache proxy server will belong to. If a request to a host without a domain name is encountered, a redirection response to the same host with the configured Domain appended will be generated.

Example

ProxyRemote * http://firewall.mycompany.com:81
NoProxy .mycompany.com 192.168.112.0/21
ProxyDomain .mycompany.com

top

ProxyErrorOverride Directive

Description:Override error pages for proxied content
Syntax:ProxyErrorOverride On|Off
Default:ProxyErrorOverride Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in version 2.0 and later

This directive is useful for reverse-proxy setups, where you want to have a common look and feel on the error pages seen by the end user. This also allows for included files (via mod_include's SSI) to get the error code and act accordingly (default behavior would display the error page of the proxied server, turning this on shows the SSI Error message).

top

ProxyFtpDirCharset Directive

Description:Define the character set for proxied FTP listings
Syntax:ProxyFtpDirCharset character set
Default:ProxyFtpDirCharset ISO-8859-1
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.62 and later

The ProxyFtpDirCharset directive defines the character set to be set for FTP directory listings in HTML generated by mod_proxy_ftp.

top

ProxyIOBufferSize Directive

Description:Determine size of internal data throughput buffer
Syntax:ProxyIOBufferSize bytes
Default:ProxyIOBufferSize 8192
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyIOBufferSize directive adjusts the size of the internal buffer, which is used as a scratchpad for the data between input and output. The size must be less or equal 8192.

In almost every case there's no reason to change that value.

top

<ProxyMatch> Directive

Description:Container for directives applied to regular-expression-matched proxied resources
Syntax:<ProxyMatch regex> ...</ProxyMatch>
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The <ProxyMatch> directive is identical to the <Proxy> directive, except it matches URLs using regular expressions.

top

ProxyMaxForwards Directive

Description:Maximium number of proxies that a request can be forwarded through
Syntax:ProxyMaxForwards number
Default:ProxyMaxForwards 10
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0 and later

The ProxyMaxForwards directive specifies the maximum number of proxies through which a request may pass, if there's no Max-Forwards header supplied with the request. This is set to prevent infinite proxy loops, or a DoS attack.

Example

ProxyMaxForwards 15

top

ProxyPass Directive

Description:Maps remote servers into the local server URL-space
Syntax:ProxyPass [path] !|url
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy

This directive allows remote servers to be mapped into the space of the local server; the local server does not act as a proxy in the conventional sense, but appears to be a mirror of the remote server. path is the name of a local virtual path; url is a partial URL for the remote server and cannot include a query string.

Suppose the local server has address http://example.com/; then

ProxyPass /mirror/foo/ http://backend.example.com/

will cause a local request for http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar.

The ! directive is useful in situations where you don't want to reverse-proxy a subdirectory, e.g.

ProxyPass /mirror/foo/i !
ProxyPass /mirror/foo http://backend.example.com

will proxy all requests to /mirror/foo to backend.example.com except requests made to /mirror/foo/i.

Note

Order is important. you need to put the exclusions before the general proxypass directive.

When used inside a <Location> section, the first argument is omitted and the local directory is obtained from the <Location>.

The ProxyRequests directive should usually be set off when using ProxyPass.

If you require a more flexible reverse-proxy configuration, see the RewriteRule directive with the [P] flag.

top

ProxyPassReverse Directive

Description:Adjusts the URL in HTTP response headers sent from a reverse proxied server
Syntax:ProxyPassReverse [path] url
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy

This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache is used as a reverse proxy to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.

Only the HTTP response headers specifically mentioned above will be rewritten. Apache will not rewrite other response headers, nor will it rewrite URL references inside HTML pages. This means that if the proxied content contains absolute URL references, they will by-pass the proxy. A third-party module that will look inside the HTML and rewrite URL references is Nick Kew's mod_proxy_html.

path is the name of a local virtual path. url is a partial URL for the remote server - the same way they are used for the ProxyPass directive.

For example, suppose the local server has address http://example.com/; then

ProxyPass /mirror/foo/ http://backend.example.com/
ProxyPassReverse /mirror/foo/ http://backend.example.com/

will not only cause a local request for the http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar (the functionality ProxyPass provides here). It also takes care of redirects the server backend.example.com sends: when http://backend.example.com/bar is redirected by him to http://backend.example.com/quux Apache adjusts this to http://example.com/mirror/foo/quux before forwarding the HTTP redirect response to the client. Note that the hostname used for constructing the URL is chosen in respect to the setting of the UseCanonicalName directive.

Note that this ProxyPassReverse directive can also be used in conjunction with the proxy pass-through feature (RewriteRule ... [P]) from mod_rewrite because its doesn't depend on a corresponding ProxyPass directive.

When used inside a <Location> section, the first argument is omitted and the local directory is obtained from the <Location>.

top

ProxyPreserveHost Directive

Description:Use incoming Host HTTP request header for proxy request
Syntax:ProxyPreserveHost On|Off
Default:ProxyPreserveHost Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.31 and later.

When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the proxypass line.

This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server.

top

ProxyReceiveBufferSize Directive

Description:Network buffer size for proxied HTTP and FTP connections
Syntax:ProxyReceiveBufferSize bytes
Default:ProxyReceiveBufferSize 0
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyReceiveBufferSize directive specifies an explicit (TCP/IP) network buffer size for proxied HTTP and FTP connections, for increased throughput. It has to be greater than 512 or set to 0 to indicate that the system's default buffer size should be used.

Example

ProxyReceiveBufferSize 2048

top

ProxyRemote Directive

Description:Remote proxy used to handle certain requests
Syntax:ProxyRemote match remote-server
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This defines remote proxies to this proxy. match is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or * to indicate the server should be contacted for all requests. remote-server is a partial URL for the remote server. Syntax:

remote-server = scheme://hostname[:port]

scheme is effectively the protocol that should be used to communicate with the remote server; only http is supported by this module.

Example

ProxyRemote http://goodguys.com/ http://mirrorguys.com:8000
ProxyRemote * http://cleversite.com
ProxyRemote ftp http://ftpproxy.mydomain.com:8080

In the last example, the proxy will forward FTP requests, encapsulated as yet another HTTP proxy request, to another proxy which can handle them.

This option also supports reverse proxy configuration - a backend webserver can be embedded within a virtualhost URL space even if that server is hidden by another forward proxy.

top

ProxyRemoteMatch Directive

Description:Remote proxy used to handle requests matched by regular expressions
Syntax:ProxyRemoteMatch regex remote-server
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyRemoteMatch is identical to the ProxyRemote directive, except the first argument is a regular expression match against the requested URL.

top

ProxyRequests Directive

Description:Enables forward (standard) proxy requests
Syntax:ProxyRequests On|Off
Default:ProxyRequests Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This allows or prevents Apache from functioning as a forward proxy server. (Setting ProxyRequests to Off does not disable use of the ProxyPass directive.)

In a typical reverse proxy configuration, this option should be set to Off.

In order to get the functionality of proxying HTTP or FTP sites, you need also mod_proxy_http or mod_proxy_ftp (or both) present in the server.

Warning

Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

top

ProxyTimeout Directive

Description:Network timeout for proxied requests
Syntax:ProxyTimeout seconds
Default:ProxyTimeout 300
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.31 and later

This directive allows a user to specifiy a timeout on proxy requests. This is useful when you have a slow/buggy appserver which hangs, and you would rather just return a timeout and fail gracefully instead of waiting however long it takes the server to return.

top

ProxyVia Directive

Description:Information provided in the Via HTTP response header for proxied requests
Syntax:ProxyVia On|Off|Full|Block
Default:ProxyVia Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This directive controls the use of the Via: HTTP header by the proxy. Its intended use is to control the flow of of proxy requests along a chain of proxy servers. See RFC 2616 (HTTP/1.1), section 14.45 for an explanation of Via: header lines.

  • If set to Off, which is the default, no special processing is performed. If a request or reply contains a Via: header, it is passed through unchanged.
  • If set to On, each request and reply will get a Via: header line added for the current host.
  • If set to Full, each generated Via: header line will additionally have the Apache server version shown as a Via: comment field.
  • If set to Block, every proxy request will have all its Via: header lines removed. No new Via: header will be generated.
mod/mod_proxy_connect.html100644 0 0 6755 11074463123 13421 0ustar 0 0 mod_proxy_connect - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_proxy_connect

Description:mod_proxy extension for CONNECT request handling
Status:Extension
ModuleIdentifier:proxy_connect_module
SourceFile:proxy_connect.c

Summary

This module requires the service of mod_proxy. It provides support for the CONNECT HTTP method. This method is mainly used to tunnel SSL requests through proxy servers.

Thus, in order to get the ability of handling CONNECT requests, mod_proxy and mod_proxy_connect have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

Directives

This module provides no directives.

See also

mod/mod_proxy_ftp.html100644 0 0 6354 11074463123 12554 0ustar 0 0 mod_proxy_ftp - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_proxy_ftp

Description:FTP support module for mod_proxy
Status:Extension
ModuleIdentifier:proxy_ftp_module
SourceFile:proxy_ftp.c

Summary

This module requires the service of mod_proxy. It provides support for the proxying FTP sites.

Thus, in order to get the ability of handling FTP proxy requests, mod_proxy and mod_proxy_ftp have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

Directives

This module provides no directives.

See also

mod/mod_proxy_http.html100644 0 0 7320 11074463123 12734 0ustar 0 0 mod_proxy_http - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_proxy_http

Description:HTTP support module for mod_proxy
Status:Extension
ModuleIdentifier:proxy_http_module
SourceFile:proxy_http.c

Summary

This module requires the service of mod_proxy. It provides the features used for proxying HTTP requests. mod_proxy_http supports HTTP/0.9, HTTP/1.0 and HTTP/1.1. It does not provide any caching abilities. If you want to set up a caching proxy, you might want to use the additional service of the mod_cache module.

Thus, in order to get the ability of handling HTTP proxy requests, mod_proxy and mod_proxy_http have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

Directives

This module provides no directives.

See also

mod/mod_rewrite.html100644 0 0 234567 11074463123 12254 0ustar 0 0 mod_rewrite - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_rewrite

Description:Provides a rule-based rewriting engine to rewrite requested URLs on the fly
Status:Extension
ModuleIdentifier:rewrite_module
SourceFile:mod_rewrite.c
Compatibility:Available in Apache 1.3 and later

Summary

This module uses a rule-based rewriting engine (based on a regular-expression parser) to rewrite requested URLs on the fly. It supports an unlimited number of rules and an unlimited number of attached rule conditions for each rule, to provide a really flexible and powerful URL manipulation mechanism. The URL manipulations can depend on various tests, of server variables, environment variables, HTTP headers, or time stamps. Even external database lookups in various formats can be used to achieve highly granular URL matching.

This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can generate query-string parts on result. The rewritten result can lead to internal sub-processing, external request redirection or even to an internal proxy throughput.

Further details, discussion, and examples, are provided in the detailed mod_rewrite documentation.

top

API Phases

Apache processes a HTTP request in several phases. A hook for each of these phases is provided by the Apache API. mod_rewrite uses two of these hooks: the URL-to-filename translation hook (used after the HTTP request has been read, but before any authorization starts) and the Fixup hook (triggered after the authorization phases, and after the per-directory config files (.htaccess) have been read, but before the content handler is activated).

Once a request comes in, and Apache has determined the appropriate server (or virtual server), the rewrite engine starts the URL-to-filename translation, processing the mod_rewrite directives from the per-server configuration. A few steps later, when the final data directories are found, the per-directory configuration directives of mod_rewrite are triggered in the Fixup phase.

top

Ruleset Processing

When mod_rewrite is triggered during these two API phases, it reads the relevant rulesets from its configuration structure (which was either created on startup, for per-server context, or during the directory traversal for per-directory context). The URL rewriting engine is started with the appropriate ruleset (one or more rules together with their conditions), and its operation is exactly the same for both configuration contexts. Only the final result processing is different.

The order of rules in the ruleset is important because the rewrite engine processes them in a particular (not always obvious) order, as follows: The rewrite engine loops through the rulesets (each ruleset being made up of RewriteRule directives, with or without RewriteConds), rule by rule. When a particular rule is matched, mod_rewrite also checks the corresponding conditions (RewriteCond directives). For historical reasons the conditions are given first, making the control flow a little bit long-winded. See Figure 1 for more details.

[Needs graphics capability to display]
Figure 1:The control flow of the rewrite engine through a rewrite ruleset

As above, first the URL is matched against the Pattern of a rule. If it does not match, mod_rewrite immediately stops processing that rule, and goes on to the next rule. If the Pattern matches, mod_rewrite checks for rule conditions. If none are present, the URL will be replaced with a new string, constructed from the Substitution string, and mod_rewrite goes on to the next rule.

If RewriteConds exist, an inner loop is started, processing them in the order that they are listed. Conditions are not matched against the current URL directly. A TestString is constructed by expanding variables, back-references, map lookups, etc., against which the CondPattern is matched. If the pattern fails to match one of the conditions, the complete set of rule and associated conditions fails. If the pattern matches a given condition, then matching continues to the next condition, until no more conditions are available. If all conditions match, processing is continued with the substitution of the Substitution string for the URL.

top

Regex Back-Reference Availability

Using parentheses in Pattern or in one of the CondPatterns causes back-references to be internally created. These can later be referenced using the strings $N and %N (see below), for creating the Substitution and TestString strings. Figure 2 attempts to show how the back-references are transferred through the process for later expansion.

[Needs graphics capability to display]
Figure 2: The back-reference flow through a rule.

top

Quoting Special Characters

As of Apache 1.3.20, special characters in TestString and Substitution strings can be escaped (that is, treated as normal characters without their usual special meaning) by prefixing them with a slash ('\') character. In other words, you can include an actual dollar-sign character in a Substitution string by using '\$'; this keeps mod_rewrite from trying to treat it as a backreference.

top

Environment Variables

This module keeps track of two additional (non-standard) CGI/SSI environment variables named SCRIPT_URL and SCRIPT_URI. These contain the logical Web-view to the current resource, while the standard CGI/SSI variables SCRIPT_NAME and SCRIPT_FILENAME contain the physical System-view.

Notice: These variables hold the URI/URL as they were initially requested, that is, before any rewriting. This is important to note because the rewriting process is primarily used to rewrite logical URLs to physical pathnames.

Example

SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
SCRIPT_FILENAME=/u/rse/.www/index.html
SCRIPT_URL=/u/rse/
SCRIPT_URI=http://en1.engelschall.com/u/rse/
top

Practical Solutions

For numerous examples of common, and not-so-common, uses for mod_rewrite, see the Rewrite Guide, and the Advanced Rewrite Guide documents.

top

RewriteBase Directive

Description:Sets the base URL for per-directory rewrites
Syntax:RewriteBase URL-path
Default:See usage for information.
Context:directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteBase directive explicitly sets the base URL for per-directory rewrites. As you will see below, RewriteRule can be used in per-directory config files (.htaccess). In such a case, it will act locally, stripping the local directory prefix before processing, and applying rewrite rules only to the remainder. When processing is complete, the prefix is automatically added back to the path. The default setting is; RewriteBase physical-directory-path

When a substitution occurs for a new URL, this module has to re-inject the URL into the server processing. To be able to do this it needs to know what the corresponding URL-prefix or URL-base is. By default this prefix is the corresponding filepath itself. However, for most websites, URLs are NOT directly related to physical filename paths, so this assumption will often be wrong! Therefore, you can use the RewriteBase directive to specify the correct URL-prefix.

If your webserver's URLs are not directly related to physical file paths, you will need to use RewriteBase in every .htaccess file where you want to use RewriteRule directives.

For example, assume the following per-directory config file:

#
#  /abc/def/.htaccess -- per-dir config file for directory /abc/def
#  Remember: /abc/def is the physical path of /xyz, i.e., the server
#            has a 'Alias /xyz /abc/def' directive e.g.
#

RewriteEngine On

#  let the server know that we were reached via /xyz and not
#  via the physical path prefix /abc/def
RewriteBase   /xyz

#  now the rewriting rules
RewriteRule   ^oldstuff\.html$  newstuff.html

In the above example, a request to /xyz/oldstuff.html gets correctly rewritten to the physical file /abc/def/newstuff.html.

For Apache Hackers

The following list gives detailed information about the internal processing steps:

Request:
  /xyz/oldstuff.html

Internal Processing:
  /xyz/oldstuff.html     -> /abc/def/oldstuff.html  (per-server Alias)
  /abc/def/oldstuff.html -> /abc/def/newstuff.html  (per-dir    RewriteRule)
  /abc/def/newstuff.html -> /xyz/newstuff.html      (per-dir    RewriteBase)
  /xyz/newstuff.html     -> /abc/def/newstuff.html  (per-server Alias)

Result:
  /abc/def/newstuff.html

This seems very complicated, but is in fact correct Apache internal processing. Because the per-directory rewriting comes late in the process, the rewritten request has to be re-injected into the Apache kernel. This is not the serious overhead it may seem to be - this re-injection is completely internal to the Apache server (and the same procedure is used by many other operations within Apache).

top

RewriteCond Directive

Description:Defines a condition under which rewriting will take place
Syntax: RewriteCond TestString CondPattern
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteCond directive defines a rule condition. One or more RewriteCond can precede a RewriteRule directive. The following rule is then only used if both the current state of the URI matches its pattern, and if these conditions are met.

TestString is a string which can contain the following expanded constructs in addition to plain text:

  • RewriteRule backreferences: These are backreferences of the form $N (0 <= N <= 9), which provide access to the grouped parts (in parentheses) of the pattern, from the RewriteRule which is subject to the current set of RewriteCond conditions..
  • RewriteCond backreferences: These are backreferences of the form %N (1 <= N <= 9), which provide access to the grouped parts (again, in parentheses) of the pattern, from the last matched RewriteCond in the current set of conditions.
  • RewriteMap expansions: These are expansions of the form ${mapname:key|default}. See the documentation for RewriteMap for more details.
  • Server-Variables: These are variables of the form %{ NAME_OF_VARIABLE } where NAME_OF_VARIABLE can be a string taken from the following list:
    HTTP headers: connection & request:
    HTTP_USER_AGENT
    HTTP_REFERER
    HTTP_COOKIE
    HTTP_FORWARDED
    HTTP_HOST
    HTTP_PROXY_CONNECTION
    HTTP_ACCEPT
    		 REMOTE_ADDR
    REMOTE_HOST
    REMOTE_PORT
    REMOTE_USER
    REMOTE_IDENT
    REQUEST_METHOD
    SCRIPT_FILENAME
    PATH_INFO
    QUERY_STRING
    AUTH_TYPE
    server internals: system stuff: specials:
    DOCUMENT_ROOT
    SERVER_ADMIN
    SERVER_NAME
    SERVER_ADDR
    SERVER_PORT
    SERVER_PROTOCOL
    SERVER_SOFTWARE
    		 TIME_YEAR
    TIME_MON
    TIME_DAY
    TIME_HOUR
    TIME_MIN
    TIME_SEC
    TIME_WDAY
    TIME
    		 API_VERSION
    THE_REQUEST
    REQUEST_URI
    REQUEST_FILENAME
    IS_SUBREQ
    HTTPS

    These variables all correspond to the similarly named HTTP MIME-headers, C variables of the Apache server or struct tm fields of the Unix system. Most are documented elsewhere in the Manual or in the CGI specification. Those that are special to mod_rewrite include those below.

    IS_SUBREQ
    Will contain the text "true" if the request currently being processed is a sub-request, "false" otherwise. Sub-requests may be generated by modules that need to resolve additional files or URIs in order to complete their tasks.
    API_VERSION
    This is the version of the Apache module API (the internal interface between server and module) in the current httpd build, as defined in include/ap_mmn.h. The module API version corresponds to the version of Apache in use (in the release version of Apache 1.3.14, for instance, it is 19990320:10), but is mainly of interest to module authors.
    THE_REQUEST
    The full HTTP request line sent by the browser to the server (e.g., "GET /index.html HTTP/1.1"). This does not include any additional headers sent by the browser.
    REQUEST_URI
    The resource requested in the HTTP request line. (In the example above, this would be "/index.html".)
    REQUEST_FILENAME
    The full local filesystem path to the file or script matching the request.
    HTTPS
    Will contain the text "on" if the connection is using SSL/TLS, or "off" otherwise. (This variable can be safely used regardless of whether or not mod_ssl is loaded).

Other things you should be aware of:

  1. The variables SCRIPT_FILENAME and REQUEST_FILENAME contain the same value - the value of the filename field of the internal request_rec structure of the Apache server. The first name is the commonly known CGI variable name while the second is the appropriate counterpart of REQUEST_URI (which contains the value of the uri field of request_rec).
  2. %{ENV:variable}, where variable can be any environment variable, is also available. This is looked-up via internal Apache structures and (if not found there) via getenv() from the Apache server process.
  3. %{SSL:variable}, where variable is the name of an SSL environment variable, can be used whether or not mod_ssl is loaded, but will always expand to the empty string if it is not. Example: %{SSL:SSL_CIPHER_USEKEYSIZE} may expand to 128.
  4. %{HTTP:header}, where header can be any HTTP MIME-header name, can always be used to obtain the value of a header sent in the HTTP request. Example: %{HTTP:Proxy-Connection} is the value of the HTTP header ``Proxy-Connection:''.
  5. %{LA-U:variable} can be used for look-aheads which perform an internal (URL-based) sub-request to determine the final value of variable. This can be used to access variable for rewriting which is not available at the current stage, but will be set in a later phase.

    For instance, to rewrite according to the REMOTE_USER variable from within the per-server context (httpd.conf file) you must use %{LA-U:REMOTE_USER} - this variable is set by the authorization phases, which come after the URL translation phase (during which mod_rewrite operates).

    On the other hand, because mod_rewrite implements its per-directory context (.htaccess file) via the Fixup phase of the API and because the authorization phases come before this phase, you just can use %{REMOTE_USER} in that context.

  6. %{LA-F:variable} can be used to perform an internal (filename-based) sub-request, to determine the final value of variable. Most of the time, this is the same as LA-U above.

CondPattern is the condition pattern, a regular expression which is applied to the current instance of the TestString. TestString is first evaluated, before being matched against CondPattern.

Remember: CondPattern is a perl compatible regular expression with some additions:

  1. You can prefix the pattern string with a '!' character (exclamation mark) to specify a non-matching pattern.
  2. There are some special variants of CondPatterns. Instead of real regular expression strings you can also use one of the following:
    • '<CondPattern' (lexicographically precedes)
      Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString lexicographically precedes CondPattern.
    • '>CondPattern' (lexicographically follows)
      Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString lexicographically follows CondPattern.
    • '=CondPattern' (lexicographically equal)
      Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString is lexicographically equal to CondPattern (the two strings are exactly equal, character for character). If CondPattern is "" (two quotation marks) this compares TestString to the empty string.
    • '-d' (is directory)
      Treats the TestString as a pathname and tests whether or not it exists, and is a directory.
    • '-f' (is regular file)
      Treats the TestString as a pathname and tests whether or not it exists, and is a regular file.
    • '-s' (is regular file, with size)
      Treats the TestString as a pathname and tests whether or not it exists, and is a regular file with size greater than zero.
    • '-l' (is symbolic link)
      Treats the TestString as a pathname and tests whether or not it exists, and is a symbolic link.
    • '-F' (is existing file, via subrequest)
      Checks whether or not TestString is a valid file, accessible via all the server's currently-configured access controls for that path. This uses an internal subrequest to do the check, so use it with care - it can impact your server's performance!
    • '-U' (is existing URL, via subrequest)
      Checks whether or not TestString is a valid URL, accessible via all the server's currently-configured access controls for that path. This uses an internal subrequest to do the check, so use it with care - it can impact your server's performance!

    Note

    All of these tests can also be prefixed by an exclamation mark ('!') to negate their meaning.
  3. You can also set special flags for CondPattern by appending [flags] as the third argument to the RewriteCond directive, where flags is a comma-separated list of any of the following flags:
    • 'nocase|NC' (no case)
      This makes the test case-insensitive - differences between 'A-Z' and 'a-z' are ignored, both in the expanded TestString and the CondPattern. This flag is effective only for comparisons between TestString and CondPattern. It has no effect on filesystem and subrequest checks.
    • 'ornext|OR' (or next condition)
      Use this to combine rule conditions with a local OR instead of the implicit AND. Typical example: 
      RewriteCond %{REMOTE_HOST}  ^host1.*  [OR]
RewriteCond %{REMOTE_HOST}  ^host2.*  [OR]
RewriteCond %{REMOTE_HOST}  ^host3.*
RewriteRule ...some special stuff for any of these hosts...
      Without this flag you would have to write the condition/rule pair three times.

Example:

To rewrite the Homepage of a site according to the ``User-Agent:'' header of the request, you can use the following: 

RewriteCond  %{HTTP_USER_AGENT}  ^Mozilla.*
RewriteRule  ^/$                 /homepage.max.html  [L]

RewriteCond  %{HTTP_USER_AGENT}  ^Lynx.*
RewriteRule  ^/$                 /homepage.min.html  [L]

RewriteRule  ^/$                 /homepage.std.html  [L]

Explanation: If you use a browser which identifies itself as 'Mozilla' (including Netscape Navigator, Mozilla etc), then you get the max homepage (which could include frames, or other special features). If you use the Lynx browser (which is terminal-based), then you get the min homepage (which could be a version designed for easy, text-only browsing). If neither of these conditions apply (you use any other browser, or your browser identifies itself as something non-standard), you get the std (standard) homepage.

top

RewriteEngine Directive

Description:Enables or disables runtime rewriting engine
Syntax:RewriteEngine on|off
Default:RewriteEngine off
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteEngine directive enables or disables the runtime rewriting engine. If it is set to off this module does no runtime processing at all. It does not even update the SCRIPT_URx environment variables.

Use this directive to disable the module instead of commenting out all the RewriteRule directives!

Note that, by default, rewrite configurations are not inherited. This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use it.

top

RewriteLock Directive

Description:Sets the name of the lock file used for RewriteMap synchronization
Syntax:RewriteLock file-path
Context:server config
Status:Extension
Module:mod_rewrite

This directive sets the filename for a synchronization lockfile which mod_rewrite needs to communicate with RewriteMap programs. Set this lockfile to a local path (not on a NFS-mounted device) when you want to use a rewriting map-program. It is not required for other types of rewriting maps.

top

RewriteLog Directive

Description:Sets the name of the file used for logging rewrite engine processing
Syntax:RewriteLog file-path
Context:server config, virtual host
Status:Extension
Module:mod_rewrite

The RewriteLog directive sets the name of the file to which the server logs any rewriting actions it performs. If the name does not begin with a slash ('/') then it is assumed to be relative to the Server Root. The directive should occur only once per server config.

To disable the logging of rewriting actions it is not recommended to set Filename to /dev/null, because although the rewriting engine does not then output to a logfile it still creates the logfile output internally. This will slow down the server with no advantage to the administrator! To disable logging either remove or comment out the RewriteLog directive or use RewriteLogLevel 0!

Security

See the Apache Security Tips document for details on how your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.

Example

RewriteLog "/usr/local/var/apache/logs/rewrite.log"

top

RewriteLogLevel Directive

Description:Sets the verbosity of the log file used by the rewrite engine
Syntax:RewriteLogLevel Level
Default:RewriteLogLevel 0
Context:server config, virtual host
Status:Extension
Module:mod_rewrite

The RewriteLogLevel directive sets the verbosity level of the rewriting logfile. The default level 0 means no logging, while 9 or more means that practically all actions are logged.

To disable the logging of rewriting actions simply set Level to 0. This disables all rewrite action logs.

Using a high value for Level will slow down your Apache server dramatically! Use the rewriting logfile at a Level greater than 2 only for debugging!

Example

RewriteLogLevel 3

top

RewriteMap Directive

Description:Defines a mapping function for key-lookup
Syntax:RewriteMap MapName MapType:MapSource
Context:server config, virtual host
Status:Extension
Module:mod_rewrite
Compatibility:The choice of different dbm types is available in Apache 2.0.41 and later

The RewriteMap directive defines a Rewriting Map which can be used inside rule substitution strings by the mapping-functions to insert/substitute fields through a key lookup. The source of this lookup can be of various types.

The MapName is the name of the map and will be used to specify a mapping-function for the substitution strings of a rewriting rule via one of the following constructs:

${ MapName : LookupKey }
${ MapName : LookupKey | DefaultValue }

When such a construct occurs, the map MapName is consulted and the key LookupKey is looked-up. If the key is found, the map-function construct is substituted by SubstValue. If the key is not found then it is substituted by DefaultValue or by the empty string if no DefaultValue was specified.

For example, you might define a RewriteMap as:

RewriteMap examplemap txt:/path/to/file/map.txt

You would then be able to use this map in a RewriteRule as follows:

RewriteRule ^/ex/(.*) ${examplemap:$1}

The following combinations for MapType and MapSource can be used:

  • Standard Plain Text
    MapType: txt, MapSource: Unix filesystem path to valid regular file

    This is the standard rewriting map feature where the MapSource is a plain ASCII file containing either blank lines, comment lines (starting with a '#' character) or pairs like the following - one per line.

    MatchingKey SubstValue

    Example

    ##
##  map.txt -- rewriting map
##

Ralf.S.Engelschall    rse   # Bastard Operator From Hell
Mr.Joe.Average        joe   # Mr. Average

    RewriteMap real-to-user txt:/path/to/file/map.txt

  • Randomized Plain Text
    MapType: rnd, MapSource: Unix filesystem path to valid regular file

    This is identical to the Standard Plain Text variant above but with a special post-processing feature: After looking up a value it is parsed according to contained ``|'' characters which have the meaning of ``or''. In other words they indicate a set of alternatives from which the actual returned value is chosen randomly. For example, you might use the following map file and directives to provide a random load balancing between several back-end server, via a reverse-proxy. Images are sent to one of the servers in the 'static' pool, while everything else is sent to one of the 'dynamic' pool.

    Example:

    Rewrite map file

    ##
##  map.txt -- rewriting map
##

static   www1|www2|www3|www4
dynamic  www5|www6

    Configuration directives

    RewriteMap servers rnd:/path/to/file/map.txt

    RewriteRule ^/(.*\.(png|gif|jpg)) http://${servers:static}/$1 [NC,P,L]
    RewriteRule ^/(.*) http://${servers:dynamic}/$1 [P,L]

  • Hash File
    MapType: dbm[=type], MapSource: Unix filesystem path to valid regular file

    Here the source is a binary format DBM file containing the same contents as a Plain Text format file, but in a special representation which is optimized for really fast lookups. The type can be sdbm, gdbm, ndbm, or db depending on compile-time settings. If the type is ommitted, the compile-time default will be chosen. You can create such a file with any DBM tool or with the following Perl script. Be sure to adjust it to create the appropriate type of DBM. The example creates an NDBM file.

    #!/path/to/bin/perl
##
##  txt2dbm -- convert txt map to dbm format
##

use NDBM_File;
use Fcntl;

($txtmap, $dbmmap) = @ARGV;

open(TXT, "<$txtmap") or die "Couldn't open $txtmap!\n";
tie (%DB, 'NDBM_File', $dbmmap,O_RDWR|O_TRUNC|O_CREAT, 0644)
  or die "Couldn't create $dbmmap!\n";

while (<TXT>) {
  next if (/^\s*#/ or /^\s*$/);
  $DB{$1} = $2 if (/^\s*(\S+)\s+(\S+)/);
}

untie %DB;
close(TXT);

    $ txt2dbm map.txt map.db

  • Internal Function
    MapType: int, MapSource: Internal Apache function

    Here, the source is an internal Apache function. Currently you cannot create your own, but the following functions already exist:

    • toupper:
      Converts the key to all upper case.
    • tolower:
      Converts the key to all lower case.
    • escape:
      Translates special characters in the key to hex-encodings.
    • unescape:
      Translates hex-encodings in the key back to special characters.
  • External Rewriting Program
    MapType: prg, MapSource: Unix filesystem path to valid regular file

    Here the source is a program, not a map file. To create it you can use a language of your choice, but the result has to be an executable program (either object-code or a script with the magic cookie trick '#!/path/to/interpreter' as the first line).

    This program is started once, when the Apache server is started, and then communicates with the rewriting engine via its stdin and stdout file-handles. For each map-function lookup it will receive the key to lookup as a newline-terminated string on stdin. It then has to give back the looked-up value as a newline-terminated string on stdout or the four-character string ``NULL'' if it fails (i.e., there is no corresponding value for the given key). A trivial program which will implement a 1:1 map (i.e., key == value) could be:

    #!/usr/bin/perl
$| = 1;
while (<STDIN>) {
    # ...put here any transformations or lookups...
    print $_;
}

    But be very careful:

    1. ``Keep it simple, stupid'' (KISS). If this program hangs, it will cause Apache to hang when trying to use the relevant rewrite rule.
    2. A common mistake is to use buffered I/O on stdout. Avoid this, as it will cause a deadloop! ``$|=1'' is used above, to prevent this.
    3. The RewriteLock directive can be used to define a lockfile which mod_rewrite can use to synchronize communication with the mapping program. By default no such synchronization takes place.

The RewriteMap directive can occur more than once. For each mapping-function use one RewriteMap directive to declare its rewriting mapfile. While you cannot declare a map in per-directory context it is of course possible to use this map in per-directory context.

Note

For plain text and DBM format files the looked-up keys are cached in-core until the mtime of the mapfile changes or the server does a restart. This way you can have map-functions in rules which are used for every request. This is no problem, because the external lookup only happens once!
top

RewriteOptions Directive

Description:Sets some special options for the rewrite engine
Syntax:RewriteOptions Options
Default:RewriteOptions MaxRedirects=10
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite
Compatibility:MaxRedirects is available in Apache 2.0.45 and later

The RewriteOptions directive sets some special options for the current per-server or per-directory configuration. The Option strings can be one of the following:

inherit
This forces the current configuration to inherit the configuration of the parent. In per-virtual-server context this means that the maps, conditions and rules of the main server are inherited. In per-directory context this means that conditions and rules of the parent directory's .htaccess configuration are inherited.
MaxRedirects=number
In order to prevent endless loops of internal redirects issued by per-directory RewriteRules, mod_rewrite aborts the request after reaching a maximum number of such redirects and responds with an 500 Internal Server Error. If you really need more internal redirects than 10 per request, you may increase the default to the desired value.
top

RewriteRule Directive

Description:Defines rules for the rewriting engine
Syntax:RewriteRule Pattern Substitution
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite
Compatibility:The cookie-flag is available in Apache 2.0.40 and later.

The RewriteRule directive is the real rewriting workhorse. The directive can occur more than once, with each instance defining a single rewrite rule. The order in which these rules are defined is important - this is the order in which they will be applied at run-time.

Pattern is a perl compatible regular expression, which is applied to the current URL. ``Current'' means the value of the URL when this rule is applied. This may not be the originally requested URL, which may already have matched a previous rule, and have been altered.

Some hints on the syntax of regular expressions:

Text:
  .           Any single character
  [chars]     Character class: Any character of the class ``chars''
  [^chars]    Character class: Not a character of the class ``chars''
  text1|text2 Alternative: text1 or text2

Quantifiers:
  ?           0 or 1 occurrences of the preceding text
  *           0 or N occurrences of the preceding text (N > 0)
  +           1 or N occurrences of the preceding text (N > 1)

Grouping:
  (text)      Grouping of text
              (used either to set the borders of an alternative as above, or
              to make backreferences, where the Nth group can
              be referred to on the RHS of a RewriteRule as $N)

Anchors:
  ^           Start-of-line anchor
  $           End-of-line anchor

Escaping:
  \char       escape the given char
              (for instance, to specify the chars ".[]()" etc.)

For more information about regular expressions, have a look at the perl regular expression manpage ("perldoc perlre"). If you are interested in more detailed information about regular expressions and their variants (POSIX regex etc.) the following book is dedicated to this topic:

Mastering Regular Expressions, 2nd Edition
Jeffrey E.F. Friedl
O'Reilly & Associates, Inc. 2002
ISBN 0-596-00289-0

In mod_rewrite, the NOT character ('!') is also available as a possible pattern prefix. This enables you to negate a pattern; to say, for instance: ``if the current URL does NOT match this pattern''. This can be used for exceptional cases, where it is easier to match the negative pattern, or as a last default rule.

Note

When using the NOT character to negate a pattern, you cannot include grouped wildcard parts in that pattern. This is because, when the pattern does NOT match (ie, the negation matches), there are no contents for the groups. Thus, if negated patterns are used, you cannot use $N in the substitution string!

The substitution of a rewrite rule is the string which is substituted for (or replaces) the original URL which Pattern matched. In addition to plain text, it can include

  1. back-references ($N) to the RewriteRule pattern
  2. back-references (%N) to the last matched RewriteCond pattern
  3. server-variables as in rule condition test-strings (%{VARNAME})
  4. mapping-function calls (${mapname:key|default})

Back-references are identifiers of the form $N (N=0..9), which will be replaced by the contents of the Nth group of the matched Pattern. The server-variables are the same as for the TestString of a RewriteCond directive. The mapping-functions come from the RewriteMap directive and are explained there. These three types of variables are expanded in the order above.

As already mentioned, all rewrite rules are applied to the Substitution (in the order in which they are defined in the config file). The URL is completely replaced by the Substitution and the rewriting process continues until all rules have been applied, or it is explicitly terminated by a L flag - see below.

There is a special substitution string named '-' which means: NO substitution! This is useful in providing rewriting rules which only match URLs but do not substitute anything for them. It is commonly used in conjunction with the C (chain) flag, in order to apply more than one pattern before substitution occurs.

Additionally you can set special flags for Substitution by appending [flags] as the third argument to the RewriteRule directive. Flags is a comma-separated list of any of the following flags:

  • 'chain|C' (chained with next rule)
    This flag chains the current rule with the next rule (which itself can be chained with the following rule, and so on). This has the following effect: if a rule matches, then processing continues as usual - the flag has no effect. If the rule does not match, then all following chained rules are skipped. For instance, it can be used to remove the ``.www'' part, inside a per-directory rule set, when you let an external redirect happen (where the ``.www'' part should not occur!).
  • 'cookie|CO=NAME:VAL:domain[:lifetime[:path]]' (set cookie)
    This sets a cookie in the client's browser. The cookie's name is specified by NAME and the value is VAL. The domain field is the domain of the cookie, such as '.apache.org', the optional lifetime is the lifetime of the cookie in minutes, and the optional path is the path of the cookie
  • 'env|E=VAR:VAL' (set environment variable)
    This forces an environment variable named VAR to be set to the value VAL, where VAL can contain regexp backreferences ($N and %N) which will be expanded. You can use this flag more than once, to set more than one variable. The variables can later be dereferenced in many situations, most commonly from within XSSI (via <!--#echo var="VAR"-->) or CGI ($ENV{'VAR'}). You can also dereference the variable in a later RewriteCond pattern, using %{ENV:VAR}. Use this to strip information from URLs, while maintaining a record of that information.
  • 'forbidden|F' (force URL to be forbidden)
    This forces the current URL to be forbidden - it immediately sends back a HTTP response of 403 (FORBIDDEN). Use this flag in conjunction with appropriate RewriteConds to conditionally block some URLs.
  • 'gone|G' (force URL to be gone)
    This forces the current URL to be gone - it immediately sends back a HTTP response of 410 (GONE). Use this flag to mark pages which no longer exist as gone.
  • 'last|L' (last rule)
    Stop the rewriting process here and don't apply any more rewrite rules. This corresponds to the Perl last command or the break command in C. Use this flag to prevent the currently rewritten URL from being rewritten further by following rules. For example, use it to rewrite the root-path URL ('/') to a real one, e.g., '/e/www/'.
  • 'next|N' (next round)
    Re-run the rewriting process (starting again with the first rewriting rule). This time, the URL to match is no longer the original URL, but rather the URL returned by the last rewriting rule. This corresponds to the Perl next command or the continue command in C. Use this flag to restart the rewriting process - to immediately go to the top of the loop.
    Be careful not to create an infinite loop!
  • 'nocase|NC' (no case)
    This makes the Pattern case-insensitive, ignoring difference between 'A-Z' and 'a-z' when Pattern is matched against the current URL.
  • 'noescape|NE' (no URI escaping of output)
    This flag prevents mod_rewrite from applying the usual URI escaping rules to the result of a rewrite. Ordinarily, special characters (such as '%', '$', ';', and so on) will be escaped into their hexcode equivalents ('%25', '%24', and '%3B', respectively); this flag prevents this from happening. This allows percent symbols to appear in the output, as in

    RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]

    which would turn '/foo/zed' into a safe request for '/bar?arg=P1=zed'.
  • 'nosubreq|NS' ( not for internal sub-requests)
    This flag forces the rewrite engine to skip a rewrite rule if the current request is an internal sub-request. For instance, sub-requests occur internally in Apache when mod_include tries to find out information about possible directory default files (index.xxx). On sub-requests it is not always useful, and can even cause errors, if the complete set of rules are applied. Use this flag to exclude some rules.
    To decide whether or not to use this rule: if you prefix URLs with CGI-scripts, to force them to be processed by the CGI-script, it's likely that you will run into problems (or significant overhead) on sub-requests. In these cases, use this flag.
  • 'proxy|P' (force proxy)
    This flag forces the substitution part to be internally sent as a proxy request and immediately (rewrite processing stops here) put through the proxy module. You must make sure that the substitution string is a valid URI (typically starting with http://hostname) which can be handled by the Apache proxy module. If not, you will get an error from the proxy module. Use this flag to achieve a more powerful implementation of the ProxyPass directive, to map remote content into the namespace of the local server.

    Note: mod_proxy must be enabled in order to use this flag.

  • 'passthrough|PT' (pass through to next handler)
    This flag forces the rewrite engine to set the uri field of the internal request_rec structure to the value of the filename field. This flag is just a hack to enable post-processing of the output of RewriteRule directives, using Alias, ScriptAlias, Redirect, and other directives from various URI-to-filename translators. For example, to rewrite /abc to /def using mod_rewrite, and then /def to /ghi using mod_alias:

    RewriteRule ^/abc(.*) /def$1 [PT]
    Alias /def /ghi

    If you omit the PT flag, mod_rewrite will rewrite uri=/abc/... to filename=/def/... as a full API-compliant URI-to-filename translator should do. Then mod_alias will try to do a URI-to-filename transition, which will fail.

    Note: You must use this flag if you want to mix directives from different modules which allow URL-to-filename translators. The typical example is the use of mod_alias and mod_rewrite.

  • 'qsappend|QSA' (query string append)
    This flag forces the rewrite engine to append a query string part of the substitution string to the existing string, instead of replacing it. Use this when you want to add more data to the query string via a rewrite rule.
  • 'redirect|R [=code]' (force redirect)
    Prefix Substitution with http://thishost[:thisport]/ (which makes the new URL a URI) to force a external redirection. If no code is given, a HTTP response of 302 (MOVED TEMPORARILY) will be returned. If you want to use other response codes in the range 300-400, simply specify the appropriate number or use one of the following symbolic names: temp (default), permanent, seeother. Use this for rules to canonicalize the URL and return it to the client - to translate ``/~'' into ``/u/'', or to always append a slash to /u/user, etc.
    Note: When you use this flag, make sure that the substitution field is a valid URL! Otherwise, you will be redirecting to an invalid location. Remember that this flag on its own will only prepend http://thishost[:thisport]/ to the URL, and rewriting will continue. Usually, you will want to stop rewriting at this point, and redirect immediately. To stop rewriting, you should add the 'L' flag.
  • 'skip|S=num' (skip next rule(s))
    This flag forces the rewriting engine to skip the next num rules in sequence, if the current rule matches. Use this to make pseudo if-then-else constructs: The last rule of the then-clause becomes skip=N, where N is the number of rules in the else-clause. (This is not the same as the 'chain|C' flag!)
  • 'type|T=MIME-type' (force MIME type)
    Force the MIME-type of the target file to be MIME-type. This can be used to set up the content-type based on some conditions. For example, the following snippet allows .php files to be displayed by mod_php if they are called with the .phps extension:

    RewriteRule ^(.+\.php)s$ $1 [T=application/x-httpd-php-source]

Home directory expansion

When the substitution string begins with a string resembling "/~user" (via explicit text or backreferences), mod_rewrite performs home directory expansion independent of the presence or configuration of mod_userdir.

This expansion does not occur when the PT flag is used on the RewriteRule directive.

Note: Enabling rewrites in per-directory context

To enable the rewriting engine for per-directory configuration files, you need to set ``RewriteEngine On'' in these files and ``Options FollowSymLinks'' must be enabled. If your administrator has disabled override of FollowSymLinks for a user's directory, then you cannot use the rewriting engine. This restriction is needed for security reasons.

Note: Pattern matching in per-directory context

Never forget that Pattern is applied to a complete URL in per-server configuration files. However, in per-directory configuration files, the per-directory prefix (which always is the same for a specific directory) is automatically removed for the pattern matching and automatically added after the substitution has been done. This feature is essential for many sorts of rewriting - without this, you would always have to match the parent directory which is not always possible.

There is one exception: If a substitution string starts with ``http://'', then the directory prefix will not be added, and an external redirect or proxy throughput (if flag P is used) is forced!

Note: Substitution of Absolute URLs

When you prefix a substitution field with http://thishost[:thisport], mod_rewrite will automatically strip that out. This auto-reduction on URLs with an implicit external redirect is most useful in combination with a mapping-function which generates the hostname part.

Remember: An unconditional external redirect to your own server will not work with the prefix http://thishost because of this feature. To achieve such a self-redirect, you have to use the R-flag.

Note: Query String

The Pattern will not be matched against the query string. Instead, you must use a RewriteCond with the %{QUERY_STRING} variable. You can, however, create URLs in the substitution string, containing a query string part. Simply use a question mark inside the substitution string, to indicate that the following text should be re-injected into the query string. When you want to erase an existing query string, end the substitution string with just a question mark. To combine a new query string with an old one, use the [QSA] flag.

Here are all possible substitution combinations and their meanings:

Inside per-server configuration (httpd.conf)
for request ``GET /somepath/pathinfo'':

Given Rule                                      Resulting Substitution
----------------------------------------------  ----------------------------------
^/somepath(.*) otherpath$1                      invalid, not supported

^/somepath(.*) otherpath$1  [R]                 invalid, not supported

^/somepath(.*) otherpath$1  [P]                 invalid, not supported
----------------------------------------------  ----------------------------------
^/somepath(.*) /otherpath$1                     /otherpath/pathinfo

^/somepath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
                                                via external redirection

^/somepath(.*) /otherpath$1 [P]                 doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^/somepath(.*) http://thishost/otherpath$1      /otherpath/pathinfo

^/somepath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
                                                via external redirection

^/somepath(.*) http://thishost/otherpath$1 [P]  doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^/somepath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
                                                via external redirection

^/somepath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
                                                via external redirection
                                                (the [R] flag is redundant)

^/somepath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
                                                via internal proxy

Inside per-directory configuration for /somepath
(/physical/path/to/somepath/.htacccess, with RewriteBase /somepath)
for request ``GET /somepath/localpath/pathinfo'':

Given Rule                                      Resulting Substitution
----------------------------------------------  ----------------------------------
^localpath(.*) otherpath$1                      /somepath/otherpath/pathinfo

^localpath(.*) otherpath$1  [R]                 http://thishost/somepath/otherpath/pathinfo
                                                via external redirection

^localpath(.*) otherpath$1  [P]                 doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^localpath(.*) /otherpath$1                     /otherpath/pathinfo

^localpath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
                                                via external redirection

^localpath(.*) /otherpath$1 [P]                 doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^localpath(.*) http://thishost/otherpath$1      /otherpath/pathinfo

^localpath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
                                                via external redirection

^localpath(.*) http://thishost/otherpath$1 [P]  doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^localpath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
                                                via external redirection

^localpath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
                                                via external redirection
                                                (the [R] flag is redundant)

^localpath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
                                                via internal proxy
mod/mod_setenvif.html100644 0 0 31172 11074463123 12361 0ustar 0 0 mod_setenvif - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_setenvif

:û ݿ ȯ溯 Ѵ
:Base
:setenvif_module
ҽ:mod_setenvif.c

mod_setenvif û ǥĿ شϴ η ȯ溯 Ѵ. ٸ κ ൿ Ҷ ȯ溯 ִ.

Ͽ þ óѴ. ׷ MSIE ƴ϶ mozilla netscape ϴ Ʒ þ Բ ִ.

BrowserMatch ^Mozilla netscape
BrowserMatch MSIE !netscape

top

BrowserMatch þ

:HTTP User-Agent ȯ溯 Ѵ
:BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif

BrowserMatch SetEnvIf þ Ư , HTTP û User-Agent ȯ溯 Ѵ. :

BrowserMatchNoCase Robot is_a_robot
SetEnvIfNoCase User-Agent Robot is_a_robot

߰ :

BrowserMatch ^Mozilla forms jpeg=yes browser=netscape
BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript
BrowserMatch MSIE !javascript

top

BrowserMatchNoCase þ

:ҹڸ ʰ User-Agent ȯ溯 Ѵ
:BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif
:ġ 1.2 ̻ (ġ 1.2 þ mod_browser ⿡ ־)

BrowserMatchNoCase þ BrowserMatch þ ǹ̻ . ׷ þ ҹڸ ʴ´. :

BrowserMatchNoCase mac platform=macintosh
BrowserMatchNoCase win platform=windows

BrowserMatch BrowserMatchNoCase þ SetEnvIf SetEnvIfNoCase þ Ư . :

BrowserMatchNoCase Robot is_a_robot
SetEnvIfNoCase User-Agent Robot is_a_robot

top

SetEnvIf þ

:û ȯ溯 Ѵ
:SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif

SetEnvIf þ û ȯ溯 Ѵ. ù° ƱԸƮ attribute ϳ:

  1. HTTP û ( ڼ RFC2616 ); : Host, User-Agent, Referer, Accept-Language. ǥ Ͽ û Ī ִ.
  2. û ϳ:
    • Remote_Host - (ִٸ) ûϴ Ŭ̾Ʈ ȣƮ
    • Remote_Addr - ûϴ Ŭ̾Ʈ IP ּ
    • Server_Addr - û ޴ IP ּ (2.0.43 Ŀ)
    • Request_Method - ޽ ̸ (GET, POST, )
    • Request_Protocol - û ̸ ( , "HTTP/0.9", "HTTP/1.1", .)
    • Request_URI - HTTP û û ڿ -- Ϲ URL ǹڿ Ŵ(scheme) ȣƮ κ
  3. û ȯ溯 ̸. ׷ SetEnvIf þ þ ˻ ִ. SetEnvIf[NoCase] þ ȯ溯 ˻ ִ. ''̶ ( ) Ȥ þ Ѵ. û ƴϰ ǥ ƴ attribute ȯ溯 Ѵ.

ι° ƱԸƮ (regex) Perl ȣȯ ǥ̴. ̴ POSIX.2 egrep ǥİ ϴ. regex attribute ϸ ƱԸƮ óѴ.

ƱԸƮ () ̴. ̴

  1. varname, Ȥ
  2. !varname, Ȥ
  3. varname=value

ù° ´ "1" Ѵ. ι° ´ ̹ ǵ ϰ, ° value Ѵ. ġ 2.0.51 value ִ $1..$9 regex ȣģ ǥ üѴ.

:

SetEnvIf Request_URI "\.gif$" object_is_image=gif
SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
:
SetEnvIf Referer www\.mydomain\.com intra_site_referral
:
SetEnvIf object_is_image xbm XBIT_PROCESSING=1
:
SetEnvIf ^TS* ^[a-z].* HAVE_TS

ó ̹ û ȯ溯 object_is_image Ѵ. ׹° www.mydomain.com Ʈ intra_site_referral Ѵ.

û ̸ "TS" ϰ [a-z] ϳ ϴ ִ ȯ溯 HAVE_TS Ѵ.

top

SetEnvIfNoCase þ

:ҹڸ ʰ û ȯ溯 Ѵ
:SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif
:ġ 1.3

SetEnvIfNoCase ǹ̻ SetEnvIf þ , ҹڸ ʰ ǥ ã´. :

SetEnvIfNoCase Host Apache\.Org site=apache

HTTP û Host: Apache.Org, apache.org ϸ site ȯ溯 "apache" Ѵ.

mod/mod_so.html100644 0 0 20512 11074463123 11153 0ustar 0 0 mod_so - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_so

:Ҷ Ȥ Ҷ డ ڵ оδ
:Extension
:so_module
ҽ:mod_so.c
: (׻ ϴ) Base ̴.

ü ġ ü (DSO) Ͽ ٽ ʰ ߿ о ִ.

о ڵ, н (.so Ȯڸ ) Ϲ ṵ̈,  .so Ȥ .dll Ȯڸ .

ġ 1.3 ġ 2.0 . ġ 2.0 о̰ų ġ Ϸ ؾ Ѵ.

top

 о

ġ 1.3.15 2.0 Ǿ. mod_foo.so̴.

mod_so ApacheModuleFoo.dll о , ο ̸ Ģ ȣѴ. 2.0 ° Ѵٸ ̸ 2.0 Ģ ˸° ġ ٶ.

ġ API н ̰ų ̰ų . API  н ϱ⶧ , н Ǵ Ȥ Ͽ  ִ.

ΰ ߰ ִ. н ִ. ġ н ޸ Configure α׷ ⶧ ҽ ApacheCore Ʈ Ͽ ߰ϰ, ɺ os\win32\modules.c Ͽ ߰ؾ Ѵ.

ι° LoadModule þ Ͽ Ҷ о ִ ̺귯 DLL ̴. DLL ϸ ʰ  ġ ִ.

DLL ؼ ҽ ؾ Ѵ. DLL module record exportؾ Ѵ. (Ʒ ) ̸ module record ǿ (ġ Ͽ ǵ) AP_MODULE_DECLARE_DATA ߰Ѵ. , ִٸ:

module foo_module;

Ѵ:

module AP_MODULE_DECLARE_DATA foo_module;

κ  ϱ⶧ Ͽ н ҽ ״ ִ. , .DEF Ͽ ͼϴٸ Ͽ module record export ִ.

DLL . ̸ ̺귯 libhttpd.dll Ҷ libhttpd.lib export ̺귯 ũѴ. ġ ùٷ ã Ϸ ؾ 𸥴. modules 丮 ̺귯 ã ִ. ȯ ùٷ ϱ .dsp ų .dsp Ϸ/Ŀ ɼ ϴ .

DLL . ̰ modules 丮 ΰ, LoadModule þ Ͽ оδ.

top

LoadFile þ

: ̳ ̺귯 оδ
:LoadFile filename [filename] ...
:ּ
:Extension
:mod_so

LoadFile þ ϰų Ҷ ̳ ̺귯 оδ(link in). þ  ϱ ʿ ڵ带 ߰ о϶ Ѵ. Filename ̰ų ServerRoot ̴.

:

LoadFile libexec/libxmlparse.so

top

LoadModule þ

:̳ ̺귯 о̰, 밡 Ͽ ߰Ѵ
:LoadModule module filename
:ּ
:Extension
:mod_so

LoadModule þ Ȥ ̺귯 filename о̰, 밡 Ͽ module̶ ü ߰Ѵ. Module module ڷ ܺκ̸, ´. :

LoadModule status_module modules/mod_status.so

ServerRoot modules 丮 оδ.

mod/mod_speling.html100644 0 0 12307 11074463123 12176 0ustar 0 0 mod_speling - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_speling

:ڰ ҹڸ ߸ ϰų Ʋ ѹ Ͽ ߸ URL ġ õѴ
:Extension
:speling_module
ҽ:mod_speling.c

Ʋų ҹڸ ߸ Ͽ ġ û 찡 ִ. ٸ û شϴ ã´. û 丮 ȿ ִ û ̸ ҹ ( ÷ / / ü Ȥ ߸ ) ѹ Ʋ ָ Ѵ. ̷ .

丮 캻 Ŀ,

  • ãϸ, ġ Ϲ "document not found ( ã )" ȯѴ.
  • û "" ġϴ ϳ ã , ̷ Ѵ.
  • ã , Ŭ̾Ʈ ùٸ ֵ .
top

CheckSpelling þ

: Ѵ
:CheckSpelling on|off
⺻:CheckSpelling Off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Options
:Extension
:mod_speling
:ġ 1.1 CheckSpelling Ͽ, ҹڰ ٸ 츸 ó ־. ġ 1.3 ġ Ϻΰ Ǿ. ġ 1.3.2 CheckSpelling þ "ּ" "ȣƮ" ҿ ־.

þ 뿩θ Ѵ. Ѵٸ ϶

  • 丮 캸 ۾ ÿ ɿ ش.
  • ߿ "" 쿬 ִ й Ѵ.
  • ϸ 丮 , (http://my.host/~apahce/ ) Ʋ ڸ Ѵ.
  • ϴ Ͽ ȴ. ׷ <Location /status> û ģ "/stats.html" Ϸ ִ.
mod/mod_ssl.html100644 0 0 275456 11074463123 11376 0ustar 0 0 mod_ssl - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_ssl

Description:Strong cryptography using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols
Status:Extension
ModuleIdentifier:ssl_module
SourceFile:mod_ssl.c

Summary

This module provides SSL v2/v3 and TLS v1 support for the Apache HTTP Server. It was contributed by Ralf S. Engeschall based on his mod_ssl project and originally derived from work by Ben Laurie.

This module relies on OpenSSL to provide the cryptography engine.

Further details, discussion, and examples are provided in the SSL documentation.

top

Environment Variables

This module provides a lot of SSL information as additional environment variables to the SSI and CGI namespace. The generated variables are listed in the table below. For backward compatibility the information can be made available under different names, too. Look in the Compatibility chapter for details on the compatibility variables.

Variable Name: Value Type: Description:
HTTPS flag HTTPS is being used.
SSL_PROTOCOL string The SSL protocol version (SSLv2, SSLv3, TLSv1)
SSL_SESSION_ID string The hex-encoded SSL session id
SSL_CIPHER string The cipher specification name
SSL_CIPHER_EXPORT string true if cipher is an export cipher
SSL_CIPHER_USEKEYSIZE number Number of cipher bits (actually used)
SSL_CIPHER_ALGKEYSIZE number Number of cipher bits (possible)
SSL_VERSION_INTERFACE string The mod_ssl program version
SSL_VERSION_LIBRARY string The OpenSSL program version
SSL_CLIENT_M_VERSION string The version of the client certificate
SSL_CLIENT_M_SERIAL string The serial of the client certificate
SSL_CLIENT_S_DN string Subject DN in client's certificate
SSL_CLIENT_S_DN_x509 string Component of client's Subject DN
SSL_CLIENT_I_DN string Issuer DN of client's certificate
SSL_CLIENT_I_DN_x509 string Component of client's Issuer DN
SSL_CLIENT_V_START string Validity of client's certificate (start time)
SSL_CLIENT_V_END string Validity of client's certificate (end time)
SSL_CLIENT_A_SIG string Algorithm used for the signature of client's certificate
SSL_CLIENT_A_KEY string Algorithm used for the public key of client's certificate
SSL_CLIENT_CERT string PEM-encoded client certificate
SSL_CLIENT_CERT_CHAINn string PEM-encoded certificates in client certificate chain
SSL_CLIENT_VERIFY string NONE, SUCCESS, GENEROUS or FAILED:reason
SSL_SERVER_M_VERSION string The version of the server certificate
SSL_SERVER_M_SERIAL string The serial of the server certificate
SSL_SERVER_S_DN string Subject DN in server's certificate
SSL_SERVER_S_DN_x509 string Component of server's Subject DN
SSL_SERVER_I_DN string Issuer DN of server's certificate
SSL_SERVER_I_DN_x509 string Component of server's Issuer DN
SSL_SERVER_V_START string Validity of server's certificate (start time)
SSL_SERVER_V_END string Validity of server's certificate (end time)
SSL_SERVER_A_SIG string Algorithm used for the signature of server's certificate
SSL_SERVER_A_KEY string Algorithm used for the public key of server's certificate
SSL_SERVER_CERT string PEM-encoded server certificate

[ where x509 is a component of a X.509 DN: C,ST,L,O,OU,CN,T,I,G,S,D,UID,Email ]

top

Custom Log Formats

When mod_ssl is built into Apache or at least loaded (under DSO situation) additional functions exist for the Custom Log Format of mod_log_config. First there is an additional ``%{varname}x'' eXtension format function which can be used to expand any variables provided by any module, especially those provided by mod_ssl which can you find in the above table.

For backward compatibility there is additionally a special ``%{name}c'' cryptography format function provided. Information about this function is provided in the Compatibility chapter.

Example:

CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

top

SSLCACertificateFile Directive

Description:File of concatenated PEM-encoded CA Certificates for Client Auth
Syntax:SSLCACertificateFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to SSLCACertificatePath.

Example

SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt

top

SSLCACertificatePath Directive

Description:Directory of PEM-encoded CA Certificates for Client Auth
Syntax:SSLCACertificatePath directory-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the directory where you keep the Certificates of Certification Authorities (CAs) whose clients you deal with. These are used to verify the client certificate on Client Authentication.

The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links.

Example

SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/

top

SSLCARevocationFile Directive

Description:File of concatenated PEM-encoded CA CRLs for Client Auth
Syntax:SSLCARevocationFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose clients you deal with. These are used for Client Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference. This can be used alternatively and/or additionally to SSLCARevocationPath.

Example

SSLCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-client.crl

top

SSLCARevocationPath Directive

Description:Directory of PEM-encoded CA CRLs for Client Auth
Syntax:SSLCARevocationPath directory-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the directory where you keep the Certificate Revocation Lists (CRL) of Certification Authorities (CAs) whose clients you deal with. These are used to revoke the client certificate on Client Authentication.

The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you have not only to place the CRL files there. Additionally you have to create symbolic links named hash-value.rN. And you should always make sure this directory contains the appropriate symbolic links.

Example

SSLCARevocationPath /usr/local/apache2/conf/ssl.crl/

top

SSLCertificateChainFile Directive

Description:File of PEM-encoded Server CA Certificates
Syntax:SSLCertificateChainFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the optional all-in-one file where you can assemble the certificates of Certification Authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of of the server certificate and can range up to the root CA certificate. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.

This should be used alternatively and/or additionally to SSLCACertificatePath for explicitly constructing the server certificate chain which is sent to the browser in addition to the server certificate. It is especially useful to avoid conflicts with CA certificates when using client authentication. Because although placing a CA certificate of the server certificate chain into SSLCACertificatePath has the same effect for the certificate chain construction, it has the side-effect that client certificates issued by this same CA certificate are also accepted on client authentication. That's usually not one expect.

But be careful: Providing the certificate chain works only if you are using a single (either RSA or DSA) based server certificate. If you are using a coupled RSA+DSA certificate pair, this will work only if actually both certificates use the same certificate chain. Else the browsers will be confused in this situation.

Example

SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt

top

SSLCertificateFile Directive

Description:Server PEM-encoded X.509 Certificate file
Syntax:SSLCertificateFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive points to the PEM-encoded Certificate file for the server and optionally also to the corresponding RSA or DSA Private Key file for it (contained in the same file). If the contained Private Key is encrypted the Pass Phrase dialog is forced at startup time. This directive can be used up to two times (referencing different filenames) when both a RSA and a DSA based server certificate is used in parallel.

Example

SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt

top

SSLCertificateKeyFile Directive

Description:Server PEM-encoded Private Key file
Syntax:SSLCertificateKeyFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive points to the PEM-encoded Private Key file for the server. If the Private Key is not combined with the Certificate in the SSLCertificateFile, use this additional directive to point to the file with the stand-alone Private Key. When SSLCertificateFile is used and the file contains both the Certificate and the Private Key this directive need not be used. But we strongly discourage this practice. Instead we recommend you to separate the Certificate and the Private Key. If the contained Private Key is encrypted, the Pass Phrase dialog is forced at startup time. This directive can be used up to two times (referencing different filenames) when both a RSA and a DSA based private key is used in parallel.

Example

SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key

top

SSLCipherSuite Directive

Description:Cipher Suite available for negotiation in SSL handshake
Syntax:SSLCipherSuite cipher-spec
Default:SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Context:server config, virtual host, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This complex directive uses a colon-separated cipher-spec string consisting of OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotation with the reconfigured Cipher Suite after the HTTP request was read but before the HTTP response is sent.

An SSL cipher specification in cipher-spec is composed of 4 major attributes plus a few extra minor ones:

  • Key Exchange Algorithm:
    RSA or Diffie-Hellman variants.
  • Authentication Algorithm:
    RSA, Diffie-Hellman, DSS or none.
  • Cipher/Encryption Algorithm:
    DES, Triple-DES, RC4, RC2, IDEA or none.
  • MAC Digest Algorithm:
    MD5, SHA or SHA1.

An SSL cipher can also be an export cipher and is either a SSLv2 or SSLv3/TLSv1 cipher (here TLSv1 is equivalent to SSLv3). To specify which ciphers to use, one can either specify all the Ciphers, one at a time, or use aliases to specify the preference and order for the ciphers (see Table 1).

Tag Description
Key Exchange Algorithm:
kRSA RSA key exchange
kDHr Diffie-Hellman key exchange with RSA key
kDHd Diffie-Hellman key exchange with DSA key
kEDH Ephemeral (temp.key) Diffie-Hellman key exchange (no cert)
Authentication Algorithm:
aNULL No authentication
aRSA RSA authentication
aDSS DSS authentication
aDH Diffie-Hellman authentication
Cipher Encoding Algorithm:
eNULL No encoding
DES DES encoding
3DES Triple-DES encoding
RC4 RC4 encoding
RC2 RC2 encoding
IDEA IDEA encoding
MAC Digest Algorithm:
MD5 MD5 hash function
SHA1 SHA1 hash function
SHA SHA hash function
Aliases:
SSLv2 all SSL version 2.0 ciphers
SSLv3 all SSL version 3.0 ciphers
TLSv1 all TLS version 1.0 ciphers
EXP all export ciphers
EXPORT40 all 40-bit export ciphers only
EXPORT56 all 56-bit export ciphers only
LOW all low strength ciphers (no export, single DES)
MEDIUM all ciphers with 128 bit encryption
HIGH all ciphers using Triple-DES
RSA all ciphers using RSA key exchange
DH all ciphers using Diffie-Hellman key exchange
EDH all ciphers using Ephemeral Diffie-Hellman key exchange
ADH all ciphers using Anonymous Diffie-Hellman key exchange
DSS all ciphers using DSS authentication
NULL all ciphers using no encryption

Now where this becomes interesting is that these can be put together to specify the order and ciphers you wish to use. To speed this up there are also aliases (SSLv2, SSLv3, TLSv1, EXP, LOW, MEDIUM, HIGH) for certain groups of ciphers. These tags can be joined together with prefixes to form the cipher-spec. Available prefixes are:

  • none: add cipher to list
  • +: add ciphers to list and pull them to current location in list
  • -: remove cipher from list (can be added later again)
  • !: kill cipher from list completely (can not be added later again)

A simpler way to look at all of this is to use the ``openssl ciphers -v'' command which provides a nice way to successively create the correct cipher-spec string. The default cipher-spec string is ``ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'' which means the following: first, remove from consideration any ciphers that do not authenticate, i.e. for SSL only the Anonymous Diffie-Hellman ciphers. Next, use ciphers using RC4 and RSA. Next include the high, medium and then the low security ciphers. Finally pull all SSLv2 and export ciphers to the end of the list.

$ openssl ciphers -v 'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
NULL-SHA                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=SHA1
NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
...                     ...               ...     ...           ...
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

The complete list of particular RSA & DH ciphers for SSL is given in Table 2.

Example

SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW

Cipher-Tag Protocol Key Ex. Auth. Enc. MAC Type
RSA Ciphers:
DES-CBC3-SHA SSLv3 RSA RSA 3DES(168) SHA1
DES-CBC3-MD5 SSLv2 RSA RSA 3DES(168) MD5
IDEA-CBC-SHA SSLv3 RSA RSA IDEA(128) SHA1
RC4-SHA SSLv3 RSA RSA RC4(128) SHA1
RC4-MD5 SSLv3 RSA RSA RC4(128) MD5
IDEA-CBC-MD5 SSLv2 RSA RSA IDEA(128) MD5
RC2-CBC-MD5 SSLv2 RSA RSA RC2(128) MD5
RC4-MD5 SSLv2 RSA RSA RC4(128) MD5
DES-CBC-SHA SSLv3 RSA RSA DES(56) SHA1
RC4-64-MD5 SSLv2 RSA RSA RC4(64) MD5
DES-CBC-MD5 SSLv2 RSA RSA DES(56) MD5
EXP-DES-CBC-SHA SSLv3 RSA(512) RSA DES(40) SHA1 export
EXP-RC2-CBC-MD5 SSLv3 RSA(512) RSA RC2(40) MD5 export
EXP-RC4-MD5 SSLv3 RSA(512) RSA RC4(40) MD5 export
EXP-RC2-CBC-MD5 SSLv2 RSA(512) RSA RC2(40) MD5 export
EXP-RC4-MD5 SSLv2 RSA(512) RSA RC4(40) MD5 export
NULL-SHA SSLv3 RSA RSA None SHA1
NULL-MD5 SSLv3 RSA RSA None MD5
Diffie-Hellman Ciphers:
ADH-DES-CBC3-SHA SSLv3 DH None 3DES(168) SHA1
ADH-DES-CBC-SHA SSLv3 DH None DES(56) SHA1
ADH-RC4-MD5 SSLv3 DH None RC4(128) MD5
EDH-RSA-DES-CBC3-SHA SSLv3 DH RSA 3DES(168) SHA1
EDH-DSS-DES-CBC3-SHA SSLv3 DH DSS 3DES(168) SHA1
EDH-RSA-DES-CBC-SHA SSLv3 DH RSA DES(56) SHA1
EDH-DSS-DES-CBC-SHA SSLv3 DH DSS DES(56) SHA1
EXP-EDH-RSA-DES-CBC-SHA SSLv3 DH(512) RSA DES(40) SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 DH(512) DSS DES(40) SHA1 export
EXP-ADH-DES-CBC-SHA SSLv3 DH(512) None DES(40) SHA1 export
EXP-ADH-RC4-MD5 SSLv3 DH(512) None RC4(40) MD5 export
top

SSLEngine Directive

Description:SSL Engine Operation Switch
Syntax:SSLEngine on|off
Default:SSLEngine off
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive toggles the usage of the SSL/TLS Protocol Engine. This is usually used inside a <VirtualHost> section to enable SSL/TLS for a particular virtual host. By default the SSL/TLS Protocol Engine is disabled for both the main server and all configured virtual hosts.

Example

<VirtualHost _default_:443>
SSLEngine on
...
</VirtualHost>

top

SSLMutex Directive

Description:Semaphore for internal mutual exclusion of operations
Syntax:SSLMutex type
Default:SSLMutex none
Context:server config
Status:Extension
Module:mod_ssl

This configures the SSL engine's semaphore (aka. lock) which is used for mutual exclusion of operations which have to be done in a synchronized way between the pre-forked Apache server processes. This directive can only be used in the global server context because it's only useful to have one global mutex. This directive is designed to closely match the AcceptMutex directive

The following Mutex types are available:

  • none | no

    This is the default where no Mutex is used at all. Use it at your own risk. But because currently the Mutex is mainly used for synchronizing write access to the SSL Session Cache you can live without it as long as you accept a sometimes garbled Session Cache. So it's not recommended to leave this the default. Instead configure a real Mutex.

  • posixsem

    This is an elegant Mutex variant where a Posix Semaphore is used when possible. It is only available when the underlying platform and APR supports it.

  • sysvsem

    This is a somewhat elegant Mutex variant where a SystemV IPC Semaphore is used when possible. It is possible to "leak" SysV semaphores if processes crash before the semaphore is removed. It is only available when the underlying platform and APR supports it.

  • sem

    This directive tells the SSL Module to pick the "best" semaphore implementation available to it, choosing between Posix and SystemV IPC, in that order. It is only available when the underlying platform and APR supports at least one of the 2.

  • pthread

    This directive tells the SSL Module to use Posix thread mutexes. It is only available if the underlying platform and APR supports it.

  • fcntl:/path/to/mutex

    This is a portable Mutex variant where a physical (lock-)file and the fcntl() fucntion are used as the Mutex. Always use a local disk filesystem for /path/to/mutex and never a file residing on a NFS- or AFS-filesystem. It is only available when the underlying platform and APR supports it. Note: Internally, the Process ID (PID) of the Apache parent process is automatically appended to /path/to/mutex to make it unique, so you don't have to worry about conflicts yourself. Notice that this type of mutex is not available under the Win32 environment. There you have to use the semaphore mutex.

  • flock:/path/to/mutex

    This is similar to the fcntl:/path/to/mutex method with the exception that the flock() function is used to provide file locking. It is only available when the underlying platform and APR supports it.

  • file:/path/to/mutex

    This directive tells the SSL Module to pick the "best" file locking implementation available to it, choosing between fcntl and flock, in that order. It is only available when the underlying platform and APR supports at least one of the 2.

  • default | yes

    This directive tells the SSL Module to pick the default locking implementation as determined by the platform and APR.

Example

SSLMutex file:/usr/local/apache/logs/ssl_mutex

top

SSLOptions Directive

Description:Configure various SSL engine run-time options
Syntax:SSLOptions [+|-]option ...
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Extension
Module:mod_ssl

This directive can be used to control various run-time options on a per-directory basis. Normally, if multiple SSLOptions could apply to a directory, then the most specific one is taken completely; the options are not merged. However if all the options on the SSLOptions directive are preceded by a plus (+) or minus (-) symbol, the options are merged. Any options preceded by a + are added to the options currently in force, and any options preceded by a - are removed from the options currently in force.

The available options are:

  • StdEnvVars

    When this option is enabled, the standard set of SSL related CGI/SSI environment variables are created. This per default is disabled for performance reasons, because the information extraction step is a rather expensive operation. So one usually enables this option for CGI and SSI requests only.

  • CompatEnvVars

    When this option is enabled, additional CGI/SSI environment variables are created for backward compatibility to other Apache SSL solutions. Look in the Compatibility chapter for details on the particular variables generated.

  • ExportCertData

    When this option is enabled, additional CGI/SSI environment variables are created: SSL_SERVER_CERT, SSL_CLIENT_CERT and SSL_CLIENT_CERT_CHAINn (with n = 0,1,2,..). These contain the PEM-encoded X.509 Certificates of server and client for the current HTTPS connection and can be used by CGI scripts for deeper Certificate checking. Additionally all other certificates of the client certificate chain are provided, too. This bloats up the environment a little bit which is why you have to use this option to enable it on demand.

  • FakeBasicAuth

    When this option is enabled, the Subject Distinguished Name (DN) of the Client X509 Certificate is translated into a HTTP Basic Authorization username. This means that the standard Apache authentication methods can be used for access control. The user name is just the Subject of the Client's X509 Certificate (can be determined by running OpenSSL's openssl x509 command: openssl x509 -noout -subject -in certificate.crt). Note that no password is obtained from the user. Every entry in the user file needs this password: ``xxj31ZMTZzkVA'', which is the DES-encrypted version of the word `password''. Those who live under MD5-based encryption (for instance under FreeBSD or BSD/OS, etc.) should use the following MD5 hash of the same word: ``$1$OXLyS...$Owx8s2/m9/gfkcRVXzgoE/''.

  • StrictRequire

    This forces forbidden access when SSLRequireSSL or SSLRequire successfully decided that access should be forbidden. Usually the default is that in the case where a ``Satisfy any'' directive is used, and other access restrictions are passed, denial of access due to SSLRequireSSL or SSLRequire is overridden (because that's how the Apache Satisfy mechanism should work.) But for strict access restriction you can use SSLRequireSSL and/or SSLRequire in combination with an ``SSLOptions +StrictRequire''. Then an additional ``Satisfy Any'' has no chance once mod_ssl has decided to deny access.

  • OptRenegotiate

    This enables optimized SSL connection renegotiation handling when SSL directives are used in per-directory context. By default a strict scheme is enabled where every per-directory reconfiguration of SSL parameters causes a full SSL renegotiation handshake. When this option is used mod_ssl tries to avoid unnecessary handshakes by doing more granular (but still safe) parameter checks. Nevertheless these granular checks sometimes maybe not what the user expects, so enable this on a per-directory basis only, please.

Example

SSLOptions +FakeBasicAuth -StrictRequire
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars +CompatEnvVars -ExportCertData
<Files>

top

SSLPassPhraseDialog Directive

Description:Type of pass phrase dialog for encrypted private keys
Syntax:SSLPassPhraseDialog type
Default:SSLPassPhraseDialog builtin
Context:server config
Status:Extension
Module:mod_ssl

When Apache starts up it has to read the various Certificate (see SSLCertificateFile) and Private Key (see SSLCertificateKeyFile) files of the SSL-enabled virtual servers. Because for security reasons the Private Key files are usually encrypted, mod_ssl needs to query the administrator for a Pass Phrase in order to decrypt those files. This query can be done in two ways which can be configured by type:

  • builtin

    This is the default where an interactive terminal dialog occurs at startup time just before Apache detaches from the terminal. Here the administrator has to manually enter the Pass Phrase for each encrypted Private Key file. Because a lot of SSL-enabled virtual hosts can be configured, the following reuse-scheme is used to minimize the dialog: When a Private Key file is encrypted, all known Pass Phrases (at the beginning there are none, of course) are tried. If one of those known Pass Phrases succeeds no dialog pops up for this particular Private Key file. If none succeeded, another Pass Phrase is queried on the terminal and remembered for the next round (where it perhaps can be reused).

    This scheme allows mod_ssl to be maximally flexible (because for N encrypted Private Key files you can use N different Pass Phrases - but then you have to enter all of them, of course) while minimizing the terminal dialog (i.e. when you use a single Pass Phrase for all N Private Key files this Pass Phrase is queried only once).

  • exec:/path/to/program

    Here an external program is configured which is called at startup for each encrypted Private Key file. It is called with two arguments (the first is of the form ``servername:portnumber'', the second is either ``RSA'' or ``DSA''), which indicate for which server and algorithm it has to print the corresponding Pass Phrase to stdout. The intent is that this external program first runs security checks to make sure that the system is not compromised by an attacker, and only when these checks were passed successfully it provides the Pass Phrase.

    Both these security checks, and the way the Pass Phrase is determined, can be as complex as you like. Mod_ssl just defines the interface: an executable program which provides the Pass Phrase on stdout. Nothing more or less! So, if you're really paranoid about security, here is your interface. Anything else has to be left as an exercise to the administrator, because local security requirements are so different.

    The reuse-algorithm above is used here, too. In other words: The external program is called only once per unique Pass Phrase.

Example:

SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter

top

SSLProtocol Directive

Description:Configure usable SSL protocol flavors
Syntax:SSLProtocol [+|-]protocol ...
Default:SSLProtocol all
Context:server config, virtual host
Override:Options
Status:Extension
Module:mod_ssl

This directive can be used to control the SSL protocol flavors mod_ssl should use when establishing its server environment. Clients then can only connect with one of the provided protocols.

The available (case-insensitive) protocols are:

  • SSLv2

    This is the Secure Sockets Layer (SSL) protocol, version 2.0. It is the original SSL protocol as designed by Netscape Corporation.

  • SSLv3

    This is the Secure Sockets Layer (SSL) protocol, version 3.0. It is the successor to SSLv2 and the currently (as of February 1999) de-facto standardized SSL protocol from Netscape Corporation. It's supported by almost all popular browsers.

  • TLSv1

    This is the Transport Layer Security (TLS) protocol, version 1.0. It is the successor to SSLv3 and currently (as of February 1999) still under construction by the Internet Engineering Task Force (IETF). It's still not supported by any popular browsers.

  • All

    This is a shortcut for ``+SSLv2 +SSLv3 +TLSv1'' and a convinient way for enabling all protocols except one when used in combination with the minus sign on a protocol as the example above shows.

Example

# enable SSLv3 and TLSv1, but not SSLv2
SSLProtocol all -SSLv2

top

SSLProxyCACertificateFile Directive

Description:File of concatenated PEM-encoded CA Certificates for Remote Server Auth
Syntax:SSLProxyCACertificateFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the all-in-one file where you can assemble the Certificates of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. Such a file is simply the concatenation of the various PEM-encoded Certificate files, in order of preference. This can be used alternatively and/or additionally to SSLProxyCACertificatePath.

Example

SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-remote-server.crt

top

SSLProxyCACertificatePath Directive

Description:Directory of PEM-encoded CA Certificates for Remote Server Auth
Syntax:SSLProxyCACertificatePath directory-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the directory where you keep the Certificates of Certification Authorities (CAs) whose remote servers you deal with. These are used to verify the remote server certificate on Remote Server Authentication.

The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you can't just place the Certificate files there: you also have to create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.

Example

SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/

top

SSLProxyCARevocationFile Directive

Description:File of concatenated PEM-encoded CA CRLs for Remote Server Auth
Syntax:SSLProxyCARevocationFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the all-in-one file where you can assemble the Certificate Revocation Lists (CRL) of Certification Authorities (CA) whose remote servers you deal with. These are used for Remote Server Authentication. Such a file is simply the concatenation of the various PEM-encoded CRL files, in order of preference. This can be used alternatively and/or additionally to SSLProxyCARevocationPath.

Example

SSLProxyCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-remote-server.crl

top

SSLProxyCARevocationPath Directive

Description:Directory of PEM-encoded CA CRLs for Remote Server Auth
Syntax:SSLProxyCARevocationPath directory-path
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the directory where you keep the Certificate Revocation Lists (CRL) of Certification Authorities (CAs) whose remote servers you deal with. These are used to revoke the remote server certificate on Remote Server Authentication.

The files in this directory have to be PEM-encoded and are accessed through hash filenames. So usually you have not only to place the CRL files there. Additionally you have to create symbolic links named hash-value.rN. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.

Example

SSLProxyCARevocationPath /usr/local/apache2/conf/ssl.crl/

top

SSLProxyCipherSuite Directive

Description:Cipher Suite available for negotiation in SSL proxy handshake
Syntax:SSLProxyCipherSuite cipher-spec
Default:SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Context:server config, virtual host, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

Equivalent to SSLCipherSuite, but for the proxy connection. Please refer to SSLCipherSuite for additional information.

top

SSLProxyEngine Directive

Description:SSL Proxy Engine Operation Switch
Syntax:SSLProxyEngine on|off
Default:SSLProxyEngine off
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive toggles the usage of the SSL/TLS Protocol Engine for proxy. This is usually used inside a <VirtualHost> section to enable SSL/TLS for proxy usage in a particular virtual host. By default the SSL/TLS Protocol Engine is disabled for proxy image both for the main server and all configured virtual hosts.

Example

<VirtualHost _default_:443>
SSLProxyEngine on
...
</VirtualHost>

top

SSLProxyMachineCertificateFile Directive

Description:File of concatenated PEM-encoded client certificates and keys to be used by the proxy
Syntax:SSLProxyMachineCertificateFile filename
Context:server config
Override:Not applicable
Status:Extension
Module:mod_ssl

This directive sets the all-in-one file where you keep the certificates and keys used for authentication of the proxy server to remote servers.

This referenced file is simply the concatenation of the various PEM-encoded certificate files, in order of preference. Use this directive alternatively or additionally to SSLProxyMachineCertificatePath.

Currently there is no support for encrypted private keys

Example:

SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem

top

SSLProxyMachineCertificatePath Directive

Description:Directory of PEM-encoded client certificates and keys to be used by the proxy
Syntax:SSLProxyMachineCertificatePath directory
Context:server config
Override:Not applicable
Status:Extension
Module:mod_ssl

This directive sets the directory where you keep the certificates and keys used for authentication of the proxy server to remote servers.

The files in this directory must be PEM-encoded and are accessed through hash filenames. Additionally, you must create symbolic links named hash-value.N. And you should always make sure this directory contains the appropriate symbolic links. Use the Makefile which comes with mod_ssl to accomplish this task.

Currently there is no support for encrypted private keys

Example:

SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/

top

SSLProxyProtocol Directive

Description:Configure usable SSL protocol flavors for proxy usage
Syntax:SSLProxyProtocol [+|-]protocol ...
Default:SSLProxyProtocol all
Context:server config, virtual host
Override:Options
Status:Extension
Module:mod_ssl

This directive can be used to control the SSL protocol flavors mod_ssl should use when establishing its server environment for proxy . It will only connect to servers using one of the provided protocols.

Please refer to SSLProtocol for additional information.

top

SSLProxyVerify Directive

Description:Type of remote server Certificate verification
Syntax:SSLProxyVerify level
Default:SSLProxyVerify none
Context:server config, virtual host, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This directive sets the Certificate verification level for the remote server Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the remote server authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotation with the reconfigured remote server verification level after the HTTP request was read but before the HTTP response is sent.

The following levels are available for level:

  • none: no remote server Certificate is required at all
  • optional: the remote server may present a valid Certificate
  • require: the remote server has to present a valid Certificate
  • optional_no_ca: the remote server may present a valid Certificate
    but it need not to be (successfully) verifiable.

In practice only levels none and require are really interesting, because level optional doesn't work with all servers and level optional_no_ca is actually against the idea of authentication (but can be used to establish SSL test pages, etc.)

Example

SSLProxyVerify require

top

SSLProxyVerifyDepth Directive

Description:Maximum depth of CA Certificates in Remote Server Certificate verification
Syntax:SSLProxyVerifyDepth number
Default:SSLProxyVerifyDepth 1
Context:server config, virtual host, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This directive sets how deeply mod_ssl should verify before deciding that the remote server does not have a valid certificate. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotation with the reconfigured remote server verification depth after the HTTP request was read but before the HTTP response is sent.

The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the remote server certificate. A depth of 0 means that self-signed remote server certificates are accepted only, the default depth of 1 means the remote server certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under SSLProxyCACertificatePath), etc.

Example

SSLProxyVerifyDepth 10

top

SSLRandomSeed Directive

Description:Pseudo Random Number Generator (PRNG) seeding source
Syntax:SSLRandomSeed context source [bytes]
Context:server config
Status:Extension
Module:mod_ssl

This configures one or more sources for seeding the Pseudo Random Number Generator (PRNG) in OpenSSL at startup time (context is startup) and/or just before a new SSL connection is established (context is connect). This directive can only be used in the global server context because the PRNG is a global facility.

The following source variants are available:

  • builtin

    This is the always available builtin seeding source. It's usage consumes minimum CPU cycles under runtime and hence can be always used without drawbacks. The source used for seeding the PRNG contains of the current time, the current process id and (when applicable) a randomly choosen 1KB extract of the inter-process scoreboard structure of Apache. The drawback is that this is not really a strong source and at startup time (where the scoreboard is still not available) this source just produces a few bytes of entropy. So you should always, at least for the startup, use an additional seeding source.

  • file:/path/to/source

    This variant uses an external file /path/to/source as the source for seeding the PRNG. When bytes is specified, only the first bytes number of bytes of the file form the entropy (and bytes is given to /path/to/source as the first argument). When bytes is not specified the whole file forms the entropy (and 0 is given to /path/to/source as the first argument). Use this especially at startup time, for instance with an available /dev/random and/or /dev/urandom devices (which usually exist on modern Unix derivates like FreeBSD and Linux).

    But be careful: Usually /dev/random provides only as much entropy data as it actually has, i.e. when you request 512 bytes of entropy, but the device currently has only 100 bytes available two things can happen: On some platforms you receive only the 100 bytes while on other platforms the read blocks until enough bytes are available (which can take a long time). Here using an existing /dev/urandom is better, because it never blocks and actually gives the amount of requested data. The drawback is just that the quality of the received data may not be the best.

    On some platforms like FreeBSD one can even control how the entropy is actually generated, i.e. by which system interrupts. More details one can find under rndcontrol(8) on those platforms. Alternatively, when your system lacks such a random device, you can use tool like EGD (Entropy Gathering Daemon) and run it's client program with the exec:/path/to/program/ variant (see below) or use egd:/path/to/egd-socket (see below).

  • exec:/path/to/program

    This variant uses an external executable /path/to/program as the source for seeding the PRNG. When bytes is specified, only the first bytes number of bytes of its stdout contents form the entropy. When bytes is not specified, the entirety of the data produced on stdout form the entropy. Use this only at startup time when you need a very strong seeding with the help of an external program (for instance as in the example above with the truerand utility you can find in the mod_ssl distribution which is based on the AT&T truerand library). Using this in the connection context slows down the server too dramatically, of course. So usually you should avoid using external programs in that context.

  • egd:/path/to/egd-socket (Unix only)

    This variant uses the Unix domain socket of the external Entropy Gathering Daemon (EGD) (see http://www.lothar.com/tech /crypto/) to seed the PRNG. Use this if no random device exists on your platform.

Example

SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/random
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed startup exec:/usr/local/bin/truerand 16
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/random
SSLRandomSeed connect file:/dev/urandom 1024

top

SSLRequire Directive

Description:Allow access only when an arbitrarily complex boolean expression is true
Syntax:SSLRequire expression
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This directive specifies a general access requirement which has to be fulfilled in order to allow access. It's a very powerful directive because the requirement specification is an arbitrarily complex boolean expression containing any number of access checks.

The expression must match the following syntax (given as a BNF grammar notation):

expr     ::= "true" | "false"
           | "!" expr
           | expr "&&" expr
           | expr "||" expr
           | "(" expr ")"
           | comp

comp     ::= word "==" word | word "eq" word
           | word "!=" word | word "ne" word
           | word "<"  word | word "lt" word
           | word "<=" word | word "le" word
           | word ">"  word | word "gt" word
           | word ">=" word | word "ge" word
           | word "in" "{" wordlist "}"
           | word "=~" regex
           | word "!~" regex

wordlist ::= word
           | wordlist "," word

word     ::= digit
           | cstring
           | variable
           | function

digit    ::= [0-9]+
cstring  ::= "..."
variable ::= "%{" varname "}"
function ::= funcname "(" funcargs ")"

while for varname any variable from Table 3 can be used. Finally for funcname the following functions are available:

  • file(filename)

    This function takes one string argument and expands to the contents of the file. This is especially useful for matching this contents against a regular expression, etc.

Notice that expression is first parsed into an internal machine representation and then evaluated in a second step. Actually, in Global and Per-Server Class context expression is parsed at startup time and at runtime only the machine representation is executed. For Per-Directory context this is different: here expression has to be parsed and immediately executed for every request.

Example

SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/

Standard CGI/1.0 and Apache variables:

HTTP_USER_AGENT        PATH_INFO             AUTH_TYPE
HTTP_REFERER           QUERY_STRING          SERVER_SOFTWARE
HTTP_COOKIE            REMOTE_HOST           API_VERSION
HTTP_FORWARDED         REMOTE_IDENT          TIME_YEAR
HTTP_HOST              IS_SUBREQ             TIME_MON
HTTP_PROXY_CONNECTION  DOCUMENT_ROOT         TIME_DAY
HTTP_ACCEPT            SERVER_ADMIN          TIME_HOUR
HTTP:headername        SERVER_NAME           TIME_MIN
THE_REQUEST            SERVER_PORT           TIME_SEC
REQUEST_METHOD         SERVER_PROTOCOL       TIME_WDAY
REQUEST_SCHEME         REMOTE_ADDR           TIME
REQUEST_URI            REMOTE_USER           ENV:variablename
REQUEST_FILENAME

SSL-related variables:

HTTPS                  SSL_CLIENT_M_VERSION   SSL_SERVER_M_VERSION
                       SSL_CLIENT_M_SERIAL    SSL_SERVER_M_SERIAL
SSL_PROTOCOL           SSL_CLIENT_V_START     SSL_SERVER_V_START
SSL_SESSION_ID         SSL_CLIENT_V_END       SSL_SERVER_V_END
SSL_CIPHER             SSL_CLIENT_S_DN        SSL_SERVER_S_DN
SSL_CIPHER_EXPORT      SSL_CLIENT_S_DN_C      SSL_SERVER_S_DN_C
SSL_CIPHER_ALGKEYSIZE  SSL_CLIENT_S_DN_ST     SSL_SERVER_S_DN_ST
SSL_CIPHER_USEKEYSIZE  SSL_CLIENT_S_DN_L      SSL_SERVER_S_DN_L
SSL_VERSION_LIBRARY    SSL_CLIENT_S_DN_O      SSL_SERVER_S_DN_O
SSL_VERSION_INTERFACE  SSL_CLIENT_S_DN_OU     SSL_SERVER_S_DN_OU
                       SSL_CLIENT_S_DN_CN     SSL_SERVER_S_DN_CN
                       SSL_CLIENT_S_DN_T      SSL_SERVER_S_DN_T
                       SSL_CLIENT_S_DN_I      SSL_SERVER_S_DN_I
                       SSL_CLIENT_S_DN_G      SSL_SERVER_S_DN_G
                       SSL_CLIENT_S_DN_S      SSL_SERVER_S_DN_S
                       SSL_CLIENT_S_DN_D      SSL_SERVER_S_DN_D
                       SSL_CLIENT_S_DN_UID    SSL_SERVER_S_DN_UID
                       SSL_CLIENT_S_DN_Email  SSL_SERVER_S_DN_Email
                       SSL_CLIENT_I_DN        SSL_SERVER_I_DN
                       SSL_CLIENT_I_DN_C      SSL_SERVER_I_DN_C
                       SSL_CLIENT_I_DN_ST     SSL_SERVER_I_DN_ST
                       SSL_CLIENT_I_DN_L      SSL_SERVER_I_DN_L
                       SSL_CLIENT_I_DN_O      SSL_SERVER_I_DN_O
                       SSL_CLIENT_I_DN_OU     SSL_SERVER_I_DN_OU
                       SSL_CLIENT_I_DN_CN     SSL_SERVER_I_DN_CN
                       SSL_CLIENT_I_DN_T      SSL_SERVER_I_DN_T
                       SSL_CLIENT_I_DN_I      SSL_SERVER_I_DN_I
                       SSL_CLIENT_I_DN_G      SSL_SERVER_I_DN_G
                       SSL_CLIENT_I_DN_S      SSL_SERVER_I_DN_S
                       SSL_CLIENT_I_DN_D      SSL_SERVER_I_DN_D
                       SSL_CLIENT_I_DN_UID    SSL_SERVER_I_DN_UID
                       SSL_CLIENT_I_DN_Email  SSL_SERVER_I_DN_Email
                       SSL_CLIENT_A_SIG       SSL_SERVER_A_SIG
                       SSL_CLIENT_A_KEY       SSL_SERVER_A_KEY
                       SSL_CLIENT_CERT        SSL_SERVER_CERT
                       SSL_CLIENT_CERT_CHAINn
                       SSL_CLIENT_VERIFY
top

SSLRequireSSL Directive

Description:Deny access when SSL is not used for the HTTP request
Syntax:SSLRequireSSL
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This directive forbids access unless HTTP over SSL (i.e. HTTPS) is enabled for the current connection. This is very handy inside the SSL-enabled virtual host or directories for defending against configuration errors that expose stuff that should be protected. When this directive is present all requests are denied which are not using SSL.

Example

SSLRequireSSL

top

SSLSessionCache Directive

Description:Type of the global/inter-process SSL Session Cache
Syntax:SSLSessionCache type
Default:SSLSessionCache none
Context:server config
Status:Extension
Module:mod_ssl

This configures the storage type of the global/inter-process SSL Session Cache. This cache is an optional facility which speeds up parallel request processing. For requests to the same server process (via HTTP keep-alive), OpenSSL already caches the SSL session information locally. But because modern clients request inlined images and other data via parallel requests (usually up to four parallel requests are common) those requests are served by different pre-forked server processes. Here an inter-process cache helps to avoid unneccessary session handshakes.

The following two storage types are currently supported:

  • none

    This is the default and just disables the global/inter-process Session Cache. There is no drawback in functionality, but a noticeable speed penalty can be observed.

  • dbm:/path/to/datafile

    This makes use of a DBM hashfile on the local disk to synchronize the local OpenSSL memory caches of the server processes. The slight increase in I/O on the server results in a visible request speedup for your clients, so this type of storage is generally recommended.

  • shm:/path/to/datafile[(size)]

    This makes use of a high-performance hash table (approx. size bytes in size) inside a shared memory segment in RAM (established via /path/to/datafile) to synchronize the local OpenSSL memory caches of the server processes. This storage type is not available on all platforms.

Examples

SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000)

top

SSLSessionCacheTimeout Directive

Description:Number of seconds before an SSL session expires in the Session Cache
Syntax:SSLSessionCacheTimeout seconds
Default:SSLSessionCacheTimeout 300
Context:server config, virtual host
Status:Extension
Module:mod_ssl

This directive sets the timeout in seconds for the information stored in the global/inter-process SSL Session Cache and the OpenSSL internal memory cache. It can be set as low as 15 for testing, but should be set to higher values like 300 in real life.

Example

SSLSessionCacheTimeout 600

top

SSLUserName Directive

Description:Variable name to determine user name
Syntax:SSLUserName varname
Context:server config, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl
Compatibility:Available in Apache 2.0.51 and later

This directive sets the "user" field in the Apache request object. This is used by lower modules to identify the user with a character string. In particular, this may cause the environment variable REMOTE_USER to be set. The varname can be any of the SSL environment variables.

Example

SSLUserName SSL_CLIENT_S_DN_CN

top

SSLVerifyClient Directive

Description:Type of Client Certificate verification
Syntax:SSLVerifyClient level
Default:SSLVerifyClient none
Context:server config, virtual host, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This directive sets the Certificate verification level for the Client Authentication. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotation with the reconfigured client verification level after the HTTP request was read but before the HTTP response is sent.

The following levels are available for level:

  • none: no client Certificate is required at all
  • optional: the client may present a valid Certificate
  • require: the client has to present a valid Certificate
  • optional_no_ca: the client may present a valid Certificate
    but it need not to be (successfully) verifiable.

In practice only levels none and require are really interesting, because level optional doesn't work with all browsers and level optional_no_ca is actually against the idea of authentication (but can be used to establish SSL test pages, etc.)

Example

SSLVerifyClient require

top

SSLVerifyDepth Directive

Description:Maximum depth of CA Certificates in Client Certificate verification
Syntax:SSLVerifyDepth number
Default:SSLVerifyDepth 1
Context:server config, virtual host, directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_ssl

This directive sets how deeply mod_ssl should verify before deciding that the clients don't have a valid certificate. Notice that this directive can be used both in per-server and per-directory context. In per-server context it applies to the client authentication process used in the standard SSL handshake when a connection is established. In per-directory context it forces a SSL renegotation with the reconfigured client verification depth after the HTTP request was read but before the HTTP response is sent.

The depth actually is the maximum number of intermediate certificate issuers, i.e. the number of CA certificates which are max allowed to be followed while verifying the client certificate. A depth of 0 means that self-signed client certificates are accepted only, the default depth of 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under SSLCACertificatePath), etc.

Example

SSLVerifyDepth 10

mod/mod_status.html100644 0 0 15356 11074463123 12067 0ustar 0 0 mod_status - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_status

ֽ ƴմϴ. ֱٿ ϼ.
: Ȱ ɿ Ѵ
:Base
:status_module
ҽ:mod_status.c

Status ڿ ¸ ش. ִ HTML 踦 ش. ʿϴٸ (ǥ ) ڵ ִ. ¸ ǻͰ ִ ִ.

˷ִ :

  • û ϴ worker
  • ִ(idle) worker
  • worker , worker ó û worker ü Ʈ (*)
  • Ƚ Ʈ (*)
  • Ȥ ð ð
  • ʴ û , ʴ Ʈ û Ʈ (*)
  • ġ ü worker CPU (*)
  • óϰ ִ ȣƮ û (*)

ǥ ġ "(*)" ǥ 踦 . Ͻ ɼ ؾ Ѵ.

top

Status ϱ

foo.com ο Ը ¸ ַ httpd.conf Ͽ ߰Ѵ

<Location /server-status>
SetHandler server-status

Order Deny,Allow
Deny from all
Allow from .foo.com
</Location>

http://your.server.name/server-status ϸ 踦 ִ.

top

ڵ

"簻" Ѵٸ status ڵ ִ. N ʸ Ϸ http://your.server.name/server-status?refresh=N ϶.

top

ǻͰ ִ Status

http://your.server.name/server-status?auto ǻͰ ִ status ִ. ġ /support 丮 ִ log_server_status Perl α׷ ڵ ϴ α׷ ϴ.

mod_status Ͽٸ 丮 ( , .htaccess) Ͽ Ͽ ڵ鷯 ִ. ׷ Ʈ ߻ ִ.
top

ExtendedStatus þ

: û ڼ Ѵ
:ExtendedStatus On|Off
⺻:ExtendedStatus Off
:ּ
:Base
:mod_status
:ExtendedStatus ġ 1.3.2 Ŀ ִ.

ü Ǹ, ȣƮ Ű . ڼ ִ.

mod/mod_suexec.html100644 0 0 10150 11074463123 12023 0ustar 0 0 mod_suexec - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_suexec

ֽ ƴմϴ. ֱٿ ϼ.
:CGI ũƮ Ư ڿ ׷ Ѵ
:Extension
:suexec_module
ҽ:mod_suexec.c
:ġ 2.0 ĺ

suexec α׷ Ͽ CGI ũƮ Ư ڿ ׷ Ѵ.

top

SuexecUserGroup þ

:CGI α׷ ڿ ׷
:SuexecUserGroup User Group
:ּ, ȣƮ
:Extension
:mod_suexec
:SuexecUserGroup 2.0 Ŀ ִ.

SuexecUserGroup þ CGI α׷ ڿ ׷ Ѵ. CGI ƴ û User þ ڰ óѴ. þ ġ 1.3 VirtualHost ȿ User Group þ üѴ.

SuexecUserGroup nobody nogroup

mod/mod_unique_id.html100644 0 0 22430 11074463123 12515 0ustar 0 0 mod_unique_id - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_unique_id

ֽ ƴմϴ. ֱٿ ϼ.
: û ĺڸ ȯ溯 Ѵ
:Extension
:unique_id_module
ҽ:mod_unique_id.c

 Ư Ȳ "" û߿ ϵ ĺ(identifier) û Ѵ. ĺڴ Ưϰ Ŭ ǻ͵ ߿ ϴ. û ȯ溯 UNIQUE_ID Ѵ. ĺڴ 뵵 , Ѿ.

þ

⿡ þ ϴ.

top

̷

н ýۿ ġ  ϴ 캸. Windows NT ʴ´. н ġ ڽ , ڽ μ ѹ û óѴ. ڽ ߿ û óѴ. ⼭ ߿ ڽĵ ڷḦ ʴ´ٴ ̴. ڽ httpd μ Ѵ.

ǻͷ Ʈ Ѵٸ Ŭ(cluster) θ. ǻʹ ġ ִ. ̵ θ "" , ŬͿ ִ ǻ͵鰣 ž û ֿ ĺڸ ִ.

ŬͿ ִ ǻʹ 䱸 ؾ Ѵ. (ǻ͸ Ѵ븸 ϴ ǻ ð NTP ؾ Ѵ.)

  • ǻ ð NTP ٸ Ʈ ð ݰ ȭȴ.
  • ǻ ȣƮ ٸ. ׷ ȣƮ ã ŬͿ ִ ǻ͸ ٸ IP ּҸ ´.

ü pid (μ id) 32Ʈ ٰ Ѵ. ü pid 32Ʈ ̻ Ѵٸ ڵ带 ؾ Ѵ.

̷ Ͽ 츮  Ŭ  ǻͿ ִ  httpd μ ٸ httpd μ ִ. ǻ IP ּҿ httpd μ pidε ִ. ׷ û ڸ ð ȴ.

ð ϱ н ð(timestamp, ǥؽ÷ 1970 1 1 ) 16Ʈ ī͸ Ѵ. н ð ʴ̰, īʹ ʵ 65536 Ѵ. ( ip_addr, pid, time_stamp, counter )  httpd μ ʵ 65536 û ִ. ׷ īʹ pid ϴ ذؾ Ѵ.

httpd ڽ īʹ ( и 10 ) 65536 ȴ. ( ý и ð Ʈ ġʴ .) ĺڸ 鶧 ϴ ð û ð̴. īʹ ĺڸ 鶧 Ѵ (׸ ٽ Ѵ).

Ŀ μ ũҶ(fork) μ pid Ҵϰ, pid ٽ ִ. (pid н 16Ʈ, ֱ ý 32Ʈ Ȯߴ.) ׷ ð pid ִ. ׷ ð pid ʴ´ٸ ϴ. , 츮 ý ʵ μ 65536 ̻ ʴ´ٰ Ѵ. ( н 32768 ̻ μ pid ߻ , ̰ Ͼ Ͱ ʴ.)

ð  ݺȴٰ غ. , ý ð谡 ð ŷ ư (Ȥ ð谡 ʹ ռ ùٷ 缳 ̷ ð Ǵ) . pid ð ִ. ī ʱȭ ذϷ ȵǾ. 츮 ڷ ī͸ ʱȭϱ , ýۿ ̷ . ( , seed ʿϱ⶧ rand() , ð ּ ̱⶧ ð seed .) Ϻ ذå .

׷ 󸶳 ? ǻ ϳ û ʴ ִ 500 (ý Ϲ ϴ ̻ ۾ ϹǷ ̴.) Ѵٰ . ÿ 󸶸ŭ Ŭ̾Ʈ óϴ° ڽ ȴ. ׷ 츮 ڽ û ʴ 500 ó ִٰ Ѵ. pid ڽ 500 û ڽ 500 û īͰ ĥ ִ ī ۰ 1000̴. ׷ (ʴ) ڽ īͰ ݺϿ ϼ Ȯ 1.5%̴. ̰ ſ ̸, ̷ . ׷ ýۿ ̷ ߻ ٸ (ҽ Ͽ) ī͸ 32Ʈ .

ŸӶ ð谡 "ڷ " 𸥴. ׷ ⼭ ϴ ð ǥؽ(UTC), ð "׻" Ƿ . x86 н ʿϴ. κ ð谡 UTC ϵ ؾ Ѵ. ׷ NTP Ѵٸ UTC ð ùٷ .

ȯ溯 UNIQUE_ID MIME base64 ڵ 112Ʈ (32Ʈ IP ּ, 32Ʈ pid, 32Ʈ ð, 16Ʈ ī) ĺ [A-Za-z0-9@-] ǥѴ. MIME base64 ĺ [A-Za-z0-9+/] + / URL Ư ǹ̷ ϹǷ ߴ. Ʈ Ʈ ڵϱ⶧ ٸ Ʈ ϴ Űİ . ڵ ð, IP ּ, pid, ī ̴.  , α׷ ڵ Ͽ мϸ ȵ Ѵ. α׷ ڵ UNIQUE_ID ü ϰ, ٸ UNIQUE_ID ִ.

UNIQUE_ID ͺ̽ 浹 ʰ ڵ ֵ ߴ. ο ڵ ù ׸ ð ϰų, ĺ Ʈ ̸ ִ. ð ⺻ ϴ ̹Ƿ ŬͿ ִ ǻͰ û 񽺸 ߴϰ ڵ ׸ ϱ (flag second) ϴ. û ϰ ο ڵ ִ.

츮 Ͽ ð ذå̶ ϴ´. Windows NT Ƽ ý Ȯ ְ, 뵵 Ȯ ִ. ̷ ʿѸŭ ĺڸ ֱ⶧ ĺڴ ⺻ . ⺻ Ŭ ǻ͵ ̿ ʿ (ϰ NTP ⸸ ʿϴ), httpd μ ̿ ŵ ʿ (Ŀ οϴ pid Ϲ ̴). ſ Ư Ȳ̶ ν ũ⸦ ؾ Ѵ. ( ,  Ʈ 32Ʈ IP ּ ʿϰ ũ, ̸ ̴ Ȳ ٸ.)

mod/mod_userdir.html100644 0 0 15311 11074463123 12210 0ustar 0 0 mod_userdir - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_userdir

:ں 丮
:Base
:userdir_module
ҽ:mod_userdir.c

ϸ http://example.com/~user/ ں 丮 ִ.

top

UserDir þ

:ں 丮 ġ
:UserDir directory-filename
⺻:UserDir public_html
:ּ, ȣƮ
:Base
:mod_userdir

UserDir þ û Ȩ丮 ȿ 丮 Ѵ. Directory-filename ϳ̴:

  • Ʒ 丮 Ȥ .
  • disabled Ű. enabled Ű (Ʒ ) ̸ ʾҴٸ ڸ-丮 ȯ ʴ´.
  • disabled Ű ڿ ڸ . ڸ enabled ִٰ ϴ, Ͽ ִ ڸ 丮 ȯ ʴ´.
  • enabled Ű ڿ ڸ . ü disable ϰ ڸ disabled , ڸ 丮 ȯѴ.

Userdir þ enabled disabled Ű带 , ƱԸƮ ϸ óϿ 丮 ȯѴ. http://www.foo.com/~bob/one/two.html û ȯȴ:

UserDir þ ȯ
UserDir public_html~bob/public_html/one/two.html
UserDir /usr/web/usr/web/bob/one/two.html
UserDir /home/*/www/home/bob/www/one/two.html

þ Ŭ̾Ʈ ̷ :

UserDir þ ȯ
UserDir http://www.foo.com/usershttp://www.foo.com/users/bob/one/two.html
UserDir http://www.foo.com/*/usrhttp://www.foo.com/bob/usr/one/two.html
UserDir http://www.foo.com/~*/http://www.foo.com/~bob/one/two.html
þ Ҷ ϶; , "UserDir ./" "/~root" Ƹ ٶ ʰ "/" ȯѴ. "UserDir disabled root" ϱ Ѵ. ڼ ˷ Directory þ ϶.

߰ :

ڿԸ UserDir 丮 Ѵٸ, :

UserDir disabled
UserDir enabled user1 user2 user3

κ ڿ UserDir 丮 ϰ Ϻθ źѴٸ, :

UserDir enabled
UserDir disabled user4 user5 user6

ٸ 丮 ִ. ɾ Ѵٸ:

Userdir public_html /usr/web http://www.foo.com/

http://www.foo.com/~bob/one/two.html û ϸ, ~bob/public_html/one/two.html ã, /usr/web/bob/one/two.html ã , http://www.foo.com/bob/one/two.html ̷ .

̷ Ѵٸ ξ Ѵ. ġ ̷ ߴ ⶧, ̷ տ θ ׻ ̷ ϰ ȴ.

mod/mod_usertrack.html100644 0 0 34653 11074463123 12550 0ustar 0 0 mod_usertrack - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_usertrack

Description: Clickstream logging of user activity on a site
Status:Extension
ModuleIdentifier:usertrack_module
SourceFile:mod_usertrack.c

Summary

Previous releases of Apache have included a module which generates a 'clickstream' log of user activity on a site using cookies. This was called the "cookies" module, mod_cookies. In Apache 1.2 and later this module has been renamed the "user tracking" module, mod_usertrack. This module has been simplified and new directives added.

top

Logging

Previously, the cookies module (now the user tracking module) did its own logging, using the CookieLog directive. In this release, this module does no logging at all. Instead, a configurable log format file should be used to log user click-streams. This is possible because the logging module now allows multiple log files. The cookie itself is logged by using the text %{cookie}n in the log file format. For example:

CustomLog logs/clickstream "%{cookie}n %r %t"

For backward compatibility the configurable log module implements the old CookieLog directive, but this should be upgraded to the above CustomLog directive.

top

2-digit or 4-digit dates for cookies?

(the following is from message <022701bda43d$9d32bbb0$1201a8c0@christian.office.sane.com> in the new-httpd archives) 

From: "Christian Allen" <christian@sane.com>
Subject: Re: Apache Y2K bug in mod_usertrack.c
Date: Tue, 30 Jun 1998 11:41:56 -0400

Did some work with cookies and dug up some info that might be useful.

True, Netscape claims that the correct format NOW is four digit dates, and
four digit dates do in fact work... for Netscape 4.x (Communicator), that
is.  However, 3.x and below do NOT accept them.  It seems that Netscape
originally had a 2-digit standard, and then with all of the Y2K hype and
probably a few complaints, changed to a four digit date for Communicator.
Fortunately, 4.x also understands the 2-digit format, and so the best way to
ensure that your expiration date is legible to the client's browser is to
use 2-digit dates.

However, this does not limit expiration dates to the year 2000; if you use
an expiration year of "13", for example, it is interpreted as 2013, NOT
1913!  In fact, you can use an expiration year of up to "37", and it will be
understood as "2037" by both MSIE and Netscape versions 3.x and up (not sure
about versions previous to those).  Not sure why Netscape used that
particular year as its cut-off point, but my guess is that it was in respect
to UNIX's 2038 problem.  Netscape/MSIE 4.x seem to be able to understand
2-digit years beyond that, at least until "50" for sure (I think they
understand up until about "70", but not for sure).

Summary:  Mozilla 3.x and up understands two digit dates up until "37"
(2037).  Mozilla 4.x understands up until at least "50" (2050) in 2-digit
form, but also understands 4-digit years, which can probably reach up until
9999.  Your best bet for sending a long-life cookie is to send it for some
time late in the year "37".
top

CookieDomain Directive

Description:The domain to which the tracking cookie applies
Syntax:CookieDomain domain
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_usertrack

This directive controls the setting of the domain to which the tracking cookie applies. If not present, no domain is included in the cookie header field.

The domain string must begin with a dot, and must include at least one embedded dot. That is, .foo.com is legal, but foo.bar.com and .com are not.

Most browsers in use today will not allow cookies to be set for a two-part top level domain, such as .co.uk, although such a domain ostensibly fulfills the requirements above.
These domains are equivalent to top level domains such as .com, and allowing such cookies may be a security risk. Thus, if you are under a two-part top level domain, you should still use your actual domain, as you would with any other top level domain (for example, use .foo.co.uk).
top

CookieExpires Directive

Description:Expiry time for the tracking cookie
Syntax:CookieExpires expiry-period
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_usertrack

When used, this directive sets an expiry time on the cookie generated by the usertrack module. The expiry-period can be given either as a number of seconds, or in the format such as "2 weeks 3 days 7 hours". Valid denominations are: years, months, weeks, days, hours, minutes and seconds. If the expiry time is in any format other than one number indicating the number of seconds, it must be enclosed by double quotes.

If this directive is not used, cookies last only for the current browser session.

top

CookieName Directive

Description:Name of the tracking cookie
Syntax:CookieName token
Default:CookieName Apache
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_usertrack

This directive allows you to change the name of the cookie this module uses for its tracking purposes. By default the cookie is named "Apache".

You must specify a valid cookie name; results are unpredictable if you use a name containing unusual characters. Valid characters include A-Z, a-z, 0-9, "_", and "-".

top

CookieStyle Directive

Description:Format of the cookie header field
Syntax:CookieStyle Netscape|Cookie|Cookie2|RFC2109|RFC2965
Default:CookieStyle Netscape
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_usertrack

This directive controls the format of the cookie header field. The three formats allowed are:

  • Netscape, which is the original but now deprecated syntax. This is the default, and the syntax Apache has historically used.
  • Cookie or RFC2109, which is the syntax that superseded the Netscape syntax.
  • Cookie2 or RFC2965, which is the most current cookie syntax.

Not all clients can understand all of these formats. but you should use the newest one that is generally acceptable to your users' browsers. At the time of writing, most browsers only fully support CookieStyle Netscape.

top

CookieTracking Directive

Description:Enables tracking cookie
Syntax:CookieTracking on|off
Default:CookieTracking off
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_usertrack

When mod_usertrack is loaded, and CookieTracking on is set, Apache will send a user-tracking cookie for all new requests. This directive can be used to turn this behavior on or off on a per-server or per-directory basis. By default, enabling mod_usertrack will not activate cookies.

mod/mod_version.html100644 0 0 14761 11074463123 12230 0ustar 0 0 mod_version - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ġ mod_version

ֽ ƴմϴ. ֱٿ ϼ.
:
:Extension
:version_module
ҽ:mod_version.c
:ġ 2.0.54 ĺ

ٸ ٷ ū Ʈ ׽Ʈ ϱ . 񱳳 ǥ Ͽ ο ˻簡 <IfVersion> Ѵ.

<IfVersion 2.1.0>
# Ȯ 2.1.0̴
 </IfVersion>

<IfVersion >= 2.2>
# ¥ ο Ѵ :-)
 </IfVersion>

ٸ Ʒ Ѵ.

top

<IfVersion> þ

: ´
:<IfVersion [[!]operator] version> ... </IfVersion>
:ּ, ȣƮ, directory, .htaccess
Override ɼ:All
:Extension
:mod_version

<IfVersion> ϴ Ҷ þ ´. Ϲ () version ƱԸƮ 2.1.0̳ 2.2 major[.minor[.patch]] ̴. minor patch  ȴ. ̵ ڰ ٸ 0̶ Ѵ. operator ϴ.

operator
= Ȥ ==
> ū
>= ũų
<
<= ۰ų

<IfVersion >= 2.1>
# 2.1.0 ũų
# Ѵ.
 </IfVersion>

񱳿ܿ ǥ Ͽ ִ. ⿡ ΰ ִ.

operator
= Ȥ == version /regex/ ̴
~ version regex ̴

<IfVersion = /^2.1.[01234]$/>
# , ⿡ װ ִ Ư ذå ´ </IfVersion>

տ ǥ(!) ǹ̸ ݴ ؼѴ.

<IfVersion !~ ^2.1.[01234]$>
# ƴϸ
 </IfVersion>

operator ϸ =̶ Ѵ.

mod/mod_vhost_alias.html100644 0 0 37400 11074463123 13052 0ustar 0 0 mod_vhost_alias - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache Module mod_vhost_alias

Description:Provides for dynamically configured mass virtual hosting
Status:Extension
ModuleIdentifier:vhost_alias_module
SourceFile:mod_vhost_alias.c

Summary

This module creates dynamically configured virtual hosts, by allowing the IP address and/or the Host: header of the HTTP request to be used as part of the pathname to determine what files to serve. This allows for easy use of a huge number of virtual hosts with similar configurations.

Note

If mod_alias or mod_userdir are used for translating URIs to filenames, they will override the directives of mod_vhost_alias described below. For example, the following configuration will map /cgi-bin/script.pl to /usr/local/apache2/cgi-bin/script.pl in all cases:

ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/
VirtualScriptAlias /never/found/%0/cgi-bin/

top

Directory Name Interpolation

All the directives in this module interpolate a string into a pathname. The interpolated string (henceforth called the "name") may be either the server name (see the UseCanonicalName directive for details on how this is determined) or the IP address of the virtual host on the server in dotted-quad format. The interpolation is controlled by specifiers inspired by printf which have a number of formats:

%% insert a %
%p insert the port number of the virtual host
%N.M insert (part of) the name

N and M are used to specify substrings of the name. N selects from the dot-separated components of the name, and M selects characters within whatever N has selected. M is optional and defaults to zero if it isn't present; the dot must be present if and only if M is present. The interpretation is as follows:

0 the whole name
1 the first part
2 the second part
-1 the last part
-2 the penultimate part
2+ the second and all subsequent parts
-2+ the penultimate and all preceding parts
1+ and -1+ the same as 0

If N or M is greater than the number of parts available a single underscore is interpolated.

top

Examples

For simple name-based virtual hosts you might use the following directives in your server configuration file:

UseCanonicalName Off
VirtualDocumentRoot /usr/local/apache/vhosts/%0

A request for http://www.example.com/directory/file.html will be satisfied by the file /usr/local/apache/vhosts/www.example.com/directory/file.html.

For a very large number of virtual hosts it is a good idea to arrange the files to reduce the size of the vhosts directory. To do this you might use the following in your configuration file:

UseCanonicalName Off
VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2

A request for http://www.domain.example.com/directory/file.html will be satisfied by the file /usr/local/apache/vhosts/example.com/d/o/m/domain/directory/file.html.

A more even spread of files can be achieved by hashing from the end of the name, for example:

VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.-1/%2.-2/%2.-3/%2

The example request would come from /usr/local/apache/vhosts/example.com/n/i/a/domain/directory/file.html.

Alternatively you might use:

VirtualDocumentRoot /usr/local/apache/vhosts/%3+/%2.1/%2.2/%2.3/%2.4+

The example request would come from /usr/local/apache/vhosts/example.com/d/o/m/ain/directory/file.html.

For IP-based virtual hosting you might use the following in your configuration file:

UseCanonicalName DNS
VirtualDocumentRootIP /usr/local/apache/vhosts/%1/%2/%3/%4/docs
VirtualScriptAliasIP /usr/local/apache/vhosts/%1/%2/%3/%4/cgi-bin

A request for http://www.domain.example.com/directory/file.html would be satisfied by the file /usr/local/apache/vhosts/10/20/30/40/docs/directory/file.html if the IP address of www.domain.example.com were 10.20.30.40. A request for http://www.domain.example.com/cgi-bin/script.pl would be satisfied by executing the program /usr/local/apache/vhosts/10/20/30/40/cgi-bin/script.pl.

If you want to include the . character in a VirtualDocumentRoot directive, but it clashes with a % directive, you can work around the problem in the following way:

VirtualDocumentRoot /usr/local/apache/vhosts/%2.0.%3.0

A request for http://www.domain.example.com/directory/file.html will be satisfied by the file /usr/local/apache/vhosts/domain.example/directory/file.html.

The LogFormat directives %V and %A are useful in conjunction with this module.

top

VirtualDocumentRoot Directive

Description:Dynamically configure the location of the document root for a given virtual host
Syntax:VirtualDocumentRoot interpolated-directory|none
Default:VirtualDocumentRoot none
Context:server config, virtual host
Status:Extension
Module:mod_vhost_alias

The VirtualDocumentRoot directive allows you to determine where Apache will find your documents based on the value of the server name. The result of expanding interpolated-directory is used as the root of the document tree in a similar manner to the DocumentRoot directive's argument. If interpolated-directory is none then VirtualDocumentRoot is turned off. This directive cannot be used in the same context as VirtualDocumentRootIP.

top

VirtualDocumentRootIP Directive

Description:Dynamically configure the location of the document root for a given virtual host
Syntax:VirtualDocumentRootIP interpolated-directory|none
Default:VirtualDocumentRootIP none
Context:server config, virtual host
Status:Extension
Module:mod_vhost_alias

The VirtualDocumentRootIP directive is like the VirtualDocumentRoot directive, except that it uses the IP address of the server end of the connection for directory interpolation instead of the server name.

top

VirtualScriptAlias Directive

Description:Dynamically configure the location of the CGI directory for a given virtual host
Syntax:VirtualScriptAlias interpolated-directory|none
Default:VirtualScriptAlias none
Context:server config, virtual host
Status:Extension
Module:mod_vhost_alias

The VirtualScriptAlias directive allows you to determine where Apache will find CGI scripts in a similar manner to VirtualDocumentRoot does for other documents. It matches requests for URIs starting /cgi-bin/, much like ScriptAlias /cgi-bin/ would.

top

VirtualScriptAliasIP Directive

Description:Dynamically configure the location of the cgi directory for a given virtual host
Syntax:VirtualScriptAliasIP interpolated-directory|none
Default:VirtualScriptAliasIP none
Context:server config, virtual host
Status:Extension
Module:mod_vhost_alias

The VirtualScriptAliasIP directive is like the VirtualScriptAlias directive, except that it uses the IP address of the server end of the connection for directory interpolation instead of the server name.

mod/module-dict.html100644 0 0 11756 11074463123 12113 0ustar 0 0 ϱ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.0

<-

ϱ

ġ ϱ  Ѵ.

top

.

top

ġ 󸶳 ִ Ÿ. , Ư ϱؼ ٽ ؾ 찡 ִ. Ӽ :

MPM
° "MPM" ó ̴. ٸ ޸ ġ MPM Ѵ. ̷ ⺻ û ó й踦 Ѵ.
Base
° "Base" ⺻ ϵǹǷ, ʴ ִ.
Extension
° "Extension" ϵ ʴ´. Ϸ ϰ ġ ٽ ؾ Ѵ.
Experimental
"Experimental" ´ ġ Ե, Ϸ ؾ Ѵ. ⿡ , Ѵٴ ƴϴ.
External
"External" ´ ⺻ ġ Ե ("ڰ ")̴. 츮 ̷ ⿡ å ʴ´.
top

ҽ

ϰ ؼ ҽڵ尡 ִ ҽϸ̴. <IfModule> þ ϴ ̸̱⵵ ϴ.

top

Īϴ ڿ, о̴ LoadModule þ Ѵ. Ȯ ϸ ҽϿ module ܺκ ̸̴.

top

ġ 2 Ե ʾҴٸ, ó Ұ ˷ش. , Ư ÷̶ Ѵ.

mod/mpm_common.html100644 0 0 203571 11074463123 12064 0ustar 0 0 mpm_common - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache MPM Common Directives

Description:A collection of directives that are implemented by more than one multi-processing module (MPM)
Status:MPM
top

AcceptMutex Directive

Description:Method that Apache uses to serialize multiple children accepting requests on network sockets
Syntax:AcceptMutex Default|method
Default:AcceptMutex Default
Context:server config
Status:MPM
Module:leader, perchild, prefork, threadpool, worker

The AcceptMutex directives sets the method that Apache uses to serialize multiple children accepting requests on network sockets. Prior to Apache 2.0, the method was selectable only at compile time. The optimal method to use is highly architecture and platform dependent. For further details, see the performance tuning documentation.

If this directive is set to Default, then the compile-time selected default will be used. Other possible methods are listed below. Note that not all methods are available on all platforms. If a method is specified which is not available, a message will be written to the error log listing the available methods.

flock
uses the flock(2) system call to lock the file defined by the LockFile directive.
fcntl
uses the fcntl(2) system call to lock the file defined by the LockFile directive.
posixsem
uses POSIX compatible semaphores to implement the mutex.
pthread
uses POSIX mutexes as implemented by the POSIX Threads (PThreads) specification.
sysvsem
uses SySV-style semaphores to implement the mutex.

If you want to find out the compile time chosen default for your system, you may set your LogLevel to debug. Then the default AcceptMutex will be written into the ErrorLog.

top

BS2000Account Directive

Description:Define the non-privileged account on BS2000 machines
Syntax:BS2000Account account
Context:server config
Status:MPM
Module:perchild, prefork
Compatibility:Only available for BS2000 machines

The BS2000Account directive is available for BS2000 hosts only. It must be used to define the account number for the non-privileged apache server user (which was configured using the User directive). This is required by the BS2000 POSIX subsystem (to change the underlying BS2000 task environment by performing a sub-LOGON) to prevent CGI scripts from accessing resources of the privileged account which started the server, usually SYSROOT.

Note

Only one BS2000Account directive can be used.

See also

top

CoreDumpDirectory Directive

Description:Directory where Apache attempts to switch before dumping core
Syntax:CoreDumpDirectory directory
Default:See usage for the default setting
Context:server config
Status:MPM
Module:beos, leader, mpm_winnt, perchild, prefork, threadpool, worker

This controls the directory to which Apache attempts to switch before dumping core. The default is in the ServerRoot directory, however since this should not be writable by the user the server runs as, core dumps won't normally get written. If you want a core dump for debugging, you can use this directive to place it in a different location.

Core Dumps on Linux

If Apache starts as root and switches to another user, the Linux kernel disables core dumps even if the directory is writable for the process. Apache (2.0.46 and later) reenables core dumps on Linux 2.4 and beyond, but only if you explicitly configure a CoreDumpDirectory.

top

EnableExceptionHook Directive

Description:Enables a hook that runs exception handlers after a crash
Syntax:EnableExceptionHook On|Off
Default:EnableExceptionHook Off
Context:server config
Status:MPM
Module:leader, perchild, prefork, threadpool, worker
Compatibility:Available in version 2.0.49 and later

For safety reasons this directive is only available if the server was configured with the --enable-exception-hook option. It enables a hook that allows external modules to plug in and do something after a child crashed.

There are already two modules, mod_whatkilledus and mod_backtrace that make use of this hook. Please have a look at Jeff Trawick's EnableExceptionHook site for more information about these.

top

Group Directive

Description:Group under which the server will answer requests
Syntax:Group unix-group
Default:Group #-1
Context:server config
Status:MPM
Module:beos, leader, mpmt_os2, perchild, prefork, threadpool, worker
Compatibility:Only valid in global server config since Apache 2.0

The Group directive sets the group under which the server will answer requests. In order to use this directive, the server must be run initially as root. If you start the server as a non-root user, it will fail to change to the specified group, and will instead continue to run as the group of the original user. Unix-group is one of:

A group name
Refers to the given group by name.
# followed by a group number.
Refers to a group by its number.

Example

Group www-group

It is recommended that you set up a new group specifically for running the server. Some admins use user nobody, but this is not always possible or desirable.

Security

Don't set Group (or User) to root unless you know exactly what you are doing, and what the dangers are.

Special note: Use of this directive in <VirtualHost> is no longer supported. To configure your server for suexec use SuexecUserGroup.

Note

Although the Group directive is present in the beos and mpmt_os2 MPMs, it is actually a no-op there and only exists for compatibility reasons.

top

Listen Directive

Description:IP addresses and ports that the server listens to
Syntax:Listen [IP-address:]portnumber
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker
Compatibility:Required directive since Apache 2.0

The Listen directive instructs Apache to listen to only specific IP addresses or ports; by default it responds to requests on all IP interfaces. Listen is now a required directive. If it is not in the config file, the server will fail to start. This is a change from previous versions of Apache.

The Listen directive tells the server to accept incoming requests on the specified port or address-and-port combination. If only a port number is specified, the server listens to the given port on all interfaces. If an IP address is given as well as a port, the server will listen on the given port and interface.

Multiple Listen directives may be used to specify a number of addresses and ports to listen to. The server will respond to requests from any of the listed addresses and ports.

For example, to make the server accept connections on both port 80 and port 8000, use:

Listen 80
Listen 8000

To make the server accept connections on two specified interfaces and port numbers, use

Listen 192.170.2.1:80
Listen 192.170.2.5:8000

IPv6 addresses must be surrounded in square brackets, as in the following example:

Listen [2001:db8::a00:20ff:fea7:ccea]:80

Error condition

Multiple Listen directives for the same ip address and port will result in an Address already in use error message.

See also

top

ListenBackLog Directive

Description:Maximum length of the queue of pending connections
Syntax:ListenBacklog backlog
Default:ListenBacklog 511
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker

The maximum length of the queue of pending connections. Generally no tuning is needed or desired, however on some systems it is desirable to increase this when under a TCP SYN flood attack. See the backlog parameter to the listen(2) system call.

This will often be limited to a smaller number by the operating system. This varies from OS to OS. Also note that many OSes do not use exactly what is specified as the backlog, but use a number based on (but normally larger than) what is set.

top

LockFile Directive

Description:Location of the accept serialization lock file
Syntax:LockFile filename
Default:LockFile logs/accept.lock
Context:server config
Status:MPM
Module:leader, perchild, prefork, threadpool, worker

The LockFile directive sets the path to the lockfile used when Apache is used with an AcceptMutex value of either fcntl or flock. This directive should normally be left at its default value. The main reason for changing it is if the logs directory is NFS mounted, since the lockfile must be stored on a local disk. The PID of the main server process is automatically appended to the filename.

Security

It is best to avoid putting this file in a world writable directory such as /var/tmp because someone could create a denial of service attack and prevent the server from starting by creating a lockfile with the same name as the one the server will try to create.

See also

top

MaxClients Directive

Description:Maximum number of child processes that will be created to serve requests
Syntax:MaxClients number
Default:See usage for details
Context:server config
Status:MPM
Module:beos, leader, prefork, threadpool, worker

The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced.

For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit.

For threaded and hybrid servers (e.g. beos or worker) MaxClients restricts the total number of threads that will be available to serve clients. The default value for beos is 50. For hybrid MPMs the default value is 16 (ServerLimit) multiplied by the value of 25 (ThreadsPerChild). Therefore, to increase MaxClients to a value that requires more than 16 processes, you must also raise ServerLimit.

top

MaxMemFree Directive

Description:Maximum amount of memory that the main allocator is allowed to hold without calling free()
Syntax:MaxMemFree KBytes
Default:MaxMemFree 0
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, prefork, threadpool, worker, mpm_winnt

The MaxMemFree directive sets the maximum number of free Kbytes that the main allocator is allowed to hold without calling free(). When not set, or when set to zero, the threshold will be set to unlimited.

top

MaxRequestsPerChild Directive

Description:Limit on the number of requests that an individual child server will handle during its life
Syntax:MaxRequestsPerChild number
Default:MaxRequestsPerChild 10000
Context:server config
Status:MPM
Module:leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker

The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. If MaxRequestsPerChild is 0, then the process will never expire.

Different default values

The default value for mpm_netware and mpm_winnt is 0.

Setting MaxRequestsPerChild to a non-zero limit has two beneficial effects:

  • it limits the amount of memory that process can consume by (accidental) memory leakage;
  • by giving processes a finite lifetime, it helps reduce the number of processes when the server load reduces.

Note

For KeepAlive requests, only the first request is counted towards this limit. In effect, it changes the behavior to limit the number of connections per child.

top

MaxSpareThreads Directive

Description:Maximum number of idle threads
Syntax:MaxSpareThreads number
Default:See usage for details
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, mpmt_os2, perchild, threadpool, worker

Maximum number of idle threads. Different MPMs deal with this directive differently.

For perchild the default is MaxSpareThreads 10. This MPM monitors the number of idle threads on a per-child basis. If there are too many idle threads in that child, the server will begin to kill threads within that child.

For worker, leader and threadpool the default is MaxSpareThreads 250. These MPMs deal with idle threads on a server-wide basis. If there are too many idle threads in the server then child processes are killed until the number of idle threads is less than this number.

For mpm_netware the default is MaxSpareThreads 100. Since this MPM runs a single-process, the spare thread count is also server-wide.

beos and mpmt_os2 work similar to mpm_netware. The default for beos is MaxSpareThreads 50. For mpmt_os2 the default value is 10.

Restrictions

The range of the MaxSpareThreads value is restricted. Apache will correct the given value automatically according to the following rules:

See also

top

MinSpareThreads Directive

Description:Minimum number of idle threads available to handle request spikes
Syntax:MinSpareThreads number
Default:See usage for details
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, mpmt_os2, perchild, threadpool, worker

Minimum number of idle threads to handle request spikes. Different MPMs deal with this directive differently.

perchild uses a default of MinSpareThreads 5 and monitors the number of idle threads on a per-child basis. If there aren't enough idle threads in that child, the server will begin to create new threads within that child. Thus, if you set NumServers to 10 and a MinSpareThreads value of 5, you'll have at least 50 idle threads on your system.

worker, leader and threadpool use a default of MinSpareThreads 75 and deal with idle threads on a server-wide basis. If there aren't enough idle threads in the server then child processes are created until the number of idle threads is greater than number.

mpm_netware uses a default of MinSpareThreads 10 and, since it is a single-process MPM, tracks this on a server-wide bases.

beos and mpmt_os2 work similar to mpm_netware. The default for beos is MinSpareThreads 1. For mpmt_os2 the default value is 5.

See also

top

PidFile Directive

Description:File where the server records the process ID of the daemon
Syntax:PidFile filename
Default:PidFile logs/httpd.pid
Context:server config
Status:MPM
Module:beos, leader, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker

The PidFile directive sets the file to which the server records the process id of the daemon. If the filename is not absolute then it is assumed to be relative to the ServerRoot.

Example

PidFile /var/run/apache.pid

It is often useful to be able to send the server a signal, so that it closes and then re-opens its ErrorLog and TransferLog, and re-reads its configuration files. This is done by sending a SIGHUP (kill -1) signal to the process id listed in the PidFile.

The PidFile is subject to the same warnings about log file placement and security.

Note

As of Apache 2 it is recommended to use only the apachectl script for (re-)starting or stopping the server.

top

ReceiveBufferSize Directive

Description:TCP receive buffer size
Syntax:ReceiveBufferSize bytes
Default:ReceiveBufferSize 0
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker

The server will set the TCP receive buffer size to the number of bytes specified.

If set to the value of 0, the server will use the OS default.

top

ScoreBoardFile Directive

Description:Location of the file used to store coordination data for the child processes
Syntax:ScoreBoardFile file-path
Default:ScoreBoardFile logs/apache_status
Context:server config
Status:MPM
Module:beos, leader, mpm_winnt, perchild, prefork, threadpool, worker

Apache uses a scoreboard to communicate between its parent and child processes. Some architectures require a file to facilitate this communication. If the file is left unspecified, Apache first attempts to create the scoreboard entirely in memory (using anonymous shared memory) and, failing that, will attempt to create the file on disk (using file-based shared memory). Specifying this directive causes Apache to always create the file on the disk.

Example

ScoreBoardFile /var/run/apache_status

File-based shared memory is useful for third-party applications that require direct access to the scoreboard.

If you use a ScoreBoardFile then you may see improved speed by placing it on a RAM disk. But be careful that you heed the same warnings about log file placement and security.

See also

top

SendBufferSize Directive

Description:TCP buffer size
Syntax:SendBufferSize bytes
Default:SendBufferSize 0
Context:server config
Status:MPM
Module:beos, leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker

The server will set the TCP send buffer size to the number of bytes specified. Very useful to increase past standard OS defaults on high speed high latency (i.e., 100ms or so, such as transcontinental fast pipes).

If set to the value of 0, the server will use the OS default.

top

ServerLimit Directive

Description:Upper limit on configurable number of processes
Syntax:ServerLimit number
Default:See usage for details
Context:server config
Status:MPM
Module:leader, perchild, prefork, threadpool, worker

For the prefork MPM, this directive sets the maximum configured value for MaxClients for the lifetime of the Apache process. For the worker MPM, this directive in combination with ThreadLimit sets the maximum configured value for MaxClients for the lifetime of the Apache process. Any attempts to change this directive during a restart will be ignored, but MaxClients can be modified during a restart.

Special care must be taken when using this directive. If ServerLimit is set to a value much higher than necessary, extra, unused shared memory will be allocated. If both ServerLimit and MaxClients are set to values higher than the system can handle, Apache may not start or the system may become unstable.

With the prefork MPM, use this directive only if you need to set MaxClients higher than 256 (default). Do not set the value of this directive any higher than what you might want to set MaxClients to.

With worker, leader and threadpool use this directive only if your MaxClients and ThreadsPerChild settings require more than 16 server processes (default). Do not set the value of this directive any higher than the number of server processes required by what you may want for MaxClients and ThreadsPerChild.

With the perchild MPM, use this directive only if you need to set NumServers higher than 8 (default).

Note

There is a hard limit of ServerLimit 20000 compiled into the server. This is intended to avoid nasty effects caused by typos.

See also

top

StartServers Directive

Description:Number of child server processes created at startup
Syntax:StartServers number
Default:See usage for details
Context:server config
Status:MPM
Module:leader, mpmt_os2, prefork, threadpool, worker

The StartServers directive sets the number of child server processes created on startup. As the number of processes is dynamically controlled depending on the load, there is usually little reason to adjust this parameter.

The default value differs from MPM to MPM. For leader, threadpool and worker the default is StartServers 3. For prefork defaults to 5 and for mpmt_os2 to 2.

top

StartThreads Directive

Description:Number of threads created on startup
Syntax:StartThreads number
Default:See usage for details
Context:server config
Status:MPM
Module:beos, mpm_netware, perchild

Number of threads created on startup. As the number of threads is dynamically controlled depending on the load, there is usually little reason to adjust this parameter.

For perchild the default is StartThreads 5 and this directive tracks the number of threads per process at startup.

For mpm_netware the default is StartThreads 50 and, since there is only a single process, this is the total number of threads created at startup to serve requests.

For beos the default is StartThreads 10. It also reflects the total number of threads created at startup to serve requests.

top

ThreadLimit Directive

Description:Sets the upper limit on the configurable number of threads per child process
Syntax:ThreadLimit number
Default:See usage for details
Context:server config
Status:MPM
Module:leader, mpm_winnt, perchild, threadpool, worker
Compatibility:Available for mpm_winnt in Apache 2.0.41 and later

This directive sets the maximum configured value for ThreadsPerChild for the lifetime of the Apache process. Any attempts to change this directive during a restart will be ignored, but ThreadsPerChild can be modified during a restart up to the value of this directive.

Special care must be taken when using this directive. If ThreadLimit is set to a value much higher than ThreadsPerChild, extra unused shared memory will be allocated. If both ThreadLimit and ThreadsPerChild are set to values higher than the system can handle, Apache may not start or the system may become unstable. Do not set the value of this directive any higher than your greatest predicted setting of ThreadsPerChild for the current run of Apache.

The default value for ThreadLimit is 1920 when used with mpm_winnt and 64 when used with the others.

Note

There is a hard limit of ThreadLimit 20000 (or ThreadLimit 15000 with mpm_winnt) compiled into the server. This is intended to avoid nasty effects caused by typos.

top

ThreadsPerChild Directive

Description:Number of threads created by each child process
Syntax:ThreadsPerChild number
Default:See usage for details
Context:server config
Status:MPM
Module:leader, mpm_winnt, threadpool, worker

This directive sets the number of threads created by each child process. The child creates these threads at startup and never creates more. If using an MPM like mpm_winnt, where there is only one child process, this number should be high enough to handle the entire load of the server. If using an MPM like worker, where there are multiple child processes, the total number of threads should be high enough to handle the common load on the server.

The default value for ThreadsPerChild is 64 when used with mpm_winnt and 25 when used with the others.

top

User Directive

Description:The userid under which the server will answer requests
Syntax:User unix-userid
Default:User #-1
Context:server config
Status:MPM
Module:leader, perchild, prefork, threadpool, worker
Compatibility:Only valid in global server config since Apache 2.0

The User directive sets the user ID as which the server will answer requests. In order to use this directive, the server must be run initially as root. If you start the server as a non-root user, it will fail to change to the lesser privileged user, and will instead continue to run as that original user. If you do start the server as root, then it is normal for the parent process to remain running as root. Unix-userid is one of:

A username
Refers to the given user by name.
# followed by a user number.
Refers to a user by its number.

The user should have no privileges that result in it being able to access files that are not intended to be visible to the outside world, and similarly, the user should not be able to execute code that is not meant for HTTP requests. It is recommended that you set up a new user and group specifically for running the server. Some admins use user nobody, but this is not always desirable, since the nobody user can have other uses on the system.

Security

Don't set User (or Group) to root unless you know exactly what you are doing, and what the dangers are.

With the perchild MPM, which is intended to server virtual hosts run under different user IDs, the User directive defines the user ID for the main server and the fallback for <VirtualHost> sections without an AssignUserID directive.

Special note: Use of this directive in <VirtualHost> is no longer supported. To configure your server for suexec use SuexecUserGroup.

Note

Although the User directive is present in the beos and mpmt_os2 MPMs, it is actually a no-op there and only exists for compatibility reasons.

mod/mpm_netware.html100644 0 0 17364 11074463123 12224 0ustar 0 0 mpm_netware - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache MPM netware

Description:Multi-Processing Module implementing an exclusively threaded web server optimized for Novell NetWare
Status:MPM
ModuleIdentifier:mpm_netware_module
SourceFile:mpm_netware.c

Summary

This Multi-Processing Module (MPM) implements an exclusively threaded web server that has been optimized for Novell NetWare.

The main thread is responsible for launching child worker threads which listen for connections and serve them when they arrive. Apache always tries to maintain several spare or idle worker threads, which stand ready to serve incoming requests. In this way, clients do not need to wait for a new child threads to be spawned before their requests can be served.

The StartThreads, MinSpareThreads, MaxSpareThreads, and MaxThreads regulate how the main thread creates worker threads to serve requests. In general, Apache is very self-regulating, so most sites do not need to adjust these directives from their default values. Sites with limited memory may need to decrease MaxThreads to keep the server from thrashing (spawning and terminating idle threads). More information about tuning process creation is provided in the performance hints documentation.

MaxRequestsPerChild controls how frequently the server recycles processes by killing old ones and launching new ones. On the NetWare OS it is highly recommended that this directive remain set to 0. This allows worker threads to continue servicing requests indefinitely.

top

MaxThreads Directive

Description:Set the maximum number of worker threads
Syntax:MaxThreads number
Default:MaxThreads 2048
Context:server config
Status:MPM
Module:mpm_netware

The MaxThreads directive sets the desired maximum number worker threads allowable. The default value is also the compiled in hard limit. Therefore it can only be lowered, for example:

MaxThreads 512

top

ThreadStackSize Directive

Description:Determine the stack size for each thread
Syntax:ThreadStackSize number
Default:ThreadStackSize 65536
Context:server config
Status:MPM
Module:mpm_netware

This directive tells the server what stack size to use for each of the running threads. If you ever get a stack overflow you will need to bump this number to a higher setting.

mod/mpm_winnt.html100644 0 0 13214 11074463123 11704 0ustar 0 0 mpm_winnt - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache MPM winnt

Description:This Multi-Processing Module is optimized for Windows NT.
Status:MPM
ModuleIdentifier:mpm_winnt_module
SourceFile:mpm_winnt.c

Summary

This Multi-Processing Module (MPM) is the default for the Windows NT operating systems. It uses a single control process which launches a single child process which in turn creates threads to handle requests

top

Win32DisableAcceptEx Directive

Description:Use accept() rather than AcceptEx() to accept network connections
Syntax:Win32DisableAcceptEx
Default:AcceptEx() is enabled by default. Use this directive to disable use of AcceptEx()
Context:server config
Status:MPM
Module:mpm_winnt
Compatibility:Available in Version 2.0.49 and later

AcceptEx() is a Microsoft WinSock v2 API that provides some performance improvements over the use of the BSD style accept() API in certain circumstances. Some popular Windows products, typically virus scanning or virtual private network packages, have bugs that interfere with the proper operation of AcceptEx(). If you encounter an error condition like:

[error] (730038)An operation was attempted on something that is not a socket.: winnt_accept: AcceptEx failed. Attempting to recover.

you should use this directive to disable the use of AcceptEx().

mod/mpmt_os2.html100644 0 0 10704 11074463123 11435 0ustar 0 0 mpmt_os2 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache MPM os2

Description:Hybrid multi-process, multi-threaded MPM for OS/2
Status:MPM
ModuleIdentifier:mpm_mpmt_os2_module
SourceFile:mpmt_os2.c

Summary

The Server consists of a main, parent process and a small, static number of child processes.

The parent process's job is to manage the child processes. This involves spawning children as required to ensure there are always StartServers processes accepting connections.

Each child process consists of a a pool of worker threads and a main thread that accepts connections and passes them to the workers via a work queue. The worker thread pool is dynamic, managed by a maintenance thread so that the number of idle threads is kept between MinSpareThreads and MaxSpareThreads.

mod/perchild.html100644 0 0 41115 11074463123 11467 0ustar 0 0 perchild - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.0

<-

Apache MPM perchild

Description:Multi-Processing Module allowing for daemon processes serving requests to be assigned a variety of different userids
Status:MPM
ModuleIdentifier:mpm_perchild_module
SourceFile:perchild.c

Summary

This module is not functional. Development of this module is not complete and is not currently active. Do not use perchild unless you are a programmer willing to help fix it.

This Multi-Processing Module (MPM) implements a hybrid multi-process, multi-threaded web server. A fixed number of processes create threads to handle requests. Fluctuations in load are handled by increasing or decreasing the number of threads in each process.

top

How it works

A single control process launches the number of child processes indicated by the NumServers directive at server startup. Each child process creates threads as specified in the StartThreads directive. The individual threads then listen for connections and serve them when they arrive.

Apache always tries to maintain a pool of spare or idle server threads, which stand ready to serve incoming requests. In this way, clients do not need to wait for new threads to be created. For each child process, Apache assesses the number of idle threads and creates or destroys threads to keep this number within the boundaries specified by MinSpareThreads and MaxSpareThreads. Since this process is very self-regulating, it is rarely necessary to modify these directives from their default values. The maximum number of clients that may be served simultaneously is determined by multiplying the number of server processes that will be created (NumServers) by the maximum number of threads created in each process (MaxThreadsPerChild).

While the parent process is usually started as root under Unix in order to bind to port 80, the child processes and threads are launched by Apache as a less-privileged user. The User and Group directives are used to set the privileges of the Apache child processes. The child processes must be able to read all the content that will be served, but should have as few privileges beyond that as possible. In addition, unless suexec is used, these directives also set the privileges which will be inherited by CGI scripts.

MaxRequestsPerChild controls how frequently the server recycles processes by killing old ones and launching new ones.

Working with different user-IDs

The perchild MPM adds the extra ability to specify that particular processes should serve requests under different user-IDs. These user-IDs can then be associated with specific virtual hosts. You have to use one ChildPerUserID directive for every user/group combination you want to be run. Then you can tie particular virtual hosts to that user and group IDs.

The following example runs 7 child processes. Two of them are run under user1/group1. The next four are run under user2/group2 and the remaining process uses the User and Group of the main server:

Global config

NumServers 7
ChildPerUserID user1 group1 2
ChildPerUserID user2 group2 4

Using unbalanced numbers of processes as above is useful, if the particular virtual hosts produce different load. The assignment to the virtual hosts is easily done as in the example below. In conclusion with the example above the following assumes, that server2 has to serve about twice of the hits of server1.

Example

NameVirtualHost *

<VirtualHost *>
ServerName fallbackhost
# no assignment; use fallback
 </VirtualHost>

<VirtualHost *>
ServerName server1
AssignUserID user1 group1
 </VirtualHost>

<VirtualHost *>
ServerName server2
AssignUserID user2 group2
 </VirtualHost>

top

AssignUserID Directive

Description:Tie a virtual host to a user and group ID
Syntax:AssignUserID user-id group-id
Context:virtual host
Status:MPM
Module:perchild

Tie a virtual host to a specific user/group combination. Requests addressed to the virtual host where this directive appears will be served by a process running with the specified user and group ID.

The user and group ID has to be assigned to a number of children in the global server config using the ChildPerUserID directive. See the section above for a configuration example.

top

ChildPerUserID Directive

Description:Specify user ID and group ID for a number of child processes
Syntax:ChildPerUserID user-id group-id num-children
Context:server config
Status:MPM
Module:perchild

Specify a user ID and group ID for a number of child processes. The third argument, num-children, is the number of child processes to start with the specified user and group. It does not represent a specific child number. In order to use this directive, the server must be run initially as root. If you start the server as a non-root user, it will fail to change to the lesser privileged user.

If the total number of child processes, found by totaling all of the third arguments to all ChildPerUserID directives in the config file, is less than NumServers, then all remaining children will inherit the User and Group settings from the main server. See the section above for a configuration example.

Security