developer/ 40755 0 0 0 11237400533 10073 5ustar 0 0 faq/ 40755 0 0 0 11237400533 6655 5ustar 0 0 howto/ 40755 0 0 0 11237400533 7246 5ustar 0 0 images/ 40755 0 0 0 11237400533 7353 5ustar 0 0 misc/ 40755 0 0 0 11237400533 7041 5ustar 0 0 mod/ 40755 0 0 0 11237400534 6666 5ustar 0 0 platform/ 40755 0 0 0 11237400534 7733 5ustar 0 0 programs/ 40755 0 0 0 11237400534 7741 5ustar 0 0 rewrite/ 40755 0 0 0 11237400534 7570 5ustar 0 0 ssl/ 40755 0 0 0 11237400534 6710 5ustar 0 0 style/ 40755 0 0 0 11237400534 7247 5ustar 0 0 style/_generated/ 40755 0 0 0 11237400534 11344 5ustar 0 0 style/css/ 40755 0 0 0 11237400234 10034 5ustar 0 0 style/lang/ 40755 0 0 0 11237400534 10170 5ustar 0 0 style/latex/ 40755 0 0 0 11237400534 10364 5ustar 0 0 style/xsl/ 40755 0 0 0 11237400534 10055 5ustar 0 0 style/xsl/util/ 40755 0 0 0 11237400534 11032 5ustar 0 0 vhosts/ 40755 0 0 0 11237400534 7435 5ustar 0 0 bind.html100644 0 0 16661 11237400533 10037 0ustar 0 0 ּҿ Ʈ (Binding) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ּҿ Ʈ (Binding)

ֽ ƴմϴ. ֱٿ ϼ.

ġ Ư ּҿ Ʈ ϵ ϱ.

top

õ õ þ

ġ ϸ ġ ǻ  Ʈ ּҿ Ͽ, û ٸ. ⺻ ġ ǻ ּҿ ٸ. ׷ ġ Ư Ʈ ּҸ ٸ ؾ 찡 ִ. ġ  ٸ IP ּ, ȣƮ, Ʈ ϴ ȣƮ ɰ õִ.

Listen þ Ư Ʈ ּҿ Ʈ տ û ް Ѵ. Listen þ Ʈ ȣ ϸ, ̽ Ʈ ٸ. Listen þ ٸ ּҿ Ʈ ִ. ּҿ Ʈ û Ѵ.

, 80 8000 Ʈ ο ޵ Ϸ:

Listen 80
Listen 8000

̽ Ʈ ٸ Ϸ,

Listen 192.0.2.1:80
Listen 192.0.2.5:8000

IPv6 ּҴ ȣ Ѵ:

Listen [2001:db8::a00:20ff:fea7:ccea]:80

top

IPv6 Ư

IPv6 ÷ ð ְ APR ̵ ÷ κп IPv6 ϱ⶧, ġ IPv6 ҴϿ IPv6 û ó ִ.

ġ ڿ κ IPv6 IPv4 IPv6 ó ִĴ ̴. κ ÷ IPv4-(mapped) IPv6 ּҸ Ͽ IPv6 Ͽ IPv4 , FreeBSD NetBSD OpenBSD ýü å ⺻ ʴ´. ׷ ⺻ ʴ ý̶ ġ Ư Ķͷ ִ.

ݸ Tru64 Ϻ ÷ IPv4 IPv6 óϷ ּҸ ؾ߸ Ѵ. ġ ּ Ͽ IPv4 IPv6 ޵Ϸ, IPv4- IPv6 ּҸ ϰ configure ɼ --enable-v4-mapped Ѵ.

--enable-v4-mapped FreeBSD, NetBSD, OpenBSD ÷ ⺻̰, Ƹ ġ ̴.

÷ APR ο ġ IPv4 Ḹ ޵Ϸ, Listen þ IPv4 ּҸ Ѵ:

Listen 0.0.0.0:80
Listen 192.0.2.1:80

÷ ϸ ġ ٸ IPv4 IPv6 ޵Ϸ ( IPv4- ּҸ ), configure ɼ --disable-v4-mapped Ѵ. --disable-v4-mapped FreeBSD, NetBSD, OpenBSD ⺻̴.

top

ȣƮ  dz

Listen ȣƮ ʴ´. ̴ ּ  ּҿ Ʈ ٸ ˷ش. <VirtualHost> þ , û Ȱ óѴ. ׷ <VirtualHost> ּҿ Ʈ ٸ ൿ ִ. ȣƮ ּҿ Ʈ ˷ Ѵ. ׸ Ư ּҿ Ʈ ȣƮ ൿ <VirtualHost> ʿϴ. ּ ٸʴ ּҿ Ʈ ϴ <VirtualHost> ϶.

caching.html100644 0 0 112040 11237400533 10523 0ustar 0 0 Caching Guide - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

Caching Guide

This document supplements the mod_cache, mod_disk_cache, mod_mem_cache, mod_file_cache and htcacheclean reference documentation. It describes how to use Apache's caching features to accelerate web and proxy serving, while avoiding common problems and misconfigurations.

top

Introduction

As of Apache HTTP server version 2.2 mod_cache and mod_file_cache are no longer marked experimental and are considered suitable for production use. These caching architectures provide a powerful means to accelerate HTTP handling, both as an origin webserver and as a proxy.

mod_cache and its provider modules mod_mem_cache and mod_disk_cache provide intelligent, HTTP-aware caching. The content itself is stored in the cache, and mod_cache aims to honour all of the various HTTP headers and options that control the cachability of content. It can handle both local and proxied content. mod_cache is aimed at both simple and complex caching configurations, where you are dealing with proxied content, dynamic local content or have a need to speed up access to local files which change with time.

mod_file_cache on the other hand presents a more basic, but sometimes useful, form of caching. Rather than maintain the complexity of actively ensuring the cachability of URLs, mod_file_cache offers file-handle and memory-mapping tricks to keep a cache of files as they were when Apache was last started. As such, mod_file_cache is aimed at improving the access time to local static files which do not change very often.

As mod_file_cache presents a relatively simple caching implementation, apart from the specific sections on CacheFile and MMapFile, the explanations in this guide cover the mod_cache caching architecture.

To get the most from this document, you should be familiar with the basics of HTTP, and have read the Users' Guides to Mapping URLs to the Filesystem and Content negotiation.

top

Caching Overview

Related ModulesRelated Directives

There are two main stages in mod_cache that can occur in the lifetime of a request. First, mod_cache is a URL mapping module, which means that if a URL has been cached, and the cached version of that URL has not expired, the request will be served directly by mod_cache.

This means that any other stages that might ordinarily happen in the process of serving a request -- for example being handled by mod_proxy, or mod_rewrite -- won't happen. But then this is the point of caching content in the first place.

If the URL is not found within the cache, mod_cache will add a filter to the request handling. After Apache has located the content by the usual means, the filter will be run as the content is served. If the content is determined to be cacheable, the content will be saved to the cache for future serving.

If the URL is found within the cache, but also found to have expired, the filter is added anyway, but mod_cache will create a conditional request to the backend, to determine if the cached version is still current. If the cached version is still current, its meta-information will be updated and the request will be served from the cache. If the cached version is no longer current, the cached version will be deleted and the filter will save the updated content to the cache as it is served.

Improving Cache Hits

When caching locally generated content, ensuring that UseCanonicalName is set to On can dramatically improve the ratio of cache hits. This is because the hostname of the virtual-host serving the content forms a part of the cache key. With the setting set to On virtual-hosts with multiple server names or aliases will not produce differently cached entities, and instead content will be cached as per the canonical hostname.

Because caching is performed within the URL to filename translation phase, cached documents will only be served in response to URL requests. Ordinarily this is of little consequence, but there is one circumstance in which it matters: If you are using Server Side Includes;

<!-- The following include can be cached -->
<!--#include virtual="/footer.html" --> 

<!-- The following include can not be cached -->
<!--#include file="/path/to/footer.html" -->

If you are using Server Side Includes, and want the benefit of speedy serves from the cache, you should use virtual include types.

Expiry Periods

The default expiry period for cached entities is one hour, however this can be easily over-ridden by using the CacheDefaultExpire directive. This default is only used when the original source of the content does not specify an expire time or time of last modification.

If a response does not include an Expires header but does include a Last-Modified header, mod_cache can infer an expiry period based on the use of the CacheLastModifiedFactor directive.

For local content, mod_expires may be used to fine-tune the expiry period.

The maximum expiry period may also be controlled by using the CacheMaxExpire.

A Brief Guide to Conditional Requests

When content expires from the cache and is re-requested from the backend or content provider, rather than pass on the original request, Apache will use a conditional request instead.

HTTP offers a number of headers which allow a client, or cache to discern between different versions of the same content. For example if a resource was served with an "Etag:" header, it is possible to make a conditional request with an "If-None-Match:" header. If a resource was served with a "Last-Modified:" header it is possible to make a conditional request with an "If-Modified-Since:" header, and so on.

When such a conditional request is made, the response differs depending on whether the content matches the conditions. If a request is made with an "If-Modified-Since:" header, and the content has not been modified since the time indicated in the request then a terse "304 Not Modified" response is issued.

If the content has changed, then it is served as if the request were not conditional to begin with.

The benefits of conditional requests in relation to caching are twofold. Firstly, when making such a request to the backend, if the content from the backend matches the content in the store, this can be determined easily and without the overhead of transferring the entire resource.

Secondly, conditional requests are usually less strenuous on the backend. For static files, typically all that is involved is a call to stat() or similar system call, to see if the file has changed in size or modification time. As such, even if Apache is caching local content, even expired content may still be served faster from the cache if it has not changed. As long as reading from the cache store is faster than reading from the backend (e.g. an in-memory cache compared to reading from disk).

What Can be Cached?

As mentioned already, the two styles of caching in Apache work differently, mod_file_cache caching maintains file contents as they were when Apache was started. When a request is made for a file that is cached by this module, it is intercepted and the cached file is served.

mod_cache caching on the other hand is more complex. When serving a request, if it has not been cached previously, the caching module will determine if the content is cacheable. The conditions for determining cachability of a response are;

  1. Caching must be enabled for this URL. See the CacheEnable and CacheDisable directives.
  2. The response must have a HTTP status code of 200, 203, 300, 301 or 410.
  3. The request must be a HTTP GET request.
  4. If the request contains an "Authorization:" header, the response will not be cached.
  5. If the response contains an "Authorization:" header, it must also contain an "s-maxage", "must-revalidate" or "public" option in the "Cache-Control:" header.
  6. If the URL included a query string (e.g. from a HTML form GET method) it will not be cached unless the response includes an "Expires:" header, as per RFC2616 section 13.9.
  7. If the response has a status of 200 (OK), the response must also include at least one of the "Etag", "Last-Modified" or the "Expires" headers, unless the CacheIgnoreNoLastMod directive has been used to require otherwise.
  8. If the response includes the "private" option in a "Cache-Control:" header, it will not be stored unless the CacheStorePrivate has been used to require otherwise.
  9. Likewise, if the response includes the "no-store" option in a "Cache-Control:" header, it will not be stored unless the CacheStoreNoStore has been used.
  10. A response will not be stored if it includes a "Vary:" header containing the match-all "*".

What Should Not be Cached?

In short, any content which is highly time-sensitive, or which varies depending on the particulars of the request that are not covered by HTTP negotiation, should not be cached.

If you have dynamic content which changes depending on the IP address of the requester, or changes every 5 minutes, it should almost certainly not be cached.

If on the other hand, the content served differs depending on the values of various HTTP headers, it might be possible to cache it intelligently through the use of a "Vary" header.

Variable/Negotiated Content

If a response with a "Vary" header is received by mod_cache when requesting content by the backend it will attempt to handle it intelligently. If possible, mod_cache will detect the headers attributed in the "Vary" response in future requests and serve the correct cached response.

If for example, a response is received with a vary header such as;

Vary: negotiate,accept-language,accept-charset

mod_cache will only serve the cached content to requesters with accept-language and accept-charset headers matching those of the original request.

top

Security Considerations

Authorization and Access Control

Using mod_cache is very much like having a built in reverse-proxy. Requests will be served by the caching module unless it determines that the backend should be queried. When caching local resources, this drastically changes the security model of Apache.

As traversing a filesystem hierarchy to examine potential .htaccess files would be a very expensive operation, partially defeating the point of caching (to speed up requests), mod_cache makes no decision about whether a cached entity is authorised for serving. In other words; if mod_cache has cached some content, it will be served from the cache as long as that content has not expired.

If, for example, your configuration permits access to a resource by IP address you should ensure that this content is not cached. You can do this by using the CacheDisable directive, or mod_expires. Left unchecked, mod_cache - very much like a reverse proxy - would cache the content when served and then serve it to any client, on any IP address.

Local exploits

As requests to end-users can be served from the cache, the cache itself can become a target for those wishing to deface or interfere with content. It is important to bear in mind that the cache must at all times be writable by the user which Apache is running as. This is in stark contrast to the usually recommended situation of maintaining all content unwritable by the Apache user.

If the Apache user is compromised, for example through a flaw in a CGI process, it is possible that the cache may be targeted. When using mod_disk_cache, it is relatively easy to insert or modify a cached entity.

This presents a somewhat elevated risk in comparison to the other types of attack it is possible to make as the Apache user. If you are using mod_disk_cache you should bear this in mind - ensure you upgrade Apache when security upgrades are announced and run CGI processes as a non-Apache user using suEXEC if possible.

Cache Poisoning

When running Apache as a caching proxy server, there is also the potential for so-called cache poisoning. Cache Poisoning is a broad term for attacks in which an attacker causes the proxy server to retrieve incorrect (and usually undesirable) content from the backend.

For example if the DNS servers used by your system running Apache are vulnerable to DNS cache poisoning, an attacker may be able to control where Apache connects to when requesting content from the origin server. Another example is so-called HTTP request-smuggling attacks.

This document is not the correct place for an in-depth discussion of HTTP request smuggling (instead, try your favourite search engine) however it is important to be aware that it is possible to make a series of requests, and to exploit a vulnerability on an origin webserver such that the attacker can entirely control the content retrieved by the proxy.

top

File-Handle Caching

Related ModulesRelated Directives

The act of opening a file can itself be a source of delay, particularly on network filesystems. By maintaining a cache of open file descriptors for commonly served files, Apache can avoid this delay. Currently Apache provides two different implementations of File-Handle Caching.

CacheFile

The most basic form of caching present in Apache is the file-handle caching provided by mod_file_cache. Rather than caching file-contents, this cache maintains a table of open file descriptors. Files to be cached in this manner are specified in the configuration file using the CacheFile directive.

The CacheFile directive instructs Apache to open the file when Apache is started and to re-use this file-handle for all subsequent access to this file.

CacheFile /usr/local/apache2/htdocs/index.html

If you intend to cache a large number of files in this manner, you must ensure that your operating system's limit for the number of open files is set appropriately.

Although using CacheFile does not cause the file-contents to be cached per-se, it does mean that if the file changes while Apache is running these changes will not be picked up. The file will be consistently served as it was when Apache was started.

If the file is removed while Apache is running, Apache will continue to maintain an open file descriptor and serve the file as it was when Apache was started. This usually also means that although the file will have been deleted, and not show up on the filesystem, extra free space will not be recovered until Apache is stopped and the file descriptor closed.

CacheEnable fd

mod_mem_cache also provides its own file-handle caching scheme, which can be enabled via the CacheEnable directive.

CacheEnable fd /

As with all of mod_cache this type of file-handle caching is intelligent, and handles will not be maintained beyond the expiry time of the cached content.

top

In-Memory Caching

Related ModulesRelated Directives

Serving directly from system memory is universally the fastest method of serving content. Reading files from a disk controller or, even worse, from a remote network is orders of magnitude slower. Disk controllers usually involve physical processes, and network access is limited by your available bandwidth. Memory access on the other hand can take mere nano-seconds.

System memory isn't cheap though, byte for byte it's by far the most expensive type of storage and it's important to ensure that it is used efficiently. By caching files in memory you decrease the amount of memory available on the system. As we'll see, in the case of operating system caching, this is not so much of an issue, but when using Apache's own in-memory caching it is important to make sure that you do not allocate too much memory to a cache. Otherwise the system will be forced to swap out memory, which will likely degrade performance.

Operating System Caching

Almost all modern operating systems cache file-data in memory managed directly by the kernel. This is a powerful feature, and for the most part operating systems get it right. For example, on Linux, let's look at the difference in the time it takes to read a file for the first time and the second time;

colm@coroebus:~$ time cat testfile > /dev/null
real    0m0.065s
user    0m0.000s
sys     0m0.001s
colm@coroebus:~$ time cat testfile > /dev/null
real    0m0.003s
user    0m0.003s
sys     0m0.000s

Even for this small file, there is a huge difference in the amount of time it takes to read the file. This is because the kernel has cached the file contents in memory.

By ensuring there is "spare" memory on your system, you can ensure that more and more file-contents will be stored in this cache. This can be a very efficient means of in-memory caching, and involves no extra configuration of Apache at all.

Additionally, because the operating system knows when files are deleted or modified, it can automatically remove file contents from the cache when neccessary. This is a big advantage over Apache's in-memory caching which has no way of knowing when a file has changed.

Despite the performance and advantages of automatic operating system caching there are some circumstances in which in-memory caching may be better performed by Apache.

Firstly, an operating system can only cache files it knows about. If you are running Apache as a proxy server, the files you are caching are not locally stored but remotely served. If you still want the unbeatable speed of in-memory caching, Apache's own memory caching is needed.

MMapFile Caching

mod_file_cache provides the MMapFile directive, which allows you to have Apache map a static file's contents into memory at start time (using the mmap system call). Apache will use the in-memory contents for all subsequent accesses to this file.

MMapFile /usr/local/apache2/htdocs/index.html

As with the CacheFile directive, any changes in these files will not be picked up by Apache after it has started.

The MMapFile directive does not keep track of how much memory it allocates, so you must ensure not to over-use the directive. Each Apache child process will replicate this memory, so it is critically important to ensure that the files mapped are not so large as to cause the system to swap memory.

mod_mem_cache Caching

mod_mem_cache provides a HTTP-aware intelligent in-memory cache. It also uses heap memory directly, which means that even if MMap is not supported on your system, mod_mem_cache may still be able to perform caching.

Caching of this type is enabled via;

# Enable memory caching
CacheEnable mem /

# Limit the size of the cache to 1 Megabyte
MCacheSize 1024
top

Disk-based Caching

Related ModulesRelated Directives

mod_disk_cache provides a disk-based caching mechanism for mod_cache. As with mod_mem_cache this cache is intelligent and content will be served from the cache only as long as it is considered valid.

Typically the module will be configured as so;

CacheRoot   /var/cache/apache/
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1

Importantly, as the cached files are locally stored, operating system in-memory caching will typically be applied to their access also. So although the files are stored on disk, if they are frequently accessed it is likely the operating system will ensure that they are actually served from memory.

Understanding the Cache-Store

To store items in the cache, mod_disk_cache creates a 22 character hash of the URL being requested. This hash incorporates the hostname, protocol, port, path and any CGI arguments to the URL, to ensure that multiple URLs do not collide.

Each character may be any one of 64-different characters, which mean that overall there are 64^22 possible hashes. For example, a URL might be hashed to xyTGxSMO2b68mBCykqkp1w. This hash is used as a prefix for the naming of the files specific to that URL within the cache, however first it is split up into directories as per the CacheDirLevels and CacheDirLength directives.

CacheDirLevels specifies how many levels of subdirectory there should be, and CacheDirLength specifies how many characters should be in each directory. With the example settings given above, the hash would be turned into a filename prefix as /var/cache/apache/x/y/TGxSMO2b68mBCykqkp1w.

The overall aim of this technique is to reduce the number of subdirectories or files that may be in a particular directory, as most file-systems slow down as this number increases. With setting of "1" for CacheDirLength there can at most be 64 subdirectories at any particular level. With a setting of 2 there can be 64 * 64 subdirectories, and so on. Unless you have a good reason not to, using a setting of "1" for CacheDirLength is recommended.

Setting CacheDirLevels depends on how many files you anticipate to store in the cache. With the setting of "2" used in the above example, a grand total of 4096 subdirectories can ultimately be created. With 1 million files cached, this works out at roughly 245 cached URLs per directory.

Each URL uses at least two files in the cache-store. Typically there is a ".header" file, which includes meta-information about the URL, such as when it is due to expire and a ".data" file which is a verbatim copy of the content to be served.

In the case of a content negotiated via the "Vary" header, a ".vary" directory will be created for the URL in question. This directory will have multiple ".data" files corresponding to the differently negotiated content.

Maintaining the Disk Cache

Although mod_disk_cache will remove cached content as it is expired, it does not maintain any information on the total size of the cache or how little free space may be left.

Instead, provided with Apache is the htcacheclean tool which, as the name suggests, allows you to clean the cache periodically. Determining how frequently to run htcacheclean and what target size to use for the cache is somewhat complex and trial and error may be needed to select optimal values.

htcacheclean has two modes of operation. It can be run as persistent daemon, or periodically from cron. htcacheclean can take up to an hour or more to process very large (tens of gigabytes) caches and if you are running it from cron it is recommended that you determine how long a typical run takes, to avoid running more than one instance at a time.


Figure 1: Typical cache growth / clean sequence.

Because mod_disk_cache does not itself pay attention to how much space is used you should ensure that htcacheclean is configured to leave enough "grow room" following a clean.

configuring.html100644 0 0 23717 11237400533 11435 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ġ ϴ ϵ Ѵ.

top

ּ

õ õ þ

Ϲ Ͽ þ Ͽ ġ Ѵ. ּ httpd.conf θ. ġ Ͻ , -f ɼ ִ. ٸ Include þ Ͽ ְ, ϵī带 Ͽ ִ. þ  Ͽ ص ȴ. ּ ϸ ġ ϰų Ŀ ݿȴ.

mime Ÿ ϵ д´. ϸ TypesConfig þ ϰ, ⺻ mime.types̴.

top

ġ ٿ þ Ѵ. ڰ 齽 "\"̸ þ ٿ ӵ Ѵ. 齽 ڿ  ڳ 鵵 ȵȴ.

þ ҹڸ , þ ƱԸƮ ҹڸ ϴ 찡 ִ. ؽ "#" ϴ ּ Ѵ. ּ þ ٿ . ٰ þ տ ϹǷ, ϰ ̵ þ ٵ(indent) ִ.

apachectl configtest -t ɼ Ͽ ġ ʰ ˻ ִ.

top

õ õ þ

ġ ȭ . ̴ ſ ⺻ ɸ ٽɿ Ե Ѵ. ġ о鿩 ȮѴ. ⺻ ϸ base Եȴ. о̴ ְ Ͽٸ Ͽ ƹ LoadModule þ ߰ ִ. ׷ ߰ϰų ġ ٽ ؾ Ѵ. þ IfModule μ Ư ִ 쿡 ó ִ.

 ϵִ -l ɼ Ѵ.

top

þ

õ õ þ

ּϿ ִ þ ü ȴ. þ Ϻο ǰ Ϸ þ <Directory>, <DirectoryMatch>, <Files>, <FilesMatch>, <Location>, <LocationMatch> ȿ ξѴ. ǵ ׵ δ þ Ͻý̳ URL Ư ġ Ѵ. , ļ ֱ⶧ ſ ϴ.

ġ ٸ Ʈ ÿ ϴ ɷ ִ. ̸ ȣƮ Ѵ. þ <VirtualHost> ȿ ξ Ư Ʈ þ ִ.

þ κ  ǿ ͵ ,  þ Ư ҿ ǹ̰ . μ ϴ þ ּ ҿ ִ. þ  ǿ ġ ִ ˷ þ Ȯ϶. ڼ  Directory, Location, Files ϳ ϶.

top

.htaccess

õ õ þ

ġ Ư Ͽ (б) ִ. Ư .htaccess θ, ̸ AccessFileName þ ִ. .htaccess Ͽ ִ þ ִ 丮 丮 ȴ. .htaccess ּϰ . .htaccess û б⶧ ϸ ȿ ִ.

 þ .htaccess Ͽ ִ ˷ þ Ȯ϶. ڴ ּ AllowOverride þ .htaccess Ͽ  þ ִ ִ.

.htaccess Ͽ ڼ .htaccess 丮 ϶.

content-negotiation.html100644 0 0 61664 11237400533 13116 0ustar 0 0 (Content Negotiation) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

(Content Negotiation)

ֽ ƴմϴ. ֱٿ ϼ.

ġ HTTP/1.1 Ծ࿡ (content negotiation) Ѵ. media type, , , ڵ  ȣ ڿ ǥ Ѵ. ҿ û óϴ ɵ ִ.

⺻ ϵǴ mod_negotiation Ѵ.

top

ڿ ٸ ǥ ִ. , ٸ  ٸ media type Ȥ ΰ ٸ ǥ ִ. ǥ ϴ Ѱ ڿ ְ ϰ ϴ ̴. ׷ ڵ ϴ ͵ ϴ. ̴ û Ϻη ׵ ȣϴ ǥ ⶧ ϴ. , Ҿ, ׷ ٸ ʹٰ ˷ ִ. û ׵ ȣ Ÿ. Ҿε ǥ ûѴٸ .

Accept-Language: fr

̷ ȣ ǥ  ٸ 쿡 ȴ.

û Ҿ  , Ҿ ȣϰ, media type , Ϲ ؽƮ ٴ HTML, ٸ media type ٴ GIF JPEG ȣѴٰ ˷ش.

Accept-Language: fr; q=1.0, en; q=0.5
Accept: text/html; q=1.0, text/*; q=0.8, image/gif; q=0.6, image/jpeg; q=0.6, image/*; q=0.5, */*; q=0.1

ġ HTTP/1.1 Ծ࿡ ǵ ' ֵ(server driven)' Ѵ. ġ Accept, Accept-Language, Accept-Charset, Accept-Encoding û Ѵ. , ġ RFC 2295 RFC 2296 ǵ 'ڿ(transparent)' û Ѵ. ׷ RFC ǵ ' (feature negotiation)' ʴ´.

ڿ(resource) (RFC 2396) URI ϴ . ġ ڿ ǥ(representations) Ѵ. ǥ media type, , ڵ Ʈ ִ. ڿ ǥ (δ ִ) ȴ. ڿ ǥ ִٸ ڿ 󰡴ϴٰ(negotiable) θ, ̶ ǥ (variant)̶ Ѵ. 󰡴 ڿ (dimension) Ѵ.

top

ġ

ڿ ϱ ʿϴ. ΰ ϳ ´:

type-map ϱ

type map type-map̶ ڵ鷯 (Ȥ ġ ȣȯ MIME type application/x-type-map) . Ϸ type-map ڵ鷯 Ȯڸ ؾ Ѵ. Ͽ ϴ .

AddHandler type-map .var

Type map شϴ ڿ ̸ ƾ ϰ, ׸ ־ Ѵ. ׸ HTTP ٷ ȴ. ׸ ٷ Ѵ. ׸ȿ . (̷ ʿ䰡 , ־ ) ׸ ִ map ϴ ̴. map . ̸ foo.var, foo ڿ Ѵ.

URI: foo

URI: foo.en.html
Content-type: text/html
Content-language: en

URI: foo.fr.de.html
Content-type: text/html;charset=iso-8859-2
Content-language: fr, de

typemap ϸ Ȯ , Multiviews Ͽ, 켱 ϶. ٸ ǰ ٸ, (JPEG, GIF, ASCII-art شϴ) media type "qs" Ķͷ ǰ(source quality) ǥ ִ:

URI: foo

URI: foo.jpeg
Content-type: image/jpeg; qs=0.8

URI: foo.gif
Content-type: image/gif; qs=0.5

URI: foo.txt
Content-type: text/plain; qs=0.01

qs 0.000 1.000 ̴. qs 0.000 õ ϶. 'qs' 1.0 ޵ȴ. qs Ŭ̾Ʈ ɷ° ٸ Ͽ 'ǰ' Ÿ. , Ÿ JPEG ASCII Ϻٴ ׻ ǰ . ׷ ڿ ASCII artٸ ASCII ǥ JPEG ǥ ǰ ִ. ׷Ƿ  qs ǥϷ ڿ ٸ.

ϴ mod_negotation typemap ϶.

Multiviews

MultiViews 丮 ɼ̹Ƿ, httpd.conf <Directory>, <Location>, <Files> Ȥ (AllowOverride Ǿٸ) .htaccess Options þ ִ. Options All MultiViews ϶. Ѵ.

MultiViews ϸ Ͼ: /some/dir/foo û ް /some/dir/foo MultiViews ϸ /some/dir/foo , 丮 ̸ foo.* ϵ ϴ type map . Ŭ̾Ʈ û media type content-encoding ߿ Ѵ.

MultiViews 丮 Ҷ ã DirectoryIndex þ ȴ. ٸ,

DirectoryIndex index

index.html index.html3 ִٸ ̵ ߿ ϳ Ѵ. index.cgi ִٸ, װ Ѵ.

丮 ϳ Charset, Content-Type, Language, Encoding Ǵϴ mod_mime 𸣴 Ȯڸ ٸ, MultiViewsMatch þ ޷Ǵ. þ ڵ鷯, , ٸ Ȯ MultiViews θ Ѵ.

top

ġ type-map ̳ 丮 ִ ϸ ־ ڿ ԵǸ '' ϱ ϳ Ѵ. ġ ϱ Ȯ  Ͼ ڼ ʿ . ׷ ñ Ѵ.

ΰ ִ:

  1. ġ ˰ Ͽ ֵϴ Ϲ 쿡 Ѵ. ġ ˰ Ʒ ڼ Ѵ. ˰ ϸ ġ Ư ǰ(quality factor) 'Ѵ'. ġ ǰ ϴ Ʒ ڼ Ѵ.
  2. ڿ(Transparent) RFC 2295 ǵ û 쿡 Ѵ. '' οѴ. ׷ ˰ ޷ȴ. ڿ ߿ ġ RFC 2296 ǵ ' ˰(remote variant selection algorithm)' û ִ.

Media Type Accept ȣ Ÿ. ׸ ǰ ִ. ǰ ("qs" Ķ) ִ.
Language Accept-Language ȣ Ÿ. ׸ ǰ ִ.  (Ȥ ƹ  ) ִ.
Encoding Accept-Encoding ȣ Ÿ. ׸ ǰ ִ.
Charset Accept-Charset ȣ Ÿ. ׸ ǰ ִ. media type Ķͷ Ÿ ִ.

ġ ˰

ġ '' (ִٸ) ϱ Ʒ ˰ Ѵ. ˰ . Ѵ:

  1. , شϴ Accept* ˻ϰ, ǰ ű.  Accept* ޾Ƶ ʴ ĺ Ѵ.  4 ܰ .
  2. ĺ ϳ Ͽ '' ã´. ˻ Ͼ. ˻翡 õ ܵȴ. ˻ ̸ ϰ 3 ܰ . ˻縦 Ѵ.
    1. Accept ǰ media type ǰ Ͽ Ѵ.
    2. (language) ǰ Ѵ.
    3. Accept-Language (ִٸ) Ȥ LanguagePriority þ (ִٸ)  Ѵ.
    4. (text/html media type Ÿ) 'level' media Ķ͸ Ѵ.
    5. Accept-Charset charset media Ķ͸ ã´. ٸ ISO-8859-1 ȣѴ. text/* media type Ư հ ISO-8859-1 Ѵ.
    6. ISO-8859-1 ƴ charset media Ķ͸ Ѵ. ׷ ٸ, Ѵ.
    7. ڵ Ѵ. user-agent ڵ ִٸ Ѵ. ׷ʰ ڵ ڵȵ ִٸ ڵȵ Ѵ. ڵǾų ڵȵ Ѵ.
    8. content length Ѵ.
    9. ù Ѵ. ̴ type-map տ ԰ų, 丮 ϸ ASCII ڵ Ͽ տ ̴.
  3. ˰ '' ߴ. ̰ . HTTP Vary Ÿ ȴ. ( ij ڿ ijҶ ִ.) .
  4. ܰ迡 ߴٸ ( ϱ )  ȵ . ("No acceptable representation" ϴ) 406 밡 HTML . , HTML Vary Ÿ.
top

ǰ ϱ

ġ ġ ˰ Űʰ ǰ Ѵ. ϰ Ȯ ʴ (˰) ؼ. θ ̴ Ϻδ ߸ ϵ Accept . ϰ ùٸ ٸ, ʴ´.

Media Type ϵī

Accept: û media type ȣ Ÿ. , *  ڿ̶ ϱ⶧ "image/*" "*/*" 'ϵī' media type ִ. ׷ û:

Accept: image/*, */*

"image/" ϴ  type ٸ  type ǹѴ.  ڽ ٷ ִ type ߰ ϵī带 . :

Accept: text/html, text/plain, image/gif, image/jpeg, */*

type ȣ ٸ ǥ ִٸ װ͵ Ÿ ؼ. ǰ ̴.

Accept: text/html, text/plain, image/gif, image/jpeg, */*; q=0.01

type ǰ  ⺻ ( ) 1.0 . ϵī */* ȣ 0.01 Ƿ type ´ 쿡 ٸ type ȴ.

Accept: q "*/*" ִٸ, ġ ٶ ൿ q 0.01 Ѵ. , "type/*" ϵī忡 ("*/*"ٴ ȣϵ) 0.02 Ѵ. Accept: q media type ִٸ ̷ Ư ߰ ʴ´. ׷ û ûѵ óѴ.

(language)

ġ 2.0 ε巴 ϱ ˰ ܸ  ߰ߴ.

Ŭ̾Ʈ û Accept-language ´ Ѱ ã , ׷ Ŭ̾Ʈ "No Acceptable Variant" "Multiple Choices" . ̷ ϱ Accept-language ϰ Ŭ̾Ʈ û Ȯ ġ ִ. ForceLanguagePriority þ ̷ ϳ Ȥ Ѵٸ ϰ LanguagePriority þ Ǵϵ Ѵ.

, ´  ã θ ã ִ. Ŭ̾Ʈ  ϴ en-GB û , HTTP/1.1 ǥؿ enθ ǥõ Ϲ Ѵ. (׷  ϴ ڰ Ϲ  Ƿ Accept-Language en-GB ϰ en Ȯ ߸ ϶. Ŭ̾Ʈ ̷ ⺻ִ.) ٸ  ã Ͽ "No Acceptable Variants" ų LanguagePriority ư Ѵٸ, Ծ ϰ en-GB en Ѵ. Ϲ ġ θ ſ ǰ Ŭ̾Ʈ Ͽ ߰Ѵ. ׷ Ŭ̾Ʈ "en-GB; q=0.9, fr; q=0.8" ûϰ "en" "fr" ִٸ, "fr" õ ϶. ̴ HTTP/1.1 ǥ Ű, ùٷ Ŭ̾Ʈ ȿ ϱ̴.

ڰ ȣϴ  ˾Ƴ (Ű Ư URL- ) ϱ ġ 2.0.47 mod_negotiation prefer-language ȯ溯 νѴ. ȯ溯 ϰ ±׸ Ѵٸ, mod_negotiation شϴ Ϸ õѴ. ׷ ٸ Ϲ Ѵ.

SetEnvIf Cookie "language=(.+)" prefer-language=$1

top

ڿ(transparent) Ȯ

ġ ڿ Ȯ (RFC 2295) ȮѴ. ο {encoding ..} Ư content-encoding ĪѴ. RVSA/1.0 ˰ (RFC 2296) Ͽ ڵ ν ְ, ڵ Accept-Encoding û ´ ڵ 鵵 ĺ ϵ ȮǾ. RVSA/1.0 ã ǰ Ҽ 5ڸ ݿø ʴ´.

top

۸ũ ̸Ģ Ͽ

(language) Ѵٸ Ȯڸ Ȯ Ƿ ϸ ٸ ̸Ģ ִ. (ڼ mod_mime ϶.)

MIME-type Ȯ ( , html), 쿡 encoding Ȯ ( , gz), Ͽ ִ Ȯڸ ( , en) .

:

ϸ Ͽ ȿϰ ȿ ۸ũ δ:

ϸ ȿ ۸ũ ȿ ۸ũ
foo.html.en foo
foo.html		 -
foo.en.html foo foo.html
foo.html.en.gz foo
foo.html		 foo.gz
foo.html.gz
foo.en.html.gz foo foo.html
foo.html.gz
foo.gz
foo.gz.html.en foo
foo.gz
foo.gz.html		 foo.html
foo.html.gz.en foo
foo.html
foo.html.gz		 foo.gz

ǥ ۸ũ  Ȯڵ ̸ ( , foo) ׻ ִ. ־, ̷ũ Ͼʰ html shtml̳ cgi ִٴ ̴.

۸ũ MIME-type ( , foo.html) ϰ ʹٸ (encoding Ȯڰ ִٸ ̰͵ Ͽ) Ȯڸ MIME-type Ȯں ʿ ( , foo.html.en) ξѴ.

top

ij Ͽ

ij ǥ ϸ ǥ û URL Ų. URL ûϸ ij ǥ Ѵ. ׷ ڿ ù° û ijǾ û ij ߸ ִ. ̸ ġ ȯǴ û HTTP/1.0 Ŭ̾Ʈ ij ϵ ǥø Ѵ. , ġ ij ϴ HTTP/1.1 Ѵ.

CacheNegotiatedDocs þ HTTP/1.0 ȣȯ Ŭ̾Ʈ( Ȥ ij) û ij ְ Ѵ. þ ȣƮ ϸ, ƱԸƮ ʴ´. þ HTTP/1.1 Ŭ̾Ʈ û 谡 .

HTTP/1.1 Ŭ̾Ʈ ġ ˷ִ Vary HTTP . Ͽ û ij 纻 ü ִ Ǵ ִ. ij 纻 Ѵٸ force-no-vary ȯ溯 Ѵ.

custom-error.html100644 0 0 17531 11237400533 11561 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ֽ ƴմϴ. ֱٿ ϼ.

ʹ ߻ ġ ִ.

߰ ִ.

ũƮ "500 Server Error" ڿ ģ ϰų ٸ ( Ʈ ܺ Ʈ) URL ̷ ִ.

top

ൿ

ൿ

NCSA httpd 1.3 ڿ ǹϰ ´. ߻ α׿ .

ο ൿ

ִ:

  1. NCSA ٸ ְų
  2. Ʈ URL ̷ϰų
  3. ܺ Ʈ URL ̷Ѵ.

ٸ Ʈ URL ̷ϴ , ϰų αϴµ ʿ Ϻθ ޵ȴ.

ϱ ġ CGI ο ȯ溯 Ѵ:

REDIRECT_HTTP_ACCEPT=*/*, image/gif, image/x-xbitmap, image/jpeg
REDIRECT_HTTP_USER_AGENT=Mozilla/1.1b2 (X11; I; HP-UX A.09.05 9000/712)
REDIRECT_PATH=.:/bin:/usr/local/bin:/etc
REDIRECT_QUERY_STRING=
REDIRECT_REMOTE_ADDR=121.345.78.123
REDIRECT_REMOTE_HOST=ooh.ahhh.com
REDIRECT_SERVER_NAME=crash.bang.edu
REDIRECT_SERVER_PORT=80
REDIRECT_SERVER_SOFTWARE=Apache/0.8.15
REDIRECT_URL=/cgi-bin/buggy.pl

REDIRECT_ λ翡 ָ϶.

ּ REDIRECT_URL REDIRECT_QUERY_STRING (cgi-script cgi-include) URL Ѱ. ٸ ߻ϱ (; ̸ REDIRECT_ ȯ溯) 쿡 ִ. ErrorDocument ܺη ( http: Ŵ(scheme) Ѵٸ) ̷Ѵٸ  ͵ ʴ´.

top

AllowOverride Ǿٸ .htaccess Ͽ ErrorDocument ִ.

̴...

ErrorDocument 500 /cgi-bin/crash-recover
ErrorDocument 500 "Sorry, our script crashed. Oh dear"
ErrorDocument 500 http://xxx/
ErrorDocument 404 /Lame_excuses/not_found.html
ErrorDocument 401 /Subscription/how_to_subscribe.html

,

ErrorDocument <3-digit-code> <action>

action,

  1. . ǥ (") տ δ. ڿ ǥ µȴ. : տ ǥ (") µ ʴ´.
  2. ̷ ܺ URL.
  3. ̷ URL.
top

̷

URL ̷ϴ ġ ൿ ũƮ/server-include ȯ溯 Ѱֵ Ǿ.

ൿ

̷ǵǴ ũƮ ǥ CGI Ѿ. 𿡼 ̷ Ͼ .

ο ൿ

̷ǵ ũƮ ο ȯ溯 ִ. տ REDIRECT_ پִ. REDIRECT_ ȯ溯 CGI ȯ溯 տ REDIRECT_ ٿ . , HTTP_USER_AGENT REDIRECT_HTTP_USER_AGENT Ǿ. ̷ ߰ ũƮ URL ˵ ġ REDIRECT_URL REDIRECT_STATUS Ѵ. URL ̷ǵ URL α׿ ִ.

ErrorDocument ִ CGI ũƮ ̷Ѵٸ, ũƮ Ŭ̾Ʈ Ȳ Ȯ ϱ ¿ "Status:" ʵ带 ؾ Ѵ. , Perl ۼ ErrorDocument ũƮ :

...
print "Content-type: text/html\n";
printf "Status: %s Condition Intercepted\n", $ENV{"REDIRECT_STATUS"};
...

404 Not Found Ư Ȳ ũƮ, (; ) Ư ڵ ִ.

(Ŭ̾Ʈ ̷ ûϱ) 信 Location: Ѵٸ, ũƮ ݵ (302 Found ) Status: ؾ ϶. ׷ Location: ƹ ҿ ִ.

developer/API.html100644 0 0 172304 11237400533 11536 0ustar 0 0 Apache 1.3 API notes - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 1.3 API notes

Warning

This document has not been updated to take into account changes made in the 2.0 version of the Apache HTTP Server. Some of the information may still be relevant, but please use it with care.

These are some notes on the Apache API and the data structures you have to deal with, etc. They are not yet nearly complete, but hopefully, they will help you get your bearings. Keep in mind that the API is still subject to change as we gain experience with it. (See the TODO file for what might be coming). However, it will be easy to adapt modules to any changes that are made. (We have more modules to adapt than you do).

A few notes on general pedagogical style here. In the interest of conciseness, all structure declarations here are incomplete -- the real ones have more slots that I'm not telling you about. For the most part, these are reserved to one component of the server core or another, and should be altered by modules with caution. However, in some cases, they really are things I just haven't gotten around to yet. Welcome to the bleeding edge.

Finally, here's an outline, to give you some bare idea of what's coming up, and in what order:

top

Basic concepts

We begin with an overview of the basic concepts behind the API, and how they are manifested in the code.

Handlers, Modules, and Requests

Apache breaks down request handling into a series of steps, more or less the same way the Netscape server API does (although this API has a few more stages than NetSite does, as hooks for stuff I thought might be useful in the future). These are:

These phases are handled by looking at each of a succession of modules, looking to see if each of them has a handler for the phase, and attempting invoking it if so. The handler can typically do one of three things:

Most phases are terminated by the first module that handles them; however, for logging, `fixups', and non-access authentication checking, all handlers always run (barring an error). Also, the response phase is unique in that modules may declare multiple handlers for it, via a dispatch table keyed on the MIME type of the requested object. Modules may declare a response-phase handler which can handle any request, by giving it the key */* (i.e., a wildcard MIME type specification). However, wildcard handlers are only invoked if the server has already tried and failed to find a more specific response handler for the MIME type of the requested object (either none existed, or they all declined).

The handlers themselves are functions of one argument (a request_rec structure. vide infra), which returns an integer, as above.

A brief tour of a module

At this point, we need to explain the structure of a module. Our candidate will be one of the messier ones, the CGI module -- this handles both CGI scripts and the ScriptAlias config file command. It's actually a great deal more complicated than most modules, but if we're going to have only one example, it might as well be the one with its fingers in every place.

Let's begin with handlers. In order to handle the CGI scripts, the module declares a response handler for them. Because of ScriptAlias, it also has handlers for the name translation phase (to recognize ScriptAliased URIs), the type-checking phase (any ScriptAliased request is typed as a CGI script).

The module needs to maintain some per (virtual) server information, namely, the ScriptAliases in effect; the module structure therefore contains pointers to a functions which builds these structures, and to another which combines two of them (in case the main server and a virtual server both have ScriptAliases declared).

Finally, this module contains code to handle the ScriptAlias command itself. This particular module only declares one command, but there could be more, so modules have command tables which declare their commands, and describe where they are permitted, and how they are to be invoked.

A final note on the declared types of the arguments of some of these commands: a pool is a pointer to a resource pool structure; these are used by the server to keep track of the memory which has been allocated, files opened, etc., either to service a particular request, or to handle the process of configuring itself. That way, when the request is over (or, for the configuration pool, when the server is restarting), the memory can be freed, and the files closed, en masse, without anyone having to write explicit code to track them all down and dispose of them. Also, a cmd_parms structure contains various information about the config file being read, and other status information, which is sometimes of use to the function which processes a config-file command (such as ScriptAlias). With no further ado, the module itself:

/* Declarations of handlers. */

int translate_scriptalias (request_rec *);
int type_scriptalias (request_rec *);
int cgi_handler (request_rec *);

/* Subsidiary dispatch table for response-phase
 * handlers, by MIME type */

handler_rec cgi_handlers[] = {
{ "application/x-httpd-cgi", cgi_handler },
{ NULL }
 };

/* Declarations of routines to manipulate the
 * module's configuration info. Note that these are
 * returned, and passed in, as void *'s; the server
 * core keeps track of them, but it doesn't, and can't,
 * know their internal structure.
 */

void *make_cgi_server_config (pool *);
void *merge_cgi_server_config (pool *, void *, void *);

/* Declarations of routines to handle config-file commands */

extern char *script_alias(cmd_parms *, void *per_dir_config, char *fake, char *real);

command_rec cgi_cmds[] = {
{ "ScriptAlias", script_alias, NULL, RSRC_CONF, TAKE2,
"a fakename and a realname"},
 { NULL }
 };

module cgi_module = { 

  STANDARD_MODULE_STUFF,
  NULL,                     /* initializer */
  NULL,                     /* dir config creator */
  NULL,                     /* dir merger */
  make_cgi_server_config,   /* server config */
  merge_cgi_server_config,  /* merge server config */
  cgi_cmds,                 /* command table */
  cgi_handlers,             /* handlers */
  translate_scriptalias,    /* filename translation */
  NULL,                     /* check_user_id */
  NULL,                     /* check auth */
  NULL,                     /* check access */
  type_scriptalias,         /* type_checker */
  NULL,                     /* fixups */
  NULL,                     /* logger */
  NULL                      /* header parser */
};
top

How handlers work

The sole argument to handlers is a request_rec structure. This structure describes a particular request which has been made to the server, on behalf of a client. In most cases, each connection to the client generates only one request_rec structure.

A brief tour of the request_rec

The request_rec contains pointers to a resource pool which will be cleared when the server is finished handling the request; to structures containing per-server and per-connection information, and most importantly, information on the request itself.

The most important such information is a small set of character strings describing attributes of the object being requested, including its URI, filename, content-type and content-encoding (these being filled in by the translation and type-check handlers which handle the request, respectively).

Other commonly used data items are tables giving the MIME headers on the client's original request, MIME headers to be sent back with the response (which modules can add to at will), and environment variables for any subprocesses which are spawned off in the course of servicing the request. These tables are manipulated using the ap_table_get and ap_table_set routines.

Note that the Content-type header value cannot be set by module content-handlers using the ap_table_*() routines. Rather, it is set by pointing the content_type field in the request_rec structure to an appropriate string. e.g.,

r->content_type = "text/html";

Finally, there are pointers to two data structures which, in turn, point to per-module configuration structures. Specifically, these hold pointers to the data structures which the module has built to describe the way it has been configured to operate in a given directory (via .htaccess files or <Directory> sections), for private data it has built in the course of servicing the request (so modules' handlers for one phase can pass `notes' to their handlers for other phases). There is another such configuration vector in the server_rec data structure pointed to by the request_rec, which contains per (virtual) server configuration data.

Here is an abridged declaration, giving the fields most commonly used:

struct request_rec {

pool *pool;
conn_rec *connection;
server_rec *server;

/* What object is being requested */

char *uri;
char *filename;
char *path_info; 

char *args;           /* QUERY_ARGS, if any */
struct stat finfo;    /* Set by server core;
                       * st_mode set to zero if no such file */

char *content_type;
char *content_encoding;

/* MIME header environments, in and out. Also,
 * an array containing environment variables to
 * be passed to subprocesses, so people can write
 * modules to add to that environment.
 *
 * The difference between headers_out and
 * err_headers_out is that the latter are printed
 * even on error, and persist across internal
 * redirects (so the headers printed for
 * ErrorDocument handlers will have them).
 */

table *headers_in;
table *headers_out;
table *err_headers_out;
table *subprocess_env;

/* Info about the request itself... */

int header_only;     /* HEAD request, as opposed to GET */
char *protocol;      /* Protocol, as given to us, or HTTP/0.9 */
char *method;        /* GET, HEAD, POST, etc. */
int method_number;   /* M_GET, M_POST, etc. */

/* Info for logging */

char *the_request;
int bytes_sent;

/* A flag which modules can set, to indicate that
 * the data being returned is volatile, and clients
 * should be told not to cache it.
 */

int no_cache;

/* Various other config info which may change
 * with .htaccess files
 * These are config vectors, with one void*
 * pointer for each module (the thing pointed
 * to being the module's business).
 */

void *per_dir_config;   /* Options set in config files, etc. */
void *request_config;   /* Notes on *this* request */


};

Where request_rec structures come from

Most request_rec structures are built by reading an HTTP request from a client, and filling in the fields. However, there are a few exceptions:

Handling requests, declining, and returning error codes

As discussed above, each handler, when invoked to handle a particular request_rec, has to return an int to indicate what happened. That can either be

Note that if the error code returned is REDIRECT, then the module should put a Location in the request's headers_out, to indicate where the client should be redirected to.

Special considerations for response handlers

Handlers for most phases do their work by simply setting a few fields in the request_rec structure (or, in the case of access checkers, simply by returning the correct error code). However, response handlers have to actually send a request back to the client.

They should begin by sending an HTTP response header, using the function ap_send_http_header. (You don't have to do anything special to skip sending the header for HTTP/0.9 requests; the function figures out on its own that it shouldn't do anything). If the request is marked header_only, that's all they should do; they should return after that, without attempting any further output.

Otherwise, they should produce a request body which responds to the client as appropriate. The primitives for this are ap_rputc and ap_rprintf, for internally generated output, and ap_send_fd, to copy the contents of some FILE * straight to the client.

At this point, you should more or less understand the following piece of code, which is the handler which handles GET requests which have no more specific handler; it also shows how conditional GETs can be handled, if it's desirable to do so in a particular response handler -- ap_set_last_modified checks against the If-modified-since value supplied by the client, if any, and returns an appropriate code (which will, if nonzero, be USE_LOCAL_COPY). No similar considerations apply for ap_set_content_length, but it returns an error code for symmetry.

int default_handler (request_rec *r)
{
int errstatus;
FILE *f;

if (r->method_number != M_GET) return DECLINED;
if (r->finfo.st_mode == 0) return NOT_FOUND;

if ((errstatus = ap_set_content_length (r, r->finfo.st_size))
    || (errstatus = ap_set_last_modified (r, r->finfo.st_mtime)))
return errstatus;

f = fopen (r->filename, "r");

if (f == NULL) {
log_reason("file permissions deny server access", r->filename, r);
return FORBIDDEN;
 }

register_timeout ("send", r);
ap_send_http_header (r);

if (!r->header_only) send_fd (f, r);
ap_pfclose (r->pool, f);
return OK;
 }

Finally, if all of this is too much of a challenge, there are a few ways out of it. First off, as shown above, a response handler which has not yet produced any output can simply return an error code, in which case the server will automatically produce an error response. Secondly, it can punt to some other handler by invoking ap_internal_redirect, which is how the internal redirection machinery discussed above is invoked. A response handler which has internally redirected should always return OK.

(Invoking ap_internal_redirect from handlers which are not response handlers will lead to serious confusion).

Special considerations for authentication handlers

Stuff that should be discussed here in detail:

Special considerations for logging handlers

When a request has internally redirected, there is the question of what to log. Apache handles this by bundling the entire chain of redirects into a list of request_rec structures which are threaded through the r->prev and r->next pointers. The request_rec which is passed to the logging handlers in such cases is the one which was originally built for the initial request from the client; note that the bytes_sent field will only be correct in the last request in the chain (the one for which a response was actually sent).

top

Resource allocation and resource pools

One of the problems of writing and designing a server-pool server is that of preventing leakage, that is, allocating resources (memory, open files, etc.), without subsequently releasing them. The resource pool machinery is designed to make it easy to prevent this from happening, by allowing resource to be allocated in such a way that they are automatically released when the server is done with them.

The way this works is as follows: the memory which is allocated, file opened, etc., to deal with a particular request are tied to a resource pool which is allocated for the request. The pool is a data structure which itself tracks the resources in question.

When the request has been processed, the pool is cleared. At that point, all the memory associated with it is released for reuse, all files associated with it are closed, and any other clean-up functions which are associated with the pool are run. When this is over, we can be confident that all the resource tied to the pool have been released, and that none of them have leaked.

Server restarts, and allocation of memory and resources for per-server configuration, are handled in a similar way. There is a configuration pool, which keeps track of resources which were allocated while reading the server configuration files, and handling the commands therein (for instance, the memory that was allocated for per-server module configuration, log files and other files that were opened, and so forth). When the server restarts, and has to reread the configuration files, the configuration pool is cleared, and so the memory and file descriptors which were taken up by reading them the last time are made available for reuse.

It should be noted that use of the pool machinery isn't generally obligatory, except for situations like logging handlers, where you really need to register cleanups to make sure that the log file gets closed when the server restarts (this is most easily done by using the function ap_pfopen, which also arranges for the underlying file descriptor to be closed before any child processes, such as for CGI scripts, are execed), or in case you are using the timeout machinery (which isn't yet even documented here). However, there are two benefits to using it: resources allocated to a pool never leak (even if you allocate a scratch string, and just forget about it); also, for memory allocation, ap_palloc is generally faster than malloc.

We begin here by describing how memory is allocated to pools, and then discuss how other resources are tracked by the resource pool machinery.

Allocation of memory in pools

Memory is allocated to pools by calling the function ap_palloc, which takes two arguments, one being a pointer to a resource pool structure, and the other being the amount of memory to allocate (in chars). Within handlers for handling requests, the most common way of getting a resource pool structure is by looking at the pool slot of the relevant request_rec; hence the repeated appearance of the following idiom in module code:

int my_handler(request_rec *r)
{
struct my_structure *foo;
...

foo = (foo *)ap_palloc (r->pool, sizeof(my_structure));
 }

Note that there is no ap_pfree -- ap_palloced memory is freed only when the associated resource pool is cleared. This means that ap_palloc does not have to do as much accounting as malloc(); all it does in the typical case is to round up the size, bump a pointer, and do a range check.

(It also raises the possibility that heavy use of ap_palloc could cause a server process to grow excessively large. There are two ways to deal with this, which are dealt with below; briefly, you can use malloc, and try to be sure that all of the memory gets explicitly freed, or you can allocate a sub-pool of the main pool, allocate your memory in the sub-pool, and clear it out periodically. The latter technique is discussed in the section on sub-pools below, and is used in the directory-indexing code, in order to avoid excessive storage allocation when listing directories with thousands of files).

Allocating initialized memory

There are functions which allocate initialized memory, and are frequently useful. The function ap_pcalloc has the same interface as ap_palloc, but clears out the memory it allocates before it returns it. The function ap_pstrdup takes a resource pool and a char * as arguments, and allocates memory for a copy of the string the pointer points to, returning a pointer to the copy. Finally ap_pstrcat is a varargs-style function, which takes a pointer to a resource pool, and at least two char * arguments, the last of which must be NULL. It allocates enough memory to fit copies of each of the strings, as a unit; for instance:

ap_pstrcat (r->pool, "foo", "/", "bar", NULL);

returns a pointer to 8 bytes worth of memory, initialized to "foo/bar".

Commonly-used pools in the Apache Web server

A pool is really defined by its lifetime more than anything else. There are some static pools in http_main which are passed to various non-http_main functions as arguments at opportune times. Here they are:

permanent_pool
never passed to anything else, this is the ancestor of all pools
pconf
  • subpool of permanent_pool
  • created at the beginning of a config "cycle"; exists until the server is terminated or restarts; passed to all config-time routines, either via cmd->pool, or as the "pool *p" argument on those which don't take pools
  • passed to the module init() functions
ptemp
  • sorry I lie, this pool isn't called this currently in 1.3, I renamed it this in my pthreads development. I'm referring to the use of ptrans in the parent... contrast this with the later definition of ptrans in the child.
  • subpool of permanent_pool
  • created at the beginning of a config "cycle"; exists until the end of config parsing; passed to config-time routines via cmd->temp_pool. Somewhat of a "bastard child" because it isn't available everywhere. Used for temporary scratch space which may be needed by some config routines but which is deleted at the end of config.
pchild
  • subpool of permanent_pool
  • created when a child is spawned (or a thread is created); lives until that child (thread) is destroyed
  • passed to the module child_init functions
  • destruction happens right after the child_exit functions are called... (which may explain why I think child_exit is redundant and unneeded)
ptrans
  • should be a subpool of pchild, but currently is a subpool of permanent_pool, see above
  • cleared by the child before going into the accept() loop to receive a connection
  • used as connection->pool
r->pool
  • for the main request this is a subpool of connection->pool; for subrequests it is a subpool of the parent request's pool.
  • exists until the end of the request (i.e., ap_destroy_sub_req, or in child_main after process_request has finished)
  • note that r itself is allocated from r->pool; i.e., r->pool is first created and then r is the first thing palloc()d from it

For almost everything folks do, r->pool is the pool to use. But you can see how other lifetimes, such as pchild, are useful to some modules... such as modules that need to open a database connection once per child, and wish to clean it up when the child dies.

You can also see how some bugs have manifested themself, such as setting connection->user to a value from r->pool -- in this case connection exists for the lifetime of ptrans, which is longer than r->pool (especially if r->pool is a subrequest!). So the correct thing to do is to allocate from connection->pool.

And there was another interesting bug in mod_include / mod_cgi. You'll see in those that they do this test to decide if they should use r->pool or r->main->pool. In this case the resource that they are registering for cleanup is a child process. If it were registered in r->pool, then the code would wait() for the child when the subrequest finishes. With mod_include this could be any old #include, and the delay can be up to 3 seconds... and happened quite frequently. Instead the subprocess is registered in r->main->pool which causes it to be cleaned up when the entire request is done -- i.e., after the output has been sent to the client and logging has happened.

Tracking open files, etc.

As indicated above, resource pools are also used to track other sorts of resources besides memory. The most common are open files. The routine which is typically used for this is ap_pfopen, which takes a resource pool and two strings as arguments; the strings are the same as the typical arguments to fopen, e.g.,

...
FILE *f = ap_pfopen (r->pool, r->filename, "r");

if (f == NULL) { ... } else { ... }

There is also a ap_popenf routine, which parallels the lower-level open system call. Both of these routines arrange for the file to be closed when the resource pool in question is cleared.

Unlike the case for memory, there are functions to close files allocated with ap_pfopen, and ap_popenf, namely ap_pfclose and ap_pclosef. (This is because, on many systems, the number of files which a single process can have open is quite limited). It is important to use these functions to close files allocated with ap_pfopen and ap_popenf, since to do otherwise could cause fatal errors on systems such as Linux, which react badly if the same FILE* is closed more than once.

(Using the close functions is not mandatory, since the file will eventually be closed regardless, but you should consider it in cases where your module is opening, or could open, a lot of files).

Other sorts of resources -- cleanup functions

More text goes here. Describe the cleanup primitives in terms of which the file stuff is implemented; also, spawn_process.

Pool cleanups live until clear_pool() is called: clear_pool(a) recursively calls destroy_pool() on all subpools of a; then calls all the cleanups for a; then releases all the memory for a. destroy_pool(a) calls clear_pool(a) and then releases the pool structure itself. i.e., clear_pool(a) doesn't delete a, it just frees up all the resources and you can start using it again immediately.

Fine control -- creating and dealing with sub-pools, with a note on sub-requests

On rare occasions, too-free use of ap_palloc() and the associated primitives may result in undesirably profligate resource allocation. You can deal with such a case by creating a sub-pool, allocating within the sub-pool rather than the main pool, and clearing or destroying the sub-pool, which releases the resources which were associated with it. (This really is a rare situation; the only case in which it comes up in the standard module set is in case of listing directories, and then only with very large directories. Unnecessary use of the primitives discussed here can hair up your code quite a bit, with very little gain).

The primitive for creating a sub-pool is ap_make_sub_pool, which takes another pool (the parent pool) as an argument. When the main pool is cleared, the sub-pool will be destroyed. The sub-pool may also be cleared or destroyed at any time, by calling the functions ap_clear_pool and ap_destroy_pool, respectively. (The difference is that ap_clear_pool frees resources associated with the pool, while ap_destroy_pool also deallocates the pool itself. In the former case, you can allocate new resources within the pool, and clear it again, and so forth; in the latter case, it is simply gone).

One final note -- sub-requests have their own resource pools, which are sub-pools of the resource pool for the main request. The polite way to reclaim the resources associated with a sub request which you have allocated (using the ap_sub_req_... functions) is ap_destroy_sub_req, which frees the resource pool. Before calling this function, be sure to copy anything that you care about which might be allocated in the sub-request's resource pool into someplace a little less volatile (for instance, the filename in its request_rec structure).

(Again, under most circumstances, you shouldn't feel obliged to call this function; only 2K of memory or so are allocated for a typical sub request, and it will be freed anyway when the main request pool is cleared. It is only when you are allocating many, many sub-requests for a single main request that you should seriously consider the ap_destroy_... functions).

top

Configuration, commands and the like

One of the design goals for this server was to maintain external compatibility with the NCSA 1.3 server --- that is, to read the same configuration files, to process all the directives therein correctly, and in general to be a drop-in replacement for NCSA. On the other hand, another design goal was to move as much of the server's functionality into modules which have as little as possible to do with the monolithic server core. The only way to reconcile these goals is to move the handling of most commands from the central server into the modules.

However, just giving the modules command tables is not enough to divorce them completely from the server core. The server has to remember the commands in order to act on them later. That involves maintaining data which is private to the modules, and which can be either per-server, or per-directory. Most things are per-directory, including in particular access control and authorization information, but also information on how to determine file types from suffixes, which can be modified by AddType and DefaultType directives, and so forth. In general, the governing philosophy is that anything which can be made configurable by directory should be; per-server information is generally used in the standard set of modules for information like Aliases and Redirects which come into play before the request is tied to a particular place in the underlying file system.

Another requirement for emulating the NCSA server is being able to handle the per-directory configuration files, generally called .htaccess files, though even in the NCSA server they can contain directives which have nothing at all to do with access control. Accordingly, after URI -> filename translation, but before performing any other phase, the server walks down the directory hierarchy of the underlying filesystem, following the translated pathname, to read any .htaccess files which might be present. The information which is read in then has to be merged with the applicable information from the server's own config files (either from the <Directory> sections in access.conf, or from defaults in srm.conf, which actually behaves for most purposes almost exactly like <Directory />).

Finally, after having served a request which involved reading .htaccess files, we need to discard the storage allocated for handling them. That is solved the same way it is solved wherever else similar problems come up, by tying those structures to the per-transaction resource pool.

Per-directory configuration structures

Let's look out how all of this plays out in mod_mime.c, which defines the file typing handler which emulates the NCSA server's behavior of determining file types from suffixes. What we'll be looking at, here, is the code which implements the AddType and AddEncoding commands. These commands can appear in .htaccess files, so they must be handled in the module's private per-directory data, which in fact, consists of two separate tables for MIME types and encoding information, and is declared as follows:

typedef struct {
    table *forced_types;      /* Additional AddTyped stuff */
    table *encoding_types;    /* Added with AddEncoding... */
} mime_dir_config;

When the server is reading a configuration file, or <Directory> section, which includes one of the MIME module's commands, it needs to create a mime_dir_config structure, so those commands have something to act on. It does this by invoking the function it finds in the module's `create per-dir config slot', with two arguments: the name of the directory to which this configuration information applies (or NULL for srm.conf), and a pointer to a resource pool in which the allocation should happen.

(If we are reading a .htaccess file, that resource pool is the per-request resource pool for the request; otherwise it is a resource pool which is used for configuration data, and cleared on restarts. Either way, it is important for the structure being created to vanish when the pool is cleared, by registering a cleanup on the pool if necessary).

For the MIME module, the per-dir config creation function just ap_pallocs the structure above, and a creates a couple of tables to fill it. That looks like this:

void *create_mime_dir_config (pool *p, char *dummy)
{
mime_dir_config *new =
(mime_dir_config *) ap_palloc (p, sizeof(mime_dir_config));
new->forced_types = ap_make_table (p, 4);
new->encoding_types = ap_make_table (p, 4);

return new;
 }

Now, suppose we've just read in a .htaccess file. We already have the per-directory configuration structure for the next directory up in the hierarchy. If the .htaccess file we just read in didn't have any AddType or AddEncoding commands, its per-directory config structure for the MIME module is still valid, and we can just use it. Otherwise, we need to merge the two structures somehow.

To do that, the server invokes the module's per-directory config merge function, if one is present. That function takes three arguments: the two structures being merged, and a resource pool in which to allocate the result. For the MIME module, all that needs to be done is overlay the tables from the new per-directory config structure with those from the parent:

void *merge_mime_dir_configs (pool *p, void *parent_dirv, void *subdirv)
{
mime_dir_config *parent_dir = (mime_dir_config *)parent_dirv;
mime_dir_config *subdir = (mime_dir_config *)subdirv;
mime_dir_config *new =
(mime_dir_config *)ap_palloc (p, sizeof(mime_dir_config));
new->forced_types = ap_overlay_tables (p, subdir->forced_types,
parent_dir->forced_types);
 new->encoding_types = ap_overlay_tables (p, subdir->encoding_types,
parent_dir->encoding_types);
return new;
 }

As a note -- if there is no per-directory merge function present, the server will just use the subdirectory's configuration info, and ignore the parent's. For some modules, that works just fine (e.g., for the includes module, whose per-directory configuration information consists solely of the state of the XBITHACK), and for those modules, you can just not declare one, and leave the corresponding structure slot in the module itself NULL.

Command handling

Now that we have these structures, we need to be able to figure out how to fill them. That involves processing the actual AddType and AddEncoding commands. To find commands, the server looks in the module's command table. That table contains information on how many arguments the commands take, and in what formats, where it is permitted, and so forth. That information is sufficient to allow the server to invoke most command-handling functions with pre-parsed arguments. Without further ado, let's look at the AddType command handler, which looks like this (the AddEncoding command looks basically the same, and won't be shown here):

char *add_type(cmd_parms *cmd, mime_dir_config *m, char *ct, char *ext)
{
if (*ext == '.') ++ext;
ap_table_set (m->forced_types, ext, ct);
return NULL;
 }

This command handler is unusually simple. As you can see, it takes four arguments, two of which are pre-parsed arguments, the third being the per-directory configuration structure for the module in question, and the fourth being a pointer to a cmd_parms structure. That structure contains a bunch of arguments which are frequently of use to some, but not all, commands, including a resource pool (from which memory can be allocated, and to which cleanups should be tied), and the (virtual) server being configured, from which the module's per-server configuration data can be obtained if required.

Another way in which this particular command handler is unusually simple is that there are no error conditions which it can encounter. If there were, it could return an error message instead of NULL; this causes an error to be printed out on the server's stderr, followed by a quick exit, if it is in the main config files; for a .htaccess file, the syntax error is logged in the server error log (along with an indication of where it came from), and the request is bounced with a server error response (HTTP error status, code 500).

The MIME module's command table has entries for these commands, which look like this:

command_rec mime_cmds[] = {
{ "AddType", add_type, NULL, OR_FILEINFO, TAKE2,
"a mime type followed by a file extension" },
 { "AddEncoding", add_encoding, NULL, OR_FILEINFO, TAKE2,
"an encoding (e.g., gzip), followed by a file extension" },
 { NULL }
 };

The entries in these tables are:

Finally, having set this all up, we have to use it. This is ultimately done in the module's handlers, specifically for its file-typing handler, which looks more or less like this; note that the per-directory configuration structure is extracted from the request_rec's per-directory configuration vector by using the ap_get_module_config function.

int find_ct(request_rec *r)
{
int i;
char *fn = ap_pstrdup (r->pool, r->filename);
mime_dir_config *conf = (mime_dir_config *)
ap_get_module_config(r->per_dir_config, &mime_module);
 char *type;

if (S_ISDIR(r->finfo.st_mode)) {
r->content_type = DIR_MAGIC_TYPE;
return OK;
 }

if((i=ap_rind(fn,'.')) < 0) return DECLINED;
++i;

if ((type = ap_table_get (conf->encoding_types, &fn[i])))
{
r->content_encoding = type;

/* go back to previous extension to try to use it as a type */
fn[i-1] = '\0';
if((i=ap_rind(fn,'.')) < 0) return OK;
++i;
 }

if ((type = ap_table_get (conf->forced_types, &fn[i])))
{
r->content_type = type;
 }

return OK; }

Side notes -- per-server configuration, virtual servers, etc.

The basic ideas behind per-server module configuration are basically the same as those for per-directory configuration; there is a creation function and a merge function, the latter being invoked where a virtual server has partially overridden the base server configuration, and a combined structure must be computed. (As with per-directory configuration, the default if no merge function is specified, and a module is configured in some virtual server, is that the base configuration is simply ignored).

The only substantial difference is that when a command needs to configure the per-server private module data, it needs to go to the cmd_parms data to get at it. Here's an example, from the alias module, which also indicates how a syntax error can be returned (note that the per-directory configuration argument to the command handler is declared as a dummy, since the module doesn't actually have per-directory config data):

char *add_redirect(cmd_parms *cmd, void *dummy, char *f, char *url)
{
server_rec *s = cmd->server;
alias_server_conf *conf = (alias_server_conf *)
ap_get_module_config(s->module_config,&alias_module);
 alias_entry *new = ap_push_array (conf->redirects);

if (!ap_is_url (url)) return "Redirect to non-URL";

new->fake = f; new->real = url;
return NULL;
 }

developer/debugging.html100644 0 0 21562 11237400533 13037 0ustar 0 0 Debugging Memory Allocation in APR - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Debugging Memory Allocation in APR

The allocation mechanisms within APR have a number of debugging modes that can be used to assist in finding memory problems. This document describes the modes available and gives instructions on activating them.

top

Available debugging options

Allocation Debugging - ALLOC_DEBUG

Debugging support: Define this to enable code which helps detect re-use of free()d memory and other such nonsense.

The theory is simple. The FILL_BYTE (0xa5) is written over all malloc'd memory as we receive it, and is written over everything that we free up during a clear_pool. We check that blocks on the free list always have the FILL_BYTE in them, and we check during palloc() that the bytes still have FILL_BYTE in them. If you ever see garbage URLs or whatnot containing lots of 0xa5s then you know something used data that's been freed or uninitialized.

Malloc Support - ALLOC_USE_MALLOC

If defined all allocations will be done with malloc() and free()d appropriately at the end.

This is intended to be used with something like Electric Fence or Purify to help detect memory problems. Note that if you're using efence then you should also add in ALLOC_DEBUG. But don't add in ALLOC_DEBUG if you're using Purify because ALLOC_DEBUG would hide all the uninitialized read errors that Purify can diagnose.

Pool Debugging - POOL_DEBUG

This is intended to detect cases where the wrong pool is used when assigning data to an object in another pool.

In particular, it causes the table_{set,add,merge}n routines to check that their arguments are safe for the apr_table_t they're being placed in. It currently only works with the unix multiprocess model, but could be extended to others.

Table Debugging - MAKE_TABLE_PROFILE

Provide diagnostic information about make_table() calls which are possibly too small.

This requires a recent gcc which supports __builtin_return_address(). The error_log output will be a message such as:

table_push: apr_table_t created by 0x804d874 hit limit of 10

Use l *0x804d874 to find the source that corresponds to. It indicates that a apr_table_t allocated by a call at that address has possibly too small an initial apr_table_t size guess.

Allocation Statistics - ALLOC_STATS

Provide some statistics on the cost of allocations.

This requires a bit of an understanding of how alloc.c works.

top

Allowable Combinations

Not all the options outlined above can be activated at the same time. the following table gives more information.

ALLOC DEBUG ALLOC USE MALLOC POOL DEBUG MAKE TABLE PROFILE ALLOC STATS
ALLOC DEBUG -NoYesYesYes
ALLOC USE MALLOC No-NoNoNo
POOL DEBUG YesNo-YesYes
MAKE TABLE PROFILE YesNoYes-Yes
ALLOC STATS YesNoYesYes-

Additionally the debugging options are not suitable for multi-threaded versions of the server. When trying to debug with these options the server should be started in single process mode.

top

Activating Debugging Options

The various options for debugging memory are now enabled in the apr_general.h header file in APR. The various options are enabled by uncommenting the define for the option you wish to use. The section of the code currently looks like this (contained in srclib/apr/include/apr_pools.h)

/*
#define ALLOC_DEBUG
#define POOL_DEBUG
#define ALLOC_USE_MALLOC
#define MAKE_TABLE_PROFILE
#define ALLOC_STATS
*/

typedef struct ap_pool_t {
union block_hdr *first;
union block_hdr *last;
struct cleanup *cleanups;
struct process_chain *subprocesses;
struct ap_pool_t *sub_pools;
struct ap_pool_t *sub_next;
struct ap_pool_t *sub_prev;
struct ap_pool_t *parent;
char *free_first_avail;
 #ifdef ALLOC_USE_MALLOC
void *allocation_list;
 #endif
#ifdef POOL_DEBUG
struct ap_pool_t *joined;
 #endif
int (*apr_abort)(int retcode);
struct datastruct *prog_data;
 } ap_pool_t;

To enable allocation debugging simply move the #define ALLOC_DEBUG above the start of the comments block and rebuild the server.

Note

In order to use the various options the server must be rebuilt after editing the header file.

developer/documenting.html100644 0 0 10130 11237400533 13405 0ustar 0 0 Documenting Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Documenting Apache 2.0

Apache 2.0 uses Doxygen to document the APIs and global variables in the code. This will explain the basics of how to document using Doxygen.

top

Brief Description

To start a documentation block, use /**
To end a documentation block, use */

In the middle of the block, there are multiple tags we can use:

Description of this functions purpose
@param parameter_name description
@return description
@deffunc signature of the function

The deffunc is not always necessary. DoxyGen does not have a full parser in it, so any prototype that use a macro in the return type declaration is too complex for scandoc. Those functions require a deffunc. An example (using &gt; rather than >):

/**
 * return the final element of the pathname
 * @param pathname The path to get the final element of
 * @return the final element of the path
 * @tip Examples:
 * <pre>
 * "/foo/bar/gum" -&gt; "gum"
 * "/foo/bar/gum/" -&gt; ""
 * "gum" -&gt; "gum"
 * "wi\\n32\\stuff" -&gt; "stuff"
 * </pre>
 * @deffunc const char * ap_filename_of_pathname(const char *pathname)
 */

At the top of the header file, always include:

/**
 * @package Name of library header
 */

Doxygen uses a new HTML file for each package. The HTML files are named {Name_of_library_header}.html, so try to be concise with your names.

For a further discussion of the possibilities please refer to the Doxygen site.

developer/filters.html100644 0 0 27634 11237400533 12562 0ustar 0 0 How filters work in Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

How filters work in Apache 2.0

Warning

This is a cut 'n paste job from an email (<022501c1c529$f63a9550$7f00000a@KOJ>) and only reformatted for better readability. It's not up to date but may be a good start for further research.

top

Filter Types

There are three basic filter types (each of these is actually broken down into two categories, but that comes later).

CONNECTION
Filters of this type are valid for the lifetime of this connection. (AP_FTYPE_CONNECTION, AP_FTYPE_NETWORK)
PROTOCOL
Filters of this type are valid for the lifetime of this request from the point of view of the client, this means that the request is valid from the time that the request is sent until the time that the response is received. (AP_FTYPE_PROTOCOL, AP_FTYPE_TRANSCODE)
RESOURCE
Filters of this type are valid for the time that this content is used to satisfy a request. For simple requests, this is identical to PROTOCOL, but internal redirects and sub-requests can change the content without ending the request. (AP_FTYPE_RESOURCE, AP_FTYPE_CONTENT_SET)

It is important to make the distinction between a protocol and a resource filter. A resource filter is tied to a specific resource, it may also be tied to header information, but the main binding is to a resource. If you are writing a filter and you want to know if it is resource or protocol, the correct question to ask is: "Can this filter be removed if the request is redirected to a different resource?" If the answer is yes, then it is a resource filter. If it is no, then it is most likely a protocol or connection filter. I won't go into connection filters, because they seem to be well understood. With this definition, a few examples might help:

Byterange
We have coded it to be inserted for all requests, and it is removed if not used. Because this filter is active at the beginning of all requests, it can not be removed if it is redirected, so this is a protocol filter.
http_header
This filter actually writes the headers to the network. This is obviously a required filter (except in the asis case which is special and will be dealt with below) and so it is a protocol filter.
Deflate
The administrator configures this filter based on which file has been requested. If we do an internal redirect from an autoindex page to an index.html page, the deflate filter may be added or removed based on config, so this is a resource filter.

The further breakdown of each category into two more filter types is strictly for ordering. We could remove it, and only allow for one filter type, but the order would tend to be wrong, and we would need to hack things to make it work. Currently, the RESOURCE filters only have one filter type, but that should change.

top

How are filters inserted?

This is actually rather simple in theory, but the code is complex. First of all, it is important that everybody realize that there are three filter lists for each request, but they are all concatenated together. So, the first list is r->output_filters, then r->proto_output_filters, and finally r->connection->output_filters. These correspond to the RESOURCE, PROTOCOL, and CONNECTION filters respectively. The problem previously, was that we used a singly linked list to create the filter stack, and we started from the "correct" location. This means that if I had a RESOURCE filter on the stack, and I added a CONNECTION filter, the CONNECTION filter would be ignored. This should make sense, because we would insert the connection filter at the top of the c->output_filters list, but the end of r->output_filters pointed to the filter that used to be at the front of c->output_filters. This is obviously wrong. The new insertion code uses a doubly linked list. This has the advantage that we never lose a filter that has been inserted. Unfortunately, it comes with a separate set of headaches.

The problem is that we have two different cases were we use subrequests. The first is to insert more data into a response. The second is to replace the existing response with an internal redirect. These are two different cases and need to be treated as such.

In the first case, we are creating the subrequest from within a handler or filter. This means that the next filter should be passed to make_sub_request function, and the last resource filter in the sub-request will point to the next filter in the main request. This makes sense, because the sub-request's data needs to flow through the same set of filters as the main request. A graphical representation might help:

Default_handler --> includes_filter --> byterange --> ...

If the includes filter creates a sub request, then we don't want the data from that sub-request to go through the includes filter, because it might not be SSI data. So, the subrequest adds the following:

    
Default_handler --> includes_filter -/-> byterange --> ...
                                    /
Default_handler --> sub_request_core

What happens if the subrequest is SSI data? Well, that's easy, the includes_filter is a resource filter, so it will be added to the sub request in between the Default_handler and the sub_request_core filter.

The second case for sub-requests is when one sub-request is going to become the real request. This happens whenever a sub-request is created outside of a handler or filter, and NULL is passed as the next filter to the make_sub_request function.

In this case, the resource filters no longer make sense for the new request, because the resource has changed. So, instead of starting from scratch, we simply point the front of the resource filters for the sub-request to the front of the protocol filters for the old request. This means that we won't lose any of the protocol filters, neither will we try to send this data through a filter that shouldn't see it.

The problem is that we are using a doubly-linked list for our filter stacks now. But, you should notice that it is possible for two lists to intersect in this model. So, you do you handle the previous pointer? This is a very difficult question to answer, because there is no "right" answer, either method is equally valid. I looked at why we use the previous pointer. The only reason for it is to allow for easier addition of new servers. With that being said, the solution I chose was to make the previous pointer always stay on the original request.

This causes some more complex logic, but it works for all cases. My concern in having it move to the sub-request, is that for the more common case (where a sub-request is used to add data to a response), the main filter chain would be wrong. That didn't seem like a good idea to me.

top

Asis

The final topic. :-) Mod_Asis is a bit of a hack, but the handler needs to remove all filters except for connection filters, and send the data. If you are using mod_asis, all other bets are off.

top

Explanations

The absolutely last point is that the reason this code was so hard to get right, was because we had hacked so much to force it to work. I wrote most of the hacks originally, so I am very much to blame. However, now that the code is right, I have started to remove some hacks. Most people should have seen that the reset_filters and add_required_filters functions are gone. Those inserted protocol level filters for error conditions, in fact, both functions did the same thing, one after the other, it was really strange. Because we don't lose protocol filters for error cases any more, those hacks went away. The HTTP_HEADER, Content-length, and Byterange filters are all added in the insert_filters phase, because if they were added earlier, we had some interesting interactions. Now, those could all be moved to be inserted with the HTTP_IN, CORE, and CORE_IN filters. That would make the code easier to follow.

developer/hooks.html100644 0 0 24603 11237400533 12226 0ustar 0 0 Apache 2.0 Hook Functions - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Hook Functions

Warning

This document is still in development and may be partially out of date.

In general, a hook function is one that Apache will call at some point during the processing of a request. Modules can provide functions that are called, and specify when they get called in comparison to other modules.

top

Creating a hook function

In order to create a new hook, four things need to be done:

Declare the hook function

Use the AP_DECLARE_HOOK macro, which needs to be given the return type of the hook function, the name of the hook, and the arguments. For example, if the hook returns an int and takes a request_rec * and an int and is called do_something, then declare it like this:

AP_DECLARE_HOOK(int, do_something, (request_rec *r, int n))

This should go in a header which modules will include if they want to use the hook.

Create the hook structure

Each source file that exports a hook has a private structure which is used to record the module functions that use the hook. This is declared as follows:

APR_HOOK_STRUCT(
APR_HOOK_LINK(do_something)
...
 )

Implement the hook caller

The source file that exports the hook has to implement a function that will call the hook. There are currently three possible ways to do this. In all cases, the calling function is called ap_run_hookname().

Void hooks

If the return value of a hook is void, then all the hooks are called, and the caller is implemented like this:

AP_IMPLEMENT_HOOK_VOID(do_something, (request_rec *r, int n), (r, n))

The second and third arguments are the dummy argument declaration and the dummy arguments as they will be used when calling the hook. In other words, this macro expands to something like this:

void ap_run_do_something(request_rec *r, int n)
{
...
do_something(r, n);
 }

Hooks that return a value

If the hook returns a value, then it can either be run until the first hook that does something interesting, like so:

AP_IMPLEMENT_HOOK_RUN_FIRST(int, do_something, (request_rec *r, int n), (r, n), DECLINED)

The first hook that does not return DECLINED stops the loop and its return value is returned from the hook caller. Note that DECLINED is the tradition Apache hook return meaning "I didn't do anything", but it can be whatever suits you.

Alternatively, all hooks can be run until an error occurs. This boils down to permitting two return values, one of which means "I did something, and it was OK" and the other meaning "I did nothing". The first function that returns a value other than one of those two stops the loop, and its return is the return value. Declare these like so:

AP_IMPLEMENT_HOOK_RUN_ALL(int, do_something, (request_rec *r, int n), (r, n), OK, DECLINED)

Again, OK and DECLINED are the traditional values. You can use what you want.

Call the hook callers

At appropriate moments in the code, call the hook caller, like so:

int n, ret;
request_rec *r;

ret=ap_run_do_something(r, n);

top

Hooking the hook

A module that wants a hook to be called needs to do two things.

Implement the hook function

Include the appropriate header, and define a static function of the correct type:

static int my_something_doer(request_rec *r, int n)
{
...
return OK;
 }

Add a hook registering function

During initialisation, Apache will call each modules hook registering function, which is included in the module structure:

static void my_register_hooks()
{
ap_hook_do_something(my_something_doer, NULL, NULL, APR_HOOK_MIDDLE);
 }

mode MODULE_VAR_EXPORT my_module =
{
...
my_register_hooks /* register hooks */
 };

Controlling hook calling order

In the example above, we didn't use the three arguments in the hook registration function that control calling order. There are two mechanisms for doing this. The first, rather crude, method, allows us to specify roughly where the hook is run relative to other modules. The final argument control this. There are three possible values: APR_HOOK_FIRST, APR_HOOK_MIDDLE and APR_HOOK_LAST.

All modules using any particular value may be run in any order relative to each other, but, of course, all modules using APR_HOOK_FIRST will be run before APR_HOOK_MIDDLE which are before APR_HOOK_LAST. Modules that don't care when they are run should use APR_HOOK_MIDDLE. (I spaced these out so people could do stuff like APR_HOOK_FIRST-2 to get in slightly earlier, but is this wise? - Ben)

Note that there are two more values, APR_HOOK_REALLY_FIRST and APR_HOOK_REALLY_LAST. These should only be used by the hook exporter.

The other method allows finer control. When a module knows that it must be run before (or after) some other modules, it can specify them by name. The second (third) argument is a NULL-terminated array of strings consisting of the names of modules that must be run before (after) the current module. For example, suppose we want "mod_xyz.c" and "mod_abc.c" to run before we do, then we'd hook as follows:

static void register_hooks()
{
static const char * const aszPre[] = { "mod_xyz.c", "mod_abc.c", NULL };

ap_hook_do_something(my_something_doer, aszPre, NULL, APR_HOOK_MIDDLE);
 }

Note that the sort used to achieve this is stable, so ordering set by APR_HOOK_ORDER is preserved, as far as is possible.

Ben Laurie, 15th August 1999

developer/index.html100644 0 0 11314 11237400533 12205 0ustar 0 0 Developer Documentation for Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

Developer Documentation for Apache 2.0

Many of the documents on these Developer pages are lifted from Apache 1.3's documentation. While they are all being updated to Apache 2.0, they are in different stages of progress. Please be patient, and point out any discrepancies or errors on the developer/ pages directly to the dev@httpd.apache.org mailing list.

top

Topics

top

External Resources

developer/modules.html100644 0 0 26307 11237400533 12556 0ustar 0 0 Converting Modules from Apache 1.3 to Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Converting Modules from Apache 1.3 to Apache 2.0

This is a first attempt at writing the lessons I learned when trying to convert the mod_mmap_static module to Apache 2.0. It's by no means definitive and probably won't even be correct in some ways, but it's a start.

top

The easier changes ...

Cleanup Routines

These now need to be of type apr_status_t and return a value of that type. Normally the return value will be APR_SUCCESS unless there is some need to signal an error in the cleanup. Be aware that even though you signal an error not all code yet checks and acts upon the error.

Initialisation Routines

These should now be renamed to better signify where they sit in the overall process. So the name gets a small change from mmap_init to mmap_post_config. The arguments passed have undergone a radical change and now look like

Data Types

A lot of the data types have been moved into the APR. This means that some have had a name change, such as the one shown above. The following is a brief list of some of the changes that you are likely to have to make.

top

The messier changes...

Register Hooks

The new architecture uses a series of hooks to provide for calling your functions. These you'll need to add to your module by way of a new function, static void register_hooks(void). The function is really reasonably straightforward once you understand what needs to be done. Each function that needs calling at some stage in the processing of a request needs to be registered, handlers do not. There are a number of phases where functions can be added, and for each you can specify with a high degree of control the relative order that the function will be called in.

This is the code that was added to mod_mmap_static:

static void register_hooks(void)
{
    static const char * const aszPre[]={ "http_core.c",NULL };
    ap_hook_post_config(mmap_post_config,NULL,NULL,HOOK_MIDDLE);
    ap_hook_translate_name(mmap_static_xlat,aszPre,NULL,HOOK_LAST);
};

This registers 2 functions that need to be called, one in the post_config stage (virtually every module will need this one) and one for the translate_name phase. note that while there are different function names the format of each is identical. So what is the format?

ap_hook_phase_name(function_name, predecessors, successors, position);

There are 3 hook positions defined...

To define the position you use the position and then modify it with the predecessors and successors. Each of the modifiers can be a list of functions that should be called, either before the function is run (predecessors) or after the function has run (successors).

In the mod_mmap_static case I didn't care about the post_config stage, but the mmap_static_xlat must be called after the core module had done it's name translation, hence the use of the aszPre to define a modifier to the position HOOK_LAST.

Module Definition

There are now a lot fewer stages to worry about when creating your module definition. The old defintion looked like

module MODULE_VAR_EXPORT module_name_module =
{
    STANDARD_MODULE_STUFF,
    /* initializer */
    /* dir config creater */
    /* dir merger --- default is to override */
    /* server config */
    /* merge server config */
    /* command handlers */
    /* handlers */
    /* filename translation */
    /* check_user_id */
    /* check auth */
    /* check access */
    /* type_checker */
    /* fixups */
    /* logger */
    /* header parser */
    /* child_init */
    /* child_exit */
    /* post read-request */
};

The new structure is a great deal simpler...

module MODULE_VAR_EXPORT module_name_module =
{
    STANDARD20_MODULE_STUFF,
    /* create per-directory config structures */
    /* merge per-directory config structures  */
    /* create per-server config structures    */
    /* merge per-server config structures     */
    /* command handlers */
    /* handlers */
    /* register hooks */
};

Some of these read directly across, some don't. I'll try to summarise what should be done below.

The stages that read directly across :

/* dir config creater */
/* create per-directory config structures */
/* server config */
/* create per-server config structures */
/* dir merger */
/* merge per-directory config structures */
/* merge server config */
/* merge per-server config structures */
/* command table */
/* command apr_table_t */
/* handlers */
/* handlers */

The remainder of the old functions should be registered as hooks. There are the following hook stages defined so far...

ap_hook_post_config
this is where the old _init routines get registered
ap_hook_http_method
retrieve the http method from a request. (legacy)
ap_hook_open_logs
open any specified logs
ap_hook_auth_checker
check if the resource requires authorization
ap_hook_access_checker
check for module-specific restrictions
ap_hook_check_user_id
check the user-id and password
ap_hook_default_port
retrieve the default port for the server
ap_hook_pre_connection
do any setup required just before processing, but after accepting
ap_hook_process_connection
run the correct protocol
ap_hook_child_init
call as soon as the child is started
ap_hook_create_request
??
ap_hook_fixups
last chance to modify things before generating content
ap_hook_handler
generate the content
ap_hook_header_parser
lets modules look at the headers, not used by most modules, because they use post_read_request for this
ap_hook_insert_filter
to insert filters into the filter chain
ap_hook_log_transaction
log information about the request
ap_hook_optional_fn_retrieve
retrieve any functions registered as optional
ap_hook_post_read_request
called after reading the request, before any other phase
ap_hook_quick_handler
called before any request processing, used by cache modules.
ap_hook_translate_name
translate the URI into a filename
ap_hook_type_checker
determine and/or set the doc type
developer/request.html100644 0 0 33157 11237400533 12577 0ustar 0 0 Request Processing in Apache 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Request Processing in Apache 2.0

Warning

Warning - this is a first (fast) draft that needs further revision!

Several changes in Apache 2.0 affect the internal request processing mechanics. Module authors need to be aware of these changes so they may take advantage of the optimizations and security enhancements.

The first major change is to the subrequest and redirect mechanisms. There were a number of different code paths in Apache 1.3 to attempt to optimize subrequest or redirect behavior. As patches were introduced to 2.0, these optimizations (and the server behavior) were quickly broken due to this duplication of code. All duplicate code has been folded back into ap_process_request_internal() to prevent the code from falling out of sync again.

This means that much of the existing code was 'unoptimized'. It is the Apache HTTP Project's first goal to create a robust and correct implementation of the HTTP server RFC. Additional goals include security, scalability and optimization. New methods were sought to optimize the server (beyond the performance of Apache 1.3) without introducing fragile or insecure code.

top

The Request Processing Cycle

All requests pass through ap_process_request_internal() in request.c, including subrequests and redirects. If a module doesn't pass generated requests through this code, the author is cautioned that the module may be broken by future changes to request processing.

To streamline requests, the module author can take advantage of the hooks offered to drop out of the request cycle early, or to bypass core Apache hooks which are irrelevant (and costly in terms of CPU.)

top

The Request Parsing Phase

Unescapes the URL

The request's parsed_uri path is unescaped, once and only once, at the beginning of internal request processing.

This step is bypassed if the proxyreq flag is set, or the parsed_uri.path element is unset. The module has no further control of this one-time unescape operation, either failing to unescape or multiply unescaping the URL leads to security reprecussions.

Strips Parent and This Elements from the URI

All /../ and /./ elements are removed by ap_getparents(). This helps to ensure the path is (nearly) absolute before the request processing continues.

This step cannot be bypassed.

Initial URI Location Walk

Every request is subject to an ap_location_walk() call. This ensures that <Location> sections are consistently enforced for all requests. If the request is an internal redirect or a sub-request, it may borrow some or all of the processing from the previous or parent request's ap_location_walk, so this step is generally very efficient after processing the main request.

translate_name

Modules can determine the file name, or alter the given URI in this step. For example, mod_vhost_alias will translate the URI's path into the configured virtual host, mod_alias will translate the path to an alias path, and if the request falls back on the core, the DocumentRoot is prepended to the request resource.

If all modules DECLINE this phase, an error 500 is returned to the browser, and a "couldn't translate name" error is logged automatically.

Hook: map_to_storage

After the file or correct URI was determined, the appropriate per-dir configurations are merged together. For example, mod_proxy compares and merges the appropriate <Proxy> sections. If the URI is nothing more than a local (non-proxy) TRACE request, the core handles the request and returns DONE. If no module answers this hook with OK or DONE, the core will run the request filename against the <Directory> and <Files> sections. If the request 'filename' isn't an absolute, legal filename, a note is set for later termination.

URI Location Walk

Every request is hardened by a second ap_location_walk() call. This reassures that a translated request is still subjected to the configured <Location> sections. The request again borrows some or all of the processing from its previous location_walk above, so this step is almost always very efficient unless the translated URI mapped to a substantially different path or Virtual Host.

Hook: header_parser

The main request then parses the client's headers. This prepares the remaining request processing steps to better serve the client's request.

top

The Security Phase

Needs Documentation. Code is:

switch (ap_satisfies(r)) {
case SATISFY_ALL:
case SATISFY_NOSPEC:
    if ((access_status = ap_run_access_checker(r)) != 0) {
        return decl_die(access_status, "check access", r);
    }

    if (ap_some_auth_required(r)) {
        if (((access_status = ap_run_check_user_id(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check user.  No user file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }

        if (((access_status = ap_run_auth_checker(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check access.  No groups file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }
    }
    break;

case SATISFY_ANY:
    if (((access_status = ap_run_access_checker(r)) != 0)) {
        if (!ap_some_auth_required(r)) {
            return decl_die(access_status, "check access", r);
        }

        if (((access_status = ap_run_check_user_id(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check user.  No user file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }

        if (((access_status = ap_run_auth_checker(r)) != 0)
            || !ap_auth_type(r)) {
            return decl_die(access_status, ap_auth_type(r)
                          ? "check access.  No groups file?"
                          : "perform authentication. AuthType not set!",
                          r);
        }
    }
    break;
}
top

The Preparation Phase

Hook: type_checker

The modules have an opportunity to test the URI or filename against the target resource, and set mime information for the request. Both mod_mime and mod_mime_magic use this phase to compare the file name or contents against the administrator's configuration and set the content type, language, character set and request handler. Some modules may set up their filters or other request handling parameters at this time.

If all modules DECLINE this phase, an error 500 is returned to the browser, and a "couldn't find types" error is logged automatically.

Hook: fixups

Many modules are 'trounced' by some phase above. The fixups phase is used by modules to 'reassert' their ownership or force the request's fields to their appropriate values. It isn't always the cleanest mechanism, but occasionally it's the only option.

top

The Handler Phase

This phase is not part of the processing in ap_process_request_internal(). Many modules prepare one or more subrequests prior to creating any content at all. After the core, or a module calls ap_process_request_internal() it then calls ap_invoke_handler() to generate the request.

Hook: insert_filter

Modules that transform the content in some way can insert their values and override existing filters, such that if the user configured a more advanced filter out-of-order, then the module can move its order as need be. There is no result code, so actions in this hook better be trusted to always succeed.

Hook: handler

The module finally has a chance to serve the request in its handler hook. Note that not every prepared request is sent to the handler hook. Many modules, such as mod_autoindex, will create subrequests for a given URI, and then never serve the subrequest, but simply lists it for the user. Remember not to put required teardown from the hooks above into this module, but register pool cleanups against the request pool to free resources as required.

developer/thread_safety.html100644 0 0 36007 11237400533 13726 0ustar 0 0 Apache 2.0 Thread Safety Issues - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > Developer Documentation

Apache 2.0 Thread Safety Issues

When using any of the threaded mpms in Apache 2.0 it is important that every function called from Apache be thread safe. When linking in 3rd party extensions it can be difficult to determine whether the resulting server will be thread safe. Casual testing generally won't tell you this either as thread safety problems can lead to subtle race conditons that may only show up in certain conditions under heavy load.

top

Global and static variables

When writing your module or when trying to determine if a module or 3rd party library is thread safe there are some common things to keep in mind.

First, you need to recognize that in a threaded model each individual thread has its own program counter, stack and registers. Local variables live on the stack, so those are fine. You need to watch out for any static or global variables. This doesn't mean that you are absolutely not allowed to use static or global variables. There are times when you actually want something to affect all threads, but generally you need to avoid using them if you want your code to be thread safe.

In the case where you have a global variable that needs to be global and accessed by all threads, be very careful when you update it. If, for example, it is an incrementing counter, you need to atomically increment it to avoid race conditions with other threads. You do this using a mutex (mutual exclusion). Lock the mutex, read the current value, increment it and write it back and then unlock the mutex. Any other thread that wants to modify the value has to first check the mutex and block until it is cleared.

If you are using APR, have a look at the apr_atomic_* functions and the apr_thread_mutex_* functions.

top

errno

This is a common global variable that holds the error number of the last error that occurred. If one thread calls a low-level function that sets errno and then another thread checks it, we are bleeding error numbers from one thread into another. To solve this, make sure your module or library defines _REENTRANT or is compiled with -D_REENTRANT. This will make errno a per-thread variable and should hopefully be transparent to the code. It does this by doing something like this:

#define errno (*(__errno_location()))

which means that accessing errno will call __errno_location() which is provided by the libc. Setting _REENTRANT also forces redefinition of some other functions to their *_r equivalents and sometimes changes the common getc/putc macros into safer function calls. Check your libc documentation for specifics. Instead of, or in addition to _REENTRANT the symbols that may affect this are _POSIX_C_SOURCE, _THREAD_SAFE, _SVID_SOURCE, and _BSD_SOURCE.

top

Common standard troublesome functions

Not only do things have to be thread safe, but they also have to be reentrant. strtok() is an obvious one. You call it the first time with your delimiter which it then remembers and on each subsequent call it returns the next token. Obviously if multiple threads are calling it you will have a problem. Most systems have a reentrant version of of the function called strtok_r() where you pass in an extra argument which contains an allocated char * which the function will use instead of its own static storage for maintaining the tokenizing state. If you are using APR you can use apr_strtok().

crypt() is another function that tends to not be reentrant, so if you run across calls to that function in a library, watch out. On some systems it is reentrant though, so it is not always a problem. If your system has crypt_r() chances are you should be using that, or if possible simply avoid the whole mess by using md5 instead.

top

Common 3rd Party Libraries

The following is a list of common libraries that are used by 3rd party Apache modules. You can check to see if your module is using a potentially unsafe library by using tools such as ldd(1) and nm(1). For PHP, for example, try this:

% ldd libphp4.so
libsablot.so.0 => /usr/local/lib/libsablot.so.0 (0x401f6000)
libexpat.so.0 => /usr/lib/libexpat.so.0 (0x402da000)
libsnmp.so.0 => /usr/lib/libsnmp.so.0 (0x402f9000)
libpdf.so.1 => /usr/local/lib/libpdf.so.1 (0x40353000)
libz.so.1 => /usr/lib/libz.so.1 (0x403e2000)
libpng.so.2 => /usr/lib/libpng.so.2 (0x403f0000)
libmysqlclient.so.11 => /usr/lib/libmysqlclient.so.11 (0x40411000)
libming.so => /usr/lib/libming.so (0x40449000)
libm.so.6 => /lib/libm.so.6 (0x40487000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x404a8000)
libjpeg.so.62 => /usr/lib/libjpeg.so.62 (0x404e7000)
libcrypt.so.1 => /lib/libcrypt.so.1 (0x40505000)
libssl.so.2 => /lib/libssl.so.2 (0x40532000)
libcrypto.so.2 => /lib/libcrypto.so.2 (0x40560000)
libresolv.so.2 => /lib/libresolv.so.2 (0x40624000)
libdl.so.2 => /lib/libdl.so.2 (0x40634000)
libnsl.so.1 => /lib/libnsl.so.1 (0x40637000)
libc.so.6 => /lib/libc.so.6 (0x4064b000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)

In addition to these libraries you will need to have a look at any libraries linked statically into the module. You can use nm(1) to look for individual symbols in the module.

top

Library List

Please drop a note to dev@httpd.apache.org if you have additions or corrections to this list.

LibraryVersionThread Safe?Notes
ASpell/PSpell ?
Berkeley DB 3.x, 4.x Yes Be careful about sharing a connection across threads.
bzip2 Yes Both low-level and high-level APIs are thread-safe. However, high-level API requires thread-safe access to errno.
cdb ?
C-Client Perhaps c-client uses strtok() and gethostbyname() which are not thread-safe on most C library implementations. c-client's static data is meant to be shared across threads. If strtok() and gethostbyname() are thread-safe on your OS, c-client may be thread-safe.
cpdflib ?
libcrypt ?
Expat Yes Need a separate parser instance per thread
FreeTDS ?
FreeType ?
GD 1.8.x ?
GD 2.0.x ?
gdbm No Errors returned via a static gdbm_error variable
ImageMagick 5.2.2 Yes ImageMagick docs claim it is thread safe since version 5.2.2 (see Change log).
Imlib2 ?
libjpeg v6b ?
libmysqlclient Yes Use mysqlclient_r library variant to ensure thread-safety. For more information, please read http://www.mysql.com/doc/en/Threaded_clients.html.
Ming 0.2a ?
Net-SNMP 5.0.x ?
OpenLDAP 2.1.x Yes Use ldap_r library variant to ensure thread-safety.
OpenSSL 0.9.6g Yes Requires proper usage of CRYPTO_num_locks, CRYPTO_set_locking_callback, CRYPTO_set_id_callback
liboci8 (Oracle 8+) 8.x,9.x ?
pdflib 5.0.x Yes PDFLib docs claim it is thread safe; changes.txt indicates it has been partially thread-safe since V1.91: http://www.pdflib.com/products/pdflib/index.html.
libpng 1.0.x ?
libpng 1.2.x ?
libpq (PostgreSQL) 7.x Yes Don't share connections across threads and watch out for crypt() calls
Sablotron 0.95 ?
zlib 1.1.4 Yes Relies upon thread-safe zalloc and zfree functions Default is to use libc's calloc/free which are thread-safe.
dns-caveats.html100644 0 0 24005 11237400533 11322 0ustar 0 0 DNS ġ õ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

DNS ġ õ

ֽ ƴմϴ. ֱٿ ϼ.

ִ. ġ DNS ʵ ϶. ġ дµ DNS ʿϴٸ ŷڼ ( ȵ ִ) Ȥ 񽺰ź ݰ (ڰ ٸ ڿ ä Ͽ) 񽺵(theft of service) ݿ ô޸ ִ.

top

<VirtualHost www.abc.dom>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

ġ ϱؼ ȣƮ ΰ ʿϴ. ServerName ٸ ּ Ѱ IP ̴ּ. IP ּҰ ⶧, ġ DNS Ͽ www.abc.dom ּҸ ãƾ Ѵ.  DNS ٸ ȣƮ . ȣƮ û . (ġ 1.2 õ Ѵ.)

www.abc.dom ּҰ 192.0.2.1̶ . ׸ :

<VirtualHost 192.0.2.1>
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

ġ ȣƮ ServerName ã DNS ؾ Ѵ. ãⰡ ϸ ġ ȣƮ κ . (ġ 1.2 õ Ѵ.) , ̸ ȣƮ ȣƮ ʰ, ip̶ κ Ѵ. ׷ ġ Ͽ ü URL Ѵٸ URL Ѵ.

Ʒ ΰ .

<VirtualHost 192.0.2.1>
ServerName www.abc.dom
ServerAdmin webgirl@abc.dom
DocumentRoot /www/abc
</VirtualHost>

top

񽺰ź (Denial of Service)

(ּ) ΰ 񽺰źΰ ߻ ִ. ġ 1.2  ȣƮ DNS ˻ ϸ ʴ´. DNS ִ. , abc.dom Ʈ̰ ڽ DNS Ѵٸ, www.abc.dom ڵ带 ⸸ ص (1.2 ) Ѵ.

ξ Ȱ ִ. 캸:

<VirtualHost www.abc.dom>
  ServerAdmin webgirl@abc.dom
  DocumentRoot /www/abc
</VirtualHost>

<VirtualHost www.def.dom>
  ServerAdmin webguy@def.dom
  DocumentRoot /www/def
</VirtualHost>

www.abc.dom 192.0.2.1, www.def.dom 192.0.2.2 Ҵߴٰ . , def.dom ü DNS Ѵٰ . Բ def.dom abc.dom ç ִ ҿ ξ. ׷ٸ ׵ www.def.dom 192.0.2.1 ϱ⸸ ϸ ȴ. ׵ ü DNS ϱ⶧ ׵ ϴµ www.def.dom ڵ带 ϴ .

http://www.abc.dom/whatever URL Էϴ 츦 Ͽ) 192.0.2.1 û def.dom ȣƮ ϰ ȴ. ̷ Ͼ Ϸ ġ  ȣƮ û óϴ ʿϴ. 밭 ִ.

top

"ּ" ּ

ġ 1.1 ̸ ȣƮ ԵǾ⶧ ġ ϴ ȣƮ IP ּ() ʿ䰡 . ּҴ (ִٸ) ServerName Ȥ C Լ gethostname (Ʈ "hostname" Է ) ´. ׷ ּҷ DNS ˻ Ѵ. ˻ .

DNS ׾ ˻ ٸ /etc/hosts ȣƮ ִ. (ǻͰ õǾٸ Ƹ ̹ ̴.) ׸ DNS ϸ /etc/hosts ϴ Ȯ϶. ϴ ü /etc/resolv.conf Ȥ /etc/nsswitch.conf ϸ ̴.

 DNS ˻ϸ ȵȴٸ HOSTRESORDER ȯ溯 "local" ϰ ġ ִ. mod_env Ͽ ȯ ʴ´ٸ ȯ溯 CGI ش. ü manpage FAQ ϴ .

top

ϱ

top

η: δ

DNS õ Ȳ ſ ٶ ϴ. ġ 1.2 츮 DNS 쿡 ּ . · Ͽ IP ּҸ 䱸ϴ ȣ ٽ ؾ ͳݿ ſ ٶ ϴ.

񽺵 Ѱ ˻ IP ּҿ ٽ DNS ˻ Ͽ ̸ ϴ ̴. ٸ ȣƮ ִ. DNS ùٷ Ǿ Ѵ. (FTP TCP wrapper "ߺ-" DNS ˻ ϱ⶧ κ ڿ ͼ ̴.)

· IP ּҸ DNS ȣƮ ְ . Ϻθ ϴ Ͱ κ ذå ü ʴ ͺ ִ.

HTTP/1.1 ԰ Ͻð Host Ƿ IP ȣƮ ʴ ̴. ׷ ߿ DNS ˻ ʿ䰡 . ׷ 1997 3 ߿ ̸ ȣƮ θ ʾҴ.

dso.html100644 0 0 32332 11237400533 7701 0ustar 0 0 ü (DSO) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ü (DSO)

ֽ ƴմϴ. ֱٿ ϼ.

ġ ڰ Ͽ ִ ȭ α׷̴. Ҷ httpd Ͽ ִ. ƴϸ httpd ϰ иϿ ü(Dynamic Shared Objects, DSO) ִ. DSO Ҷ ϰų, Apache Extension Tool (apxs) Ͽ ߿ Ͽ ߰ ִ.

DSO ̷ Ѵ.

top

õ õ þ

ġ ٽɿ ؾ mod_so.c ġ о̱ DSO Ѵ. core ϰ DSO ̴. ٸ ġ ġ configure --enable-module=shared ɼ Ͽ DSO ִ. mod_foo.so DSO httpd.conf Ͽ mod_so LoadModule ɾ Ͽ ۽ Ȥ ۽ о ִ.

ġ (Ư ڰ ) DSO apxs (APache eXtenSion) ο α׷ ִ. α׷ ġ ҽ Ʈ ۿ DSO Ҷ Ѵ. . ġ ġҶ configure make install ġ C ġϰ, DSO ϱ ÷ Ư Ϸ ɼǰ Ŀ ɼ apxs α׷ Ѵ. ׷ apxs ϴ ڴ ġ ҽ Ʈ, DSO ÷ Ư Ϸ ɼǿ Ŀ ɼǿ Ű ʰ ڽ ġ ҽ ִ.

top

Apache 2.2 DSO ɿ ª ̴:

  1. ִ ġ ϰ ġϴ . mod_foo.c DSO mod_foo.so:

    $ ./configure --prefix=/path/to/install --enable-foo=shared
    $ make install

  2. ڰ ġ ϰ ġϴ . mod_foo.c DSO mod_foo.so:

    $ ./configure --add-module=module_type:/path/to/3rdparty/mod_foo.c --enable-foo=shared
    $ make install

  3. ߿ ϱ ġ ϴ :

    $ ./configure --enable-so
    $ make install

  4. ڰ ġ ϰ ġϴ . apxs Ͽ ġ ҽ Ʈ ۿ mod_foo.c DSO mod_foo.so:

    $ cd /path/to/3rdparty
    $ apxs -c mod_foo.c
    $ apxs -i -a -n foo mod_foo.la

ϴ ϵǸ, httpd.conf LoadModule þ Ͽ ġ о̰ .

top

н ü (DSO) ŷ/ε(dynamic linking/loading)̶ Ͽ, Ư ڵ α׷ ּҰ о̴ ִ.

ΰ о ִ. ϳ α׷ Ҷ ld.so ý α׷ ڵ о̴ , ٸ ϳ α׷ dlopen()/dlsym() ýȣ н δ(loader) ý ̽ Ͽ о̴ .

ù° DSO ̺귯(shared libraries) Ȥ DSO ̺귯 θ, libfoo.so libfoo.so.1.2 ̸ . ̵ ý 丮( /usr/lib) ְ, Ͻ Ŀ ɾ -lfoo ־ ϰ Ѵ. ̷ ̺귯 Ͽ ǿ, α׷ Ҷ Ŀ ɼ -R , ȯ溯 LD_LIBRARY_PATH Ȥ /usr/lib н δ libfoo.so ã ִ. ׷ α׷ ( ã(unresolved)) ɺ(symbol) DSO ãԵȴ.

DSO α׷ ɺ ãʱ (DSO 밡 Ϲ ڵ ̺귯̹Ƿ) ã ⼭ . н δ ɺ ã⸦ ϹǷ α׷ DSO ɺ ã ʿ䰡 . ( ld.so θ ڵ ƴ α׷ ũǴ ڵ Ϻδ.) ̺귯 ڵ带 о̴ Ȯϴ. ̺귯 ڵ尡 α׷ ߺؼ Ǵ libc.so ý ̺귯 ѹ DZ ũ ȴ.

ι° DSO ü(shared objects) Ȥ DSO ̶ θ, (Ģ ̸ foo.so) Ȯڴ Ӵ. ϵ α׷ ü 丮 ġϰ α׷ ڵ ʴ´. α׷ dlopen() Ͽ DSO ּҰ о鿩 Ѵ. ̶ α׷ DSO ɺ ã ʴ´. տ н δ ڵ ϰ ̹ о DSO ̺귯(Ư ׻ ϴ libc.so ɺ) DSO ( ã) ɺ ã´. ׷ DSO ġ ó α׷ ũȰͰ ɺ ˰Եȴ.

DSO API ̿ϱؼ α׷ dlsym() DSO Ư ɺ ãƼ, ϱ ġ(dispatch) ǥ Ѵ. ٸ α׷ Ǻ ãƾѴ. ̷ α׷ Ϻθ α׷ ʿҶ о ʾƵ (׷ ޸𸮸 ʰ) ȴٴ ̴. ⺻ α׷ Ȯϱ ʿ κ о ִ.

̷ DSO ڿ , ּ Ѱִ. α׷ Ȯϱ DSO Ҷ DSO α׷ ɺ ã ̴. ? DSO α׷ ɺ " ã " (̺귯 ڽ ϴ α׷ 𸥴ٴ) ̺귯 迡 ϸ, ÷ ʰ ǥȭ ʾұ ̴. ɺ(global symbol) ͽƮ(export) ʱ⶧ DSO . DSO Ͽ α׷ ȮϷ Ŀ ɺ ͽƮϵ ϴ ֵ ذå̴.

̺귯 DSO Ģ ̱⶧ ü ϴ ̺귯 Ѵ. ݴ α׷ α׷ Ȯϱ ü ʴ´.

1998 Ȯϱ DSO Ʈ Ű (XS DynaLoader ) Perl 5, Netscape Server 幰. ġ ̹ Ȯϱ ߰ ܺ ġ ٽɱɿ ϱ ġ ̿ ٹ ߱⶧ 1.3 뿭 շߴ. ׷ ġ о̴µ DSO ϵ .

top

տ DSO ϸ ִ:

DSO ִ:

env.html100644 0 0 45420 11237400533 7706 0ustar 0 0 ġ ȯ溯 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ġ ȯ溯

ֽ ƴմϴ. ֱٿ ϼ.

ġ ȯ溯(environment variable) ִ. Ͽ α׳ ۾ Ѵ. , ȯ溯 CGI ũƮ ܺ α׷ ϴ ȴ. ȯ溯 ٷ ϴ پ Ѵ.

ȯ溯 θ, ü ϴ ȯ溯 ٸ. ġ ο ǰ ȴ. ȯ溯 CGI ũƮ Server Side Include ũƮ Ѱ ü ȯ溯 ȴ. ϴ ü ȯ ϰ ʹٸ ü ȯ ؾ Ѵ.

top

ȯ溯 ϱ

õ õ þ

⺻ ȯ漳

ġ ȯ溯 ϴ ⺻ SetEnv þ ϴ ̴. PassEnv þ Ͽ ȯ溯 ִ.

û Ǻ

ϰ, mod_setenvif ϴ þ û û Ư¡ ȯ溯 Ѵ. , Ư (User-Agent) ûϰų Ư Referer ( Ʋ ʾҴ) ִ 쿡 ִ. mod_rewrite ִ RewriteRule [E=...] ɼ Ͽ ϰ ȯ溯 ִ.

ĺ

mod_unique_id û  쿡 "" û߿ Ȯ (ġ) UNIQUE_ID ȯ溯 Ѵ.

ǥ CGI

CGI ũƮ SSI ġ Ͽų ȯ溯 ܿ ߰ CGI Ծ û ˷ִ ȯ溯 ޴´.

top

ȯ溯 ϱ

õ õ þ

CGI ũƮ

ȯ溯 ֵ 뵵 ϳ CGI ũƮ ȯϴ ̴. տ ߵ ġ ܿ û ǥ CGI ũƮ Ѿ. ڼ CGI 丮 ϶.

SSI

mod_include INCLUDES Ͱ óϴ Ľ (SSI) echo Ҹ Ͽ ȯ溯 ְ, ȯ溯 Ͽ û Ư¡ 帧 ҷ Ϻθ ִ. ġ SSI ǥ CGI ȯ溯 Ѵ. ڼ SSI 丮 ϶.

allow from env= deny from env= þ Ͽ ȯ溯 ִ. SetEnvIf ϸ Ŭ̾Ʈ Ư¡ Ӱ ִ. , Ư (User-Agent) ź ִ.

Ǻ α

LogFormat %e ɼ Ͽ ȯ溯 α׿ ִ. , CustomLog þ Ǻ ϸ ȯ溯 Ȳ û α θ ִ. SetEnvIf Ͽ  û α Ӱ ִ. , ϸ gif û α ʰų, ܺ Ʈ ִ Ŭ̾Ʈ û α ִ.

Ǻ

Header þ Ŭ̾Ʈ ȯ溯  HTTP ִ. , Ŭ̾Ʈ û Ư ִ 쿡  ִ.

ܺ ϱ

mod_ext_filter ExtFilterDefine þ ܺ ͸ disableenv= enableenv= ɼ Ͽ ȯ溯 ִ.

URL ۼ(Rewriting)

RewriteCond TestString %{ENV:...} ϸ mod_rewrite ۼ ȯ溯 ٸ ൿѴ. mod_rewrite տ ENV: ʰ ϴ ȯ溯 ƴ ϶. ׵ ٸ ⿡ mod_rewrite .

top

Ư ȯ溯

Ŭ̾Ʈ Ȱ ϱ ġ Ư Ŭ̾Ʈ ڽ ൿ Ѵ. BrowserMatch ȯ溯 Ͽ ̷ ذѴ. ׷ SetEnv PassEnvε ϴ.

downgrade-1.0

û ϴ HTTP/1.0 û óѴ.

force-gzip

DEFLATE ͸ Ҷ ȯ溯 accept-encoding ϰ .

force-no-vary

Ŭ̾Ʈ Vary ʵ带 .  Ŭ̾Ʈ ʵ带 ؼ Ѵ. ̷ ذѴ. , force-response-1.0 Ѵ.

force-response-1.0

HTTP/1.0 û ϴ Ŭ̾Ʈ HTTP/1.0 Ѵ. AOL Ͻÿ ־ .  HTTP/1.0 Ŭ̾Ʈ HTTP/1.1 Ƿ, ذϱ Ѵ.

gzip-only-text/html

"1"̸ text/html ƴ content-type mod_deflate DEFLATE ͸ ʴ´. (gzip Ӹ ƴ϶ "identity" ƴ ڵ) 쿡 mod_negotiation Ѵ.

no-gzip

ɼ ϸ mod_deflate DEFLATE ͸ ʰ, mod_negotiation ڵ ڿ ʴ´.

nokeepalive

KeepAlive Ѵ.

prefer-language

mod_negotiation ൿ ģ. (en, ja, x-klingon ) ±׸ ִٸ, mod_negotiation õѴ. ׷ ٸ Ϲ Ѵ.

redirect-carefully

Ŭ̾Ʈ ̷ . ̷ óϴµ ִ Ŭ̾Ʈ Ѵ. Microsoft WebFolders Ʈ DAV ޽带 丮 ڿ ̷ óϴµ ־ .

suppress-error-charset

2.0.40 ִ

ġ Ŭ̾Ʈ û ̷ Ŭ̾Ʈ ڵ ̷ ϴ(Ȥ ʴ) 쿡 Ͽ 信 ڿ Ѵ. ġ ġ ϴ ISO-8859-1 ǥѴ.

׷ ̷ǵ ٸ  ̻ ƴ϶ ̷ Ϸ Ѵ. , ׸ ̻ϰ ִ.

ȯ溯 ġ ̷ ʵ Ͽ, ̷ ùٷ ϰ .

top

߸ ϴ Ŭ̾Ʈ ൿ ϱ

Ŭ̾Ʈ ̹ ˷ ذϱ httpd.conf ϱ ٶ.

#
#  þ Ϲ HTTP  Ѵ.
# ù° þ Netscape 2.x ̸  
# keepalive  ʴ´. ̵    ִ.
# ι° þ HTTP/1.1  ߸Ǿ 301̳ 302
# (̷) 信  keepalive  
# ϴ Microsoft Internet Explorer 4.0b2  ̴.
#
BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0

#
#  þ ⺻ HTTP/1.1   Ͽ
# HTTP/1.0 Ծ   HTTP/1.1   ʴ´.
#
BrowserMatch "RealPlayer 4\.0" force-response-1.0
BrowserMatch "Java/1\.0" force-response-1.0
BrowserMatch "JDK/1\.0" force-response-1.0

α׿ ̹ û α ʱ

̹ û α׿ ʴ´. Ư 丮 Ȥ Ư ȣƮ û α ʵ ִ.

SetEnvIf Request_URI \.gif image-request
SetEnvIf Request_URI \.jpg image-request
SetEnvIf Request_URI \.png image-request
CustomLog logs/access_log common env=!image-request

"̹ "

ڰ ִ ̹ ϵ ϴ Ѵ. , ѵ 쿡 Ѵ. 츮 ̹ /web/images 丮 ȿ ִٰ Ѵ.

SetEnvIf Referer "^http://www.example.com/" local_referal
# Referer   ʴ  Ѵ
SetEnvIf Referer "^$" local_referal
<Directory /web/images>
   Order Deny,Allow
   Deny from all
   Allow from env=local_referal
</Directory>

ڼ ApacheToday 丮 " Keeping Your Images from Adorning Other Sites" ϶.

faq/index.html100644 0 0 14103 11237400533 10766 0ustar 0 0 Frequently Asked Questions - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

Frequently Asked Questions

This document is not a traditional FAQ, but rather a quick guide showing you what to do when you run into problems with the Apache HTTP Server.

A more traditional but quite outdated document is the Apache 1.3 FAQ.

top

"Why can't I ...? Why won't ... work?" What to do in case of problems

If you are having trouble with your Apache server software, you should take the following steps:

Check the ErrorLog!

Apache tries to be helpful when it encounters a problem. In many cases, it will provide some details by writing one or more messages to the server error log. Sometimes this is enough for you to diagnose and fix the problem yourself (such as file permissions or the like). The default location of the error log is /usr/local/apache2/logs/error_log, but see the ErrorLog directive in your config files for the location on your server.

If you end up in any of the support forums this is quite likely to be the first place they will ask you retrieve information from. Please ensure you know where to find your errorlog. If you are unsure, the wiki page here can give you some ideas where to look.

Consult the wiki
The Apache HTTP Server Wiki contains guides to solving many common problems.
Check the Apache bug database
Most problems that get reported to The Apache Group are recorded in the bug database. Do not submit a new bug report until you have checked existing reports (open and closed) and asked about your problem in a user-support forum (see below). If you find that your issue has already been reported, please don't add a "me, too" report.
Ask in a user support forum

Apache has an active community of users who are willing to share their knowledge. Participating in this community is usually the best and fastest way to get answers to your questions and problems.

Users mailing list

#apache on Freenode IRC is also available for user support issues.

Please use the bug database for bugs!

If you've gone through those steps above that are appropriate and have obtained no relief, then please do let the httpd developers know about the problem by logging a bug report.

If your problem involves the server crashing and generating a core dump, please include a backtrace (if possible).

top

Whom do I contact for support?

With millions of users and fewer than sixty volunteer developers, we cannot provide personal support for Apache. For free support, we suggest participating in a user forum (see above).

Professional, commercial support for Apache is available from a number of companies.

filter.html100644 0 0 12014 11237400533 10374 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ֽ ƴմϴ. ֱٿ ϼ.

ġ ͸ ϴ Ѵ.

top

õ õ þ

(filter) ų ޴ ڷῡ Ǵ ۾̴. Ŭ̾Ʈ ڷ Է(input filter) óϰ, Ŭ̾Ʈ ڷ (output filter) óѴ. ڷῡ ͸ ְ, ִ.

ġ ̾ޱ(byte-range) û óϱ ͸ Ѵ. , þ Ͽ ð ͸ ϴ ⵵ ִ. SetInputFilter, SetOutputFilter, AddInputFilter, AddOutputFilter, RemoveInputFilter, RemoveOutputFilter þ ڷḦ óϴ ͸ Ѵ.

ġ ڰ ִ ͸ Ѵ.

INCLUDES
mod_include óϴ Server-Side Includes
DEFLATE
mod_deflate Ͽ Ŭ̾Ʈ

, mod_ext_filter Ͽ ܺ α׷ ͷ ִ.

glossary.html100644 0 0 42775 11237400533 10773 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ֽ ƴմϴ. ֱٿ ϼ.

Ϲݿ , Ư ġ õ, Ѵ. 信 ڼ ũ ϶. (; ܾ ѱ ƴ϶, Դϴ. ǥ ϱ ٶϴ.)

top

(Access Control)
Ʈ . ġ Ư URL ϱ Ѵ.
: , Ѻο,
˰ (Algorithm)
ܰ踦 Ǫ Ȯ Ȥ Ģ. ȣȭ ˰ ȣ(Ciphers) θ.
APache eXtension Tool (apxs)
(module) ҽ ü (DSO) ϰ ġ ġϴ ۾ perl ũƮ.
: Manpage: apxs
(Authentication)
, Ŭ̾Ʈ, Ʈ ü Ȯ.
: , Ѻο,
(Certificate)
Ŭ̾Ʈ Ʈ ü ϴ ڷ. (subject ), (Certificate Authority) (issuer ), Ű, CA  X.509 ִ. Ʈ ü CA Ͽ ˻Ѵ.
: SSL/TLS ȣȭ
û (Certificate Signing Request, CSR)
(Certification Authority) Ͽ CA (Certificate) Ű (Private Key) . CSR Ǹ ȴ.
: SSL/TLS ȣȭ
(Certification Authority, CA)
Ʈ ü ϴ ŷϴ . ٸ Ʈ ü CA ڸ ߴ Ȯ ִ.
: SSL/TLS ȣȭ
ȣ (Cipher)
ڷḦ ȣȭϴ ˰̳ ý. , DES, IDEA, RC4 ִ.
: SSL/TLS ȣȭ
ȣ (Ciphertext)
(Plaintext) ȣ (Cipher) ó .
: SSL/TLS ȣȭ
Ʈ ̽ (Common Gateway Interface, CGI)
ܺ α׷ û ֵ ܺ α׷ ̽ ǥ. ̽ NCSA , RFC Ʈ̱⵵ ϴ.
: CGI
þ (Configuration Directive)
: þ
(Configuration File)
ġ ϴ þ (directive) ؽƮ.
:
CONNECT
HTTP ڷ帧 Ͻϴ HTTP ޽ (method). SSL ٸ α Ѵ.
(Context)
(configuration file) Ư þ (directive) ִ .
: ġ þ ϴµ
ڼ (Digital Signature)
ٸ ˻ϴ ȣȭ ڵ. (Certification Authority) (Certificate) Ե Ű (Public Key) ؽ ڽ Ű (Private Key) ȣȭϿ . CA Ű Ǯ ֱ⶧, CA (Certificate) Ʈ ü ִ.
: SSL/TLS ȣȭ
þ (Directive)
ġ ϴ ɾ. þ (Configuration File) Ѵ.
: þ
ü (Dynamic Shared Object) (DSO)
ġ httpd ϰ Ͽ ʿҶ о ִ (Module).
: ü
ȯ溯 (Environment Variable) (env-variable)
ϰ α׷ ü ϴ . ġ ȯ溯 , ȯ ƴ϶ ġ ο ȴ.
: ġ ȯ溯
(Export-Crippled)
̱ (Export Administration Regulations, EAR) ؼϱ ȣ( ) . ȣȭ Ʈ Ű ũⰡ ۰ ѵǾ, ȣ (Ciphertext) (brute force) Ǯ ִ.
: SSL/TLS ȣȭ (SSL/TLS Encryption)
(Filter)
ų ޴ ڷḦ óϴ . Էʹ Ŭ̾Ʈ ڷḦ óϰ, ʹ Ŭ̾Ʈ óѴ. , INCLUDES ʹ Server Side Includes óѴ.
:
θ (Fully-Qualified Domain-Name) (FQDN)
IP ּҿ ϴ, ȣƮ θ Ʈ ü ̸. , www ȣƮ̰ example.com θ϶, www.example.com θ̴.
ڵ鷯 (Handler)
ûҶ ϴ ۾ ġ ǥ. Ϲ Ϲ ڵ鷯 . ,  "óȴ(handled)". , cgi-script ڵ鷯 CGI ó Ѵ.
: ġ ڵ鷯
(Header)
HTTP û 信 κ ϴ ִ.
.htaccess
ȿ ִ (configuration file), þ (directive) ڽ ġ 丮 丮 Ѵ. ̸ ޸ Ͽ ܼ þܿ þ ִ.
:
httpd.conf
ġ (configuration file). ⺻ ġ /usr/local/apache2/conf/httpd.conf, Ҷ Ȥ ϶ ִ.
:
HyperText Transfer Protocol (HTTP)
̵ ϴ ǥ . ġ RFC 2616 HTTP/1.1̶ 1.1 Ѵ.
HTTPS
ȭ̵ ǥ ȣ , HyperText Transfer Protocol (Secure). شܿ SSL HTTP̴.
: SSL/TLS ȣȭ
޽ (Method)
Ŭ̾Ʈ HTTP û ڿ ϵ ൿ. HTTP ޽忡 GET, POST, PUT ִ.
޽ (Message Digest)
޽ ʾ ϱ ޽ ؽ.
: SSL/TLS ȣȭ
MIME-type
ϴ . Multipurpose Internet Mail Extensions Ա⶧ ̷ ̸ . ̿ major type minor type ̷. , text/html, image/gif, application/octet-stream ̴. MIME-type HTTP Content-Type (header) Ѵ.
: mod_mime
(Module)
α׷ κ. ġ Կθ ִ ⿡ ִ. ġ httpd ϰ ̶ ϸ, иǾ о ִ Ȥ DSO Ѵ. ⺻ ϴ base ̶ Ѵ. ġ Ÿ (tarball) ġ ִ. ̵ ڰ (third-party) ̶ Ѵ.
:
(Module Magic Number) (MMN)
ġ ҽڵ尡 , ȣȯ ִ. ȣȯ ̻ ġ Լ ȣ, ٸ API Ϻΰ 쿡 ٲ. MMN ϸ ڰ ּ ٽ ϵǾ Ѵ. ġ µ ؾ 쵵 ִ.
OpenSSL
SSL/TLS ¼ҽ
http://www.openssl.org/
Pass Phrase
Ű ȣϴ . ڰ Ű Ͽ ȣȭ ϵ Ѵ. ȣ (Ciphers) ϴ н ȣ/ص Ű̴.
: SSL/TLS ȣȭ
(Plaintext)
ȣȭ .
Ű (Private Key)
ڷḦ صϰ ڷḦ ϱ Ű ȣȭ (Public Key Cryptography) ý ȣŰ.
: SSL/TLS ȣȭ
Ͻ (Proxy)
Ŭ̾Ʈ ̿ ִ ߰ . Ŭ̾Ʈ û ޾ , Լ ٽ Ŭ̾Ʈ . Ŭ̾Ʈ ûϸ Ͻô Ź ûʰ ij Ͽ ð ִ.
: mod_proxy
Ű (Public Key)
Ű ȣȭ (Public Key Cryptography) ýۿ Ű ڿ ȣȭϰų ڰ Ǯ Ű.
: SSL/TLS ȣȭ
Ű ȣȭ (Public Key Cryptography)
ȣ ص ٸ Ű ϴ Ī(asymmetric) ȣȭ ý Ȱ. ȣ ص ϴ ΰ Ű Ű(key pair) ̷. Ī ȣȭ θ.
: SSL/TLS ȣȭ
ǥ (Regular Expression) (Regex)
ϴ . , " A ϴ ܾ", " 10ε ȭȣ", "ǥ ΰְ 빮 Q " ǥ ִ. ǥ ϸ ſ ϰ ̳ ڿ  ִ. , "images" 丮 Ʒ ִ .gif .jpg "/images/.*(jpg|gif)$" Ī ִ. ġ PCRE ̺귯 Ͽ Perlȣȯ ǥ Ѵ.
Ͻ (Reverse Proxy)
Ŭ̾Ʈ ó ̴ Ͻ (proxy) . Ȼ Ȥ ϸ лϱ Ŭ̾Ʈ 涧 ϴ.
Secure Sockets Layer (SSL)
Netscape Communications簡 TCP/IP Ʈ Ϲ ȣȭ . Ϲ 뵵 HTTPS (HyperText Transfer Protocol (HTTP) over SSL)̴.
: SSL/TLS ȣȭ
Server Side Includes (SSI)
HTML ȿ óþ ϴ .
: Server Side Includes Ұ
(Session)
Ϲ Ȳ(context) .
SSLeay
Eric A. Young SSL/TLS ̺귯
Ī ȣ (Symmetric Cryptography)
ȣ ص ۾ ȣŰ ϴ ȣ (Ciphers) Ȱ.
: SSL/TLS Encryption
Ÿ (Tarball)
tar Ͽ ϵ . ġ tar ϰų pkzip Ͽ ȴ.
Transport Layer Security (TLS)
ͳݱ ǥȭⱸ(Internet Engineering Task Force, IETF) TCP/IP Ʈ Ϲ ȣȭ SSL ļ . TLS 1 SSL 3 ϴ.
: SSL/TLS ȣȭ
Uniform Resource Locator (URL)
ͳݿ ִ ڿ ̸/ּ. δ Uniform Resource Identifier ϴ ϻ Ī̴. URL http https Ŵ(scheme), ȣƮ, η ȴ. URL http://httpd.apache.org/docs/2.2/glossary.html̴.
Uniform Resource Identifier (URI)
߻ ڿ̳ ڿ Īϱ ڿ. RFC 2396 Ѵ. ̵ ϴ URI URL̶ θ.
ȣƮ (Virtual Hosting)
ġ ϳ Ʈ ϱ. IP ȣƮ Ʈ IP ּҰ ٸ. ̸(name-based) ȣƮ ȣƮ ϹǷ IP ּҿ Ʈ ִ.
: ġ ȣƮ
X.509
ſ(International Telecommunication Union, ITU-T) ϴ . SSL/TLS Ѵ.
: SSL/TLS ȣȭ
handler.html100644 0 0 17010 11237400533 10525 0ustar 0 0 ġ ڵ鷯 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

ġ ڵ鷯

ֽ ƴմϴ. ֱٿ ϼ.

ġ ڵ鷯 ϴ Ѵ.

top

ڵ鷯 ΰ

õ õ þ

ûҶ ġ ۾ "ڵ鷯(handler)" Ѵ. Ϲ Ϲ ڵ鷯 ִ. ,  "óȴ(handled)".

Apache 1.1 ڵ鷯 ְ Ǿ. ڵ鷯 Ȯڳ ġ ִ. ̴ Ǹ ̰ ڵ鷯 ο ֱ⶧ . ( Ȯڸ )

ڵ鷯 Ͽ, Action þ ߰ ִ. ǥ ִ ⺻ ڵ鷯 :

top

CGI ũƮ Ͽ ϱ

þ Ȯڰ html û footer.pl CGI ũƮ .

Action add-footer /cgi-bin/footer.pl
AddHandler add-footer .html

CGI ũƮ (PATH_TRANSLATED ȯ溯 Īϴ) û .

HTTP ϴ

þ HTTP ϴ Ͽ send-as-is ڵ鷯 Ѵ. /web/htdocs/asis/ 丮 ȿ ִ Ȯڿ send-as-is ڵ鷯 óѴ.

<Directory /web/htdocs/asis>
SetHandler send-as-is
</Directory>

top

α׷Ӹ

ڵ鷯 ϱ Apache API ߰Ǿ. Ư request_rec ü ο ʵ尡 ߰Ǿ:

char *handler

ڵ鷯 Ϸ, û invoke_handler ܰ r->handler ڵ鷯 ̸ ֱ⸸ ϸ ȴ. ڵ鷯 content type ڵ鷯 ̸ ϰ Ǿ. ų ʿ ڵ鷯 ̸ ʰ, ܾ ̿ ȣ ϴ Ϲ̴. ׷ ڵ鷯 ̸ media type ġ ʴ´.

howto/access.html100644 0 0 22441 11237400533 11515 0ustar 0 0 Access Control - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

Access Control

Access control refers to any means of controlling access to any resource. This is separate from authentication and authorization.

top

Related Modules and Directives

Access control can be done by several different modules. The most important of these is mod_authz_host. Other modules discussed in this document include mod_setenvif and mod_rewrite.

top

Access control by host

If you wish to restrict access to portions of your site based on the host address of your visitors, this is most easily done using mod_authz_host.

The Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The Order directive goes hand-in-hand with these two, and tells Apache in which order to apply the filters.

The usage of these directives is:

Allow from address

where address is an IP address (or a partial IP address) or a fully qualified domain name (or a partial domain name); you may provide multiple addresses or domain names, if desired.

For example, if you have someone spamming your message board, and you want to keep them out, you could do the following:

Deny from 10.252.46.165

Visitors coming from that address will not be able to see the content covered by this directive. If, instead, you have a machine name, rather than an IP address, you can use that.

Deny from host.example.com

And, if you'd like to block access from an entire domain, you can specify just part of an address or domain name:

Deny from 192.168.205
Deny from phishers.example.com moreidiots.example
Deny from ke

Using Order will let you be sure that you are actually restricting things to the group that you want to let in, by combining a Deny and an Allow directive:

Order deny,allow
Deny from all
Allow from dev.example.com

Listing just the Allow directive would not do what you want, because it will let folks from that host in, in addition to letting everyone in. What you want is to let only those folks in.

top

Access control by environment variable

mod_authz_host, in conjunction with mod_setenvif, can be used to restrict access to your website based on the value of arbitrary environment variables. This is done with the Allow from env= and Deny from env= syntax.

SetEnvIf User-Agent BadBot GoAway=1
Order allow,deny
Allow from all
Deny from env=GoAway

Warning:

Access control by User-Agent is an unreliable technique, since the User-Agent header can be set to anything at all, at the whim of the end user.

In the above example, the environment variable GoAway is set to 1 if the User-Agent matches the string BadBot. Then we deny access for any request when this variable is set. This blocks that particular user agent from the site.

An environment variable test can be negated using the =! syntax:

Allow from env=!GoAway

top

Access control with mod_rewrite

The [F] RewriteRule flag causes a 403 Forbidden response to be sent. Using this, you can deny access to a resource based on arbitrary criteria.

For example, if you wish to block access to a resource between 8pm and 6am, you can do this using mod_rewrite.

RewriteEngine On
RewriteCond %{TIME_HOUR} >20 [OR]
RewriteCond %{TIME_HOUR} <07
RewriteRule ^/fridge - [F]

This will return a 403 Forbidden response for any request after 8pm or before 7am. This technique can be used for any criteria that you wish to check. You can also redirect, or otherwise rewrite these requests, if that approach is preferred.

top

More information

You should also read the documentation for mod_auth_basic and mod_authz_host which contain some more information about how this all works. mod_authn_alias can also help in simplifying certain authentication configurations.

See the Authentication and Authorization howto.

howto/auth.html100644 0 0 41630 11237400533 11216 0ustar 0 0 (Authentication), Ѻο(Authorization), (Access Control) - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

(Authentication), Ѻο(Authorization), (Access Control)

ֽ ƴմϴ. ֱٿ ϼ.

(authentication) ڽ ϴ Ȯϴ ̴. Ѻο(authorization) Ȥ ϴ 򵵷 ϴ ̴.

top

þ

õ õ þ
top

Ұ

Ʈ ִ Ҽ 鸸 ̰ų ̵鸸 , ۿ ϴ Ͽ ϴ ִ.

Ʈ Ϻθ ȣϱ ϴ "ǥ" ٷ.

top

ۿ ٷ þ ּ(Ϲ <Directory> )̳ 丮 (.htaccess ) Ѵ.

.htaccess Ϸ Ͽ ִ þ ϵ ؾ Ѵ. ̸ 丮 Ͽ  þ ִ ϴ AllowOverride þ Ѵ.

⼭ ٷ , AllowOverride þ ʿϴ.

AllowOverride AuthConfig

Ȥ þ ּϿ ´ٸ, Ͽ ־ Ѵ.

׸ ȣ ִ ˱ 丮 ˾ƾѴ. ʰ, ڼ ̴.

top

⺻ ϱ

丮 ȣ ȣϴ ⺻ Ѵ.

ȣ Ѵ. ־ Ѵ. ٸ ȣ ٿε ϰϱ ؼ. , /usr/local/apache/htdocs ִٸ ȣ() /usr/local/apache/passwd д.

ġ Ե htpasswd Ͽ ȣ . α׷ ġ ġ bin 丮 ִ. ԷѴ.

htpasswd -c /usr/local/apache/passwd/passwords rbowen

htpasswd ȣ , Ȯ ȣ ٽ Է϶ ûѴ.

# htpasswd -c /usr/local/apache/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen

htpasswd ο ٸ ü θ Էؾ Ѵ. ϴ /usr/local/apache/bin/htpasswd ִ.

ȣ ûϵ ϰ,  ˷ Ѵ. httpd.conf ϰų .htaccess Ͽ Ѵ. , /usr/local/apache/htdocs/secret 丮 ȣϷ, Ʒ þ /usr/local/apache/htdocs/secret/.htaccess ̳ httpd.conf <Directory /usr/local/apache/apache/htdocs/secret> ǿ Ѵ.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /usr/local/apache/passwd/passwords
Require user rbowen

þ ϳ 캸. AuthType þ ڸ Ѵ. Ϲ Basic, mod_auth_basic Ѵ. ׷ Basic ȣ ȣȭ ʰ . ׷Ƿ ڷḦ ȣϱ ϸ ȵȴ. ġ AuthType Digest Ѵ. mod_auth_digest ϸ, ſ ϴ. ֱ Ŭ̾Ʈ鸸 Digest Ѵٰ Ѵ.

AuthName þ (realm) Ѵ. ΰ Ѵ. ù° Ŭ̾Ʈ ȣ ȭâ ش. ι° Ͽ Ŭ̾Ʈ Ư  ȣ Ѵ.

, ϴ Ŭ̾Ʈ "Restricted Files" Ͽٸ, Ŭ̾Ʈ ڵ "Restricted Files" ǥõ ȣ õѴ. ׷ ϸ ڰ ȣ Է ʾƵ ȴ. Ȼ Ŭ̾Ʈ ȣƮ ٸ ׻ ȣ .

AuthUserFile þ 츮 htpasswd ȣ θ Ѵ. ڰ ٸ û Ź ڸ ϱ Ϲ ˻ϴµ ð ɸ ִ. ġ Ÿ̽ Ͽ ִ. mod_authn_dbm AuthDBMUserFile þ Ѵ. dbmmanage α׷ Ͽ ȣ ٷ. ġ Ÿ̽ ٸ ϴ ڰ ִ.

Require þ Ư ִ ڸ Ͽ Ѻο Ѵ. require þ ϴ پ Ѵ.

top

þ 丮 (ڸ rbowen) 鿩. κ 鿩 ̴. AuthGroupFile .

鿩 ʹٸ ׷ ׷쿡  ڵ ִ ˷ִ ׷ ʿϴ. ſ Ͽ, ƹ γ ִ. ϳ .

GroupName: rbowen dpitts sungo rshersey

׳ ׷ ̴.

ȣϿ ڸ ߰Ϸ ԷѴ

htpasswd /usr/local/apache/passwd/passwords dpitts

, ʰ Ͽ ڸ ߰Ѵ. (-c ɼ ȣ ).

.htaccess Ѵ.

AuthType Basic
AuthName "By Invitation Only"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group GroupName

׷ GroupName ׷쿡 ϸ password Ͽ ׸ ִ ڰ ùٸ ȣ Էϸ Ѵ.

Ϲ ڸ 鿩 ٸ ִ. ׷ ʿ þ ϱ⸸ ϸ ȴ.

Require valid-user

Require user rbowen þ ϸ ȣϿ ִ ùٸ ȣ Էϱ⸸ ϸ Ѵ. ׷캰 ٸ ȣ Ͽ ׷ ȿ ִ. ġ ΰ(ȣϰ ׷) ƴ Ѱ(ȣ) ˻ϸ ȴٴ ̴. ׷ ȣ ؾ ϰ, AuthUserFile þ Ȯ ȣ ؾ ϴ ̴.

top

߻ ִ

Basic û ڸ ȣ ȮѴ. ħ (׸ ȣ ȣϴ 丮 ִ ) ִ ׸ ٽ ȮѴ. ϵ ӵ . ȣ  ڸ ã ϱ⶧ ȣ ũⰡ Ŀ . ׸ ۾ û Ѵ.

׷ ȣϿ ִ ڼ Ѱ谡 ִ. Ѱ ϴ ɿ ٸ, ׸ 鰳 Ѵ´ٸ ٰ ϰ ٸ ؾ Ѵ.

top

ٸ Ѱ?

ڸ ȣ ٰ ƴϴ. ҿ ٸ ڸ 鿩 ִ.

Allow Deny þ û ǻ ȣƮ Ȥ ȣƮ ּҸ ϰų źѴ. Order þ þ Ͽ, ġ  Ģ ˸.

̵ þ .

Allow from address

address IP ּ(Ȥ IP ּ Ϻ) θ(Ȥ θ Ϻ)̴. Ѵٸ ּҳ θ ִ.

, Խǿ ø ִٸ ִ.

Deny from 205.252.46.165

ּҿ 湮ڴ þ ȣϴ . IP ּ ǻ͸ ִ.

Deny from host.example.com

, ü ּҳ θ Ϻθ Ѵ.

Deny from 192.101.205
Deny from cyberthugs.com moreidiots.com
Deny from ke

Order Deny Allow þ Ͽ ϴ ִ.

Order deny,allow
Deny from all
Allow from dev.example.com

Allow þ ϸ, ش ȣƮ ڸ ϰ ű⿡ ߰ ϹǷ ϴ Ѵ. Ư ϱ Ѵ.

top

mod_auth_basic mod_authz_host  ϴ ִ.

howto/cgi.html100644 0 0 54573 11237400533 11031 0ustar 0 0 ġ 丮: CGI - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ġ 丮: CGI

ֽ ƴմϴ. ֱٿ ϼ.
top

Ұ

õ õ þ

CGI (Common Gateway Interface) CGI α׷ Ȥ CGI ũƮ θ, ( ) ܺ α׷ ϴ Ѵ. Ʈ ϰ ̴. ġ CGI ϴ Ұϰ, CGI α׷ ۼغ.

top

CGI ϵ ġ ϱ

CGI α׷ ùٷ Ϸ CGI ϵ ġ ؾ Ѵ. ϴ .

ScriptAlias

ScriptAlias þ ϸ ġ Ư 丮 CGI α׷ д. ġ 丮 ִ CGI α׷̶ Ͽ Ŭ̾Ʈ ڿ ûϸ ڿ Ϸ õѴ.

ScriptAlias þ Ѵ.

ScriptAlias /cgi-bin/ /usr/local/apache2/cgi-bin/

ġ ⺻ ҿ ġ httpd.conf Ͽ ִ ̴. ScriptAlias þ Alias þ URL պκ Ư 丮 Ѵ. Alias ScriptAlias DocumentRoot 丮 ۿ ִ 丮 Ѵ. Alias ScriptAlias ScriptAlias ߰ URL պκ ϴ CGI α׷ ϴ ̴. ׷ ġ /cgi-bin/ ϴ ڿ ûϸ /usr/local/apache2/cgi-bin/ 丮 ãƼ CGI α׷ ó϶ ˸.

, URL http://www.example.com/cgi-bin/test.pl ûϸ ġ /usr/local/apache2/cgi-bin/test.pl Ͽ ȯѴ. ϰ డϸ  ε ؾ Ѵ. ׷ ġ .

ScriptAlias 丮 ۿ ִ CGI

Ȼ CGI α׷ ScriptAlias 丮 Ѵ. ׷ ڴ CGI α׷ ִ ִ. ׷ ġ ߴٸ ƹ 丮 CGI α׷ . , UserDir þ Ͽ ڰ ڽ Ȩ丮 츦 . ڰ ڽ CGI α׷ ϰ cgi-bin 丮 ٱ ٸ, ٸ CGI α׷ ϰ ̴.

ƹ 丮 CGI Ϸ ʿϴ. , AddHandler SetHandler þ Ͽ cgi-script ڵ鷯 ۵ؾ Ѵ. ι°, Options þ ExecCGI ؾ Ѵ.

Options Ͽ CGI ϱ

ּϿ Options þ Ͽ Ư 丮 CGI ִ.

<Directory /usr/local/apache2/htdocs/somedir>
Options +ExecCGI
 </Directory>

þ ġ CGI Ѵ.  CGI ˷ Ѵ. AddHandler þ Ȯڰ cgi pl CGI α׷̶ ˸.

AddHandler cgi-script .cgi .pl

.htaccess

.htaccess httpd.conf ٱ 쿡 CGI α׷ ִ ˷ش.

Ʒ ϸ 丮 .cgi CGI α׷ Ѵ.

<Directory /home/*/public_html>
Options +ExecCGI
AddHandler cgi-script .cgi
 </Directory>

ϸ 丮 cgi-bin 丮 ִ CGI α׷ νѴ.

<Directory /home/*/public_html/cgi-bin>
Options ExecCGI
SetHandler cgi-script
 </Directory>

top

CGI α׷ ۼϱ

``Ϲ'' α׷ְ CGI α׷ ̿ ΰ ֵ ִ.

ù° ̴ CGI α׷ ٸ ϱ MIME-type ؾ Ѵٴ ̴. HTTP Ŭ̾Ʈ Ŭ̾Ʈ  ްԵ ̸ ˸. .

Content-type: text/html

ι° ̴ HTML Ȥ ִ ؾ Ѵٴ ̴. κ HTML , gif ׸ HTML ƴ ϴ CGI α׷ ۼϴ 쵵 ִ.

ΰ ϰ CGI α׷ ۼ ̹ ٸ α׷ ſ ϴ.

ó CGI α׷

CGI α׷ . ״ first.pl̶ Ͽ ϰ, cgi-bin 丮 Ѵ.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
print "Hello, World.";

Perl ͼ ʴ Ͼ ִ. ù° ġ(Ȥ ϴ ) /usr/bin/perl ġ ִ Ͽ α׷ ϶ ˸. ι° content-type ϰ carriage-return ٹٲ ι Ѵ. ׷ ڿ HTTP ϴ , Ѵ. ° "Hello, World." ڿ Ѵ. ̰ ̴.

ϰ ּҸ ԷѴ

http://www.example.com/cgi-bin/first.pl

Ҹ Էϸ, â Hello, World. δ. е , ѹ ϴ ٸ õ ִ.

top

׷ ʾƿ!

CGI α׷ Ҷ ִ ⺻ װ.

CGI α׷
! Ѵٴ ̴. Ȯ ùٷ ó Ѵٸ, CGI α׷ ùٸ Content-Type Ͽ ȮѴ.
CGI α׷ ҽڵ Ȥ "POST Method Not Allowed"
CGI α׷ ϵ ġ ʾҴٴ ̴. ġ ϱ ٽ а κ ִ ãƺ.
"Forbidden" ϴ
ִٴ ̴. ġ α Ʒ ϱ Ȯ϶.
"Internal Server Error"
ġ α Ƹ CGI α׷ Բ "Premature end of script headers" ̴. Ʒ ϳ ȮϿ  CGI α׷ HTTP ߴ ˾ƺ.

ϱ

Ű ϶. , ϸ Ư ( nobody www) Ѵ. ׷ Ϸ ʿϴ. Ͽ nobody ϱ⿡ ֱ ο ش.

chmod a+x first.pl

, α׷ ٸ аų ٸ Ͽ ʿϴ.

ȯ

࿡ α׷ ϸ ڵ  ޵ȴ. , PATH ã Ҹ ˷ش.

α׷ CGI α׷ Ҷ PATH ٸ ִ. ( , sendmail ) CGI α׷ ȿ ϴ ɾ η ؾ ɾ ã ִ.

CGI α׷ ù° ٿ ũƮ ( perl) ο ߻Ѵ.

#!/usr/bin/perl

ȮѴ.

, CGI α׷ ٸ ȯ溯 Ѵٸ ġ α׷ ؾ Ѵ.

α׷

CGI α׷ ϴ κ α׷ ü ̴. Ư ΰ Ǽ ʾҰ ִٸ ׷. ϱ ࿡ α׷ غ. , Ѵ.

cd /usr/local/apache2/cgi-bin
./first.pl

(perl ͸ . ġ ũƮ ù° ٿ ִ Ͽ ͸ ãƾ Ѵ.)

α׷ Content-Type HTTP ϰ ؾ Ѵ. ٸ Ѵٸ ġ Premature end of script headers ȯѴ. ڼ CGI α׷ ۼϱ ϶.

α

α״ ̴. ߸Ǹ α׿ . α׸ Ѵ. Ʈ ȣϴ α׸ ϰ Ѵٸ, Ƹ ٸ ü ˾ƺ Ѵ. α׸ , κ ľϿ ذ ִ.

Suexec

suexec α׷ ϸ  ȣƮ Ȥ  丮 ִ CGI α׷ ٸ ִ. Suexec ſ ϰ ˻ϸ, ˻縦 ϳ ϸ CGI α׷ ʰ Premature end of script headers ȯѴ.

suexec ϰ ִ ˷ apachectl -V Ͽ SUEXEC_BIN ġ ȮѴ. ġ Ҷ ҿ suexec ߰ϸ, suexec ִ.

suexec ߴٸ ؼ ȵȴ. suexec SUEXEC_BIN ġ ִ suexec (Ȥ ϸ ٲٰ) ϸ ȴ. suexec ׷ ϰ ʹٸ, suexec -V Ͽ suexec α ġ ˾Ƴ αϿ  Ģ ִ ã´.

top

ڿ °?

CGI α׷ֿ ͼ ڿ ϸ ȴ. ü ϴ ϴ ̴. "Hello, World." ϴ α׷ ۼ ̷ α׷ ⶧̴.

ȯ溯

ȯ溯 ǻ͸ ϴ ٴϴ ̴. ȯ溯 path (ǻͰ Է ɾ شϴ ã ), ڸ, ͹̳ . Ϲ ȯ溯 Ʈ env ԷѴ.

CGI Ҷ ȯ溯 ȯѴ. (Netscape, IE, Lynx), (ġ, IIS, WebSite), ϴ CGI α׷ ִ.

CGI α׷Ӵ ̷ ְ, ȯ溯 Ŭ̾Ʈ- ſ Ϻκ Ѵ. ü ʼ http://hoohoo.ncsa.uiuc.edu/cgi/env.html ִ.

Ʒ Perl CGI α׷ ڽſ ޵ ȯ溯 ش. ġ cgi-bin 丮 ̿ α׷ ΰ ִ. ʼ̰ ̴. ׷ Ͽ δ. , ġ ⺻ ϴ ȯ溯 ܿ ȯ溯 ߰ ִ.

#!/usr/bin/perl
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
print "$key --> $ENV{$key}<br>";
 }

STDIN STDOUT

, Ŭ̾Ʈ ǥԷ(STDIN) ǥ(STDOUT) Ѵ. ϻ STDIN Ű峪 α׷ óϴ Ÿ, STDOUT ܼ̳ ȭ Ѵ.

CGI α׷ (form) POSTϸ Ŀ Է ڷḦ Ư  CGI α׷ STDIN Ѵ. ׷ α׷ Ű峪 Ͽ ڷḦ óϵ ڷḦ ó ִ.

"Ư " ſ ϴ. ׸ ̸ ȣ(=) ϰ, ׸ ̸ ֵ ۻ(&) Ѵ. , ۻ, ȣ ڿ ڴ ȥ ʵ 16 ȯѴ. ڷ ڿ .

name=Rich%20Bowen&city=Lexington&state=KY&sidekick=Squirrel%20Monkey

URL ڿ ̷ ڿ ȴ. ڿ QUERY_STRING̶ ȯ溯 Ѵ. ̸ GET û̶ Ѵ. FORM ± METHOD Ӽ Ͽ HTML (form) ڷḦ GET POST Ѵ.

α׷ ̷ ڿ ɰ Ѵ. ̷ ڷ ó CGI α׷ ٸ Ǵ ̺귯 ִ.

top

CGI /̺귯

CGI α׷ ۼҶ ۾ ִ ڵ ̺귯 Ȥ غ Ѵ. ̷ ϸ װ ٰ α׷ ִ.

Perl CGI α׷ ۼѴٸ CPAN ã ִ. CGI ߿ θ Ǵ CGI.pm̴. κ α׷ ּ CGI::Lite ִ.

C CGI α׷ ۼѴٸ . ϳ http://www.boutell.com/cgic/ ִ CGIC ̺귯.

top

...

ſ CGI ִ. ׷ comp.infosystems.www.authoring.cgi CGI ִ. HTML Writers Guild -servers ϸƮ ã⿡ Ǹ Ҵ. http://www.hwg.org/lists/hwg-servers/ ִ.

׸ CGI α׷ ۿ CGI Ծ о 𸥴. NCSA ְ, ʾ Common Gateway Interface RFC Ʈ ִ.

ϸƮ ׷쿡 ݰ ִ CGI Ҷ ߻ , ߻  ٸ, ϴ , CGI α׷ ۼ , ϸ ش ڵ带 ڼ . ׷ ذå ã .

ġ ҽڵ尡 ߸Ǿٰ Ȯ ʴ CGI ġ ͺ̽ ø ȵȴ.

howto/htaccess.html100644 0 0 40672 11237400533 12057 0ustar 0 0 ġ 丮: .htaccess - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ġ 丮: .htaccess

ֽ ƴմϴ. ֱٿ ϼ.

.htaccess Ͽ 丮 ִ.

top

.htaccess

õ õ þ
top

̸/ ϴ°

.htaccess (Ȥ "л ") ϸ 丮 ִ. þ ִ Ư 丮 θ, 丮 丮 þ Ѵ.

:

.htaccess ϸ ٸ ϰ ʹٸ, AccessFileName þ Ͽ ִ. , .config ϸ Ϸ Ͽ ߰Ѵ.

AccessFileName .config

Ϲ .htaccess ּ . AllowOverride þ Ͽ ִ Ѵ. þ .htaccess Ͽ ϴ þ з Ѵ. þ .htaccess Ͽ ִٸ, ش þ Override ׸ þ ϱ AllowOverride ˷ش.

, AddDefaultCharset þ þ .htaccess Ͽ ִ. (þ ࿡ ׸ .) Override ٿ FileInfo ִ. ׷ þ .htaccess Ͽ ϱؼ ּ AllowOverride FileInfo ʿϴ.

:

: ּ, ȣƮ, directory, .htaccess
Override: FileInfo

Ư þ .htaccess Ͽ ִ ñϸ þ ׸ ".htaccess" ִ ȮѴ.

top

.htaccess ϳ (Ȥ ʳ)

Ϲ ּϿ 찡 ƴ϶ .htaccess ϸ ȵȴ. , ׻ .htaccess Ͽ ־ Ѵٴ ߸ ˷ ش. ̴ ƴϴ. ּ ְ, ̷ Ѵ.

.htaccess ڰ 丮 ٸϰ ýۿ root 쿡 Ѵ. ڰ ϰ Ϲ ڰ .htaccess ϵ ϴ ٶϴ. , ǻͿ Ʈ ϴ ISP ڰ ڽ ϰ 찡 ׷ϴ.

׷ Ϲ .htaccess ؾ Ѵ. .htaccess Ͽ ϴ þ ּ <Directory> ǰ ȿ ִ.

ΰ ū .htaccess ؾ Ѵ.

ù° ̴. AllowOverride .htaccess ϵ ϸ, ġ 丮 .htaccess ã´. ׷ .htaccess ϸ ʴ 쿡 ! , .htaccess ûҶ оδ.

Դٰ ؾ ϴ ü þ ġ 丮 .htaccess ã´. ( þ ϳ .) ׷ /www/htdocs/example 丮 ִ ûϸ, ġ ϵ ãƾ Ѵ.

/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess

׷ 丮 ִ  Ͻý 4 ؾ Ѵ. (/ .htaccess 츦 Ѵ. ʴ´.)

ι° ̴. ڿ ָ ȭ Ͼ ִ. ڿ ̷ ϶. , ڰ ϴ ͺ ָ û ´. ڿ Ȯ ˷. ڿ AllowOverride  Ͽ Ȯ ˸ ϸ ȥ ִ.

þ /www/htdocs/example.htaccess δ Ͱ ּ <Directory /www/htdocs/example> Directory δ .

/www/htdocs/example ִ .htaccess :

/www/htdocs/example ִ .htaccess

AddType text/example .exm

httpd.conf Ͽ ִ

<Directory /www/htdocs/example>
AddType text/example .exm
 </Directory>

׷ û ʰ ġ Ҷ ѹ б⶧ Ͽ ϸ .

AllowOverride þ none ϸ .htaccess .

AllowOverride None

top

 þ ϳ

.htaccess ߰ 丮 丮 丮 .htaccess Ͽ ִ þ Ѵ. ׷ 丮 .htaccess ؾ Ѵ. ߰ þ Ѵ. Ư 丮 ִ .htaccess 丮 ִ .htaccess þ ȿ ְ, 丮 ִ þ 丮 Ȥ ּϿ ִ þ ȿ ִ.

:

/www/htdocs/example1.htaccess ִ.

Options +ExecCGI

(: .htaccess Ͽ "Options" þ Ϸ "AllowOverride Options" ʿϴ.)

/www/htdocs/example1/example2.htaccess ִ.

Options Includes

ι° .htaccess Options Includes ȿ ⶧ /www/htdocs/example1/example2 丮 CGI ʴ´.

top

˱ ٷ ̰ д´ٸ ִ. ȣ Ϸ .htaccess ʿϴٴ ذ θ ִ. ̴ ƴϴ. ּ <Directory> ǿ þ δ ϴ ̰, ּ 쿡 .htaccess ؾ Ѵ. .htaccess ؾ ϴ ƾ ϴ Ͽ.

տ .htaccess ʿϴٰ Ǹ Ʒ ̴.

.htaccess .

AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

þ ϱؼ AllowOverride AuthConfig þ ʿ ϶.

Ѻο ڼ ٶ.

top

Server Side Includes

Ǵٸ Ϲ .htaccess 뵵 Ư 丮 Server Side Includes ϰ ̴. ϴ 丮 .htaccess Ͽ þ ϸ ȴ.

Options +Includes
AddType text/html shtml
AddHandler server-parsed shtml

þ Ϸ AllowOverride Options AllowOverride FileInfo ʿ ϶.

server-side includes ڼ SSI 丮 ٶ.

top

CGI

.htaccess Ͽ Ư 丮 CGI α׷ ϰ ʹٸ, Ѵ.

Options +ExecCGI
AddHandler cgi-script cgi pl

Ȥ 丮 ִ CGI α׷ óϰ ʹٸ ϴ.

Options +ExecCGI
SetHandler cgi-script

þ Ϸ AllowOverride Options AllowOverride FileInfo ʿ ϶.

CGI α׷ְ ڼ CGI 丮 ٶ.

top

ذ

.htaccess Ͽ þ ϴ ʴ ִ.

Ϲ þ ϰ AllowOverride . Ǵ AllowOverride None ȮѴ. .htaccess ƹԳ ٽ Ͽ ˻غ ִ. Ȯ AllowOverride None .

ݴ Ҷ ߻ϸ ġ α׸ . Ƹ .htaccess Ͽ ִ þ ʴ´ٰ ̴. ƴϰ ִٸ ģ.

howto/index.html100644 0 0 10626 11237400533 11365 0ustar 0 0 How-To / 丮 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2

How-To / 丮

ֽ ƴմϴ. ֱٿ ϼ.
top

How-To / 丮

(authentication) ڽ ϴ Ȯϴ ̴. Ѻο(authorization) Ȥ ϴ 򵵷 ϴ ̴.

: , Ѻο,

CGI

CGI (Common Gateway Interface) CGI α׷ Ȥ CGI ũƮϰ θ, ( ) ܺ α׷ ȣۿϴ Ѵ. Ʈ ϰ ̴. ġ CGI ϴ Ұϰ, CGI α׷ ۼغ.

: CGI:

.htaccess

.htaccess Ͽ 丮 ִ. þ ִ Ư 丮 θ, 丮 丮 þ Ѵ.

: .htaccess

Server Side Includes Ұ

SSI (Server Side Includes) HTML ϴ þ, Ҷ óѴ. SSI ϸ CGI α׷̳ ٸ ü  ʰ HTML ߰ ִ.

: Server Side Includes (SSI)

ں 丮

ڰ ִ ýۿ UserDir þ ϸ ڴ ڽ Ȩ丮 ȿ Ʈ ִ. URL http://example.com/~username/ ϸ "username" Ȩ丮 UserDir þ 丮 ִ ȴ.

: 丮 (public_html)

howto/public_html.html100644 0 0 16760 11237400533 12565 0ustar 0 0 ں 丮 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ں 丮

ֽ ƴմϴ. ֱٿ ϼ.

ڰ ִ ýۿ UserDir þ ϸ ڴ ڽ Ȩ丮 ȿ Ʈ ִ. URL http://example.com/~username/ ϸ "username" Ȩ丮 UserDir þ 丮 ִ ȴ.

top

ں 丮

õ õ þ
top

UserDir ϰ ϱ

UserDir þ ں 丮 Ѵ. þ .

ʴ θ ϸ Ȩ丮 丮 η óѴ. , Ʒ :

UserDir public_html

URL http://example.com/~rbowen/file.html /home/rbowen/public_html/file.html Ѵ.

ϴ θ ϸ 丮 ڸ 丮 θ Ѵ. , Ʒ :

UserDir /var/html

URL http://example.com/~rbowen/file.html /var/html/rbowen/file.html Ѵ.

ǥ (*) θ ϸ ǥ ڸ ü θ Ѵ. , Ʒ :

UserDir /var/www/*/docs

URL http://example.com/~rbowen/file.html /var/www/rbowen/docs/file.html Ѵ.

top

̿ ϱ

UserDir ִ Ͽ ں 丮 ̿ ִ ڸ ִ:

UserDir enabled
UserDir disabled root jro fish

disabled 忡 ϰ ڿ 丮 Ѵ. , ڸ ϰ ִ:

UserDir disabled
UserDir enabled rbowen krietz

UserDir ִ ٸ 鵵 ϶.

top

ں cgi 丮 ϱ

ڸ cgi-bin 丮 οϷ <Directory> þ Ͽ Ȩ丮 Ư 丮 cgi ϰ .

<Directory /home/*/public_html/cgi-bin/>
Options ExecCGI
SetHandler cgi-script
</Directory>

UserDir public_html̶ ϸ, ȿ ִ cgi α׷ example.cgi ִ.

http://example.com/~rbowen/cgi-bin/example.cgi

top

ڰ ֵ

ڰ ڽ Ϸ, .htaccess ־ Ѵ. AllowOverride ڰ ִ þ ϶.  ϴ ڼ .htaccess 丮 ϶.

howto/ssi.html100644 0 0 45353 11237400533 11061 0ustar 0 0 ġ 丮: Server Side Includes Ұ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
Apache > HTTP Server > Documentation > Version 2.2 > How-To / Tutorials

ġ 丮: Server Side Includes Ұ

Server-side includes Ͽ HTML ߰ ִ.

top

Ұ

õ õ þ

SSI θ Server Side Includes Ѵ. SSI ϵ ϴ HTML ߰ϴ ⺻ SSI ҰѴ.

޺κ SSI þ ǹ ޱ Ѵ.

top

SSI ΰ?

SSI (Server Side Includes) HTML ϴ þ, Ҷ óѴ. SSI ϸ CGI α׷̳ ٸ ü  ʰ HTML ߰ ִ.

SSI ƴϸ α׷ ü κ ٽ ؾ ޷ȴ. SSI ð ߰ϴµ . ׷ Ҷ κ ؾ Ѵٸ ٸ ãƺ Ѵ.

top

SSI ϵ ϱ

SSI óϷ httpd.conf ̳ .htaccess Ͽ þ ؾ Ѵ.

Options +Includes

׷ ġ Ͽ SSI þ óѴ. Options þ ְ, þ Ἥ ȿ . ׷ þ Ǹ óϱ SSI ϴ Ư 丮 Options Ѵ.

Ͽ SSI þ óϴ ƴϴ. ġ  ó ˷ Ѵ. ΰ ִ. ϳ þ .shtml Ư Ȯڸ óϴ ̴.

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

̹ ִ SSI þ ߰ϴ SSI þ óϱ .shtml Ȯڸ οϱ⶧ ϸ ũ ؾ ϴ ̴.

ٸ XBitHack þ ϴ ̴.

XBitHack on

XBitHack ִ Ͽ SSI þ óѴ. ׷ ̹ ִ SSI þ ߰Ѵٸ ϸ ʰ chmod Ͽ ָ ȴ.

chmod +x pagename.html

ƾ ϳ. .shtml ϸ ġ .html SSI ó϶ ϴ ִ. Ƹ XBitHack 𸣴 . ̷ ϸ ġ Ͽ SSI þ Ŭ̾Ʈ Ѵٴ ̴. ſ , ƴϴ.

 ̶ ⶧ ڸ .

̿ ϱ Ʊ⶧ ġ ⺻ SSI ֱټϰ content length HTTP ʴ´. ׷ ij ϰ Ŭ̾Ʈ . ΰ ذ ִ.

  1. XBitHack Full Ѵ. ׷ ġ ϴ(include) ϵ ü û ¥ ֱټ ˾Ƴ.
  2. mod_expires ִ þ Ͽ Ͽ ϸ Ͻð ij ִ.
top

⺻ SSI þ

SSI þ .

<!--#element attribute=value attribute=value ... -->

HTML ּ ⶧ SSI ʾƵ HTML ҽ Ѵ. SSI ùٷ ϸ þ ٲ۴.

element ϳ. ȸ ڼ ̴. SSI ִ  δ

¥

<!--#echo var="DATE_LOCAL" -->

echo element ״ Ѵ. CGI α׷ ϴ ȯ溯 ܿ ǥ ִ. , set element Ͽ ִ.

¥ ʴ´ٸ, config element timefmt attribute Ѵ.

<!--#config timefmt="%A %B %d, %Y" -->
Today is <!--#echo var="DATE_LOCAL" -->

<!--#flastmod file="index.html" --> Ǿ

element timefmt ޷ȴ.

CGI α׷ ϱ

Ϲ SSI ϳ, ̵ ֿϴ ``湮 ī'' CGI α׷ Ѵ.

<!--#include virtual="/cgi-bin/counter.pl" -->

top

߰

HTML ִ  SSI .

Ǿ?

տ SSI Ͽ ڿ ֱټ ˸ ִٰ ߴ. ׷ ˷ ʾҴ. ڵ带 HTML ϸ ð . Ѵ SSI ùٷ ۵ؾ Ѵ.

<!--#config timefmt="%A %B %d, %Y" -->
<!--#flastmod file="ssi.shtml" --> Ǿ;

ssi.shtml ϴ ϸ Ѵ. ƹ ٿ ִ ڵ带 Ѵٸ, ϸ LAST_MODIFIED Ѵ.

<!--#config timefmt="%D" -->
This file last modified <!--#echo var="LAST_MODIFIED" -->

timefmt Ŀ ڼ ˻ strftime ãƺ. .

ǥ ϴ ϱ

ִ Ʈ Ѵٸ ü ϴ , Ư ǥ ܰ ϴ Ӵ.

(header) ϴ(footer) Ϸ Ͽ ̷ δ ִ. include SSI ɾ Ͽ ϴ ϳ ϸ ȴ. include element file attribute virtual attribute Ѵ. file attribute ϰδ. , (/ ϴ) ϰγ ȿ ../ . Ƹ ϴ URL ִ virtual attribute ̴. θ / , Ϸ ϴ ϰ ־ Ѵ.

<!--#include virtual="/footer.html" -->

ΰ ļ ϴ Ͽ LAST_MODIFIED þ ִ´. Ϸ Ͽ SSI þ , ̷ ٸ ϴ ִ.

top

̿ܿ ִ ?

ð config() ܿ ΰ config() ִ.

SSI þ ߸Ǹ ´

[an error occurred while processing this directive]

ϰ ʹٸ config element errmsg attribute Ͽ Ѵ.

<!--#config errmsg="[It appears that you don't know how to use SSI]" -->

Ʈ ϱ SSI þ ذϿ ڰ ̷ ʱ ٶ. (׷?)

׸ sizefmt attribute ȯϴ ũ config() ִ. Ʈ ũ⸦ ַ bytes, Kb Mb ũ⸦ ַ abbrev Ѵ.

top

ɾ ϱ

޿ CGI α׷ SSI ϴ ̴. exec element ִ ٸ ͵ ̴. SSI (Ȯ /bin/sh Win32 Ѵٸ DOS ) Ͽ ɾ Ѵ. , 丮 ش.

<pre>
<!--#exec cmd="ls" -->
</pre>

or, on Windows

<pre>
<!--#exec cmd="dir" -->
</pre>

dir ¿ ȥ ``<dir>'' ڿ Եֱ⶧,  þ ϸ ̻ ̴.

exec ±׿  ɾ ֱ⶧ ſ ϴ. ``'' ڰ ִ ȯ̶, ؼ ȵȴ. Options þ IncludesNOEXEC ƱԸƮ Ͽ SSI exec ִ.

top

SSI

ϴ ܿ ġ SSI ϰ, 񱳹 ǹ ִ.

ۿ ϴ κ ġ 1.2 ĺ ִ. , ġ 1.2 ̻ ʴ´ٸ Ƹ ׷̵ؾ Ѵ. ض. ض. ٸ ̴.

set þ Ͽ ߿ ִ. ʿϱ⶧ Ѵ. .

<!--#set var="name" value="Rich" -->

ڱ״ ʰ ȯ溯 ( , LAST_MODIFIED) ٸ Ͽ ִ. ̶ տ ޷ ǥ($) ٿ ڿ ƴ ǥѴ.

<!--#set var="modified" value="$LAST_MODIFIED" -->

޷ ڸ ״ ԷϷ ޷ ǥ տ 齽 Ѵ.

<!--#set var="cost" value="\$100" -->

ڿ ߰ ϴµ ڿ ִ ڵ Ͽ ȥǴ , ȣ  Ȯ Ѵ. ( ã , ϱ ٶ.)

<!--#set var="date" value="${DATE_LOCAL}_${DATE_GMT}" -->

ǥ

ϰ ǹ ϴ. SSI α׷־ ȴ. mod_include ǹ if, elif, else, endif Ѵ. ִ.

ǹ .

<!--#if expr="test_condition" -->
<!--#elif expr="test_condition" -->
<!--#else -->
<!--#endif -->

test_condition  񱳶 ִ. ٸ ϰų, Ư ``'' ˻Ѵ. (ڿ ̴.) 밡 ڸ , mod_include ϶. ǹ  .

Ͽ ߰Ѵ.

BrowserMatchNoCase macintosh Mac
BrowserMatchNoCase MSIE InternetExplorer

Ŭ̾Ʈ Ųÿ ϴ Internet Explorer ȯ溯 ``Mac'' ``InternetExplorer'' Ѵ.

׸ SSI ´.

<!--#if expr="${Mac} && ${InternetExplorer}" -->
⿡ ´
<!--#else -->
⿡ JavaScript ڵ尡 ´
<!--#endif -->

Ų IE ݰ ִ ƴϴ. ֿ ٸ JavaScript ڵ尡 Ų IE ʾƼ ð ߴ. ӽ ذå̴.

( Ͽ Ϲ ȯ溯̰)  ǹ ִ. ƶġ SetEnvIf ٸ þ ȯ溯 ֱ⶧ CGI ̵ ִ.

top

SSI Ȯ CGI ϴ ٸ ü . ׷ ߰ ۾ ߰ϱ⿡ Ǹ ̴.

images/caching_fig1.gif100644 0 0 40203 11237400234 12456 0ustar 0 0 GIF89aX  %&&+++&'(555469:::7894L(6H'>Y1;G>@B=CK4AQ,Fe3OpDDDEFHMMMNRXUUU]]]IOVIWhO^q]`eLb}ccdkkkgghimqoppssswxxIgLpSkPrOxQzLy~[xkefupXXYZ\`ycwkagfmkcou{tspx~vs{z~΄ێޔܜ֙ٞםܕڐх僳댴㊶댹킶㔹哻뜽䙾钾歼̤ͥԣ۫ҩ٢жƳʻĸȱСޯիڵͽĺ˳ҴۻѾԽٶߣ!,X H*\ȰÇ#JHŋ3jȱǏ CIɓ(S\ɲ˗0cʜI͛8sɳϟ@ JѣH*]ʴӧPJJիXjʵׯ`ÊKٳhӪ]˶۷pʝKݻx˷߿ LÈ+^̸ǐ#KL˘3kg}K& &ͨSwB ɸ'Ei0٢o lѧܵOO`5cV.;cUpw-Md R3F~ɌϭOWJ<}V[?\h`V BjcPߎ @ h`mV ; c PF=e?bhLsA Td`s~'p2IӞqhXh2 ,m Ɉ{S5UeƔa ?[BpFd`߀c{c2n1AnQNa~S?Vd.( dH+ꮳ;^OGC^O; IBy;&$"3JZRQ$%1Ijғ$(EYO &QSfT$Y KN &air%-sa2%)ML]ǔe, Lil6JƬ&5yq^t.pNq{d~u&HԂ`u [u: Zt=޺z':1r}T1[HOvӦb-1z PtS@ `@b:1vZ@M;֡Y³@ zΣJ}>۹BKL9-2t #D(?w΂V -~@(Bjԭcg1)CB@h򥬼M`+Ow ~؃ @W T\~ .~@H_ETBحf{" P @e<܁h(`PE9"g[(KQpe/$@8.d<&9uf(DNPhNI .Y%tlǙ#1EC`'a GAm0?}:4$JQ. @=h@ w -PǥA >RLC8ĩK1%=tzckEþ-o(X9$DARر*܁&ςdֱ&o`h{[Yh#D1nC $ĀZ pw65ŧ\;!в(NQ 5p<-8tWv]=衎qNo?ۭw+AlT{>J x.. BB'`q!pD.&`hOW67~[JK}c \ \[i~7-Fc̛ fa7& 0zv8~zgS3f6yK&^a'eKdoxtA'v|!!" ppCa~tp __EeOw9 ` >G<Ѐ@  DjlTUQdeWdփDzhofzqQ60b6S oC eSc9{F q' 砄AS qӅ 々LVZt c:}v jV ip@ Cpx`*o C@\{eX5W^mphpH)qs#3wԖVqvo p 0 Hx|KF !!`p p`vO1cLdk6_4go6 pjj0|t`*)R lP[6h_8]SVAx ( :K85`ȅ,TRt]Ń`u{ 6l]o :, w Whiu]_L{PYq_z (  `C!_0y7[Q_D  gzj HDiըX_`P aczp0 G׊x!!PI^S)WgW0BeQw0tB(#t~KXaSc*MIE0]Gq}[M_Rh)u@ ט?AVUW0h|Kp@ g P1i8 ` r@ӧ@Q^X_UwpVqXƙɧ x0F9QeWyh^GKwp @w yzjY^8^R`ah @ Ç '" yy 1\%wvkCvQ X8l~Jإ P2 svj7f?XNg `R`^7k(n‡(ixoIUhX5_OeeP zE`* p &W7HXp: >w( dJ oC 0 ~dufyh"8| g2]_R& l(#P G Э*qY@yev{ t0jڟъHDzȀDЋ4vYwR֛ `0zi"A[F7 ^ss'wrws'#[0 pӹkxywqp@ZwP| J9=S-@yp3b%eqzڳ*wcdQgsv_+ L) |ɲ$e _h^cWv@ q* xD RY 7]Z{`{#|yo+[ $U3LP c"Twk,qzfjpoQ xvk7Wsw^Qpu7e?kYquQɛ|)řnEqpvg[V5ixik-e\t[( ;aQY| U^3{sr)Xiq7ܜ&v% xHq4< p9W\Vf%SZ:HA  fpR! _B|ۮROp+`ϣw8)*O`&v f^6{IKGŘLtz qq]w 婩Zb0{ I0 z NE@m{Cw  l u[\Ée4'Buύ,XX9a}h7+l-IŒ {}:S` *79ӹp&Y  : jP` KuH 0^=ƪXi9GYFKZ sF5 v^B|q`xQk sP/p%.ʧװ~pX}{fֵc!QWnҋImLՏ@ r@uPZP_Bhsz?uXck^OokZ) ;XJQu}ʉ  h0{N&sH΀kQhǎ$O xKЏ (7P v:XIO1_R=ߢm+0_i h$5Ǥ{WO_~>t1C!^D;VFD鯢 E_?yAb"B8hQ5ƔQ{'ÌNhSTUIaHYv̂jWj*);I RD.=p" ,*Zc Ռ"PS^p1I4=A) w$//K3e (|(E2qUyY5:=&wx $?p*"(!5t_cK9Ynvz83=HBV3d-p$@fGvy*mGȪe00!܁Ҹlw.wuu.{k'}uRbS.𖱴bE;1&ȁʈr]%_ձb|N@s50+[/[Hn> Z+:nrDԭVx qs9El9W0[J"aȘ73a8Os(0RBq Bu2B;A8="8bP)d:6mB\ q%nvI! `'Ue/u9?v*P7:+ܓ%Ä5hY#ݝ5M4mb7/1{8f#cR|2Lġ-Zjݔ#9\]h:3y|7bվyef43ډnN0 xI V+a"@ >YǽUy T/an jU5S庳]u>99|%?j,ryg?A B4KrʏW<$넎ԉ^؟-!H=ax/|<}q >( +>~;}lׯ\yzL,pC@59 ܠs2BS@R.F@;Iˇ('oRd-Q[Dc"?ߺ[&'@j1:>˓r`:"gLC+> ?VA6ԠCԨMɊ<DT3cDƉB;9b@5"hؓ3kZT U_Ads@1D$3Eb|7䟥{Ba%TLdCIK<@AtBK=P-i c *ʃU?n,EdGF!xK_$c7>Gwƒ\ ,F=}t~$8':MS?FTȘɇd4$xoǯjFﲿQ-dǓly<˜TSGbOLCEb F a$F4r.&x^87ICA+ɢd~]FbJtLHt"zCsxIlJ5$ɡ$[:%J$g~+IMlpzƒPsdļ2ʡJu2& U LG!ZGa!XL :4T գ%xwK4dn<+lwr!DC FR̶Kqd"HTpIL$CL*&(JTْ/v3O޼@PZH/US]+$PJmOM]~K+S6UQSnU-hI-T ݳ4/\T)Lu`="HV8 J3RV8Lg]q1zDV{|##+,VJ4&{.D%ZX\%XTXW/ClցNΕBXEdS+[_-YiOxЅyX,\+PXl~_U < /CQж][(!l5#w]9"0@0t \ut⳪?LvUs]XFm 50ܴuU{X.j0߂51?7sZM(  =4:]?О_ _QkRe[w)`=6%5@Eu-mx\bl `%^Aul[-u.+//M@uW)xsbbq0](xxc[y|42wYUq#aF226.Ѐ-Hy (e@zw؂i)O9v@n@5)؆-0-e23,X9lQ cc(8Q eP2.wP~(4؂zg 3-y 3(VL^y!nߡV 2(2w8 P fcP *@5P2Pf0c.Ї3Ѐx@Xjj( N3 ` .c.x52P,Wֿ+@H0ǃ]f}xz P (gm.eЇi(e0@bRˀ20 02g0PxXk10Ԅj#deaF-mBP͞1K.L^4f}@4~iނ.@kl*h肐il&d5@2@c (j@5ˎ:3Zk%t`aI>j-.: wc60zЀKJ3 } j@de0 xvi ?~jZO`'ЄvXoJmf8*:.4+ (}Ȁ5 *Ȁ0*+ #i0 QȀ?#zf lyp  3>?ɇb}q$NX&~b q~H AW y@A'4 G @?E l S4|}qql$b"_;c \˾{kPWL7'ɹO O^o Z8CD$>Wչ+Y0SwvpnG+3]fOs-ZhC4RHϟțɛ!!mnVoM/,?P 뇥v)hk󸃱wWZ (y#׀d8@+ jHr") yj(i(c5 ؂-+8w w`iL."ifZb_x ߔO-Ȁ~0 0pGjP5~i20jW  X3 y4(w(n(zPtP(>~ȀTgedQ@h{ac ҿ{|g ~ nPȀȝ~0{+Ȁ2fWx0p ؂8 ~524Xw1u!m^}V(hP1 2lp!b$!ƌ7r#Ȑ"GI-Åh%3̅~W&!f,2,˟ٵ-D5: ː4P<%`µSA@)Ԧ+Y:R>Q .}4`[asAA+lWUCxWHSAxqjP< 25nHDx2?)zqeQ@IkIKbJ[I X@P'_zj~5+SN'BHm)WI<`BM護<{w{^x;9?S.y]wIsYgM1.>F'f;; ?<<Ӯ@v;!>髿 `v]R;LA{3_+`V< 2| #'HR`B! r/@j @EB, 8CBuCHԡ%(^3:U mI(HC#.|Gγu͏$ sl_ ЀQPW^  bKgUEoAR;F0$5Fq$Tp Vq 10(bh*c1p pJB (A GM)DH!Րe92#A*( a /{y(/b^3̏#ßy>jRd7 5͎P:¹}X2Å v^Kc /qr$vXl(GQ8t#(''wLVC T]8H>"iS$ 3VI6{b E.vMt !TT#B?2c3ꤦf%BUCY"+{wpb^@TrEVNYwaEEd0zQ*V2D+K'+-!ɇ: ` SkMKi0!mPvyYF ="I>@F2k5V}B*uùa­Qj]@CSF CMTsKb=>$T}n^O~p}}cޛ27NҺ몕 0IYB/G )Ap Sx$͇-`h=")z[p !--My =a#E tRȔLd`8$d1/if<ڠM#6͗('. z$5=0W!1σ=]AzG<֮c.D6l,+zY[N #کTwDjj>#Ж1Q~ F(d |_CB";td8 h_V!kLa`?Q~9bco?lyי~Gx911pC0~aAm=F8t>'oUS0ET-C>`1-?C 2?pC:C0؂ EC-G C}I]^C샞(D0k:`=Y0;' bD?*?-:x&ÑCXM`C1E~1>+B܂8:ܡB '(`'Db8| a Db` `aɠhRZTK.T1BC-:C''܂% ʎr"(?@b =8:DU A"xы/=|B0=p!(=`>"v 5b8C 7t=`:%='>(`>CZW⑞/?YLYV>iP-!%yE5T; `Z[8NlΉWDdF%J"b?DZfkZBlbDZf@.D{m!kN^5_cסY90zUZNmgF̑HUC &fyCD;'yf;&c' {u^/Zy>ݫ ~n{W%sB:V6~/mREp}h{M]f|b%mޓΌb F|Z F+b2rSl&CD4-B!.PMEIPi]eTO/@)?-CIiCi;)[iC{1AITYEu9B驑(L2ix6XI:A䞤>USFCe}*jCbYUL6̥Vb*JxÐ-yJAYBh%y &:B:? Qfi'j{z)nӽ<kƩ2%b hT,8"bkjU(BLJY뿆S],,# kΨ:=SNlŠ8]ټL2[ CcB뼶jݫlbB&ޚkzS2,Af-&lMgzӹ-%ʖ0tƭ6!ޢl)F0jl-UΩ~lqJ-Vn8 *!tFbI[E&f-6Ȑ\1lz|0.H,*WkJL/(6 e>k6RLn*?8 n6%Jm%Vk=Rm~2źlB-'ԝo4z]Zۂ lѾ=HD8,V.b/_APFYɯ=l<<6:1'/17?1GO1WW1T1C/0q'q7q11q_EH1 2/H4h@ $r pPx"O2%W%_2&g&o2'w'2(((@E")r+/+r'2)+_ -/20% dJ4 t]3;3|4a<4G34O54k5W36{6gsAl8w37938899:G 83<23s >3@s;33s5Ss:<t<:/;4E7tEKCY1;G>@B=CK4AQ,Fe3OpDDDEFHMMMNRXUUU]]]IOVIWhO^q]`eLb}ccdkkkgghimqoppssswxxIgLpSkPrOxQzLy~[xkefupXXYZ\`ycwkagfmkcou{tspx~vs{z~΄ێޔܜ֙ٞםܕڐх僳댴㊶댹킶㔹哻뜽䙾钾歼̤ͥԣ۫ҩ٢жƳʻĸȱСޯիڵͽĺ˳ҴۻѾԽٶߣ^\ pHYsHHFk>12IDATx T[םQ,msŊ]` t;۳l3IgvR==G9gPyqlg`{k7J6Sc$i(UJԵ,i8͡ı,"}}6}>~}[!3aY    & ,& ,& ,&LXLXLXL0000a`1a`1a`1aRD+ӽ؃J6 inuf:|5ײe`ͫvn$1X%u@r#ᔼJt# AcG]p8DYrlX3ʫ Hra-t:]0/q'n۱v݃@ӈ\]jk^a\/1|mcb{[aȅ5b, ZDiNެsUk$MT 6hj@ hIۚD6j j@Ĩ4VkM~A:zj\Vu’A..%tܤz\K`IW\j<V=|U47ׁmh% ^vXDi^1̹.p$+u(`a%kJJbQAC6B&8on})0B ͭrKU*/dt1Wv{H6%-W.hr"9-&E ŭMuI&x 9dt摆|6iLRӕ?5ǟɮ8&)Xk1q>ׅĵE-ѯ ?qxWX+V^/9_W)V},|_=[ZǿjקdsUkV fVWR{P5sWxS%xG c/< ){o{S9L鼯Xlb *1a)& ,& ,& ,&Y#ńi,&L *00XLXLXdJ$#čl2 GCagmrmEq 춡cg E;u!\_$a }vPoX'_p##vk/u?odnu_WbFahԏg̚Tig`ݴ|xz@OT _X7/xhp@Ou4"\ÀsU')|#tTR7=o?df_ZhP F&TiO}nbϬijW{wQ=hqEOxCi Fǻ H⣏EFVQނGݼ?k | pFcyE[O3Bp62 K7ukpOQ_i eGWj N`C;#9oMCLL~ =m)cpH`Ԁ*Ƣx-hin<'j̝4*K+⡵4zɧ{Ni6]#kžС.ƊxԀ9:knOPu`)>zh7l; h)8^س'yb``<>u0=NMnr;<)ot#D 0.ㄊ}m<ԃfxWl[Z8.M Š탨O(xv}]GNfr{E18Tf `mpަ{;;w: cƓ?fԛA]Jah&ž;qꈢC22G;jwP0m}Gp`#mܹcGω* MB" , n eFp6A⊞ى}Σz3Xj~>ET8A tA؀*8qRlhi>ʁ菤h 2D6<6#g>xhؼb Q45 LawSNܻ'rޔ+njZO.p NNVOQu({xDr멠D7OkJ{jF=(cw:yRSء…B v;SZf G?SGcSs1ja7MhS B M1L@Ma?yہttPʊUe]9/`$<Mt(>L9ZE M6Y VwTUorm*wO~yp6nş3sPFK &/I1tu01zL$ i73pm 5̹i K :` / {ZJrO_84~8n z`@Q˲p+O3zٖ]ˌs{K7b7mǻD=ŝNh>:]kgYr]O8 _ħ& ,]Mw3/E;'pS/vr0v{!(O|hNr˘ɇӹeP=dpj~Zq:Aѡד5x4 i}iO%tኻCz` 6Ht"8pEGvtEGˋRO랇8Cm9H|1OȴbOS.v҃H_>e`)%Zk޶Pϩ'=>u}Xp'K1\LŹ T5m;xM "WN7D 6\iʙJ7jLw>POzk4g*%6h>9cPU6+N%r=߻ʜ8?b`#֞+|d4*QڗgWJ>zsdIt).Ӹ>6wdOQz6c#XcM/p׹{]Ww<-Bc^YOR Ylvh AqՓbXr- 8ދchlp *6.G*X{4)ܼǁ;M!TIoދ wUsd @|صnzrhсBGҥv0N8@B h& .Oc)WL"KP?+ύ a=*Tqhb0%wOBm@87\hہ]G0_ѣxҽ' 3 V-Y[:wB_UD 6j CKc a.=YnV`RzAzZdzY0:2KCصW:Mɤ06 MJoqCi締 6*VE#\m9K^8P>4SKv!`ˮU K2VCPۧQT`:87Џh0)듌֝@<$"iw)9J7e%zm\|ޭ6qLj`SnX*EPbw7nL~Sc]1+f|<̞9sE7XyO)b,{9ڶ}͡(y-|; 9ZSRn7oYL=[vw}}kvfuqd6~!yWTëS[;rwcrqIqMm}ĝ s S3fxmn5aAWkw}oUТӶдOCfͣYw7 b'Oq/~;n]s[ΚL+k?ſwܮլOnκ;W_ojr>ş\ < h2}AjW:VZ澪a|:r )Y~1￿o?p緿U]S߰F9U-pd(*0[|[ʴ|ܷ3xyGi $cĄe+ʾml}|Blc.s ͑u}a\t;6} HDȬ#cEFm|4zg.Pƻ}a׭2m9_hE{$J !6iydCLx /1U7W<֍.Ld ԕ/RfzX7\qX1B (2Z $)f1EVIFΦ~S۵/z VZL!kNipmt3m 0J(f U@c"(wq݄Rۚ| =|PW=t71d)RVAR :=AR<`EBv݁{G;䞗XS7zڡ;9}s1+`-pkȀJ0 bQ!={x/+ofI 7* +{s(^" ,RMiλAI <2 y8,Q"7  : o`A 4>¹;~$G)LN ~uyu+{4&}Kr@8cZ+c` ;`ÃeZJ¢¹\-=<[Wbpr"\l 5Lcy}ٶ ? U:Bخ0 1NM<֬Њ+=٠_brPր59fm{XZnI؎~7`˷Ae$tC6h,܊7n;"BtZX,*9X#}+b`-:Rlg20=sABk ld|5l-;݁ Vrb +,lQȀ'{hؕЩX(k^}tYn`y!<迋2iQoP!0TnHXxDY6 N4XaIqǿv;tGcrm~,YiujDe e X(Eƚ?*LMHD3W]WJIgiWO^,JZp_X+O 'ְa%װf"!/e$xĂ <@VXO3l,DXEa=,V+$I;ﲓ+X"s+(;'tw(r;,"`-4ؖ~|KkסZJfLh0RM*X~ky 9qZjpΗmC0["y]Xs†{{ɄԼJ'Ů,Mb SFm{di0f oVFU;#aC?~>4#V2wk ɾٸZX1xˏ\X,*L"XՄd"ySmp윉ky,~,F}~S3YyO߯ZP[&DY*P{C e-ϋ캳FT Zaʄ~<-!ɋ)6VXd߯P`ՄgjBe>J;HCJٝkY)q`jB,lW |e >`}G nxw:P[5U&Hvwٝu'J`,DXc9'ZሥTLֻlY`Cl:X2oՄ7gf]:Xv0-ZWH(X~;pvMN2\rkۀJ9Sao䌧خ5˕4X´+dMCP+jBCũw+`4+ `fR VQʄ)F;8n3t(,V!,LK25`eCTEC< EbQa2?,0pI0l5w.BŢB8gh eś´^ 'ԀUBDX˻8|:M`ZaBWw7|1XTT5jo|ErAUBMDX)6]FFߎ0h]!|L8b{rM}_{TBRW8yGvcky#La{j7t1NXV~&(˫awO] Xxñ$bQ! 0X0`}\>&])d$ȝ Sd Y)+jW0nMnzzj=Z~ISP({uokiSKTEUe+X eݽ hX,*4Xw\zzvz5>Zj{n,7UMT8^FX%Hj_J FJv}r镏M`%f u?:X1f ao<#֊BME+`DX%HkuVVֈ̿_B5%55s?(`6KX]`FEtMb\e6\(1^TJo4mJЉ:ܰPrԙQasUMfsC'k:f.дvwquW5um i,a>P YzQQ65yPރEW[$rrU~cN}9 uś9MiǛcPK%0ʎ_i+ LYyyN#J"Z`BNDEՍ6~IC4S(7j۰qk׸S/k.7-jJ!%o5&I,݀W۹{ߤ&+ bX- V w3(XE)ڜ#z0NKvjEs f\DT)3qHWy:$uԊڂMR>u/% ˂mX59UyVX vhA^Sc)X d0WhKuUyjЃ쀮kܲ1P55[$gUc`=N|3@mqܳ.D̨eW5|O-B1%!i #vmx*b`I>꣰!em~Do<$kŏ(KXRE".󸬞~I+w}me9Sfc@bR [ji 7(+AOBw:bҬX 2_E)uQF(;rVXH̉1dDcE m Ѣj8ǁȹVYfug>-u+WLO;3D*LaxW`e1BhpX J7% m|ZI ҰCo|!,ӧ_64r55rjV SVV)\%DU-JUHЪy7m$PcYu/?RQYpR1A8h4]  +Q% /wpsrXQEN Q%XzO?"ZrdޫVޢZdGTm< ,z A%G5콥Z]`zs~,UX(`A7mJȽ 4V{/(VCi떵ˆn*`19mm_[},MώR2 {~D'XXy*_al% tBh`-B V.UƎmf`1+`p_[cV?N!X$o߰B<,bny +zS~R_G"CmИ^xl$o}3f U?n6 ceTc`_[3+rPv*`1=`LceR5i45EhLy{Ʀf 3j ~e`1}! `;p}VX+S`͠ ?&SHb룽:-Ma/3Z >lZHuީ~XG7%u m†7j,V X6~ãoK 4U~UJ doIu0`}H+X_Wn1RcM+_!2c ួ|S u&]%֫ǸƨX4k=HC/w-}L1X_+D5;zZX0S`Ϙ,|k "C{o}mD-Xl]auGhˣcy Us_[ tuj-aҢ_y+=o4fBca_ۊEVhШUZYs~R ՛D|m۟~-ȴW,#JNq02+TtJ~[f#mVxn+o|܈' ۹a#51},RNwQ? ǧkǑY/0sjX^gGKY ɟ/ɛP¾ܙtP8zmfY egbQa&5ܡx.?£BMᘽ+e+{AZ " `Wk Ӌk(`c{Mb1mxSHBtylrbغh, M/~w',a7%R V&-QXiڣ°Uw\NŢ$0X]E LŻDCi/~|hXgL\ۏ22ևDžMߠ,WHBE(זt gOA1zQmR VZȣW&' ߭#,[ Uix{Ni, W /#M!K7QIt+,٭! oH(,/>yqlUbE贃~`|V`7* XiLEak%ŏX2 _,vq&n?M3X^?~v^WHXsjcg\,{z5֨e(5pqזJ!Vx`|9,qѹpޮx:+c`љB~[%BɄEkˇc~H]tSm b~i+r_Uڃ+L њzuo|=b&Yw+)\t:W,V+L3XVΰ VƄ;KRfM>>|~&k eB`͕+\YK~f?VĞ%y>W, 0Y,_bdAnXLXL b`1aIXI@bӿN==o~"?E_ԣ?kyyOߛ7=?[yz>`,ӏ?}ǏiYomX3Opc{fy1;G(6HZφpXۂv녱噾ږ4L~탔4694AQ޳ҽc׫ҭͳʺ˽ɟgܤԶƕx䣽ی㩿ٯյu둷789츿㝝EFHNRX>@BѷsUUUԥ]]]ӎޔܴp{왷١ỿĢ֕ڄېwxxkke&'(Ig\SkIWhIOVO^qPrLb}Ox kkky~Lpwoppaccd҉޶쁯imq]`e 333䓔ʣ:::DDDU)IDATx^ɪ0 aλ!ĐJ`CDW3`l$((kϫZs;Ƴ˚/UilV{ɱ<=)1je%9b9+PXH 5X -yvjsƸ{Bâ5R[>uucy"!Gk< +\b-rYa?{U2z)RYS`~NMja(MA?ͧJ߃iH\6H>g_!E. @Y,7` ) >З.?,VNDǙ=%Yڻ ޮg80E;VG(R,~<+Vp-^_!BX ,ڿºٹ6+_ҲBJ*R"mv7nZ(I+1IhHڴq'U!߫@3Q='`H24vr~g=+Ӎ{VO{՞{. . ,A0L>nDl1mA h4Ym~dz},}`,U`b ;]z<9xN>4pЬ"wbDl k5Irۺ+("=VJΠ-+^~5d9,NP$+i Λ(gt4M½'d,p%MҸ^ⲉKT 1("ݗov P@Sc,6E&'=W~$t:cB79OIOUeMg[?~'~9di>d@D#NO<^)m^[ux)dbq]Ew5ƢF 2FM QMґX&Hoˤo΃a!4UdXlDR-wڌ`¸Z#CR.MVjgF ^etW- -\ lv?~7٘t9Fe9B+of$hM^Yf,k@Xn;lHoNU<hKY7 9sΎ͕@R-zrɲJIPf)*"}tdzCbE)4vyIÑ\ "DEN| ү ;)U!. $שRc<XOѐs̭U(6jġ޽Uzh~tCnQ#hZ)nPY(4i2i\>* .OeÑ=REV(Яݍmkl@$(o |<UDOZK $:4zvfa6VO^av1[  nhJ P);XU3(n *-[Ӛ<(Mp19!ơR icf@eLhcǧe8P-Qƪ s두ڍMe*X,4},&DrLB{X yOhN6ҘL. 6@hXobPdd]\ /,-3b C80ECNÅO4am3!puIU4f(ˬ_Ghr!zdQSvK3{xTpH^ri;Fk6umg`5SnU9܌>M}W f\؈oo!kz+Qܛ)Tb&38g C ܨΧ5YͿENә|>rK>LMNtw>Mg$>36w&6Q / -=t3KG@d*B1ڣER(~4~otILw'S鏢=6} iSs!; L/0{) {9zj,0{鐢O_A #4+~"5Grn<3|ҀE8Ȅ0j;MC= jm*lOf'@ UbD6iU8E翞DYd"!.ށm7 'ֺRB4 "@FIUz,,g!J k ,%\*f %/J)Ā ^m?4 nP 5qq&fT,M,/"QZR=Nc,Ad1 jc<5ƠXPKO'M<>֮.`m~8q`M ,pxY1-!B,ߛu7 SIpK Ӝkk-WցU)Ʒ}𱊡`DWRe{1#vC=1[SelazN ,N' ѰG;*Qh zwb\;BY~N}wց%T+9؏ܴr7fxͺ,M! t?#%ILK*޵7X@V{XFG={WRtŽ7inՆ<@37LY:X0ѼW&XlCwoU2QRyhb)EU5)צw`PY (PV8{CXfqϕmi6dRZGuͩf1(k#ƊӵH`"l:GD1M1ڑPJӦ(H>njxSwiͳyZRgSӃYSdY"KZ:|]N4A9uJOV$eMu0D>yF#YU?kK!΍; [ŧ p^R )@].:}VtF(m*Rg`񡏨Vuetڙx.Ivf2]밇"n-O2kGX, [ 2FyEҁZ M/hZgGdb=%`<"ezRWwLXlM(_bh~bn'{{_j-+oX:>56%~y ˋdlvgm"hw` 5djAŻ~ wݢb8o&lS $hŤ%,(F;`RqshPl(!{=K,:Q< ,Cv:z |`ZҖ* v J8gny 9K^^8hO#Xyou{}9bl$.oC!(b'ȻդBv*5Z>+ԑU]l7 _I|Ie+Iǰ@X ahÑ:s[t# 4Z4;(4  Bk5>sJ[c[9aE$/qP+`XcSCW Sw)lfPDjt+ ņ)B>(h,n˸U"P6MT8[ǰ睤9z ٕBI*rfgYM4V8+ CN~Hf%tK8n`>",T/ALmydlzyVYaCh[XS|RгMڡE}"K(+22 XSZFy?R q>OdO S ŶXe/+~WN<B5."|@cWc 72V) …_W+l!/ 9)o'~?CX@~ >|)m y1;vh 7ޡT0-lagOC*}^c@z0֤ѧEo&,ftl)·3;ͷ[?,T._m L v{'Jzp04sShN /"BkgiГJRqx‹e@":kR'lK_) ትmIշ?{ ZSvH<׺}'!bXlqitmam7WDxγq.R^>bb(,z'QZ\:6`[ s(w.:tp6/jTr6ͻ@+ߐ^AѸZ:>(`2ׯB8_Gz xiBM c6I"76@'%r-2-HCI͓A5+;R;2744W8lY}?-q8%2{X@FZgVx6{}y:*OMV$=CUcjzۨheωc[b-2B%vbU"QH&wI)Sx dɢY2SN\3ѽskjpm߶ˑ 3`G&*ߠ0T5U}58_kr^Km]6+Nk0k;K̬[rss}Kxٓb!$ 2%St[Q3<3>)ظozQ`ϾըFw"q X: D%]aб#$f{].z-b_J]0 GX"xRgWP,RR% Uuv+? 76IKŒKBc o.kRA>:[!ȻsZuP᧭} sW̰'Aޟcu.EY0ݭR%PwmHz`8ގ}r"1wx8or ^aG9O}lo+kO䝼̰\WE5Va% Y6Fart}|.B7a4gZis,t,>0Rv/o@ EfnҼ/e AGXBH\.tBmXFˍ+ 0Au2Bʱcꆹ"r!ĕ":mp\] CqYip2dZ]_V]MFBe\R}!Wx `n-oGB RBD9γ@\w:;/(Cz}!Wl7=%yǕk FZ-K(^xt, aq.UÉl`VphB iM4U+9B+`'Za/=;2"$5se/Ѿer ` 3,huV^@%}ɇ HwRB б܃7_/=jx p"0xv %NnH8ј{|; ,縑ywJQ5*4 o `h̺{.aѻ+|e r}a'xT~qI If!Z‚/֍ŁI Ij~Ұ? I(3k.Wȼ#ĢԨ} ,BtP<ͬ^]0ˆuJ1 U-cz*W %S:~h XtF쳼h i(SX fX" :VHMḟB;Nb3hX B '}}]u,eJx.aJG2֗V|4;#&7@c p'KW]8QY})r+C#:7=7, [Y~  ǧ4#{\M(7]y?3Ck|xEhɤ/.+T4Myv_hS1P AMha&0 ]OMZ/Χ %םIFb;!^ Iڞ2>~CW6,^g ac ԵڃepcN)QM`ϟ^P$p)7}Y:V8"`ٚz@ ^ϠS9"a _z*G, \{,*J:QK=Xm|"`gZ-2r~cD`n;-w %!-p 7Curb49Y_ccKu+ b5LN  nsj!NBq ' ҁ1QcU zWos9V6t& t,Kb j?"]>sԏ=Fy{Ho/\MyoaiFP\ X=,7Ehi0L&ģPxls7]<&%3RR!i5q'LwXR$J:aOtwp+~'.Bt5^bfֱw`ew[O>5'"n Ta$籚]z, +;Vq=zC.Bӡ[)vK:e_oX#yVN?OӍ5$kW%b VBQGIh}quɺj K,z^l~@ cꍂk"ִn(rS+3W5Q`Etg2#?/~@f')57&F\xp |%P#18\M `{G=ǺB12  cI8ݹcqj^1XރGj,{xY+ 7FPm3Vcywt`6$Y+b-X5AI}-ss޽2XyrsޥXF5.]) wVd|~(a`λ"1֜<XjR)XBZQJS7@:XWR8<{r,Ɲށˣ[/נ⮌8=B!BiHAٝya=Q `}5f!yw@ Qf@E@O`-BD$PH R4^(5nZa}:|SM<̗tBhsmwEF֞; 彣;{hR.v\롰PJS"t+uXw CQ5#Z.,NR}YtS\|:9Hb@#D,xhAXWx3rnN>ЬB^PWXKI]\!ebaU(KO@CK2$qU$P>?W$DT,BwUV;1*I]>7PW. =e.X4 -~i; -, Y!ƫ0u]>4̰D< ΢֑B!rgXEYa<_*;ߧ#NiwX1 -aL3.A٧+(CEHB*4LO йI%ِ8-L~JP2Ah7?ƞ> ^MGo|gޛ бk,U:z& R*-yģ!Ky,UAgAH5`)7士mh~{'}oLW;c>ybHD ?7{g`)dx^@u^g ߣv;Bdp|`AnH*<8Fo$U+[bc6 aQ?bm1GN75`ĿU!a/i`ez,Pmf*SӃsQ"(Pc1s䰢(b(azh:6{e!bjfwe\a-R P= 6 n& G lX˅T[:X*r z@]~1N.Jr8HLْl*EkX. |No+TFu,}go R:>Xa,ْAJ;t, TISU TX[g?)LBb:p_! B^!|Rψ= 1ül B r;T := `ݠ1<\e`r: O7bcnl ͼL9cajU])Dݴ4zCf?_ln6 >VI|BBH ;N;/69_~`u챽Nj;H8D{fjKmVXcI8x "(4=Zcyǒjv,PXg t,:xw@NYx.?P6m묱 Ցǔ_c9-U~Os 1TrJ"w%#>. J]v}O?coH?9J8LIENDB`images/custom_errordocs.png100644 0 0 41417 11237400234 13577 0ustar 0 0 PNG  IHDRWsRGBgAMA a cHRMz&u0`:pQ<>PLTEqqquuuQQ}}0ee릦00eeeϚ eA42h M/jn4=*_:Z1cWsrE0PVܼ*.W .`ۂp6}2+h0%E[umĕ;Vm0l+Ƹ2l+B7Y0,g[]4m %q-s`?gn__U{ŰO`Oȣi|Hao`2s`[]\˔\ BTKE '3pt{R7X{v`[]\ fqU5 pp-s-< _#%V0S3q/1=xBAllZ%Gu{*EMػ/h׹c%;U 3PkV¸wZ*3F`lzvq/W@Y$ i4dV`ƕqecc\W6ƕqecsp`c[mk[u68*`Oʸ6Yqe{ ]ۂ+[Mpml`v.]Ý MlC0$w'-Wi8x5QaWtܧD)<9ٸndք9ܠF}oGTGG8Uh`N4z+\' gtkmt9ٯ{Ɗ Exc`GvDž36d/[[>>zP Y ŕڹIeo;RgFע~+3q:tl=n3z5N+Ck{:~~(!r@P< ̊]^_6@\5 OUØb̸4+ia~/`ebW03\ &zUՃ5=Cɋ|M BҊzg͠KlkAk.D\1յl5ƕllK W6ƕ&R,*.ll_̵gub׭Ŷf¸ŅޝE*e͸Uĵ(v52fX ;baR_fƕh}м.ҵX@:v.w6yҰD+/rp5Zd^3HVn|-76 NY\ U׫:[HS ׫ s3\76<\Y;ڗy;p3\wgfc],6RRJOcnߤ434u:Wphݽlc#0 Q]xMg&`F]l4]VW5߻O۪z,xX: 0ۭ㪻k&Ph>>BͲ : @pJj%+]J ޵JW_ X|'zf\V̻4(}s0Fk-vຕ5aɋ]uURveqgaު߽kGY΂+"S~FW#3 EXa,pLp\5,wMcY*t]5m9 Wl\m^J㺌cY` /ǾhQM `x/|Es&8`l+ɣŪIT+ǻdzGGALfa@[9U#Y }l}M. q}-So>k8xk-d1V˻ d:DGd?ǮBn`{l#\r{Xz;_L[FYDh"rQ4G5A9Y `wfhD'wf<8Py׾wE^G9ֿdkU XfւQ$dr1AXǓ9yHlQ(?zBYaEʲls9֣Nө(/Q=+cZ,v#墦wdykacR@8B<|:kyʲl7=.uBtz=>DΥ]1 @^Dƾ#rUY,vâutMm!O9WjN0$FE9bW` ~F?1aѻRQ/i-k6,6A"~ECcD YHUZ,6/ⷔ̚N~:F~W\HNTM0#ʲls޵uqۋ3{Z$dW̻RWr؂PEczWbY yle_Ư= TjIfDr225v eu8k!bUvڷ^ Z'V{%n#ܤk!bU\ {%)Zt:Z#L9qbC+^ʀ8OM\Od g'} *,`ߨhH//ޥvO|.M:T$h̲l`}U"U+|md,"`/Q TbY 9CR{ګipc_ܭ%e`9ho뜱+bKYjP`/kβ'K؉XZx+ƮS ˶lSiU`_c%x:'ߛc`[z*jZ*G$bY(OԦZ-{l& =g Xsby߻KJZ=`iR$d&`2X +g8)cYf]0Ԁpv# |1;bY *֗IQ^B,:ؖK`GI{#Xm.'[ڷ 4/3ޗ}"W;NgGpyll:KN^].uq, n3@1r0,F 4sXt{YĚIq4*S0#YP{P5Aص,F^IUd1 }06U^\%{IsX򯗲@Pu""9$KZY 8 /#P1P~Fwnl5I W/la[>ud1{5+h% .X/EZqql բ./$.3$5ûp^x5{a\4fK$Ꞽ@dqkVPU@VxM׊yJw5!we\9 o֞HMUVm@~F*aABZ]شTʸeJ"혥ɔ4u?գKTU]U*lM9;nH3Gp|,XYE2u6q":K¿pH_JA ksT;We1~R7gBs`f:\}2 %ͷ&4t=؇RuB*v(a]*eQ '.,U+TRWX%]a@yן{EbpZg@u{YnKX ubiH-@Hyy[d-Po+״{^aSXJR}8|=&X1-dzͲlEYһ^jmJ`лX \w>ʲl% vK1ޥι%(šC)]ѵ &{,[9;Cw5Öߒ6z_Uczߍ[Hm 1M@]Į+[Z~{'N/3!󯊠渧GIZ RC5L֜+b0Bd2K:R \nDɥQJ;nl6xrSU["hCfPUD19]+bU ZNx'Ѫn?wXBi!E"{*eK4Li[,kRJ'D?r+SF8`# n8WE/}Q4£t4U^_)o4բ^g#*WҘŃH+"l50&g[:3l wxF`e;,Q]Gʦx&?$1e1F48u";ЛSN&Fk@7~Oj(LӪ*#veY ȕ$P͛/Y wu it-_OQc"X\d1]STvncH\u^R7rtǓnu" JQ,4o4) /!\&R!\wd|B*Xs]bS\#D:L@>/DWR=SxDY$Mݐ`&q,He[ˎ[t|HbI\EX] ȔXyZUz״T(B:՗\DĻJ*U; '5I9wZRuDG5_#cb܁wE(%A&,A0\5rDhl6!< 2#fZV,FyZS֒ U=zh : %Q^/-aa ]Ss4"'IK:+4fW׊ZUd1J*LRElZ d[Q1_'c$/=P=Hk~w*vU~UU.DO#'?H]V,F%Z3\=M]{ wNEiPvKvRȔEi+{E%ۑpͳbT5b N 4l{[ S_#өl[Lށ+z(΢ׯהWG=s˻.T՘n޸c-i`n^Bp*EXw~;@)em 6$l])W:J;Ve1`@Ut:%qe|N"NixQ> Rؕ@.Fg*Hj$uѲ\Nq]i Ov"1_ :8~JC2UҮm3pY@"K8Yš.%g+6wo(Djѷ'o'd4/9 >'-3̉2]K0Z,F^VKe:z#HxK$1pjiX̶|:!=F@g:ѲG }ꋞnڶJ]!7@& t L<- NͶX5 P:PX!bxD6LA%a).UGTeߩEI:,v]1&j;=4;jNC|ؕTqh0P@:֤mD&n:x99cW`3o)$zJ^ Z=bU.'Q3n#s^@yױ:wlwEzh`Q"&Ud'rk-˩,*mV+j,[h/s{bu4v{p$]ʱN+neAURz$AeʲlESGGTH VHi+ wh.גkcdUǰ -ĻȹɚY#9P:Q'o$Ǫw6)cF/nqZ&x9W`sqD۶Pu@AiOKH*V5yՑNLӮjՒTV ,[A0דuZDQ aOcd)aQ:iv$F,{%i!JzQ$>كX J-zIIްi$l$X',  8@JX80 =H:m`VbUueY EĮo1ъm\OH0EG.*@auĭi;ج(E(kbLf0IcM?w],:d6 KJ(N/@ziH Pts$NusZsƮ `[J5ޕe1]Y&ޕe1j+bɻ,[+b(veY eXޕe1]Yvull`c[w],R3%e1VŻ`c[ص,F.O LOzo[;zB [9in"BŢ/"e1|rݝ5ޔ4cWJ!zصUWOh 36_WυUBuøړ\wmx=h &]o˜1a[{#W#Z"_!PJt¢e?@v>U;rȸ'aĮn檘BZ}Bk{5_DP=<$-ۑT)ʍ8&]}1>jLde"W`B;wpSB}Mu` Us fMM Y.?pi*p萧5'Li/]o*d\*Zu` לPWKP؂yd1>:{A ?ى,<n@ DB 8cXuВIpoc}̌<V2q1Jn,ìž.`"v+S!. %&l}t+ §]-ʸ`˔X +W`weY :zW`Qʲl5 ,[-+bɻ,[+bŻ,[+b(3l5,Vص*Ů+[MbV+c6d1V$-a& a}jwhKO,cA`KNG?F; $&4fCq }7-BCehANJPicO75pgVGMot*BwLp}o7v]SYX^];"dv+aחo %Ay}#}Kq\X[YtWW%%=d_]5{.-~+?azkue1Pϯ^{J(ʕo^%:6qmٹޞw]Yٳ/_=¸1N?OuJD$Df} m_VR7]WCUgD,"{Eľ/?`?&.?_ !a m+Eyŵ%Yfzue1b*)_=Ȣ|In}#Yyz6ҳk+}7;,ъe/ϟ=K}lY}O>9f 0YN?|sKvuň1F3%V9^RK"ˬ% JWϾ.b<À =!K+Q?9ӳZ X*(pEf dˢ9ϟ{G*>!lQ??ܚ~|LV׿\+9>$S?ݧum˸q ){W}!+}NY_*gOwӸV\ Kf|Q"8!ǩ~R5D#~A Wd^Rd!\*{N~߿ Yq۟~|JNM\"P..ު.~Gu˸ꮯs>Wxw2u?mbcr[\1SWFi?o^?5VM8lp%zZJc;T‚+*{}O3[VۻMcXEpyV|_O \%ol^ Γ2=@zt-lqi Q) w Ye ?*e\*煱Zg7ۏyzEwH,e ;gVƵ2&ٲo?j^p`nV0RLֻ~)!OsG8oן21Kk#M[;>ep}K?]tۏ>ĮX#M[WY^;z(n^qk|~gFcg>~U䴏_EV]uU߻,F=gҴsL~Uޞz)wUh<'?b*\,#$}V۳ͻ,[MRV,ۺy׵`[[ﺖl,zfVmb=ͽ/ކ= PLŁ\MQ9aDA2؊9TH;34t7& .|]w㷦!+xֻw"Ԙ g Ff[S ,Έy8h5gC<11bNxɁC1%xX[E[#`zGd1Ho &p6Mɘ֒QWy/T<ML/-rL=[*㷚fɜ;~y׻ŀtHa{RWXۃWLokrjL7c^ A9azz:uַ~mp; ܑ,c; ۷1D)#VWa'u=a^ٚݼSw>`HF@-Z4~z5ŀ ^,Ÿo,Fbwl뽒`[`bq0vK޵,F,/`7ȪrɧElCJ#/8w]w6e1jgޘe]Ak^fUE# >Q+J(gٚu#bX-w*}pkZ:TŵԑCS G%@ ׍0e1 nFYR$-k435WkƎY ̃s7h\clTE6t!d/a}4`k^+X:ݶ_ev3Y Wcdx"k&8Cf+q xmD %c~ܨAÿ JX*?/NK^*XhhqVuϡhp..Zlh"d64G^{6{BӍgpZaЮ  ݍo3۾e1Vm末[ _Qpwuמ:rG:V9WBJt:ڦG~>8Fw]bxc:ٓ!tQKfn+ks_+ՕW`-yŸ9bzw_Ӱ:\-紖w"6w+Y 69kiYNfZGZLz?`tqҟ}3aT#2e1l̊v ?ZpN;":jUd1:i-uZg.Gcur}%\zgk9֎z.Qu:}d.5Cc3n7`cz0wl*RV&bYt 3IbW쌞decN7el$17j \Mu\S^f5w wٜ>Ů2UX/D$:GvL,]yD:~c/Cr =Mp2&=amo&."k'󃰣掰W0Pdx3݃5VʡIu!TüNԙ}05pu~.: 8W@:vv}!MO+lnnY Õu´F׈:mԌ;v<[z3Yx(qO&4Vl ŵj0* eٔD;A;;iw: ";6̀ȯv\@z03Ϝ[ýXdoTԒoXuj1V1NBLb,۹2lV`c\_n$vwV`c\Y 6_ [Umٸnƶf`c[i`\jguVႬZ$⼕BdۺU [csʸ1+znoom*a^Ͷ|jv&֖4Rn7Nn3ݻ%mڈ]w-X|i֌vvB*ƕŖum6f]Ǥ2Ju[ѣG 0õk2 Һ+v"\J\7%.Uؔ T8n7W``slo6!\%];*џk[Jfâ5부Op 7D.DIvf2IJn7ݶpmZo,Ƶwkƕq v[y'nJ0[m]Wӣn7vȜX@J*nqdfʸe9n7)%qc׶a2^ūZs&dnBwD{W5'3lbu޳cj  ūvNymBB+4we?36V&i M+vmv޾ljZg%Rʸ2`@4v?AﺻMNng 2شfIz%Hٛ՛M^0)c#B B ev6l?p9NlAjLt)ddLM9|uőVTncj4,p0H z(L F0+a\@|q &>N#Pp} {@m%0)hA_$4iCpH(8@E@pd^= R: !A 7&.+ '`(̒$.U $J0Le`nh;)%8!Xr8l QE( t@*.G8a\TΡ jW \3+J0no{ۀ`WXSYJ#S[%(o1Yn4; Zf̨gV D) .D~kܧ*-W 1 `f@XUA)J7 ZU,uiV+ۗ L4 )%lb/ -.hYB|s X\Pm3 𙳙hnD+ A T5A`ѭ.Ce33XȮ˱^+ npMw8XtAp4!.sw_BB3`!'mP fm(07,+X ^BJT+hBgÙ pKI` BМ'AD" q<(yp0=EE;8j*?"BЅ%ha ?G QH̴ɏ{3@@~uVF ` A/'Ԁx Kx"H³`lK²(WmE=q;wPc ڞhAoUԠ'Xl@ @# ZйqoR畟́eu&uT |wŋSjz5`E+TnCl Tuo2)!)X/RLk!V%u6>Pez%+<@_7pyA5GBO.j7OdwB"Kr"2P7(.pv~*L.b)Z+g6e\wR)77zRlPz+&-pBFRBPF('!!A-EU4ir&"9"P)`",:E|4NH8Q5QV:c #AWW1}R{#+cX}+30 R(rrP0ȆA w~2Tul&2W'84ug/mᄎi/o"YSg%IBy9Qg0`d/P]6A0;cFQ^-R+ŊA0Rw73E/cUUdB P3g.sr/na2PGgA]cg8u5`bQpuAs6:0AW4M;Ǐx+7c81U /IUYOYkqZceWi1hA`E.@!p$ggML6•60C3@RrÓ;i,%+}X3pQ3]#9+8ViL" RVm]a_(@U:&ިopUcP^QW)ZP`)dL0de`! =GL@XP|!>!{yi^`A^ePVp$3VDw =Yq=E'ih >nH4ptdv66>&A=!JFa i Q-lZ;%G'Eeg'yu?EY`GS``ah́K o :oY"7YA<MD@gw&BjP83ˤKwXS m#"U CdW×0rZ3N(a[y"\b/_ۡ?QHa?C6*u@1:8Aql ZIQrn"#P1?FP"?ƩG'P*%SbqQbuT' kh-Oʫws}d*tp$:v֮gB2,g-PtO)šLR0OP 5#!6Y[Ŋ:MCB\qE*`;h+~ۦ,d'-;5KrH jbJs}Z:@5vJ}NA[, {@@!@Ғ"3RGZmY`FR.AHC@TFi胢TBlmu{D)h~ ,2'G(;(zp=0nEP\n!rpp0U䁤KjÆt8bt4xk,(zn{OGiG"v @]pQPQnS4=[@Tc{t/@/q<:0NRzRWE8oR3pmmQ{(;(ptPő'.rxQ#RZErk6һ` Z>;)y֤NU͆g[JgWG bǻ~-p{S2HC&*w $X`nfڥ4`GIiV&aUN`#u":I3Ie] Tt9cWvkOQ;"F+Fj/" Rww@c>J}#k; YIp8v.@&}v%;{m\n(!rX!e[.dw&/4Xy^cȂsk@`3:dg!׼wր±=P.pu6,2'%;KBMEq.h&3r_+$p~@RLQbPigdI$r%Xm"+-@h{zM{<{pBd.ҷRv7~Y5$M@rt`hs>3Lμb}& F׆]篮4vhuôX"b{%@F,ԋw{`UT/J}h:ea9)\N=nd75ª(AӮ..c,ª)'oi!aSqtR8!B2:Z+8L:T? yW6`7Ap71E"[uIGƣ,,pRF,iԴ'wˋvB31Ј"WT/KSۗn"}u78*RB8m ?B&.vk'2=vw;h(Gqh12=({.VQ[ńTـJM:ZW"0_pI+|RUfB]'zG͒"8rB-Ⱦ0^UWձ@L5?eU9` E&Fh`OPcRd*5UXfx"孃Yq(H TQy=YGJ3/ԭSnYO:g1`%P8H}Ծ60`/pX R؏W}7-=.B2E#.,θUX xy=,2$ Y/955`ygMc%ns70BfRþ銲X2;iHB")`ұg=mqg[NqQ~}E{)?BX̣&5yI W9VC󳮒,:&hS'5)8 B0#7/*`HX2557gt8jA,4%__ꙥ/10|]bXZNmuI:w>A/( c;.6v5i7D9Xr5SzCg[4c5XI0u偨ހ{ @9e[:dkD+CH\;ɫEN1ŞR]/1UlP~88ko8s_ Wڑf0n1qYxx;6Ņ;Ya;!D hDAA .dC%NX1&lQ#Gp$n( M, )Y nTPtME,ȱ"O:. , A8||4"8FDEyw3x F 0Š+HHqE -X ]򸐴'9PȜ gI$G=o'n1,ťON< ;images/feather.png100644 0 0 13210 11237400234 11607 0ustar 0 0 PNG  IHDRFϩ<sRGBgAMA a cHRMz&u0`:pQ<PLTEoO5p`Xo3Pps/n6KcJ+ 3PnVFw@qU j :O+8 2$r)7R .8Ѳf喓mi[|}eCCCX7QPK !!!___..-ppof sȣ㍌w츛fVЃk-3"ga^r3͊Wմ@֒ee_xay)Rz?n7hDf8i6[Gt<`3fT# pHYs+\IDATx[_ZwU䡂"<},Ȣ q7QScfL3}wbjN,;I5skWvmn/?osp*[Eupo~}(ʃYwU;>=n]=qKj>=>|ݾ8}ו\wܹl'w*c;k݋Ó~yy;dsNWljijfm<٬]/=}rC]?c.7vnU'tzmsow|{o&3>H,o"@uѬmƵK^;ǟ={n0/szzzl :^QO6O67?`*?txx-NsـJFfF6k:hwytIk͛ܞ{rlYWO0bvu$gf"6k'AۭKu=9Z*(nnlG\]].WwLw,7ӽgSEؾ?< sKsMȺvڊ d~ۿOBv:/oȐbJy[/.R0q6 ̑ښvݢZ5e^yZ?h5Ѳ7tWntѣ-WiKaQ@P:fWWƺep0ef EK_`GAh~Q]䬝dg}}}Zouxi=8Z;Q~~W(7,me=bewEmX/.ӫ9Wx}'޿x_De]ZKJV놲p+V:ռNs(1Z¾ko{#I ׷PDsVW{5oNDFcˁͭ+w[Iw.D+ R=(d#]"zNf,kڹNF{7_D|J2Laz6K= [RdNG'K_e]^Y3-,ʂjZ 7}b1r=^G}?Qtkm7˓{ e*cAui)gPw)zk7lyhdyTӁ}>ݓ7w={2´Ş]#yfc%H&#ZBqk"qtl7@]NO&ÞHͽN~pVkU*GJGMԹ;̗9ZG$lH>Ik9 ¼F'Yo@GQNo7Gz}q~z}Q' #UY|[Ǝq5u0lt (ioFY3vc~ } _FN48C;k쟞7/jrW-Pl̴ S}3|gfOyMt\Wzlb]+ utz F7S$qW$5ggݭ_yb. ZUsf,.X:eZuk?)M^M$E;U= Ց{ xת{_nG޾(WِZKr}B+YPk2d2x tkUeawMkttU6j_n d'Uß|imZll?Rtfq[mtvP:?ʰg55bѾhw51<XuC,m|slx{ZDm?;kkw;Ϗl%C_2rv9å-)jO0i%ȵ`E _. 3f?n`vᚱq㤆Z?:= Kr)lA-j!dݽ![AXuIG1Mk56=2CF*{tLQ1<cV!% ڥs I二љ$6f,g-+뎎N//NSG BCh\X͞Xʽd'^R5Ӿq.W]4Zv^p80墩lSKpS=+O`X]XęNw~')eV!;uށq[bhlZ1a AuFWBpd1F~x>"[PzcZ~"gnRm; фl%hB*A }3t˱CsI%2N MYqmӍs䩩p77wÞ`s*ӂ^z]J5st4!GՎ jlZ2/TnEeNqDN+,hWo~n/ֈ x&'B!,#}<@-wO5F(|T "`oMG%o~.e=e'>{O^i8!t:KVl\Qؾ|.kp_ 9:^^dHRfS4םk&xo;SU $Rs R0o: ]G^wX?eS Jr _y;FP#Ԝr["\%@s3Z'dFq Z2+<{oC rUD:Ч9tl<`ۍ%-Wy1u糬 y%l47>fQ@G>2'Ȯ*K3",4.rS=?3nI!+LW:y:lNspsmBƪgr2TD?gZwĻWBꔙIg4'd"Yo2W#2'dW ?[xv0q$0\5CA9#e8qoYk\D[[Ojq1V05\zZTl3",=2KiB>… b=me,_ԋ*!$I GOIZG+Ym8%yvF MLQq9GVܠ` &e)s8P!ɇLùj[)| 9.SOrB;^N8Mp6Ws.w0ھxH_xMr$N'6рZ("XtL_gKi jQ(^x&$G[~]o`P] )lu a(36ŭ؂@&*b7 a~&sy_՛>_e .W:} 3Eَ Z jt.+J܍[rUhAkgԇ3Fz00>6FP7&^|>$oL֌ % g|,@I__~]'fA\$뱙sIENDB`images/filter_arch.png100644 0 0 4553 11237400234 12445 0ustar 0 0 PNG  IHDR9[ccPLTEU~ IDATxOLxɖ5HiixhU`"U&C[岇,T`I0{/TBJza{qDH[Ro=*^o޼?d3}Yw{{߿7!IKZҒu1.#31z45O~v/f$t}@]AfpjRcFwڹlF$F@5 QɊ@k%G 2=P ?=^<̿o(C}4 }uPIu-ONk֏Ƿ7s6[ݜ݉ݥûʸ5VxiF_U2/샹5h-nF#;О9_>:bsAv8ܖ֪d &#Y=Şz6ֿhb}6Gխ(=z~p2Fr' d3UH^q@:-99?:nch5n7G]ƵȠ[OJ6Fu(Zp@HK Ԥ]A E$Q(+<ۖP *}Oi=ګq,PHR%C} K)Cۣ АeXB^d\d) ӥKA!O˺d4~טc |?Ѹ\C$bB#64Хw~ARټv d\uTR P/!4H7(@[ӉD@ VF@6HH,- #@_9=1:RHgC.GPBw~@G&d?td (ẕDdP}Uh"l(H[`&@9,"IVDt`i?#h̀ﰆl6^<E#YPJ@ (%74z*a/ N1^vEAh5: )C 'eGn+{JqeI'Y$WVOqFw5.sM"w n8/JqAPa\]ܸb]u7?9rAARH,W_cu <Y{2PO yfZp[P!ҧ7/" ~bI遴);R|.ϑR"G)w]^r'[#_)2S?b=>\q0?崙wLdS',"=Ia0AWOc'9 ]-@m9_lӸWQY0x?*PdVP" ݥvl^)a}~^.ЂȤn6p SlyDܕR>boe?[JԉڑγPZH!Q`jeT[͈NF#_2[HCXHR=Squzgհ24f͖%<㯕QԾw/lZȔE2;R\P*Ծ=h_#<102VwTIz`mZ kc dt.{ *~#XWs Ұf^}Hnxr6(ZxoW1l d_ *brW1A}XtZLگk di"t,v RȠTw)Fg(h.'[oeZEBݮC{tᧅ?~f=F_4gˍBsv36p,ZŌ i6Q*f |R9 ?PcڑZcʦ@Oaׁ _7wA%&nrQ| F(dΑ, C7Wt/b3h4G/yAAIDtABj&NW5i"iE, 4 {6ϯW O ?~+#/@Y,Q3@9,P /" `>5DȰ_eQ@ ڹH+^)_ ɿU (sWԑze $@ "̑d{׉臭rA- `T̯7 ؂ (8;7Wƴ~h.jZ&6dCGXn!ђh:GWF B^:O1Z]?JhѪ1ՇīXVCժzFz:I@ (%4?)03IENDB`images/filter_arch.tr.png100644 0 0 4706 11237400234 13071 0ustar 0 0 PNG  IHDR9 PLTE333ffff uIDATx^ˊ:`]A ̋VO1+ж!zC3KVުOg*¸!)3!T)!=3=3=3=#P~ ͳ3{DsWp<<)' }G,;=sAez陞/{/2=3=/+3=ڇ'@{f~pځ6}G)G=y^^hOIcA'3*E_Yh)K:U?3תLT>2-ATfZ1Z^?YH#T=3V\ΊcHD+RgG8Pegr]<ճ@ēґVO䜒~zNÉ)'-/?Z.B3 +<Ξϙk}Kis~#!ZWˁIJtsqRR|pHy {S{{b4rnXyn+Jֳiǹy=u4(6{h穃=Xc:ˮ{G9_{υ_  6V P R๷>U=ho w ? q7lPXHE^ʃjOX0>xl1yD(uQ)XL=N!n"<=y3bx,2x!C&գGÏ_#=N[ /"Xe)^ʣCєҵ0O"@<&rI*ߊ%-Ey_u!4sSxR[dG6Fz.BHbC=uQP<c=(s(ςS q婈kagg>?陞陞陞陞陞陞O`Ͼ~Kz)@1<ʫBOs(߀;hꇛmn Cy*ֈ6-m?_#fU$_=N:Ϯp>c{Dìy`~_ofP{/陞陞陞陞陞陞1ezgz gjoIENDB`images/left.gif100644 0 0 74 11237400234 11030 0ustar 0 0 GIF89a @Xq!, iLre zJ;images/mod_filter_new.gif100644 0 0 4530 11237400234 13134 0ustar 0 0 GIF87aK,Kڋ޼H扦ʶ L ĢL*̦ JԪjܮ N (8HXhx)9`yyp`Iũ@jp**ʚZ1j Q j뉪{{,,[ -Lkz<[ ͼ l^=ݠNOڎo2.?/@]|5",X'CW+Z1;z2ȑ$K<2ʕOֱ|Y%̙$ҼI!Ν5e!С= ҥL:} uϨ?Ri֭\z1+ؔbǞ,k6ڵlۺ]mǸr7ҭ7޽|l 8 )Q<bXGd-yVqo58kVYg5)5 ~!Wa5أfq:k3Lz+^rp-͜'FFzÀ)q:}~YN<8Yh_wƩ_\~x= ,qX _t7Ӑ=F[r0@#~"dTc5wV=,IvB_[iR ##Aԓ9H& ydq=n!O"˔TN`\iP&*D)m2'un ʝ`~فI eA.ʨajf4&*%ʙi2ICs'j>-*J*hˍ;{Wkj[0l/תحZܭNuB[jӶB HԴtTSb}c,==3um`=tBh03Ŋ#966 gh &'?Umw|pӝ{lפn/p¶ ޚ;»;1u &B<YRF8\[ޚx҇+?^$D~nb '6 }ZfOb|xd(`ހƫnr[R.m~]`8LcOx#CUP#;Gg73,uA nHTY7* EYy)+cG14\3EvZsaFF8ob(? [`Hj$fcHKy?Yh2,,)OTR$ d+'Wr-kxKEܥ@ LRVf.iL4cpM%9aS61C(}\8YBhS\`ʓ[ l'&ቑrlȴ>ǽS;H (@pĜ;Jz6%G:AM71X= љȹ` * CI4ԁ?ЉnbD>e'~++5ӈ~p_UHP K=GZ0SC~a';cPM8͟ґi:O7ՔdM=F2(cݫX6s #3:Pe3[,ԘW#* jZYL)լ7qqZCe;;Go%mT*GFonRS.NqWi(׮9* MhZLM4IGDGnF:/Жtieˣ?Sj>9~9u^\}U/Ú\5dlkJ. =Leڨs\xˌ9ojXJr=m.g7+f pU!6뮨ywt#ۇ k~_\5nW`)~)Ci8#䐹ȃ}rۤ+?p˙\3oN\i@W9O;B0zMb[LNTK}Tկk}\׿}d@;images/mod_filter_new.png100644 0 0 2034 11237400234 13150 0ustar 0 0 PNG  IHDRKH"PLTE1=IDATxNAgw4&.L;&$zEib+#4V"510фYQxD~ݒmw62'9̜ʘ1cƌn[)K}6J1rE[B (/1%)!PU,yɰ#׈ڟAq;*9DJt- fy{YdgF)FB%eGɕ IQ냔'` 7:I0 rH.K!QzAC S9B8 +U甌v/8JxN)w9z+-9N9%Mm99hF_4WBM51\^t';Sl{a"UE؋GQQUԣ/b(N%6wbI5,XWeQs4+mLosbH8̬geCCCyR7_-H06|8 *7z.AT8zv^ tE+`Lu+~M=׵)A[T5m1YqRe(J47[P?igYRE9 ^v ߖ'g OsSB @6FˢMJDz K΁֥;"be̘%?¥ IENDB`images/mod_filter_new.tr.png100644 0 0 2456 11237400234 13604 0ustar 0 0 PNG  IHDRK PLTE333,/IDATx^1n+7 <@0x)Ҥqb2УlJ&XyZBwE?`ªn2(ʻ Q  ^JT/_Z>(J(JR >919$ҺGي(.pe(ڃL@KQ@%xϋ5̟QS+xFUT4J%`G+ëD0~1QȫS\ Da*bq%ܧ;m&Pv3BŃ|"$ .۩Ɠ~8GL@Sn$Dmj@~D(~@_Ost)l_>t骝&_ lNKE@:ӳ9&U9BAB2TXA#R% )x@w&0Qs_u)QQXD'BFr( b 7N7>V|3N`CAo2Mt1OFVTAu2_8s{Tr=T&ro~6U1(y.U7ķSuS^F VQ9H8P P&%wuN 4o6!$*b|CaEQ)[̦A<*%g1"i灕JPEKtJ!" NBvL\)Dg[R7x̧ \0pQ(c*QgfQӦR|%RD/!8!N,*TMy T;0;}h UQ&5^+PMώ(pa(O+Rmgw5.S\t};k"+S%R,?jRkg"vVvVvVkgM)֫L)J(N_ՖYmH22J0,+UPMHꗋQgS.Z÷3M)*eP.٬.Sv%h%ba 8 pڽ)SRyMJܹUjQ$ t(T}SWJΫ5lj~:1<#JS u2%>Sq*C "XXg o=hPSФ"SQNQf6Gw8EǸ6V8(h(Iy1h))JyTDƚ ,nTf>ۻgmn?f<&9ԫ[P䃖~Ut_}r_?=g H`s\n " d҅ n7.z!tJvkbUAYtv"q9Ȉ֚-"$θ&ո!h g4tIwe`XMiLEHIeyH#lBd`㚈0!%:q4 '*bNg`_ʓ&:袒NLX*ni J8Zj:*r(w~z\ jPeR6Ⱥ+1vGlM,ڈm}#yȏ}K%\r~2r^B$.fAص7kֲͶȞ ,3{Oќ +q qR"*lL—r2B 4̳r/sB]/?t's2MgU F5?!嚣9]uaMI^si6chӎJwqm6i7;mtK"rwH&-橱ylgc6Y+ŷIyq!fr{;C[biQ ?B/>{/JɹG-2]>*;L On8{`#C}~ax2h۽67O ؿpncr@$J15,Tm"-S/ jp*;images/mod_rewrite_fig1.gif100644 0 0 6705 11237400234 13373 0ustar 0 0 GIF87a,ڋ޼H扦ʶ L ĢL*̦ JԪjܮ N (8HXhx)9IYiy  jGzږ +;K[k{;ؚ L\l|7-]Bm -^@n/?ONmߝ0 <8-TᴇrJ9i#vבG[(6^_$7LFV`ִyg![^$["km)u{큺bM@50ֻ0w᷂dW"iqaG. 3vNxb9!֬u\NyƔu88ɗ7E͸c.6eТ"YxRi7Ԫ{e9|ʡd΃l!yfkXVpY69Rzީg^e(^p@ fDl8{gX-ƈo&\Z:bv"QuٵEbSgyXq}d_PZne^~ fbIff)h暽f.py˜tb睳g,|f_JhG>(.h0ioT .c| **"\|6jƭꫢN3V룰JJl3Tˌ=笶F.n >.C\o& o pLps7!>o=gF/gx/~ᗯ觩`ǟ[دC¿*B " \@,@0,lR>(t FHl [R"P%@^H򘟐@.# ,:$*s ,qTLbC< Ub [B,(z+ZhE2b>BaXŏGa҇x$;Lz);f d`ʢ(d"'g+]HZdA46$mʷҒLk6tHukiCrԈ44z:9PV2&4]I9@/zRlg ;tj(zLBrĦ>C3T@V6Wf`D:'H@le(xK iy{F)b<ʀڈ3 ACJ!wj?=I HIQQ8"NMKU>t@MpRE#qwrȠ4Tj#t ғB)c5cBGIDźL䰭K#$%N6Ȏ=jRal JA;+ &h*eB [ϞI¬H[&^DP\k5ad~IKo+vRq!7K˕oz,5Hui\]\ٝvF]Z껻.ț\!7  u v[/ x<+Xz| a88`roeKJn 1<  şP2 Ş1h Ʈб1x 7 ǜ2؈ #&p$ %ʍl#YR#dn9];di̘(5+932/;?Fc%|b=3S썳[ pc>=&NU6(ĩThD)Q>Ɏ-zOXt5)iqV)A Bqq>nf׫~/dWureMhG$^u|[ N3̲'k=t{w?>h{*kgTԋ>}ex>нOރ͟iOgv?o ?7G_ 6(@`J 2ӀB9-G7f7+",Fr!*8!X6(x.d+#XW‚z?3v#'rFIC6?ȁ+ C893/4X+o\7 E38KӅql|3w0&Gl$ɑCtA(9@yl:)iGUin REvyRiB"JxboRbqXV钥xPnPNE%hsaEBɕ+;xIuٖԴ?"Mt1vA)x`PqL'WNi_ uqɗGk`v3R7P{PetTy9nvb%2'Fb`1?P|I RI%RH4Nf'v!z е~) ^-} $2 E?jŀC_V"x=?8 R9n'pyVςp>ZjZj֟:lwg53ZjZjZjMbߨWoTVs /יQߨׅ76ơE{\bUoő)7Rz[m5׿z7c7,9Q5Rc۷dFձ1P86RoߨSoǎoD7-coZjZjZj5OoY/wכߣ6}]Xd;Ǹjk=]Y.|z<`-|UgXe*WsXeUl3XS[?~٢Lc~]o]37֏Һ~-֏Q:֜`Q?vQsGt]Zj=ƱZ5yLa:X;kKe,\:XL!6q3y_8v,O8hM8lM8hM)j=-ƆƼZjij̫q1ZjT箈${IENDB`images/mod_rewrite_fig2.gif100644 0 0 4771 11237400234 13375 0ustar 0 0 GIF87a},}ڋ޼H扦ʶ L ĢL*̦ JԪjܮ[8L.gΖ;PS89u9x'LJ`8F2)3YxHpi`zziyI#+ !W L iKiˑY,Sk-}z|]6=@fv` !|~*??=ïP^{i.l %gC!~*yH+@^ƠYh@R!ԈI{D~pGćK kZӦh=r 1RtЩΗ<<֎&EI֡f*ZUlp@kvOf$'ݧ^9MР_j\1?AymPhxi%2砅{"uahG*زԥ1)D)GG0o}uao<%롖H_mf~=|!fZC#|q`jW0@`("we 0hnPX{p(b+hb$" (046 :Z` c(^EBdJdG>^^eZne^~ fbIffn)%Vf fl)gGig;g0g%*hjhLĠVy h`8ʉ/az)[(-kb^)D.]%eLYT:hjZ̝"\.|fNJ&1gj-XB-~GAʧQF3.y~I@S_>O?w"W\ V*5חnE7Wq2g/ae]&_Ce"vՙG+u7΄ǹR]}&KGlݽv0mqtOe!GXr)>|0_o_ ln,Tm\K5BV jt4d-vF[c5v Hbri?Fiւs/ I *uؽ.Ynɀ?Њ0y+fۋ.L/j'BDᠢP,aVo9:f~~_OcwA߿E?{/ M ^=8` *00E&h"+i?@ODpAP! _pb i8C8|G цSDjL|`&J \DE?pA_DP5 glRAP61*s# 1\#A@6-`#vd0HB|@"C  $y4rCL&/TN,'UJ#AL% I m/he,kHDj/ `. ԥ oY "\L!B38&5ghk0,&YLn9TyN5L%c괄¹xf05LVpUis$d8) BoL?pʳ<>UC #<& i,Zxv9|]"*-:*QLֲBå NK6ҙKO|KCHgGN 4]F 碌'O&MMLzNsnՎt2łu9]m:g7A 3Ԯ/ۤe=jQs};6:UgiC28Ņ+Z pi]̅KW͆0mժnͳ6r{b{ VegSֱ3t{Ul\q삎Ekgɺ& KE/hs{Cs Kz^Ҥ۠:eb'`rEn*QHjbC踯X-T)ؽåNUؖpm(Hכ,$)/qHF``q7#׀_0'ˀ^p+]/\ @-iš,qZM{=wO?ԗk+oKԯ ;images/mod_rewrite_fig2.png100644 0 0 2545 11237400234 13411 0ustar 0 0 PNG  IHDR}$sRGBgAMA a cHRMz&u0`:pQ< PLTE`p pHYs+IDATxM<* M/s{GAmtV~ '' b?=*n94@4B?8p]w)OynlrّuϮ@Jt)g9*p|_.7\Eb rPUR=QxQ=J3{\c4<j#f38R?Sd@ffl+ I)FaqVڻ/8. ԻG(3pbٝ=qQU9)%;2pb@'C 1%fvkVZZ`;ۈd/5;-YOlѦnٜYԗX*^韗.7>6#]ϟmoצNZ9y}=[`9*ߓq}'*Q is[Z7tsή]vŏ<Ễ1/YKzk~wyg^z7[wY:8{wb'be`Wxg[yf`f(F݉U0 :FpJ!;HԒ"nQ8l6h[]-Ȣdlyԓitu[:W\|V'~`Z|gnF< PS*Hq zjj{cjjB뮼묷+$$쳗±V˨ ̨mLwSZk9(I{r(ʻz2kuv-ꟄjהokSXօ[;of,avZm㦲2b796 H32*:2}"nWԸ?z)QR"DID`6p}<4¨۠Ҷ}Cyt Xz%q@.o΂a = ֤24D"@&~;T&%.`X֝u*+ڝh0Ű\"8:QBdx28s. [g8eYj\ U2ms* )8ͅI덯&IJZj&H9Z[甆(6[`9@R>l9MN+-2* +F񘦬HIZH\!!q*svdrӌȀl&y/6f D:i.wkEϷSU53~^OM(|UDu=jF9ϋq HGJҒ"=(%V T,)\RXCtz5J?=R+) FMJ!58E]TԞaW*U} ^*XǚկUg Zɺմm+\UU@iMӾA{=LEJXVMl{|)+_S e9 ⥰jֺ,fٖp|4JD;–bAqkn S깯PpD&Y0' ƣ„qg%Q|8ܙPnrCRzwB+q[%v5sX% kS&Myu;dJܨ=5 !G%~ q,I))n[LGu8ơ'OdSeXLAdM *0Ϻ ZbD1<$'y`$41_\،ʖ2&H4{ ыrqأ8zrQ]ְ81ey~7d/t-I@34BP3NƓ +zα[x93҈9ZK&ۼsEq*$߸fj|ӟb!=j@78iazCvҊ\VDij%f.kͺvq*E Uxѭ>N]RNhf*#ʾT 4}Jgꁶ`lFpi ځW5ތ+⛍|qK_8Q!ҫR?!}6DpC< b?3-Hŗ_% dF'1ҏx `W#ЁC:W9M QQ=q8ouW;y?۱(:8ݯԧCI-*ˣYK&;;h,%j,Xd7UWoKaL]eq=S9B>p28nnQ&lň;4>f4wB֒[ZM;<?c.9}& HFjd9B+Ζv(Lg&kG6| q+j(c3'D1s5b'ZD%B-(vz}^ru@tvOƃs|@XEGZgGԄ%PPRHPTXIx c^O``bAql؆nxVAxL\P_sl`CWp~D{؇qBW{ȇ${#>3?v>G=I"uEqHU?"QAT^CBr1舛Uae'EB8\ys_%B]ͅHev'>vys7dzw^}Td[E'TRrը^'8Ɖ=iH]}]o v5Vtc(Wpy-[فِT )ly-8ȑ%DG(ib&p-/y 1kV8i P} @yn?)ATSՓETvVxuWKyMɔOVuUNiRP99ɕQXX3]5W*i,YFpjWcɊoySl)gn9APS7AOx)SlYZSguq, "ń#bh$%gydXgrshg@wO\Lgg] Śu'ChɒID˘]8^cbkRF*qԃ.i::諿zq"$yI_`y7[Uy.H3'0iHt9"•Cjg4䪚txx^iuhI;Ģ׬!Ww1vY{v|b~5NhC J9WsmBZǍG靊Ha9Ԉ~gE*@^J0 Xo{⭬PhB[T[ ǫṵZ5*EصrgbGjm붎/١sKš1ڷz-Zx`~{{r{+UŞw<H6Oe[:k빛{b4 ֺ{kKka{Yy;9FT:HYLu+JT` ۻ;֛ػ]K`˻|PKo5 {X`*an0U8r(G-~Y+[wJp .%v# Ț66 t!ҍ+k_r U'\t |[~ǀ,lLvOǮDĻT ;.]|Nw4eҘwO|wh:V^JrQ#'[\c,*<6`PNJla0_Þ wT<ȧ[ɉ_ȔNȁZɳ'ʟ| _dʣ|=}Z~|_²;@hy뿦˗Hs6ʻl,HUˋSKLiy9l ,ɋ[F',D,|>|V,`+{{[3y2x}=~&=T(˙}3d@4vxٴe{XS%ق*b%/zWzsG,oЇHs{mT&קgi *%v *8Ʊ4l 'Ӥ:+꣔sHP <$5r>U jmMjoydKay% (| JEM K"@Ec"hj6)o X~"H)L=՗ ڜLЛ{<1̀к]uʒ|MڷΕXZSE,) ck {Lŧ y=,8> y(_ە>h#mN1l0ˌ| ,S:y5yUL"[%VS@@S5.PaROS"DUD_V=phV_T>uJ&TUCPp U@NZ:1#KDSu=E0&Xs}{Wu2#x&@XE>KjzfZ[J޳Edvn#vy:$,tXXDl44T4kDc  %-5=EMU]emu}&.6>FNV^fnv~V;images/ssl_intro_fig1.png100644 0 0 6403 11237400234 13101 0ustar 0 0 PNG  IHDRGxksRGBgAMA a cHRMz&u0`:pQ< PLTEo` pHYs+ TIDATx͊뺲2 4~ Sߧ Jw\a= B.&,wv'6{\=UrI*i==M2$L{ !G<}7F+%U-tXBhRPm@݃/p]E)qCEg %$ѵөRETQ\P71> FX tmU*%_3 ̖=-Df9#_Ri˨6z=lٓ" 0{H_JiVQm"@S-RRi }`X ;2[(Q'mN[5د b"fvnnE6rAoMy BpCdFlgJ6_CU_1XHZVԃ‰ kr7Ɇ @цc4s9F *PnQ~M  1P"剘-1#2$beb{D9b{C0,‰Vh*Pmc4ks12X0m'"F[$nD\^؊wD wߕr`+*uZmJLܠ iW&zҬ֥܏@*UZlxSZ+-/i+SM,Jkue=<;ZL$Y.-9ѿAc}&6!ojwc cC@ن> 7PٷQm\x> 0X$b:ԍ\^1>h޷>f{DC{s >0Bԯ|0! 0"4߲oj261\|[R$P=z\PתJn}?4G%K!oHET%BrJ%%ҴMN2QJ/.*B$e64JK=R ;|,J6ølGho[[߭ՏWL{z@d<ߥᏏO<ٰh}C9X`N&0Dp4!6rDE b&m@qs bF no-"[>Q-YZf1BEd &/E `{ ȌCw(Cm7x qr3-лi>Wo12o=0cM&``@W E)P,gB -(QԛMYY*JrS J!U[R"2˅àj[LBljA-D*JkRP|Ҳ! q&Qtm#XӰC-_~P@<%B$Z],kV [],k4 z}4rH-9iu;T}M+Cw=I;`dߤ5rJ1`g=JҢTrJUàRU3ZLjtVYERg P(JgC JijlEU+YnѤuLVcjDrjBMSu}un)-=^<-=4$-=04-=l2,-})w9iY$enҗļG 0gu~"U`n"Ɔx^ǴM1@]`8`9#{O>ڪKduLfOqGE,>>]tZ1<܋:qni7guL ;y D!oyw;I4n@6WM%:Uu\B_GPg͕J :mtJ뺮?l hN+R%J+Q1N+VJu/C:i\HVPm@7>:kTR]DyDf@5W*QeY-< {QlM,ɋJ]xpX=LQu_L_>7l5|SgBM)>'Ԅ-o-c (Wm-Ta?mpYRetNlVU-WAmt,vBWJQUK= LJU&-εˁlURJ8r!pɹR) hE&7vIzU݊U"Zt/ӇPٳS|u'_=.5QZMkJP0(1Joi\J*QePZRUjQlK UeWtV&M[giuz\sJ={AԸD}%C#o>^dFK3gn<`]Ķ0o= h [3![9|`5V3 36Ė5Pa TDh->P;M,V&Āx@bfkx@C1@ϼ%2խ&1D&7Ulԃg7& !P*mtB8qRjBj#T$IiUe^ᮭ3Adҥ.UIrGtUB*UfP*? V}wjtRBD 19J-^RJRJ]nhE^ߋUJE,7UT\tHdؘhq_.D"s{ܢjwC+ǻlu\5w '=jląxZjuj%R'gN3j$-jV&z7zTz%l9Ү*UiudY[nVrnو)$ҳN5 5:jI&dI&9l~P/Oz/l?vz~={Q?_|{>Uk6/~Ͽ_z@ξDO/F{yu j>͞^fן|2{_ϯ$L2$j ^>;.UIENDB`images/ssl_intro_fig2.gif100644 0 0 5214 11237400234 13062 0ustar 0 0 GIF89a!GIF SmartSaver Ver1.1a,PI8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzసE(zn|N~ϯ%SQbŮȆͺO`յذߞM^۬K\%E032ȈaD*H1#DLxLU$)Qœ2Qi䬗H)ʛXIEfB?9 Yd+8o T Ѡ jt]uIh+zjYwZz։ˎpFpAJ`.ݐTML|»5#C-R$o;zSKR^}Ld 364<7#1+Ā<7cܼO s/WM;6l+j5b|ߖ`5D`]Y}B jIVcWa_f[ BWauM @"0ymMk~9]B8ckx\q8X@,Vgbo#EM $Yh!SMoP$X郖f}4'|qz1yd3f)h)c~4f"$n$ru\r>p.ʣ0ŀ s8ttziݝ,s 0|15 |b<9gupnYL3^x3Y]$25N32@KFBbp"wm:퐊j}RH'Jx;/z>n륔}y@7пJϤtӤm5ʫ$ ޻,WU#x $'3%sT ol}_#>>e>g^ï|_Ni*Ck" g.̀kPπrg+ nN )gr Fp3sac`u Q Qh 0%7C'>1H7E*.Xb9H/|bB15h/@:x̣>Q IB/L" !$'9GR̤ YFMzl%CIR<<*WJY,Y$.wO겗 &$)bs<2)b2<3Ijc̦6ŗmz&8IɈ$'6iY}v|'<~H\VCSUaXZִ:]UP@iV(G4|G!l;lo7?B,WZ֘fzhyњv=jYպ}l=ږn֐pXw=ry:W}tZ*ѽvz8xy?Mz|Kͯ~LN<_N2'L [3{ G (NW0gL8αwc߸@HNl%;P|,*[92.X^`0hNsѥ653L+˹xs>y|mc6jh}C/9Ў1;)[F3MJ_t|Ei C6/AiTԮV1WPԛ5U4չ5gka 1ymdήEiZG{Ⱦ6iZkq{>u{~y{}?q ;\ [Ᾰƕ{ȟґ!?e񕻼)OI8Ϲws5|@q˃NtHѓt.PϣN?I:֋^9}f?Ӯ;7._v8]m4}6{ m/m+~ތ/w{wG}]헺45O.Ͽ8Xx ؀8X?;images/ssl_intro_fig2.png100644 0 0 2270 11237400234 13100 0ustar 0 0 PNG  IHDR~YsRGBgAMA a cHRMz&u0`:pQ<PLTEi- pHYs+IDATxQ0_ߏޚB%ҔASUmb 2cxP^뭚APˍ7zpm ӐﱖF[Q֣$<]0 Z>e -ﮪ+aU>0dMuA&v FF8k>kДMy[ɨ5nN3o "(|Am0m~5n)%^޺ojrV,T 8rM baJS-(emEFӑuow,Գ:㊅e}keoX%VÚ[eaMo8`gYy:.}c x kB2,2,2,2XSGdYfeYfeYfeY{dIIc:IcGuJ)Ne#)4Jf]d̽Xs:i,2,2,2,2˫?=2,2,2,2ۘ$S2,G{,rdYfeYfeYfeYfNW2,J)urd.IENDB`images/ssl_intro_fig3.gif100644 0 0 7664 11237400234 13076 0ustar 0 0 GIF89aC̙fff!GIF SmartSaver Ver1.1a,CI8ͻ`(dihlp,tmx|pH,Ȥrl:ШtJZجvzx5zn|NxDB&l Ùr["Nе8l2aӰbu.jڋro.p\ްoRyW\pD wY󰿮Fܱ/L)怯ɥؼ3qn,0ss64+ IeZ3 )WP,!+pH%ωXCEXbX\i./ Ad.a`kƥq#HmuqvLx8-4P3F-fScH,ЃE)$m؎'r'AuytAK=1pg fCI$$]cH j!d+=PeF>`/FI2#!sTqt9#GN=(;I^Α[#M2 !-]IcN$8 7RҘlif&bvP"Ja YC3]<(q0 1yӋ.HFDɏ9A7rk>Jړ8LqNbc֫ÄmؾCr]Lg)9R1eexy^1h&+?Ʈ'39l׼g:0"[x=yφ>=9ǂˣeҕ3i`ӛt(R;XĘy,izƢMDzwjoGh&󼤜sOl سu`*!Yu;i0N7kJԛAidݢf6Wԝj櫋mdx6]o`׋z I޴jr0h;_fGP{{˵|sMqyere<0坣<(+C':ܥhN/+ԣ*QVRs(L^ϩX^ 훿_:hIGoZ.LϿDS}{5'v&7vKU3CfxSq3'h(AȈiusQE!Q<7hHf\UvkGOWdaP%}~;Gp MEsy%ЎtXA4WAȊlց5MFwe"9O**h,֨/-w0;$^Qq8BY$vfrajC҇1fIxBYӔs? Ty{XN;>ȕ]镉r`b9fGJiɖ@qRrIyuI&tyk—n(,~I~I{),iYm;axYYb.?hO&2&:(Z Z*5tpu(h<:BZDzFzQ;jMCc<4zVz7ʤ+= enD} (6fZ'2ƥq2J\$OrhZej8`> A҆3PJjI:z:dl wKZHWgzr60G$e`ʪԥʌ'QSl5Ko)|΂MtZfka w;.|?@<=A¾@ĿC7JKL1O-P2QS2IVWؑҞZ۟\([]] `a7cdefghibklmnopqrstuvwxyz{|}~3D;images/ssl_intro_fig3.png100644 0 0 5010 11237400234 13074 0ustar 0 0 PNG  IHDRCl?sRGBgAMA a cHRMz&u0`:pQ<PLTE̙fffQ< pHYs+ PIDATxKr8 ž qTS57fAMKɀjulYq Q@iӦM6m?1Nor<9)TPkqPy1a;J(cm p/;w`3P,+ C!77PChQyuX笳puϩX`aaB~X{YgYqk@JPrXqo%  pIPL@1(egQMEX235XPMt^R,JX9*(`/(jd+`RcI=6E 6E6H~6e~D{?[!Q?ks)oaoj8}^ԱEr P P P P P P 5,*į. S[A|3 ns*ҡڴ&UjQ<PTR/~>qA^PHH~'#R(+B)Be Bkw.XDS%T* GJOPe (sJU$rTQ>V;)5N+&1OKd9lJkA6Ioio!obZȜndFlST?~.MefSG۵Px|u{MuXR~hSB]ze-ٔ6_B,j|W@[fDRl~m*T_~"%5 CU+&!]u (.!~61yH6E &1v-/N 6}2/ީ~Nbxwktӱ_PnwkP>?;K%u2ԭ:6mڴiӶS[IENDB`images/up.gif100644 0 0 71 11237400234 10517 0ustar 0 0 GIF89a @Xq!,  4{n;index.html100644 0 0 13156 11237400533 10226 0ustar 0 0 Apache HTTP Server Version 2.2 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

Apache HTTP Server Version 2.2

ֽ ƴմϴ. ֱٿ ϼ.

ǥ

ħ

How-To / 丮

÷

ٸ

install.html100644 0 0 40140 11237400533 10556 0ustar 0 0 ϰ ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ϰ ġ

ֽ ƴմϴ. ֱٿ ϼ.

н н ýۿ ġ ϰ ġϴ ͸ ٷ.  ϰ ġϴ ũμƮ  ġ ϶. ٸ ÷ ؼ ÷ ϶.

ġ 2.0 ġ ȯ 1.3 ſ ٸ. ġ 1.3 ġ ü ũƮ ߴ. ġ 2.0 ٸ ¼ҽ Ʈ ȯ libtool autoconf Ѵ.

Ѵܰ ׷̵Ѵٸ ( , 2.0.50 2.0.51), ׷̵ ٷ ٶ.

top

ٿε $ lynx http://httpd.apache.org/download.cgi
Ǯ $ gzip -d httpd-2_1_NN.tar.gz
$ tar xvf httpd-2_1_NN.tar
$ ./configure --prefix=PREFIX
$ make
ġ $ make install
$ vi PREFIX/conf/httpd.conf
˻ $ PREFIX/bin/apachectl start

NN ڷ, PREFIX ġ Ͻý η üؾ Ѵ. PREFIX/usr/local/apache2 Ѵ.

Ʒ ġ ϰ ġϱ 䱸׺ ϰ ġ ڼ Ѵ.

top

ġ ϱ ͵ ʿϴ:

ũ
ũ ּ 50 MB ̻ Ȯ϶. ġ ġ 10 MB ũ Ѵ. ʿ ũ ɼǰ ߰ ⿡ ̰ .
ANSI-C Ϸ ý
ANSI-C Ϸ ġִ Ȯ϶. Free Software Foundation (FSF) GNU C compiler (GCC) õѴ. ( 2.7.2 ȴ.) GCC ٸ ּ ϴ Ϸ ANSI ȣȯ Ȯ϶. ߰ PATH ȯ溯 make ⺻ ؾ Ѵ.
Ȯ ð
HTTP ݿ Ϸ ð ǥϴ κ ִ. ׷ ý ð ȭ 캼 ð̴. ̸ Network Time Protocol (NTP) ntpdate xntpd Ѵ. NTP Ʈ ð ׷ comp.protocols.time.ntp NTP Ȩ ϶.
Perl 5 [û]
(Perl ) apxs dbmmanage ũƮ Perl 5 Ͱ ʿϴ. ( 5.003 ̸̻ ȴ.) `configure' ũƮ ͸ ã ص ġ 2.0 ϰ ġ ִ. ٸ ũƮ ̴. Perl Ͱ ġִٸ (Ƹ 춧 Ե Perl 4 Perl 5) ./configure ùٸ ã --with-perl ɼ (Ʒ ) ϱ ٶ.
top

ٿε

ġ ̷ ִ ġ ٿε Ʈ ٿε ִ. н ý Ѵٸ ҽڵ带 ٿ޾Ƽ ϴ . (Ʒ ) ְ, ڽ 뵵 ˸° ִ. , ֽ ̳ʸ 쵵 . ̳ʸ ٿ޴´ٸ ִ INSTALL.bindist ø .

ٿε ٿ ϰ ġ Ȯϴ ߿ϴ. PGP ٿε Ÿ(tarball) ˻Ͽ ȮѴ. ڼ ٿε ְ, PGP ϴ ִ.

top

Ǯ

ġ Ÿ ҽ Ǫ ۾ ܼ tar Ǫ ̴:

$ gzip -d httpd-2_1_NN.tar.gz
$ tar xvf httpd-2_1_NN.tar

׷ 丮 Ʒ ҽڵ带 ο 丮 . ϱ 丮 cdؾ Ѵ.

top

ҽ Ʈ ϱ

Ư ÷ ʿ信 ġ ҽ Ʈ ϴ ̴. ̸ ֻ 丮 ִ configure ũƮ Ѵ. (ġ ҽ Ʈ CVS ٿε ڴ ̹ autoconf libtool ġְ, Ѿ buildconf ؾ Ѵ. ̴ ʿ.)

⺻ ɼ Ͽ ҽ Ʈ Ϸ ./configure Էϸȴ. ⺻ ɼ Ϸ ./configure ɼ Ѵ.

߿ ɼ ġ ۵ϱ ġ ϰ ġ --prefix. ٸ configure ɼǵ Ͽ ġ ڼ ִ.

ϰų ġ Ѵ. Base ⺻ ġ Եȴ. ٸ --enable-module ɼ Ͽ Ѵ. ⼭ module ̸ mod_ ȣ . --enable-module=shared ɼ ϸ ߿ ϰų ִ ü(shared object, DSO) Ѵ. , --disable-module ɼ Ͽ Base ִ.  configure ʰ ׳ ϱ⶧ ̸ Ȯ Է϶.

configure ũƮ Ϸ, ̺귯, ġ ˷ 찡 ִ. ȯ溯 configure ɼ Ͽ Ѵ. ڼ configure manpage ϶.

ִ ɼ ֱ Ư Ϸ ÷׸ ϰ ߿ DSO о mod_rewrite mod_speling ߰Ͽ /sw/pkg/apache ġ ġ ϴ ̴:

$ CC="pgcc" CFLAGS="-O2" \
./configure --prefix=/sw/pkg/apache \
--enable-rewrite=shared \
--enable-speling=shared

configure ϸ а ý ˻Ͽ ߿ Ҷ Makefile .

configure ɼǵ鿡 ڼ configure manpage ִ.

top

ɾ ϳ ġ κ ִ:

$ make

⼭ ٷ. Ƽ III/ 2.2 ýۿ ⺻ ϴµ 3 ɸ. ð ϵ ũ Ѵ.

top

ġ

ɾ Ű ( --prefix ɼ ) ġ ġ PREFIX ġѴ:

$ make install

׷̵Ѵٸ ġ ̳  ʴ´.

top

PREFIX/conf/ ִ Ͽ ġ Ѵ.

$ vi PREFIX/conf/httpd.conf

þ ֱ docs/manual/̳ http://httpd.apache.org/docs/2.2/ ִ ġ ϶.

top

˻

ġ ִ:

$ PREFIX/bin/apachectl start

׸ URL http://localhost/ ù ûѴ. Ե Ƹ PREFIX/htdocs/ DocumentRoot Ʒ ִ. ׸ ɾ ٽ ߴѴ:

$ PREFIX/bin/apachectl stop

top

׷̵

׷̵Ѵٸ Ʈ ִ ȭ ִ ˾ƺ ǥ ҽ CHANGES д´. ( , 1.3 2.0̳ 2.0 2.2 ) ū ɼǰ ؾ ū ȭ ̴. ⵵ API ȭ ˸° ׷̵ؾ Ѵ.

Ѵܰ ׷̵ϴ ( , 2.0.55 2.0.57) . make install ۾ , α, ʴ´. , ڴ configure ɼ, , API ȣȯ ȭ ִ ´. κ configure , ְ, 鵵 ̴. ( 2.0.41 شѴ. 鿡 ȣȯ ȭ ִ.)

ġߴ ҽ ִٸ, ׷̵尡 . ҽ ֻ ִ config.nice Ͽ ҽ ߴ configure ɼ ״ ִ. ׷ ׷̵Ѵٸ ο ҽ config.nice ϰ, Ѵٸ , Ѵ:

$ ./config.nice
$ make
$ make install
$ PREFIX/bin/apachectl stop
$ PREFIX/bin/apachectl start

ο ϱ ׻ ˻غ Ѵ. , ׷̵带 ġ ȣȯ ִ ˾ƺ ٸ --prefix (Listen þ) ٸ Ʈ Ͽ ο ġ غ ִ.
invoking.html100644 0 0 16170 11237400533 10742 0ustar 0 0 ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ

ֽ ƴմϴ. ֱٿ ϼ.

ġ Windows NT, 2000, XP 񽺷, Windows 95 ME ܼ α׷ ȴ. ڼ 񽺷 ġ ϱ ܼ α׷ ġ ϱ.

н httpd α׷ ׶忡 û óϴ ȴ. httpd ϴ Ѵ.

top

 ġ ϳ

Ͽ Listen ⺻ 80(Ȥ 1024 ٸ Ʈ)̶ Ư Ʈ ϱ root ʿϴ. Ͽ α ۾ ģ, Ŭ̾Ʈ û ٸ ϴ ڽ(child) μ . httpd μ root ڷ , ڽ μ ڷ ȴ. ̴ ó Ѵ.

apachectl ũƮ Ͽ httpd ϱ Ѵ. ũƮ httpd ü ϱ ʿ ȯ溯 ϰ httpd Ѵ. apachectl ƱԸƮ ״ ѱ⶧, httpd  ɼ̶ apachectl 밡ϴ. , apachectl ũƮ պκп HTTPD httpd ִ ġ ׻ ƱԸƮ ִ.

httpd ϸ httpd.conf ãƼ д´. ġ ߿ ϳ, -f ɼ ִ.

/usr/local/apache2/bin/apachectl -f /usr/local/apache2/conf/httpd.conf

ϴ ٸ, ͹̳ο Ʈ Եȴ. ̴ ǹѴ. Ͽ DocumentRoot 丮 ִ ׽Ʈ ũ (ī) ִ.

top

ġ ϴ ߿ ɰ ߻ϸ, ϱ ˸ ܼ̳ ErrorLog . ϳ "Unable to bind to Port ..."̴. ޼ 쿡 ߻Ѵ:

  • root ڷ α ʰ Ư Ʈ Ϸ . Ȥ
  • ̹ ġ ٸ Ʈ Ϸ .

Ÿ ذ ġ FAQ ϶.

top

Ҷ ϱ

ý Ŀ DZ ٶٸ, ý ( rc.local̳ rc.N 丮 ִ ) apachectl ߰ؾ Ѵ. ġ root ۵ȴ. ̳ (ϱ) ùٷ Ǿ Ȯ϶.

apachectl ǥ SysV init ũƮ ϰ ϵ . ũƮ ƱԸƮ start, restart, stop ñ׳ httpd . ׷ apachectl init 丮 ũ ɸȴ. ׷ ϴ ý Ȯ 䱸 Ȯ϶.

top

߰

httpd apachectl, Ÿ Ե α׷ ɼ α׷ ϶. ġ ׵ ϴ þ ִ.

license.html100644 0 0 32120 11237400533 10531 0ustar 0 0 The Apache License, Version 2.0 - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

The Apache License, Version 2.0

Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/

TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

  1. Definitions

    "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document.

    "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.

    "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.

    "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.

    "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files.

    "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types.

    "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).

    "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.

    "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution."

    "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.

  2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
  3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.
  4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions:
    1. You must give any other recipients of the Work or Derivative Works a copy of this License; and
    2. You must cause any modified files to carry prominent notices stating that You changed the files; and
    3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
    4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.

    You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.

  5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions.
  6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file.
  7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
  8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.
  9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

END OF TERMS AND CONDITIONS

APPENDIX: How to apply the Apache License to your work.

To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives.

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
logs.html100644 0 0 63433 11237400533 10066 0ustar 0 0 α - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

α

ֽ ƴմϴ. ֱٿ ϼ.

ȿ Ϸ ߻ϴ Բ Ȱ ɿ ˾ƾ Ѵ. ġ ſ ̰ α Ѵ. α ϴ α׿  Ѵ.

top

ġ α ִ 丮 ִٸ ( root) ϴ uid Ȯ ִ. ̸ ʰ αװ 丮 . ڼ ϶.

, Ŭ̾Ʈ αϿ ״ ϵȴ. ׷ ǰ ִ Ŭ̾Ʈ αϿ ڸ Ƿ, α׸ ٷ궧 ؾ Ѵ.

top

α (Error Log)

õ õ þ

ErrorLog þ ߿ α α ̸ ġ Ѵ. ġ Ͽ û óϴ ߻ Ѵ. ϰų ϴµ ִٸ ߸Ǿ  ġ ˷ִ ̰ Ѵ.

α״ ( н ýۿ error_log, OS/2 error.log) Ͽ ϵȴ. н ýۿ syslog Ͽ ٸ α׷ ִ.

α Ӱ ڼϴ. ׷ κ α ׸ ִ. , ׸ .

[Wed Oct 11 14:32:52 2000] [error] [client 127.0.0.1] client denied by server configuration: /export/home/live/ap/htdocs/test

α ׸񿡼 ù° ׸ ¥ ð̴. ι° ׸ ϴ ɰ Ÿ. LogLevel þ α׿ ϵǴ ɰ ִ. ° ׸ ߻ Ŭ̾Ʈ IP ̴ּ. , Ŭ̾Ʈ źϵ Ǿٰ ִ. û ( ΰ ƴ) Ͻý ε δ.

α׿ ſ پ ִ. κ ϴ. CGI ũƮ µ α׿ ϵȴ. CGI ũƮ stderr ״ α׷ ȴ.

α׿ ߰ϰ . ׷ û α α ϴ ׸ . , ڵ尡 403 α ׸ . α״ Ƿ Ͽ Ȳ ߰ ִ.

˻Ҷ  α׸ 캸 . н ýۿ Ѵ:

tail -f error_log

top

α (Access Log)

õ õ þ

α״ óϴ û Ѵ. CustomLog þ α ġ Ѵ. LogFormat þ Ͽ α׿ ִ. α׿ ϴ Ѵ.

α׿ ϴ α ̴. ܰ мϿ 踦 ̴. Ϲ α м ؼ ٷ , α м ƴϴ. α м α׸ мϴ Ʈ ؼ Open Directory Yahoo ϶.

ġ mod_log_referer, mod_log_agent, CustomLog þ Ͽ α׸ ٷ. CustomLog þ þ ̾޾Ҵ.

α ſ ϴ. C printf(1) Ĺڿ ſ Ĺڿ Ͽ Ѵ. . Ĺڿ 밡 ˷ mod_log_config Ĺڿ ϶.

Common α

α .

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common

׷ α Ĺڿ common Ѵ. Ĺڿ ۼƮ þ Ǹ,  ˸. Ĺڿ Ϲ ڸ ״ α׿ µȴ. ǥ (") ϰ ʹٸ 齽 տ ٿ Ĺڿ ƴ ǥѴ. Ĺڿ ٹٲ "\n", "\t" Ư ڸ ִ.

CustomLog þ ϴ ο α . α ϸ ServerRoot ̴.

α(Common Log Format, CLF)̶ α ׸ Ѵ. ٸ 鵵 ̷ ǥ α׸ , α м α׷ ִ. CLF α ׸ :

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

α ׸ κ Ѵ.

127.0.0.1 (%h)
û Ŭ̾Ʈ( ȣƮ) IP ̴ּ. HostnameLookups On̶ ȣƮ ãƼ IP ּ ڸ . ׷ ſ Ƿ õ ʴ´. ȣƮ ˷ ߿ logresolve α׸ óϴ α׷ ϴ . ⿡ IP ּҴ ڰ ϴ ǻ ּҰ ƴ ִ. Ͻ ڿ ̿ Ѵٸ, ǻ ּҰ ƴ϶ Ͻ ּҰ ϵ ̴.
- (%l)
¿ "ȣ" û Ÿ. ⿡ Ŭ̾Ʈ ǻ identd Ŭ̾Ʈ RFC 1413 ſ̴. ſ ⶧, Ǵ Ʈ ƴ϶ ϸ ȵȴ. IdentityCheck On ƴ϶ ġ ˾ƺ õ ʴ´.
frank (%u)
̴ HTTP ˾Ƴ û userid̴. CGI ũƮ REMOTE_USER ȯ溯 Ѱ. û ڵ尡 401̶ (Ʒ ) ڰ ġ ʾǷ ȵȴ. ȣ ȣ ʴ´ٸ ׸ ׸ "-"̴.
[10/Oct/2000:13:55:36 -0700] (%t)
ûó ģ ð. :

[day/month/year:hour:minute:second zone]
day = 2
month = 3
year = 4
hour = 2
minute = 2
second = 2
zone = (`+' | `-') 4

α Ĺڿ %{format}t Ͽ ٸ ð ִ. format C ǥ ̺귯 strftime(3) .
"GET /apache_pb.gif HTTP/1.0" (\"%r\")
Ŭ̾Ʈ û ֵǥ ִ. û ſ ִ. ù°, Ŭ̾Ʈ ޽ GET̴. °, Ŭ̾Ʈ ڿ /apache_pb.gif ûѴ. °, Ŭ̾Ʈ HTTP/1.0 Ѵ. û κ α ִ. , Ĺڿ "%m %U%q %H" "%r" Ȱ ޽, , ǹڿ, αѴ.
200 (%>s)
̴ Ŭ̾Ʈ ڵ̴. (2 ϴ ڵ) û Ͽ, (4 ϴ ڵ) Ŭ̾Ʈ ִ, (5 ϴ ڵ) ִ ˷ֹǷ ſ ߿ϴ. ڵ ü HTTP Ծ (RFC2616 section 10) ã ִ.
2326 (%b)
׸ ϰ Ŭ̾Ʈ ũ⸦ Ÿ. Ŭ̾Ʈ ٸ "-"̴. "0" αϷ %B Ѵ.

Combined α

Ǵ ٸ Ĺڿ յȷα(Combined Log Format)̴. Ѵ.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/access_log combined

׸ ߰ ϰ Common α İ . ߰ ׸ ۼƮ þ %{header}i Ѵ. ⼭ header ڸ HTTP û ̸ ִ. α״ :

127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"

߰ ׸:

"http://www.example.com/start.html" (\"%{Referer}i\")
"Referer" ( Ʋʾ) HTTP û . Ŭ̾Ʈ ߴٰ ˸ Ʈ̴. (, /apache_pb.gif ũϿų Ʈ̴.)
"Mozilla/4.08 [en] (Win98; I ;Nav)" (\"%{User-agent}i\")
User-Agent HTTP û . Ŭ̾Ʈ ڽſ ˸ ĺ̴.

α

Ͽ CustomLog þ ϸ αװ . , α׸ . ù° ⺻ CLF ϰ, ι° ° referer Ѵ. CustomLogReferLog AgentLog þ 䳻 ִ ش.

LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common
CustomLog logs/referer_log "%{Referer}i -> %U"
CustomLog logs/agent_log "%{User-agent}i"

, LogFormat ݵ ʿ ش. CustomLog þ α ִ.

Ǻ α

Ŭ̾Ʈ û ݿ ش ׸ α׿ ʰ ִ. ȯ溯 ϸ ذȴ. , Ŭ̾Ʈ Ư ϸ ȯ溯 Ѵ. ۾ SetEnvIf Ѵ. ׸ CustomLog þ env= Ͽ ȯ溯 û ְų . :

# loop-back ̽ û ǥѴ
SetEnvIf Remote_Addr "127\.0\.0\.1" dontlog
# robots.txt Ͽ û ǥѴ
SetEnvIf Request_URI "^/robots\.txt$" dontlog
# α׿
CustomLog logs/access_log common env=!dontlog

ٸ û αϿ ϰ, 񿵾 û ٸ αϿ ϴ 츦 غ.

SetEnvIf Accept-Language "en" english
CustomLog logs/english_log common env=english
CustomLog logs/non_english_log common env=!english

Ǻ α״ ſ ϰ , ̰ α ϴ ƴϴ. α ൿ Ҷ ϴ. ߿ ʴ û ϰ α мϴ .

top

α ȯ (Log Rotation)

ٻ αϿ Ǵ ſ . α״ û 1MB ̻ Ѵ. α׸ űų α׸ ֱ Ȱ ʿ䰡 ִ. ġ ִ ȿ αϿ ⶧ ϶ α׸ ȯ . α űų Ͽ, α Ѵ.

ϸ Ŭ̾Ʈ Ȥ ʰ α ִ. ׷ ̸ û 񽺸 α ؾ Ѵ. ׷Ƿ α óϱ 󸶰 ٸ ʿ䰡 ִ. Ϲ α׸ ȯϰ, ũ ϱ α׸ Ѵ:

mv access_log access_log.old
mv error_log error_log.old
apachectl graceful
sleep 600
gzip access_log.old error_log.old

α׸ ȯϴ ٸ α ϴ ̴.

top

α׸

ġ α׿ α׸ Ͽ ʰ ٸ μ ִ. ϸ ڵ带 ߰ʰ ſ ϰ α׸ ó ִ. α׸ ϸ ڸ "|" ڿ ǥԷ α ׸ ϸ ȴ. ġ Ҷ α μ ϰ, Ǵ μ ٽ Ѵ. ( ɶ 츮 " ִ α" θ.)

α μ θ ġ httpd μ , μ userid . , α α׷ root ȴ. ׷Ƿ α׷ ϰ ϰ ſ ߿ϴ.

θ ü ɾ ǥ ϶. α׿ , α׵ .

ʰ α׸ ȯ ִ α׸ ϴ ߿ . ġ ̸ rotatelogs α׷ Ѵ. 24ð α׸ ȯѴٸ:

CustomLog "|/usr/local/apache/bin/rotatelogs /var/log/access_log 86400" common

ٸ Ʈ cronolog ξ α ȯ α׷ ִ.

Ǻ α׿ α״ ſ , ߿ óϴ ؼ ȵȴ.

top

ȣƮ

ȣƮ ִ Ҷ α ٷ ִ. , ȣƮ Ѱ α׸ ִ. <VirtualHost> ƴ ּ α þ θ û α׿ α׷ ϵȴ. ȣƮ ó .

<VirtualHost> ȿ CustomLog ErrorLog þ ϸ ش ȣƮ û Ͽ ϵȴ. α þ ٸ ȣƮ ּ α׿ α׸ Ѵ. ȣƮ ſ , ȣƮ ٸ ϱ . , ϱڰ ߻Ѵ.

α ſ ذå ִ. α Ĺڿ ȣƮ ߰ϸ ȣƮ α׸ ϰ, ߿ α׸ ȣƮ ִ. , þ .

LogFormat "%v %l %u %t \"%r\" %>s %b" comonvhost
CustomLog logs/access_log comonvhost

%v û ϴ ȣƮ ̸ Ѵ. ߿ split-logfile α׷ α׸ ȣ ִ.

top

ٸ α

õ õ þ

PID

ġ Ҷ logs/httpd.pid Ͽ θ httpd μ process id Ѵ. ϸ PidFile þ ִ. process-id ڰ θ μ ñ׳ ϰų ϶ Ѵ.  -k ɼ Ѵ. ڼ ߴܰ ϶.

ũƮ α

ScriptLog þ Ͽ CGI ũƮ Է° ִ. þ ׽Ʈθ ؾ Ѵ. ϴ ϸ ȵȴ. ڼ mod_cgi ϶.

ۼ α

mod_rewrite ϰ Ѵٸ ׻ RewriteLog ʿ䰡 ִ. α ۼ  û ȯϴ ڼ ˷ش. ڼ RewriteLogLevel þ Ѵ.

misc/index.html100644 0 0 6373 11237400533 11144 0ustar 0 0 Ÿ ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

Ÿ ġ

ֽ ƴմϴ. ֱٿ ϼ.

Ʒ ġ Ʈ ߰ ̴.

Ʒ ġ 2.1 ʴ. ȿ , ؼ ϱ ٶ.

ġ

ְ ġ (, Ͻ) ϴ ٷ. ġ  ۾ ϰ (ġ ų )  ۾ ʴ Ѵ.

ġ ϰ ϱ " " " ƾ ".

URL ۼ ħ

mod_rewrite Ѵ. ڰ ۾ εġԵǴ URL ذϱؼ  ġ mod_rewrite ϴ Ѵ.

ǥ

ġ ǥص Ѵ.

misc/password_encryptions.html100644 0 0 22000 11237400533 14335 0ustar 0 0 Password Formats - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Password Formats

Notes about the password encryption formats generated and understood by Apache.

top

Basic Authentication

There are four formats that Apache recognizes for basic-authentication passwords. Note that not all formats work on every platform:

PLAIN TEXT (i.e. unencrypted)
Windows, BEOS, & Netware only.
CRYPT
Unix only. Uses the traditional Unix crypt(3) function with a randomly-generated 32-bit salt (only 12 bits used) and the first 8 characters of the password.
SHA1
"{SHA}" + Base64-encoded SHA-1 digest of the password.
MD5
"$apr1$" + the result of an Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random 32-bit salt and the password. See the APR source file apr_md5.c for the details of the algorithm.

Generating values with htpasswd

MD5

$ htpasswd -nbm myName myPassword
myName:$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/

SHA1

$ htpasswd -nbs myName myPassword
myName:{SHA}VBPuJHI7uixaa6LQGWx4s+5GKNE=

CRYPT

$ htpasswd -nbd myName myPassword
myName:rqXexS6ZhobKA

Generating CRYPT and MD5 values with the OpenSSL command-line program

OpenSSL knows the Apache-specific MD5 algorithm.

MD5

$ openssl passwd -apr1 myPassword
$apr1$qHDFfhPC$nITSVHgYbDAK1Y0acGRnY0

CRYPT

openssl passwd -crypt myPassword
qQ5vTYO3c8dsU

Validating CRYPT or MD5 passwords with the OpenSSL command line program

The salt for a CRYPT password is the first two characters (converted to a binary value). To validate myPassword against rqXexS6ZhobKA

CRYPT

$ openssl passwd -crypt -salt rq myPassword
Warning: truncating password to 8 characters
rqXexS6ZhobKA

Note that using myPasswo instead of myPassword will produce the same result because only the first 8 characters of CRYPT passwords are considered.

The salt for an MD5 password is between $apr1$ and the following $ (as a Base64-encoded binary value - max 8 chars). To validate myPassword against $apr1$r31.....$HqJZimcKQFAMYayBlzkrA/

MD5

$ openssl passwd -apr1 -salt r31..... myPassword
$apr1$r31.....$HqJZimcKQFAMYayBlzkrA/

Database password fields for mod_dbd

The SHA1 variant is probably the most useful format for DBD authentication. Since the SHA1 and Base64 functions are commonly available, other software can populate a database with encrypted passwords that are usable by Apache basic authentication.

To create Apache SHA1-variant basic-authentication passwords in various languages:

PHP

'{SHA}' . base64_encode(sha1($password, TRUE))

Java

"{SHA}" + new sun.misc.BASE64Encoder().encode(java.security.MessageDigest.getInstance("SHA1").digest(password.getBytes()))

ColdFusion

"{SHA}" & ToBase64(BinaryDecode(Hash(password, "SHA1"), "Hex"))

Ruby

require 'digest/sha1'
require 'base64'
'{SHA}' + Base64.encode64(Digest::SHA1.digest(password))

C or C++

Use the APR function: apr_sha1_base64

PostgreSQL (with the contrib/pgcrypto functions installed)

'{SHA}'||encode(digest(password,'sha1'),'base64')

top

Digest Authentication

Apache recognizes one format for digest-authentication passwords - the MD5 hash of the string user:realm:password as a 32-character string of hexadecimal digits. realm is the Authorization Realm argument to the AuthName directive in httpd.conf.

Database password fields for mod_dbd

Since the MD5 function is commonly available, other software can populate a database with encrypted passwords that are usable by Apache digest authentication.

To create Apache digest-authentication passwords in various languages:

PHP

md5($user . ':' . $realm . ':' .$password)

Java

byte b[] = java.security.MessageDigest.getInstance("MD5").digest( (user + ":" + realm + ":" + password ).getBytes());
java.math.BigInteger bi = new java.math.BigInteger(1, b);
String s = bi.toString(16);
while (s.length() < 32)
s = "0" + s; // String s is the encrypted password

ColdFusion

LCase(Hash( (user & ":" & realm & ":" & password) , "MD5"))

Ruby

require 'digest/md5'
Digest::MD5.hexdigest(user + ':' + realm + ':' + password)

PostgreSQL (with the contrib/pgcrypto functions installed)

encode(digest( user || ':' || realm || ':' || password , 'md5'), 'hex')

misc/perf-tuning.html100644 0 0 126701 11237400533 12331 0ustar 0 0 ġ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ

ֽ ƴմϴ. ֱٿ ϼ.

ġ 2.0 ɰ ðɼ µ ̴. ġũ ʾ ġ 2.0 .

ġ 1.3 ؼ 2.0 ó Ȯ强(scalability) ̱ ȭ ߴ. ⺻ κ ȭ Ѵ. ׷ Ͻ Ȥ ɿ ū ִ. ġ 2.0 ϱ ڰ ִ ɼ Ѵ.  ɼ ϵ ü Ȱϵ ϴ ݸ,  ɼ ӵ Ѵ.

top

ϵ ü ؼ

ɿ ū ִ ޸𸮴. û ð ڰ " ٰ" ϰ ø⶧ ϸ ȵȴ. ڴ ϰ ٽ Ͽ ϰ Ѵ. MaxClients þ Ͽ ڽ ʵ ؾ Ѵ. ϴ: top μ ġ μ ޸ 뷮 ˾Ƴ, ü 밡 ޸𸮿 ٸ μ .

ϴ: CPU, Ʈī, ũ, ⼭ " " ؼ ؾ Ѵ.

ü ˾Ƽ ̴. ׷ Ϲ ϴٰ Ǹ  ħ ִ:

  • ü ֽ ġ Ѵ. ü ۻ ֱ TCP ð ̺귯 ӵ ߴ.

  • ü sendfile(2) ýȣ Ѵٸ, ̸ ϱ ̳ ġ ġϿ ȮѴ. ( , 2.4 ̻ Ѵ. Solaris 8 ʱ ġ ʿϴ.) ϴ ý̶ ġ 2 sendfile Ͽ CPU ϸ մ.

top

ؼ

õ õ þ

HostnameLookups DNS

ġ 1.3 HostnameLookupsOn̿. û ġ DNS ˻ ϹǷ û . ġ 1.3 ⺻ Off Ǿ. α ּҸ ȣƮ ȯϷ αó α׷ ϳ, ġ Ե logresolve α׷ ϶.

αó ۾ ɿ ǿ ġǷ ϴ ƴ ٸ ǻͿ α óϱ ٶ.

Allow from domain̳ Deny from domain þ Ѵٸ (, IP ּҰ ƴ ȣƮ̳ θ Ѵٸ) ε ߺ- DNS ˻ (˻ Ƿ Ǿ Ȯϱ ٽ ˻) ؾ Ѵ. ׷Ƿ ̱ ̷ þ ϸ ̸ IP ּҸ Ѵ.

<Location /server-status> þ ϶. ǿ ´ û DNS ȸ Ѵ. .html .cgi ϸ DNS ˻ ϴ :

HostnameLookups off
<Files ~ "\.(html|cgi)$">
HostnameLookups on
 </Files>

׷ CGI DNS ʿ ̶, ʿ Ư CGI gethostbyname ȣ ϵ غ ִ.

FollowSymLinks SymLinksIfOwnerMatch

URL Options FollowSymLinks ʰ Options SymLinksIfOwnerMatch ϸ ġ ɺũ ˻ϱ ýȣ ѹ ؾ Ѵ. ϸ κи ѹ ȣ Ѵ. , :

DocumentRoot /www/htdocs
<Directory />
Options SymLinksIfOwnerMatch
 </Directory>

/index.html URI û ִٰ . ׷ ġ /www, /www/htdocs, /www/htdocs/index.html lstat(2) ȣѴ. lstats ij ʱ⶧ û Ź ۾ Ѵ. ¥ ɺũ ˻縦 Ѵٸ ִ:

DocumentRoot /www/htdocs
<Directory />
Options FollowSymLinks
 </Directory>

<Directory /www/htdocs>
Options -FollowSymLinks +SymLinksIfOwnerMatch
 </Directory>

ּ DocumentRoot δ ˻ ʴ´. DocumentRoot ۿ ִ η Alias RewriteRule 쿡 ʿϴ. ɺũ ʰ ְ , FollowSymLinks ϰ, SymLinksIfOwnerMatch ȵȴ.

AllowOverride

URL overrides Ѵٸ ( .htaccess ) ġ ϸ κи .htaccess õѴ. ,

DocumentRoot /www/htdocs
<Directory />
AllowOverride all
 </Directory>

/index.html URI û ִٰ . ġ /.htaccess, /www/.htaccess, /www/htdocs/.htaccess õѴ. ذå Options FollowSymLinks ϴ. ְ Ͻýۿ ؼ ׻ AllowOverride None Ѵ.

ϰ ¥ 󿡵 ִٸ ´. ̵ Ϻ ۴. ִ. ϵī带 ϴ :

DirectoryIndex index

Ѵ:

DirectoryIndex index.cgi index.pl index.shtml index.html

տ д.

, 丮 ϵ ã MultiViews ٴ, ϸ ʿ ִ type-map ϶.

Ʈ ʿϴٸ Options MultiViews þ ϱ⺸ type-map ϶. ڼ type-map ϶.

޸𸮴 (memory-mapping)

, server-side-include óϴ ġ 2.0 ü mmap(2) Ѵٸ ޸𸮴Ѵ.

÷ ޸𸮴 Ѵ. ׷ ޸𸮴 Ʈ ġ 찡 ִ:

  •  ü mmap CPU read(2) ŭ Ȯ强 ʴ. , μ Solaris ġ 2.0 mmap ó Ѵ.

  • NFS Ʈ Ͻýۿ ִ ޸𸮴ϴ ߿ ٸ NFS Ŭ̾Ʈ ִ μ ų ũ⸦ ̸, μ ޸𸮴 ϳ bus error ߻ ִ.

ǿ شϸ ϴ ޸𸮴 ʵ EnableMMAP off ؾ Ѵ. (: þ 丮 ִ.)

Sendfile

ġ ü sendfile(2) ϸ Ŀ sendfile Ͽ -- , Ҷ -- ִ.

÷ sendfile ϸ read send ʿ䰡  . ׷ sendfile ϸ ġԵǴ 찡 ִ:

  • sendfile ߸Ǿ ý ߰ ϴ ÷ ִ. Ư ٸ ǻͿ Ͽ sendfile ߸ ǻͷ 쿡 ϴ.

  • Ŀ ڽ ij Ͽ NFS Ʈ 찡 ִ.

ǿ شϸ sendfile ʵ EnableSendfile off ؾ Ѵ. (: þ 丮 ִ.)

μ

ġ 1.3 MinSpareServers, MaxSpareServers, StartServers ġũ ū ƴ. Ư ġ ۾ ϱ ڽļ ٴٸ "" Ⱓ ʿߴ. ó StartServers ڽ , MinSpareServers ʴ ڽ ϳ . ׷ StartServers5 Ŭ̾Ʈ 100 ÿ ϸ ϸ óϱ⿡ ڽ 95ʰ ɷȴ. ʴ , 10а ϴ ġũ ſ ڰ ´.

ʴ Ѱ Ģ ڽ ϸ鼭 ߴ. ǻͰ ڽ ϴ ٻڸ û . ׷ Ģ ġ ü ɿ ǿ ־ Ͽ. ġ 1.3 ʴ Ѱ Ģ ȭǾ. ڵ ڽ Ѱ , 1 , ΰ , 1 , װ , ̷ ʴ ڽ 32 鶧 Ѵ. ڽļ MinSpareServers ٴٸ ߴѴ.

ӵ MinSpareServers, MaxSpareServers, StartServers ʿ䰡 . ʿ ڽ 4 ̻ ϸ ErrorLog Ѵ. ̷ ̸ ϱ ٶ. mod_status ̴.

μ Ͽ MaxRequestsPerChild μ Ѵ. ⺻ ڽĴ ó û ٴ 0̴. 30 ſ ִٸ, ʿ䰡 ִ. SunOS Solaris Ѵٸ, ޸⶧ 10000 ϶.

(keep-alive) Ѵٸ ڽĵ ̹ ῡ ߰ û ٸ ƹ͵ ʱ⶧ ٻڴ. KeepAliveTimeout15 ʴ ̷ ּȭѴ. Ʈ 뿪 ڿ ° Ѵ. κ ⶧  쿡 60 ̻ ø .

top

Ͻ ؼ

MPM

ġ 2.x ó (MPMs)̶ ü ִ ȭ Ѵ. ġ Ҷ MPM ؾ Ѵ. beos, mpm_netware, mpmt_os2, mpm_winnt Ư ÷ ִ MPM ִ. Ϲ н ý MPM ߿ ϳ ִ. ӵ Ȯ强(scalability)  MPM ߳Ŀ ޷ȴ:

  • worker MPM ڽ μ 带 Ѵ. ѹ Ѵ. Ϲ worker prefork MPM ޸𸮸 ϹǷ ŷ ϴ.
  • prefork MPM 尡 Ѱ ڽ μ Ѵ. μ ѹ Ѵ. ýۿ prefork ӵ worker , ޸𸮸 Ѵ. Ȳ 带 ʴ prefork worker : 忡 (thread-safe) ڰ ְ, ÷ ִ.

MPM ٸ MPM ڼ MPM ϱ ٶ.

޸ 뷮 ɿ ߿ ̱⶧ ʴ غ. DSO ߴٸ ⿡ LoadModule þ ּóϸ ȴ. ׷ ϰ Ͽ Ʈ ̵ ϴ 캼 ִ.

ݴ ġ Ͽ ũִٸ ʴ ϱ ġ ؾ Ѵ.

⼭ 翬  ϰ ǹ . Ʈ ٸ. ׷ Ƹ ּ mod_mime, mod_dir, mod_log_config ̴. Ʈ α ʿٸ mod_log_config  ȴ. ׷ õ ʴ´.

Atomic

mod_cache ֱ worker MPM APR atomic API Ѵ. API 淮 ȭ atomic Ѵ.

⺻ APR ü/CPU ÷ ȿ Ͽ Ѵ. , ֽ CPU ϵ atomic compare-and-swap (CAS) ϴ ɾ ִ. ׷  ÷ APR ̷ ɾ CPU ȣȯ mutex ⺻ Ѵ. ̷ ÷ ġ Ҷ ġ ֽ CPU ȹ̶, ġ Ҷ --enable-nonportable-atomics ɼ Ͽ atomic ִ:

./buildconf
./configure --with-mpm=worker --enable-nonportable-atomics=yes

--enable-nonportable-atomics ɼ ÷ ִ:

  • SPARC Solaris
    ⺻ APR Solaris/SPARC mutex atomic Ѵ. ׷ Ҷ --enable-nonportable-atomics ϸ APR ϵ compare-and-swap SPARC v8plus ɾ Ѵ. ɼ ϸ atomic ȿ (CPU ϰ ȭ ϴ), UltraSPARC Ĩ ִ.
  • Linux on x86
    ⺻ APR mutex atomic Ѵ. ׷ Ҷ --enable-nonportable-atomics ϸ APR ϵ compare-and-swap 486 ɾ Ѵ. ȿ atomic , 486 ̻ Ĩ (386 ȵȴ) ִ.

mod_status ExtendedStatus On

ġ Ҷ mod_status ϰ Ҷ ExtendedStatus On ϸ ġ û gettimeofday(2)(Ȥ ü times(2)) ι ȣϰ (1.3 ) time(2) ߰ ȣѴ. ۽ð ʿϱ ̴. ֻ (⺻) ExtendedStatus off Ѵ.

accept ȭ -

:

Ʒ ġ 2.0 ʴ. ȿ , ؼ ϱ ٶ.

н API Ѵ. Ʈ Ȥ ּҸ ٸ Listen Ѵٰ . ˻ϱ ġ select(2) Ѵ. select(2) Ͽ ٸ ִ Ȥ ּ Ѱ ִ ˷ش. ġ ڽ ְ, ִ ڽ ÿ ο ˻Ѵ. ϴ ( ڵ忡 ʾҴ. ϱ 뵵 .):

for (;;) {
for (;;) {
fd_set accept_fds;

FD_ZERO (&accept_fds);
for (i = first_socket; i <= last_socket; ++i) {
FD_SET (i, &accept_fds);
 }
rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
if (rc < 1) continue;
new_connection = -1;
for (i = first_socket; i <= last_socket; ++i) {
if (FD_ISSET (i, &accept_fds)) {
new_connection = accept (i, NULL, NULL);
if (new_connection != -1) break;
 }
 }
if (new_connection != -1) break;
 }
process the new_connection;
 }

׷ ܼ ɰ (starvation) ִ. ڽ ÿ ݺ ϸ, û ٸ select . ̶  Ͽ û ϳ ڽ  ( ڽ ü Ÿֿ̹ ٸ). ̵ acceptϱ õѴ. ׷ ( Ḹ ̶) ڽĸ ϰ, accept . ׷ ڽĵ û ϵ , ο û ͼ ڽ ﶧ ִ. ̷ PR#467 ó Ǿ. ּ ΰ ذå ִ.

Ѱ ʵ (non-blocking) ̴. ڽ accept ص ʰ, ִ. ׷ CPU ð Ѵ. select ڽ 10 ְ, Ѱ Դٰ . ׷ ڽ 9  acceptϱ õϰ ϸ ƹ ϵ ʰ ٽ select ݺѴ. ٽ select ƿ  ڽĵ ٸ Ͽ û ʴ´. (μ ǻͿ) ڽ ŭ CPU ִ 幮 찡 ƴ϶ ذå ƺ ʴ´.

ٸ ġ ϴ ݺ ڽĸ 鿩. ݺ (̸ ):

for (;;) {
accept_mutex_on ();
for (;;) {
fd_set accept_fds;

FD_ZERO (&accept_fds);
for (i = first_socket; i <= last_socket; ++i) {
FD_SET (i, &accept_fds);
 }
rc = select (last_socket+1, &accept_fds, NULL, NULL, NULL);
if (rc < 1) continue;
new_connection = -1;
for (i = first_socket; i <= last_socket; ++i) {
if (FD_ISSET (i, &accept_fds)) {
new_connection = accept (i, NULL, NULL);
if (new_connection != -1) break;
 }
 }
if (new_connection != -1) break;
 }
accept_mutex_off ();
process the new_connection;
 }

accept_mutex_on accept_mutex_off Լ mutex  Ѵ. ѹ ڽĸ mutex ִ. mutex ϴ ̴. (1.3 ) src/conf.h (1.3 ) src/include/ap_config.h ǵִ.  ŰĴ (locking) ʱ⶧, ̷ ŰĿ Listen þ ϸ ϴ.

AcceptMutex þ Ͽ mutex ִ.

AcceptMutex flock

ױ flock(2) ýȣ Ѵ ( ġ LockFile þ ).

AcceptMutex fcntl

ױ fcntl(2) ýȣ Ѵ ( ġ LockFile þ ).

AcceptMutex sysvsem

(1.3 ) SysV  Ͽ mutex Ѵ. SysV ۿ ִ. ϳ ġ  ʰ ִ ̴ (ipcs(8) manpage ). ٸ ϳ uid ϴ CGI (, suexec cgiwrapper ʴ CGI) API Ͽ 񽺰źΰ ִ ̴. ̷ IRIX ŰĿ ʴ´ (κ IRIX ǻͿ ġ ̴).

AcceptMutex pthread

(1.3 ) POSIX mutex ϱ⶧ POSIX Ծ ŰĶ 밡, (2.5 ) Solaris װ͵ Ư ϴ ϴ. õغٸ 缭 ϴ Ѵ. 븸 ϴ ϴ .

AcceptMutex posixsem

(2.0 ) POSIX  Ѵ. mutex μ 尡 ״´ٸ(segfault) ȸ ʾƼ .

ýۿ Ͽ ȭ(serialization) ִٸ ϴ ڵ带 APR ߰ ġ ִ.

غ ٸ κ ݺ ȭϴ ̴. , μ  鿩 ̴. ڽ ÿ ־ ȭ ü 뿪 Ȱ ϴ μ ǻͿ ִ. 캼 κ, ſ ȭ ʾƼ 켱 .

ֻ ؼ Listen ʴ ̴̻. ׷ Ѵ.

accept ȭ - Ѱ

߼ , Ѱ ? Ҷ ڽ accept(2) ֱ⶧ ̷л ߻ ʰ, . ׷ δ տ ʴ (non-blocking) ߻ϴ "ȸ(spinning)" ߰ ִ. κ TCP ϸ Ŀ accept ִ ڽ 쵵 ִ. μ Ѱ ڿ ư, Ŀο ȸϿ ߰ϸ ٽ ܴ. ڿ ڵ忡 ̷ ȸ , и Ѵ. ׷ ߼ ʴ ϰ ϸ ̴ ʿ ൿ Ͼ.

׷ 츮 ŰĿ Ѱ 쿡 ȭϸ "" ߰ߴ. ׷ κ ⺻ ȭ Ѵ. (Ŀ 2.0.30, 128Mb ޸𸮿 Pentium pro) Ѱ ȭϸ 쿡 ʴ û 3% ̸ پ. ׷ ȭ û 100ms ߻ߴ. Ƹ LAN ߻ϴ ἱ ̴. Ѱ ȭ SINGLE_LISTEN_UNSERIALIZED_ACCEPT Ѵ.

Close (lingering)

draft-ietf-http-connection-00.txt 8 ϵ Ƿ, ־ Ѵ (TCP ֹ̰, ̴). ٸ , ġ 1.2 Ȯ ؿԴ.

ϰ ġ ߰ н ߻ߴ. TCP Ծ FIN_WAIT_2 ŸӾƿ ִٰ ʾ, ʾҴ. ŸӾƿ ýۿ ġ 1.2 FIN_WAIT_2 · . ۻ簡 ϴ ֽ TCP/IP ġ Ͽ ذ ִ. ׷ ۻ簡 ġ ǥ ʴ 찡 (, SunOS4 -- ҽ ̼ ִ ġ ) ֱ⶧ ʱ ߴ.

ΰ. ϳ ɼ SO_LINGER ϴ ̴. ׷ κ TCP/IP ɼ ùٷ ʾҴ. ùٷ ÿ (, 2.0.31) cpu ƸԴ´.

ġ (http_main.c ִ) lingering_close Լ Ѵ. Լ :

void lingering_close (int s)
{
char junk_buffer[2048];

/* shutdown the sending side */
shutdown (s, 1);

signal (SIGALRM, lingering_death);
alarm (30);

for (;;) {
select (s for reading, 2 second timeout);
if (error) break;
if (s is ready for reading) {
if (read (s, junk_buffer, sizeof (junk_buffer)) <= 0) {
break;
 }
/* just toss away whatever is here */
 }
 }

close (s);
 }

ڵ CPU , ʿϴ. HTTP/1.1 θ Ѵٸ(persistent), ޴ û óϸ鼭 ̴. ϰԵ NO_LINGCLOSE Ͽ , ʴ´. Ư HTTP/1.1 (; ¿ ٸ ʰ û ) lingering_close ʼ̴ (׸ ϱ ٶ ̴).

Scoreboard

ġ θ ڽ scoreboard Ѵ. ̻δ scoreboard ޸𸮷 ؾ Ѵ. 츮 ڰ ش ü ְų ޸𸮸 Ͽ Ѵ. ũ ִ Ͽ Ѵ. ũ ִ ŷڵ (ɵ ). src/main/conf.h Ͽ ϴ Űĸ ãƼ USE_MMAP_SCOREBOARD Ȥ USE_SHMGET_SCOREBOARD ȮѴ. ϳ ( Բ HAVE_MMAP̳ HAVE_SHMGET ) ϸ ޸ ڵ带 Ѵ. ý ٸ ޸𸮸 Ѵٸ src/main/http_main.c Ͽ ġ ޸𸮸 ֵ (hook) ߰϶. ( ġ 츮 ֱ ٶ.)

: ġ ġ 1.2 ޸𸮸 ϱ ߴ. ʱ ġ ŷڵ ̴.

DYNAMIC_MODULE_LIMIT

о ʴ´ٸ ( ̶ ̱ д´ٸ Ƹ о ̴), Ҷ -DDYNAMIC_MODULE_LIMIT=0 ߰Ѵ. ׷ о̱ Ҵϴ ޸𸮸 Ѵ.

top

η: ýȣ ڼ мϱ

Solaris 8 worker MPM ġ 2.0.38 ýȣ (trace)̴. Ʒ ɾ Ͽ :

truss -l -p httpd_child_pid.

-l ɼ ϸ truss ýȣ ϴ LWP (lightweight process, 淮 μ--Solaris Ŀμ ) ID Ѵ.

ٸ ýۿ strace, ktrace, par ýȣ ִ. ϴ.

Ŭ̾Ʈ ũⰡ 10KB ûѴ. û ʰų ϴ û ſ ٸ (δ ſ ˾ƺ ).

/67:    accept(3, 0x00200BEC, 0x00200C0C, 1) (sleeping...)
/67:    accept(3, 0x00200BEC, 0x00200C0C, 1)            = 9

(listener) 尡 LWP #67 ִ.

accept(2) ȭ ָ϶. Ʈ ٸʴ ÷ worker MPM ⺻ ȭ accept Ѵ.
/65:    lwp_park(0x00000000, 0)                         = 0
/67:    lwp_unpark(65, 1)                               = 0

޾Ƶ̰(accept) worker 带 û óϰ Ѵ. Ʒ Ͽ û óϴ worker 尡 LWP #65 ִ.

/65:    getsockname(9, 0x00200BA4, 0x00200BC4, 1)       = 0

ȣƮ ϱ ġ ޾Ƶ (local) ּҸ ˾ƾ Ѵ. (ȣƮ ʰų Listen þ ϵī ּҸ ) ȣ ִ. ׷ ̷ ȭ ۾ ȵִ. 

/65:    brk(0x002170E8)                                 = 0
/65:    brk(0x002190E8)                                 = 0

brk(2) ȣ (heap) ޸𸮸 ҴѴ. κ û ó ü ޸ Ҵ(apr_pool apr_bucket_alloc) ϱ⶧ ýȣ Ͽ ýȣ Ⱑ 幰. Ͽ ڸ ü ޸ Ҵڰ ޸𸮺 malloc(3) ȣѴ.

/65:    fcntl(9, F_GETFL, 0x00000000)                   = 2
/65:    fstat64(9, 0xFAF7B818)                          = 0
/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B910, 2190656) = 0
/65:    fstat64(9, 0xFAF7B818)                          = 0
/65:    getsockopt(9, 65535, 8192, 0xFAF7B918, 0xFAF7B914, 2190656) = 0
/65:    setsockopt(9, 65535, 8192, 0xFAF7B918, 4, 2190656) = 0
/65:    fcntl(9, F_SETFL, 0x00000082)                   = 0

worker Ŭ̾Ʈ (ϱ 9) (non-blocking) · ٲ۴. setsockopt(2) getsockopt(2) ȣ Solaris libc Ͽ fcntl(2)  óϴ ش.

/65:    read(9, " G E T   / 1 0 k . h t m".., 8000)     = 97

worker Ŭ̾Ʈ û д´.

/65:    stat("/var/httpd/apache/httpd-8999/htdocs/10k.html", 0xFAF7B978) = 0
/65:    open("/var/httpd/apache/httpd-8999/htdocs/10k.html", O_RDONLY) = 10

Options FollowSymLinks AllowOverride None̴. ׷ û ϰ 丮 lstat(2)ϰų .htaccess ˻ ʿ䰡 . ˻ϱ, 1) ִ, 2) 丮 ƴ Ϲ, stat(2) ȣ⸸ ϸ ȴ.

/65:    sendfilev(0, 9, 0x00200F90, 2, 0xFAF7B53C)      = 10269

ѹ sendfilev(2) ýȣ HTTP û ִ. Sendfile δ ü ٸ. ٸ ý̶ sendfile(2) ȣϱ write(2) writev(2) ȣ Ѵ.

/65:    write(4, " 1 2 7 . 0 . 0 . 1   -  ".., 78)      = 78

write(2) ȣ ٷα(access log) û Ѵ. Ͽ time(2) ȣ ָ϶. ġ 1.3 ޸ ġ 2.0 ð ˱ gettimeofday(3) Ѵ. gettimeofday ȭ Solaris ü Ϲ ýȣ δ .

/65:    shutdown(9, 1, 1)                               = 0
/65:    poll(0xFAF7B980, 1, 2000)                       = 1
/65:    read(9, 0xFAF7BC20, 512)                        = 0
/65:    close(9)                                        = 0

worker ݱ(lingering close)Ѵ.

/65:    close(10)                                       = 0
/65:    lwp_park(0x00000000, 0)         (sleeping...)

worker ݰ, (listener) 尡 ٸ Ҵ Ѵ.

/67:    accept(3, 0x001FEB74, 0x001FEB94, 1) (sleeping...)

׵ ( worker ۾̸ 带 ߴ worker MPM 帧 ɿ ) worker 忡 Ҵڸ ٸ ޾Ƶ ִ. Ͽ , worker 尡 óϴ accept(2) (û ſ ׻) Ͼ ִ.

misc/relevant_standards.html100644 0 0 17537 11237400533 13744 0ustar 0 0 ǥ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-
top

HTTP ǰ

 ϰ ϴ ⺻ ġ IETF ǰ(recommendation) :

RFC 1945 (Informational)
ؽƮ (Hypertext Transfer Protocol, HTTP) л, , ۸ü ýۿ ʿ ø̼ (application-level) ̴. HTTP/1.0 Ѵ.
RFC 2616 (Standards Track)
ؽƮ (Hypertext Transfer Protocol, HTTP) л, , ۸ü ý ø̼ ̴. HTTP/1.1 Ѵ.
RFC 2396 (Standards Track)
ǥ ڿ ĺ (Uniform Resource Identifier, URI) ߻ Ȥ ڿ ĺϱ ª ڿ̴.
top

HTML ǰ

ؽƮ ũ (Hypertext Markup Language, HTML) Ͽ ġ IETF ǰ W3C ǰ :

RFC 2854 (Informational)
HTML ߰ ϰ, W3C ǰ "text/html" MIME type Ѵ.
HTML 4.01 Ծ (Errata)
Ծ ̵ Ǿ ؽƮ ũ (Hypertext Markup Language, HTML) Ѵ. Ծ HTML 4 HTML 4.01 Ѵ.
HTML 3.2 Ծ
ؽƮ ũ (Hypertext Markup Language, HTML) ÷ ؽƮ ũ ̴. HTML SGML ̱⵵ ϴ.
XHTML 1.1 - XHTML (ǥ)
ǰ Modularization of XHTML ÷ӿũ ο XHTML document type Ѵ.
XHTML 1.0 Ȯ ؽƮ ũ (Extensible HyperText Markup Language) (Second Edition) (ǥ)
HTML 4 XML 1.0 籸 XHTML 1.0 ι° HTML 4 شϴ DTD Ѵ.
top

ġ IETF ǰ :

RFC 2617 (Draft standard)
Basic Access Authentication Ծ "HTTP/1.0".
top

/ ڵ

Ʒ ũ ISO ٸ / ڵ ִ:

ISO 639-2
ISO 639 ̸ Ÿ ΰ ڵ带 Ѵ. ϳ (639-1) ڵ̰ ٸ ϳ ( ) ڵ̴.
ISO 3166-1
ISO 3166-1 ISO 3166-1-alpha-2 ڵ忡 ĺ ( ª ̸) Ѵ.
BCP 47 (Best Current Practice), RFC 3066
ü  ˸ ±׿ ±׿ ϴ , ±׸ ã Ѵ.
RFC 3282 (Standards Track)
MIME κа RFC 822 ִ  ˸ "Content-language:" , ȣϴ  Ÿ "Accept-Language:" Ѵ.
misc/rewriteguide.html100644 0 0 173632 11237400533 12577 0ustar 0 0 URL ۼ ħ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

URL ۼ ħ

ֽ ƴմϴ. ֱٿ ϼ.


Ralf S. Engelschall <rse@apache.org>
1997 12

mod_rewrite Ѵ. ڰ ۾ εġԵǴ URL ذϱؼ  ġ mod_rewrite ϴ Ѵ. URL ۼ Ģ Ͽ ذϴ ڼ Ѵ.

top

mod_rewrite Ұ

ġ mod_rewrite ϴ. , URL ִ ϰ Ƿ ̴. ؿԴ URL ϴ. ׷ 밡 ϱ ϴ. mod_rewrite ִ ʺڰ ϰ ϱ ʴٴ ̴. ġ mod_rewrite ο 뵵 ߰Ѵ.

ٸ : mod_rewrite ó ԰ ٽ ʰų, Կ ŷǾ ̴. ù° 츦 ̹ ˷  ʸ ҰϷ Ѵ.

top

ǿ ذå

ų ٸ ǿ ذå ´. URL ۼ 渶 ٶ.

: Ȳ ° ؾ 찡 ִ. , ߰ mod_alias, mod_userdir Ѵٸ [PT] ÷׸ ߰Ѵ. Ȥ ּ/ȣƮ Ұ ƴ .htaccess ҿ ˸° Ģ ִ. ϱ ׻ Ģ  ϴ ϵ ض. ׷ ִ.
top

URL

Ǵ URL

Ȳ:

ҽ URL ִ. ( ϰ ˷ ) Ǵ URL, Ȥ 뵵 URL ִ. ڰ û  URL ϴ Ǵ URL Ѵ.

ذå:

ʴ URL ˵ ġ ܺ HTTP ̷Ѵ. Ʒ Ģ /~user Ǵ /u/user üϰ, /u/user ٸ ߰Ѵ.

RewriteRule   ^/~([^/]+)/?(.*)    /u/$1/$2  [R]
RewriteRule   ^/([uge])/([^/]+)$  /$1/$2/   [R]

Ǵ ȣƮ

Ȳ:
...
ذå:
RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteCond %{SERVER_PORT} !^80$
RewriteRule ^/(.*)         http://fully.qualified.domain.name:%{SERVER_PORT}/$1 [L,R]
RewriteCond %{HTTP_HOST}   !^fully\.qualified\.domain\.name [NC]
RewriteCond %{HTTP_HOST}   !^$
RewriteRule ^/(.*)         http://fully.qualified.domain.name/$1 [L,R]

DocumentRoot ű

Ȳ:

DocumentRoot URL "/" ִ. ׷ ̰ ڷᰡ ʰ, ڷᰡ ٸ ִ 찡 ִ. Ʈ Ʈ (ܺθ Ȩ) /e/www/ (Ʈ Ȩ) /e/sww/ ִٰ . DocumentRoot /e/www/̱⶧, û Ե ׸ ̰ ; Ѵ.

ذå:

츮 URL / /e/www/ ̷Ǹ ϸ ȴ. mod_rewrite ؼ ϴ. (mod_alias ϴ) URL Alias պκ ã´. DocumentRoot URL պκ̱⶧ Ͽ ̷ . mod_rewrite ϸ ¥ ϴ:

RewriteEngine on
RewriteRule   ^/$  /e/www/  [R]

Ȳ:

丮 Īϴ URL ٸ ڴ ȯȣ ̴. ٸ, /~quux/foo/ /~quux/foo ϸ foo ã⶧ ߻Ѵ. 丮̱⶧ ޾Ƶ ʴ´. κ ڵ URL ġ, 찡 ִ. , CGI ũƮ URL ۼ Ŀ ׷ϴ.

ذå:

̹ ذ ڵ ߰ϴ ̴. ׸ ùٷ û ֵ, ܺ ̷ ؾ Ѵ. ̷ Ѵٸ 丮 Ͽ URL ϴ ׸ ûҶ ã . , ܺ ̷ /~quux/foo/index.html image.gif ûϸ /~quux/image.gif ûϰ ȴ!

׷ ̸ ذϱ Ѵ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo$  foo/  [R]

Ȩ丮 ֻ .htaccess Ͽ ִ. ׷ óϴµ δ ȴ.

RewriteEngine  on
RewriteBase    /~quux/
RewriteCond    %{REQUEST_FILENAME}  -d
RewriteRule    ^(.+[^/])$           $1/  [R]

ϰ URL Ŭ

Ȳ:

Ʈ ϰ ϰ URL ʹ. , (ǻ Ͽ !) URL ! ̸ οؾ Ѵ: URL Īϸ ȵȴ. ڵ Ѵ.

ذå:

, ׷, ü ġ (л) ܺθʿ ´. ܺθ ̴

user1  server_of_user1
user2  server_of_user2
:      :

map.xxx-to-host Ͽ ߴ. URL ٸ URL,

/u/user/anypath
/g/group/anypath
/e/entity/anypath

̷Ѵ

http://physical-host/u/user/anypath
http://physical-host/g/group/anypath
http://physical-host/e/entity/anypath

Ʒ Ģ Ͽ ۾ Ѵ (server0 ʿ ׸ ⺻ Ѵ):

RewriteEngine on

RewriteMap      user-to-host   txt:/path/to/map.user-to-host
RewriteMap     group-to-host   txt:/path/to/map.group-to-host
RewriteMap    entity-to-host   txt:/path/to/map.entity-to-host

RewriteRule   ^/u/([^/]+)/?(.*)   http://${user-to-host:$1|server0}/u/$1/$2
RewriteRule   ^/g/([^/]+)/?(.*)  http://${group-to-host:$1|server0}/g/$1/$2
RewriteRule   ^/e/([^/]+)/?(.*) http://${entity-to-host:$1|server0}/e/$1/$2

RewriteRule   ^/([uge])/([^/]+)/?$          /$1/$2/.www/
RewriteRule   ^/([uge])/([^/]+)/([^.]+.+)   /$1/$2/.www/$3\

Ȩ丮 ٸ

Ȳ:

ڴ Ȩ丮 ٸ ذå . ü ο ϴµ ð ɸ 쿡 ʿϴ.

ذå:

mod_rewrite ϸ ϴ. /~user/anypath URL http://newserver/~user/anypath ̷ϸ ȴ.

RewriteEngine on
RewriteRule   ^/~(.+)  http://newserver/~$1  [R,L]

Ȩ丮

Ȳ:

ڰ õ Ʈ Ȩ丮 . , ̸ ڸ ù° 丮 Ȩ丮 д. ׷, /~foo/anypath /home/f/foo/.www/anypath̰, /~bar/anypath /home/b/bar/.www/anypath̴.

ذå:

ǥð ִ URL ȯϱ Ģ Ѵ.

RewriteEngine on
RewriteRule   ^/~(([a-z])[a-z0-9]+)(.*)  /home/$2/$1/.www$3

Ͻý 籸

Ȳ:

Ƿ ϵھ̴: 丮 RewriteRules ſ Ͽ ڷ ü ״ ü ڷḦ ڿ ¡ϵ Ѵ. : 1992 Ӱ ִ н Ʈ net.sw Ƶΰ ־. ̴ ǻͰ ϸ鼭 ص ð ý ڿ Ʈ ڸ ؿԱ⶧ ̴. ָ Ʈ ߰ 丮 Դ:

drwxrwxr-x   2 netsw  users    512 Aug  3 18:39 Audio/
drwxrwxr-x   2 netsw  users    512 Jul  9 14:37 Benchmark/
drwxrwxr-x  12 netsw  users    512 Jul  9 00:34 Crypto/
drwxrwxr-x   5 netsw  users    512 Jul  9 00:41 Database/
drwxrwxr-x   4 netsw  users    512 Jul 30 19:25 Dicts/
drwxrwxr-x  10 netsw  users    512 Jul  9 01:54 Graphic/
drwxrwxr-x   5 netsw  users    512 Jul  9 01:58 Hackers/
drwxrwxr-x   8 netsw  users    512 Jul  9 03:19 InfoSys/
drwxrwxr-x   3 netsw  users    512 Jul  9 03:21 Math/
drwxrwxr-x   3 netsw  users    512 Jul  9 03:24 Misc/
drwxrwxr-x   9 netsw  users    512 Aug  1 16:33 Network/
drwxrwxr-x   2 netsw  users    512 Jul  9 05:53 Office/
drwxrwxr-x   7 netsw  users    512 Jul  9 09:24 SoftEng/
drwxrwxr-x   7 netsw  users    512 Jul  9 12:17 System/
drwxrwxr-x  12 netsw  users    512 Aug  3 20:15 Typesetting/
drwxrwxr-x  10 netsw  users    512 Jul  9 14:08 X11/

1996 7 Ҹ ִ ̽ ϱ ޴. "ִ" , ֻ 丮 CGI ũƮ ʰ, ϱ ٶٴ ̴. ? Ҹ ߿ FTPε ֵ ̿⶧ ̳ CGI õ α Ⱦ.

ذå:

ذå κ : 丮 ؿ ʿ CGI ũƮ ʿϴ. ũƮ /e/netsw/.www/ ξ:

-rw-r--r--   1 netsw  users    1318 Aug  1 18:10 .wwwacl
drwxr-xr-x  18 netsw  users     512 Aug  5 15:51 DATA/
-rw-rw-rw-   1 netsw  users  372982 Aug  5 16:35 LOGFILE
-rw-r--r--   1 netsw  users     659 Aug  4 09:27 TODO
-rw-r--r--   1 netsw  users    5697 Aug  1 18:01 netsw-about.html
-rwxr-xr-x   1 netsw  users     579 Aug  2 10:33 netsw-access.pl
-rwxr-xr-x   1 netsw  users    1532 Aug  1 17:35 netsw-changes.cgi
-rwxr-xr-x   1 netsw  users    2866 Aug  5 14:49 netsw-home.cgi
drwxr-xr-x   2 netsw  users     512 Jul  8 23:47 netsw-img/
-rwxr-xr-x   1 netsw  users   24050 Aug  5 15:49 netsw-lsdir.cgi
-rwxr-xr-x   1 netsw  users    1589 Aug  3 18:43 netsw-search.cgi
-rwxr-xr-x   1 netsw  users    1885 Aug  1 17:41 netsw-tree.cgi
-rw-r--r--   1 netsw  users     234 Jul 30 16:35 netsw-unlimit.lst

DATA/ 丮 Ұ ִ. net.sw rdist Ͽ ڵ ´. ι° κ Ҵ:  ϳ ڿ URL ϴ°? ڿ DATA/ 丮 ߰, URL CGI ũƮ ϰ ʹ. ذå : DocumentRoot URL /net.sw/ /e/netsw ۼϱ 丮 Ͽ Ѵ:

RewriteRule  ^net.sw$       net.sw/        [R]
RewriteRule  ^net.sw/(.*)$  e/netsw/$1

ù° Ģ û ؼ ߴ! ι° Ģ ۾ Ѵ. ׸ 丮 /e/netsw/.www/.wwwacl ´:

Options       ExecCGI FollowSymLinks Includes MultiViews

RewriteEngine on

#   κ /net.sw/  Ѵ
RewriteBase   /net.sw/

#   ֻ 丮
#  cgi ũƮ ۼѴ
RewriteRule   ^$                       netsw-home.cgi     [L]
RewriteRule   ^index\.html$            netsw-home.cgi     [L]

#   丮  û 
#  丮 Ѵ
RewriteRule   ^.+/(netsw-[^/]+/.+)$    $1                 [L]

#   ۼ ģ
RewriteRule   ^netsw-home\.cgi.*       -                  [L]
RewriteRule   ^netsw-changes\.cgi.*    -                  [L]
RewriteRule   ^netsw-search\.cgi.*     -                  [L]
RewriteRule   ^netsw-tree\.cgi$        -                  [L]
RewriteRule   ^netsw-about\.html$      -                  [L]
RewriteRule   ^netsw-img/.*$           -                  [L]

#  ٸ cgi ũƮ ó
#  丮 Ҵ
RewriteRule   !^netsw-lsdir\.cgi.*     -                  [C]
RewriteRule   (.*)                     netsw-lsdir.cgi/$1

ؼ Ʈ:

  1. ׹° κп ü ʵ('-') L (last) ÷װ ָ϶
  2. κп ù° Ģ ! (not) ڿ C (chain) ÷׸ ָ϶
  3. Ģ Ÿ ش ʴ 츦 Ƴ ָ϶

NCSA imagemap ġ mod_imagemap

Ȳ:

NCSA ġ ڿ Űܰ ٶ. ׷ NCSA imagemap α׷ ġ mod_imagemap óϱ ٶ. imagemap α׷ /cgi-bin/imagemap/path/to/page.map ϴ ۸ũ ٴ ̴. ġ /path/to/page.map û ޾ƾ Ѵ.

ذå:

û պκ ϴ Ģ Ѵ:

RewriteEngine  on
RewriteRule    ^/cgi-bin/imagemap(.*)  $1  [PT]

丮 ˻

Ȳ:

丮 ãƾ ִ. MultiViews ٸ ȵȴ.

ذå:

丮 ã Ģ α׷Ѵ.

RewriteEngine on

#    custom/ ã õϰ...
#   ...ã !
RewriteCond         /your/docroot/dir1/%{REQUEST_FILENAME}  -f
RewriteRule  ^(.+)  /your/docroot/dir1/$1  [L]

#   ι° pub/ ã õѴ...
#   ...ã !
RewriteCond         /your/docroot/dir2/%{REQUEST_FILENAME}  -f
RewriteRule  ^(.+)  /your/docroot/dir2/$1  [L]

#   ã ٸ Alias ScriptAlias þ  Ѵ.
RewriteRule   ^(.+)  -  [PT]

URL ȯ溯 Ѵ

Ȳ:

û鰣 ϱ URL ڵϴ ִ. ׷ ϱ CGI wrapper ϰ ʴ.

ذå:

ۼ Ģ Ͽ ϰ, ߿ XSSI CGI ϱ ȯ溯 Ѵ. ׷ URL /foo/S=java/bar/ /foo/bar/ ȯǰ STATUS ȯ溯 "java" Ѵ.

RewriteEngine on
RewriteRule   ^(.*)/S=([^/]+)/(.*)    $1/$3 [E=STATUS:$2]

ȣƮ

Ȳ:

ȣƮ ʰ ǻͷ DNS A ڵ带 Ͽ www.username.host.domain.com Ȩ ϰ ʹ.

ذå:

HTTP/1.0 û , Host: HTTP HTTP/1.1 û Ģ Ͽ http://www.username.host.com/anypath /home/username/anypath ۼ ִ:

RewriteEngine on
RewriteCond   %{HTTP_HOST}                 ^www\.[^.]+\.host\.com$
RewriteRule   ^(.+)                        %{HTTP_HOST}$1          [C]
RewriteRule   ^www\.([^.]+)\.host\.com(.*) /home/$1$2

Ȩ丮 ܺ ̷

Ȳ:

ourdomain.com ۿ û Ȩ丮 URL ٸ www.somewhere.com ٸϱ ٶ. ȣƮ ҿ Ѵ.

ذå:

ۼ ϸ ȴ:

RewriteEngine on
RewriteCond   %{REMOTE_HOST}  !^.+\.ourdomain\.com$
RewriteRule   ^(/~.+)         http://www.somewhere.com/$1 [R,L]

URL ٸ ̷

Ȳ:

URL ۼ ؼ A ش B û ̷ϴ . Perl ۼ ErrorDocument CGI ũƮ , mod_rewrite ϴ ִ. ׷ ErrorDocument CGI ũƮ ϶!

ذå:

ù° ʴ:

RewriteEngine on
RewriteCond   /your/docroot/%{REQUEST_FILENAME} !-f
RewriteRule   ^(.+)                             http://webserverB.dom/$1

DocumentRoot ȿ ִ ϴٴ ̴. ( Ȩ丮 ) ߰ , ִ:

RewriteEngine on
RewriteCond   %{REQUEST_URI} !-U
RewriteRule   ^(.+)          http://webserverB.dom/$1

mod_rewrite URL (look-ahead) Ѵ. ׷ URL ϰ ϴ. ׷ û û ѹ ϱ⶧ ɿ ǿ ش. ׷ CPU Ѵٸ ϶. ǻͰ ٸ ù° ̳ ErrorDocument CGI ũƮ ϶.

Ȯ ̷

Ȳ:

̷ϴ URL ʿ䰡 ִ. ġ URL escape Լ "url#anchor" URL anchor escapeѴ. ġ uri_escape() Լ 칰(#) escapeϹǷ . ׷  ̷ URL ̷ ֳ?

ذå:

̷ϴ NPH-CGI ũƮ ذå ʿϴ. escape ʱ⶧̴ (NPH=non-parseable headers). Ͽ (ۼ Ģ κп ؾ Ѵ) ο URL scheme xredirect: Ѵ:

RewriteRule ^xredirect:(.+) /path/to/nph-xredirect.cgi/$1 \
            [T=application/x-httpd-cgi,L]

׷ xredirect: ϴ URL nph-xredirect.cgi α׷ ϰ ȴ. α׷ :

#!/path/to/perl
##
##  nph-xredirect.cgi -- NPH/CGI script for extended redirects
##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
##

$| = 1;
$url = $ENV{'PATH_INFO'};

print "HTTP/1.0 302 Moved Temporarily\n";
print "Server: $ENV{'SERVER_SOFTWARE'}\n";
print "Location: $url\n";
print "Content-type: text/html\n";
print "\n";
print "<html>\n";
print "<head>\n";
print "<title>302 Moved Temporarily (EXTENDED)</title>\n";
print "</head>\n";
print "<body>\n";
print "<h1>Moved Temporarily (EXTENDED)</h1>\n";
print "The document has moved <a HREF=\"$url\">here</a>.<p>\n";
print "</body>\n";
print "</html>\n";

##EOF##

׷ mod_rewrite ϴ URL scheme ̷ ִ. , news:newsgroup ̷ ִ

RewriteRule ^anyurl  xredirect:news:newsgroup
: Ư "" Ģ Ͽ xredirect: Ȯؾ ϱ⶧ Ģ [R]̳ [R,L] ϸ ȵȴ.

߰(multiplexer)

Ȳ:

http://www.perl.com/CPAN ִ CPAN (Comprehensive Perl Archive Network) ƴ°? ּҴ 迡 CPAN ̷ FTP Ŭ̾Ʈ ִ ̷Ѵ. ̸ FTP ߰ 񽺶 Ѵ. CPAN CGI ũƮ , mod_rewrite Ͽ ϰ ?

ذå:

mod_rewrite 3.0.0 ̷ǿ "ftp:" scheme ִ. Ŭ̾Ʈ ֻ RewriteMap Ͽ ġ ִ. Ģ ֻ ߰ Ű Ѵ.

RewriteEngine on
RewriteMap    multiplex                txt:/path/to/map.cxan
RewriteRule   ^/CxAN/(.*)              %{REMOTE_HOST}::$1                 [C]
RewriteRule   ^.+\.([a-zA-Z]+)::(.*)$  ${multiplex:$1|ftp.default.dom}$2  [R,L]

##
##  map.cxan -- Multiplexing Map for CxAN
##

de        ftp://ftp.cxan.de/CxAN/
uk        ftp://ftp.cxan.uk/CxAN/
com       ftp://ftp.cxan.com/CxAN/
 :
##EOF##

ð ۼ

Ȳ:

ð ٸ ϴ ڴ Ư ̷ϱ CGI ũƮ Ѵ. mod_rewriteδ  ִ°?

ذå:

ۼ ǿ ִ TIME_xxx ִ. Ư <STRING, >STRING, =STRING Ͽ ð ̷ ִ:

RewriteEngine on
RewriteCond   %{TIME_HOUR}%{TIME_MIN} >0700
RewriteCond   %{TIME_HOUR}%{TIME_MIN} <1900
RewriteRule   ^foo\.html$             foo.day.html
RewriteRule   ^foo\.html$             foo.night.html

URL foo.html ûϸ 07:00-19:00 foo.day.html ϰ, ð foo.night.html Ѵ. Ȩ ϱ ̴...

YYYY XXXX ȣȯ

Ȳ:

.html .phtml ȯϴ document.YYYY document.XXXX ȣȯ(backward compatibility) URL ( ϰ) ֳ?

ذå:

̸ ⺻̸ ۼ ο Ȯڸ ִ ˻Ѵ. ִٸ ϸ ϰ, URL · ۼѴ.

#   .html  
#   .phtml  ִ 
#   .html  .phtml 
#   ۼϴ ȣȯ Ģ
RewriteEngine on
RewriteBase   /~quux/
#   ⺻̸ ã, ãҴٴ  Ѵ
RewriteRule   ^(.*)\.html$              $1      [C,E=WasHTML:yes]
#    ִٸ .phtml  ۼѴ
RewriteCond   %{REQUEST_FILENAME}.phtml -f
RewriteRule   ^(.*)$ $1.phtml                   [S=1]
#   ƴϸ տ ã ⺻̸ ǵ
RewriteCond   %{ENV:WasHTML}            ^yes$
RewriteRule   ^(.*)$ $1.html
top

ٷ

(߱)

Ȳ:

ֱ foo.html bar.html ϰ ȣȯ URL ϰ ʹٰ . ڴ URL Ǿٴ ġä Ѵ.

ذå:

Ģ URL ο URL ۼѴ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo\.html$  bar.html

(˸)

Ȳ:

ٽ foo.html bar.html ϰ ȣȯ URL ϰ ʹٰ . ׷ URL ϸ ڿ ο URL Ʈ ˷ش. , ּâ Ѵ.

ذå:

ο URL HTTP ̷ϴ. ׷ ο URL ̰ ڰ ˰Եȴ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo\.html$  bar.html  [R]

Ȳ:

ּ ߿ ֻ ȭ ؾ 찡 ִ. , ֽ Netscape Դ ֻ , Lynx Դ , Ѵ.

ذå:

ڽ ʱ⶧ . HTTP "User-Agent" Ѵ. Ģ HTTP "User-Agent" "Mozilla/3" ϸ foo.html foo.NS.html ۼϰ ۼ ߴѴ. "Lynx" "Mozilla" 1 Ȥ 2 URL foo.20.html ȴ. foo.32.html ޴´. Ʒ Ģ ۾ Ѵ:

RewriteCond %{HTTP_USER_AGENT}  ^Mozilla/3.*
RewriteRule ^foo\.html$         foo.NS.html          [L]

RewriteCond %{HTTP_USER_AGENT}  ^Lynx/.*         [OR]
RewriteCond %{HTTP_USER_AGENT}  ^Mozilla/[12].*
RewriteRule ^foo\.html$         foo.20.html          [L]

RewriteRule ^foo\.html$         foo.32.html          [L]

̷

Ȳ:

ܺ ȣƮ 츮 Ʈ ִٰ . FTP ܺ ڷ ֽź纻 ϴ mirror α׷ ְ, HTTP ۾ ϴ webcopy α׷ ִ. ׷ ִ: 纻 α׷ ֽ ȴ. ؾϴ ̷ ƴ϶ ڴ. (ܺ ȣƮ ڷᰡ ŵǸ) ʿҶ ڵ ڷḦ ϴ ̷ ʿϴ.

ذå:

̸ Proxy Throughput[P]) Ͽ ܺ Ȥ ܺ ü 츮 ̸ Ѵ:

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^hotsheet/(.*)$  http://www.tstimpreso.com/hotsheet/$1  [P]

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^usa-news\.html$   http://www.quux-corp.com/news/index.html  [P]

̷

Ȳ:
...
ذå:
RewriteEngine on
RewriteCond   /mirror/of/remotesite/$1           -U
RewriteRule   ^http://www\.remotesite\.com/(.*)$ /mirror/of/remotesite/$1

ڷḦ Ʈݿ

Ȳ:

ڷḦ ȭ ȣϴ () Ʈ (www2.quux-corp.dom) ϸ鼭, (ܺ) ͳ (www.quux-corp.dom) ϴ ó ̰ Ѵ. ܺ û ڷḦ ´.

ذå:

ȭ ȣϰ ܺ ڷḦ ְ Ѵ. Ŷ͸ ȭ Ѵ:

ALLOW Host www.quux-corp.dom Port >1024 --> Host www2.quux-corp.dom Port 80
DENY  Host *                 Port *     --> Host www2.quux-corp.dom Port 80

˸° Ķ. ڷḦ proxy throughput ûϴ mod_rewrite Ģ ۼѴ:

RewriteRule ^/~([^/]+)/?(.*)          /home/$1/.www/$2
RewriteCond %{REQUEST_FILENAME}       !-f
RewriteCond %{REQUEST_FILENAME}       !-d
RewriteRule ^/home/([^/]+)/.www/?(.*) http://www2.quux-corp.dom/~$1/pub/$2 [P]

ε뷱 ( лϱ)

Ȳ:

www.foo.com ŷ www[0-5].foo.com ( 6) лϰ ʹ.  ϴ°?

ذå:

ſ پ ذ ִ. DNS ˷ ϰ, mod_rewrite ϴ 츦 캸:

  1. DNS Round-Robin

    ε뷱 BIND DNS round-robin ϴ ̴. DNS A(address) ڵ忡 www[0-9].foo.com Ѵ.

    www0   IN  A       1.2.3.1
www1   IN  A       1.2.3.2
www2   IN  A       1.2.3.3
www3   IN  A       1.2.3.4
www4   IN  A       1.2.3.5
www5   IN  A       1.2.3.6

    ׸ ׸ ߰Ѵ:

    www    IN  CNAME   www0.foo.com.
       IN  CNAME   www1.foo.com.
       IN  CNAME   www2.foo.com.
       IN  CNAME   www3.foo.com.
       IN  CNAME   www4.foo.com.
       IN  CNAME   www5.foo.com.
       IN  CNAME   www6.foo.com.

    ߸ ó , BIND ǵ ̴. www.foo.com ã, BIND Ź ݾ ٲ㰡 www0-www6 ȯѴ. ׷ Ŭ̾Ʈ лѴ. ׷ DNS ˻ Ʈ ٸ Ӽ ijǿ www.foo.com ã Ư wwwN.foo.com̸ Ŭ̾Ʈ û鵵 wwwN.foo.com ⶧ Ϻ ε뷱 ƴ ϶. ׷ ũ û лǹǷ ȿ .

  2. DNS ε뷱

    http://www.stanford.edu/~schemers/docs/lbnamed/lbnamed.html ִ lbnamed α׷ Ͽ DNS ε뷱 ִ. DNS ε뷱 ϵ Perl 5 α׷̴.

  3. Proxy Throughput Round-Robin

    mod_rewrite proxy throughput Ѵ. DNS ׸ Ͽ www0.foo.com www.foo.com ϰ Ѵ

    www    IN  CNAME   www0.foo.com.

    ׸ www0.foo.com Ͻ Ѵ. , URL Ͻø ٸ 5 (www1-www5) Ѵ ⸸ Ѵ. ̸ URL ε뷱 ũƮ lb.pl Ģ .

    RewriteEngine on
RewriteMap    lb      prg:/path/to/lb.pl
RewriteRule   ^/(.+)$ ${lb:$1}           [P,L]

    lb.pl ۼѴ:

    #!/path/to/perl
##
##  lb.pl -- ε뷱 ũƮ
##

$| = 1;

$name   = "www";     # ⺻ ȣƮ
$first  = 1;         # ù°  (ڽ 0̱ , 0  ʴ´)
$last   = 5;         # round-robin  
$domain = "foo.dom"; # θ

$cnt = 0;
while (<STDIN>) {
    $cnt = (($cnt+1) % ($last+1-$first));
    $server = sprintf("%s%d.%s", $name, $cnt+$first, $domain);
    print "http://$server/$_";
}

##EOF##
    : Ѱ? www0.foo.com δ ʴ°? , δ ȴ. ׷ ܼ proxy throughput û ϱ⶧ ! SSI, CGI, ePerl ٸ óѴ. ̰ ٽ̴.
  4. ϵ/TCP Round-Robin

    ϵ ذå ִ. Cisco TCP/IP ؿ ε뷱 ϴ LocalDirector Ǵ. δ մܿ ġϴ ȸμ Ʈ̴. ڱ ϰ ذå ʿϴٸ ̰ ϶.

ο MIME-type, ο

Ȳ:

Ʈ CGI α׷ . ׷ ϱ ŷ ڰ ʴ´. ġ MIME-type Action ڵ鷯 ɵ CGI α׷ Ư URL (Ȯ PATH_INFO QUERY_STRINGS) α׷ Է ϴ. , Ȯڰ (secure CGI ٿ) .scgi cgiwrap α׷ óϱ ο type Ѵ. ( ) ϰ URL ϴ Ȩ丮 /u/user/foo/bar.scgi URL ̴. cgiwrap /~user/foo/bar.scgi/ URL ϱ⶧̴. Ģ ذѴ:

RewriteRule ^/[uge]/([^/]+)/\.www/(.+)\.scgi(.*) ...
... /internal/cgi/user/cgiwrap/~$1/$2.scgi$3  [NS,T=application/x-http-cgi]

ٸ α׷, (URL Ʈ access.log ϴ) wwwlog (URL Ʈ Glimpse ϴ) wwwidx ִٰ . 츮 α׷ ۾ URL ˷ Ѵ. ׷ ûҶ ׻ ϱ⶧ ʴ. , /u/user/foo/ swwidx α׷ Ѵٸ ũ Ѵ

/internal/cgi/user/swwidx?i=/u/user/foo/

ʴ. ũ ġ CGI ġ ϱ⶧̴. 籸Ѵٸ ۸ũ ϴµ ð ɸ ̴.

ذå:

ذå ڵ CGI ϴ ο Ư URL ̴. Ѵ:

RewriteRule   ^/([uge])/([^/]+)(/?.*)/\*  /internal/cgi/user/wwwidx?i=/$1/$2$3/
RewriteRule   ^/([uge])/([^/]+)(/?.*):log /internal/cgi/user/wwwlog?f=/$1/$2$3

/u/user/foo/ ˻ϴ ũ 

HREF="*"
/u/user/foo/* (???)

ڵȯȴ

/internal/cgi/user/wwwidx?i=/u/user/foo/

ũ ڿ :log Ͽ α CGI α׷ ִ.

Ȳ:

 ڰ 𸣰 ڿ foo.html foo.cgi ֳ.

ذå:

URL CGI ũƮ ۼϰ, MIME-type Ͽ CGI ũƮ ϰ Ѵ. ׷ /~quux/foo.html ûϸ /~quux/foo.cgi ϰ ȴ.

RewriteEngine  on
RewriteBase    /~quux/
RewriteRule    ^foo\.html$  foo.cgi  [T=application/x-httpd-cgi]

Ȳ:

Ƿ ̴: , Ѵ. , ϰ (Ͻýۿ ״) ޵, Ѵ. ׷ (Ȥ cron ۾) ʴ CGI Ѵ. Ѵ.

ذå:
Ģ Ѵ: 
RewriteCond %{REQUEST_FILENAME}   !-s
RewriteRule ^page\.html$          page.cgi   [T=application/x-httpd-cgi,L]

page.html ûҶ page.html ų ũⰡ 0 page.cgi Ѵ. ⼭ page.cgi Ϲ CGI ũƮ STDOUT ϰ, ߰ page.html Ͽ ´. ѹ page.html . ڰ ϰ ʹٸ, ( cron ۾) page.html ⸸ ϸ ȴ.

ڵ ħϴ

Ȳ:

鶧 ڰ ڵ ħϴ 󸶳 ? ҰѰ?

ذå:

ϴ! MIME multipart ɰ NPH , mod_rewrite URL ɷ ϸ ȴ. , ο URL : URL :refresh ߰ϱ⸸ ϸ Ͻýۿ ħѴ.

RewriteRule   ^(/[uge]/[^/]+/?.*):refresh  /internal/cgi/apache/nph-refresh?f=$1

URL ϸ

/u/foo/bar/page.html:refresh

URL θ

/internal/cgi/apache/nph-refresh?f=/u/foo/bar/page.html

NPH-CGI ũƮ Ҵ. "ڿ ܵ"̶ ;-) ̰͵ Ѵ.

#!/sw/bin/perl
##
##  nph-refresh -- NPH/CGI script for auto refreshing pages
##  Copyright (c) 1997 Ralf S. Engelschall, All Rights Reserved.
##
$| = 1;

#   split the QUERY_STRING variable
@pairs = split(/&/, $ENV{'QUERY_STRING'});
foreach $pair (@pairs) {
    ($name, $value) = split(/=/, $pair);
    $name =~ tr/A-Z/a-z/;
    $name = 'QS_' . $name;
    $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    eval "\$$name = \"$value\"";
}
$QS_s = 1 if ($QS_s eq '');
$QS_n = 3600 if ($QS_n eq '');
if ($QS_f eq '') {
    print "HTTP/1.0 200 OK\n";
    print "Content-type: text/html\n\n";
    print "&lt;b&gt;ERROR&lt;/b&gt;: No file given\n";
    exit(0);
}
if (! -f $QS_f) {
    print "HTTP/1.0 200 OK\n";
    print "Content-type: text/html\n\n";
    print "&lt;b&gt;ERROR&lt;/b&gt;: File $QS_f not found\n";
    exit(0);
}

sub print_http_headers_multipart_begin {
    print "HTTP/1.0 200 OK\n";
    $bound = "ThisRandomString12345";
    print "Content-type: multipart/x-mixed-replace;boundary=$bound\n";
    &print_http_headers_multipart_next;
}

sub print_http_headers_multipart_next {
    print "\n--$bound\n";
}

sub print_http_headers_multipart_end {
    print "\n--$bound--\n";
}

sub displayhtml {
    local($buffer) = @_;
    $len = length($buffer);
    print "Content-type: text/html\n";
    print "Content-length: $len\n\n";
    print $buffer;
}

sub readfile {
    local($file) = @_;
    local(*FP, $size, $buffer, $bytes);
    ($x, $x, $x, $x, $x, $x, $x, $size) = stat($file);
    $size = sprintf("%d", $size);
    open(FP, "&lt;$file");
    $bytes = sysread(FP, $buffer, $size);
    close(FP);
    return $buffer;
}

$buffer = &readfile($QS_f);
&print_http_headers_multipart_begin;
&displayhtml($buffer);

sub mystat {
    local($file) = $_[0];
    local($time);

    ($x, $x, $x, $x, $x, $x, $x, $x, $x, $mtime) = stat($file);
    return $mtime;
}

$mtimeL = &mystat($QS_f);
$mtime = $mtime;
for ($n = 0; $n &lt; $QS_n; $n++) {
    while (1) {
        $mtime = &mystat($QS_f);
        if ($mtime ne $mtimeL) {
            $mtimeL = $mtime;
            sleep(2);
            $buffer = &readfile($QS_f);
            &print_http_headers_multipart_next;
            &displayhtml($buffer);
            sleep(5);
            $mtimeL = &mystat($QS_f);
            last;
        }
        sleep($QS_s);
    }
}

&print_http_headers_multipart_end;

exit(0);

##EOF##

뷮 ȣƮ

Ȳ:

ȣƮ  ִٸ ġ <VirtualHost> Ѵ. ׷ ȣƮ 鰳 ִ ISP ּ ƴϴ.

ذå:

Ϸ Proxy Throughput[P]) Ͽ ܺ Ȥ ü ܺ 츮 ̸ Ѵ:

##
##  vhost.map
##
www.vhost1.dom:80  /path/to/docroot/vhost1
www.vhost2.dom:80  /path/to/docroot/vhost2
     :
www.vhostN.dom:80  /path/to/docroot/vhostN

##
##  httpd.conf
##
    :
#   ̷ƮҶ  ȣƮ Ѵ.
UseCanonicalName on

    :
#   ȣƮ CLF  տ ߰Ѵ
CustomLog  /path/to/access_log  "%{VHOST}e %h %l %u %t \"%r\" %>s %b"
    :

#   ּ ۼ  Ѵ
RewriteEngine on

#     Ѵ: ϳ URL ġ,
#   ٸ ϳ ȣƮ DocumentRoot
#   Ѵ.
RewriteMap    lowercase    int:tolower
RewriteMap    vhost        txt:/path/to/vhost.map

#    ũ  Ģ Ѱ Ͽ
#   ȣƮ Ѵ.
#
#   1. ȣƮ  ϴ ġ  ʴ´
RewriteCond   %{REQUEST_URL}  !^/commonurl1/.*
RewriteCond   %{REQUEST_URL}  !^/commonurl2/.*
    :
RewriteCond   %{REQUEST_URL}  !^/commonurlN/.*
#
#   2. 츮  ϴ  Host 
#      ȣƮ ϹǷ
#      Host  ִ ȮѴ
RewriteCond   %{HTTP_HOST}  !^$
#
#   3. ȣƮ ҹڷ 
RewriteCond   ${lowercase:%{HTTP_HOST}|NONE}  ^(.+)$
#
#   4. vhost.map ȣƮ ã
#      ϶ Ѵ
#      ( "NONE" ƴϴ)
RewriteCond   ${vhost:%1}  ^(/.*)$
#
#   5.  URL  ġ ϰ
#      α׿  ȣƮ  д
RewriteRule   ^/(.*)$   %1/$1  [E=VHOST:${lowercase:%{HTTP_HOST}}]
    :
top

κ

Ȳ:

 ϸ Ư ܾ κ ֳ? "Robot Exclusion Protocol" ׸ /robots.txt ̷ κ µ ʴ.

ذå:

(Ƹ 丮  κ ƴٴϸ δ ū ) /~quux/foo/arc/ ִ URL źϴ Ģ Ѵ. 츮 Ư κ ƾ Ѵ. , κ ϴ ȣƮ δ ϸ, ȣƮ ڵ ƹ ȴ. User-Agent HTTP Ѵ.

RewriteCond %{HTTP_USER_AGENT}   ^NameOfBadRobot.*
RewriteCond %{REMOTE_ADDR}       ^123\.45\.67\.[8-9]$
RewriteRule ^/~quux/foo/arc/.+   -   [F]

׸ ۰

Ȳ:

http://www.quux-corp.de/~quux/ ִ GIF ׸ Ѵٰ . ׸ ־, ٸ ڽ ũ Ǵ. ʿ δ ǹǷ ʹ.

ذå:

׸ 100% ȣ , ּ HTTP Referer ִ.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://www.quux-corp.de/~quux/.*$ [NC]
RewriteRule .*\.gif$        -                                    [F]

RewriteCond %{HTTP_REFERER}         !^$
RewriteCond %{HTTP_REFERER}         !.*/foo-with-gif\.html$
RewriteRule ^inlined-in-foo\.gif$   -                        [F]

ȣƮ ź

Ȳ:

 ܺο ȣƮ ֳ?

ذå:

ġ >= 1.3b6:

RewriteEngine on
RewriteMap    hosts-deny  txt:/path/to/hosts.deny
RewriteCond   ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond   ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND
RewriteRule   ^/.*  -  [F]

ġ <= 1.3b6:

RewriteEngine on
RewriteMap    hosts-deny  txt:/path/to/hosts.deny
RewriteRule   ^/(.*)$ ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND}/$1
RewriteRule   !^NOT-FOUND/.* - [F]
RewriteRule   ^NOT-FOUND/(.*)$ ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND}/$1
RewriteRule   !^NOT-FOUND/.* - [F]
RewriteRule   ^NOT-FOUND/(.*)$ /$1

##
##  hosts.deny
##
##  ! ̰ ó   ƴ϶ ̴.
##        mod_rewrite   Ű/  ؼϱ⶧,
##         ׸  ڸ ּ "-" ʿϴ.
##

193.102.180.41 -
bsdti1.sdm.de  -
192.76.162.40  -

Ͻ ź

Ȳ:

 Ư ȣƮ Ȥ Ư ȣƮ ڰ ġ Ͻø ϳ?

ذå:

ġ Ҷ Ͽ mod_rewrite mod_proxy Ʒ(!) ־ Ѵ. ׷ mod_rewrite mod_proxy Ҹ. Ư ȣƮ źϵ Ѵ...

RewriteCond %{REMOTE_HOST} ^badhost\.mydomain\.com$
RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]

...׸ user@host źѴ:

RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST}  ^badguy@badhost\.mydomain\.com$
RewriteRule !^http://[^/.]\.mydomain.com.*  - [F]

Ư

Ȱ:

ſ Ư ʿ ִ. , ̸ ص ˻Ѵ. ̵鿡Ը (mod_auth_basic Basic Auth ޸) ٸ Ѵ.

ذå:

ģ ϵ ۼ Ģ Ѵ:

RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend1@client1.quux-corp\.com$
RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend2@client2.quux-corp\.com$
RewriteCond %{REMOTE_IDENT}@%{REMOTE_HOST} !^friend3@client3.quux-corp\.com$
RewriteRule ^/~quux/only-for-friends/      -                                 [F]

Referer ȯ(deflector)

Ȳ:

"Referer" HTTP ϴ´ ִ URL ȯ⸦ ִ°?

ذå:

Ģ...

RewriteMap  deflector txt:/path/to/deflector.map

RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}} ^-$
RewriteRule ^.* %{HTTP_REFERER} [R,L]

RewriteCond %{HTTP_REFERER} !=""
RewriteCond ${deflector:%{HTTP_REFERER}|NOT-FOUND} !=NOT-FOUND
RewriteRule ^.* ${deflector:%{HTTP_REFERER}} [R,L]

... ۼ ʰ Ѵ:

##
##  deflector.map
##

http://www.badguys.com/bad/index.html    -
http://www.badguys.com/bad/index2.html   -
http://www.badguys.com/bad/index3.html   http://somewhere.com/

׷ û ڵ (ʿ "-" ) (URL ʿ ִ ι° ƱԸƮ) Ư URL ̷Ѵ.

top

Ÿ

ܺ ۼ

Ȳ:

FAQ:  ̷ Ǯ ִ°? mod_rewriteδ ذå Ⱥδ...

ذå:

ܺ RewriteMap ϶. , α׷ RewriteMap Ѵ. α׷ ġ Ҷ Ͽ STDIN û URL ް, ( !) ( ۼ) URL STDOUT Ѵ.

RewriteEngine on
RewriteMap    quux-map       prg:/path/to/map.quux.pl
RewriteRule   ^/~quux/(.*)$  /~quux/${quux-map:$1}

#!/path/to/perl

#   ġ   ʵ
#    ۸  ʴ´
$| = 1;

#   stdin پ URL а
#   stdout ȯ URL Ѵ
while (<>) {
    s|^foo/|bar/|;
    print $_;
}

ϱ /~quux/foo/... URL /~quux/bar/... ۼϴ ũƮ . α׷ ִ. ׷ Ϲ ڰ ̷ ִٰ ϴ, ý ڸ ؾ ϶.

misc/security_tips.html100644 0 0 36312 11237400533 12757 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ֽ ƴմϴ. ֱٿ ϼ.

Ҷ Ʈ ̴.  Ϲ̰,  ġ شϴ ̴.

top

ֽ ϱ

ġ ü ϴ. ׷ ũ ۰ ǥ ߰ߵǴ . ׷ Ʈ ֽŹ ϴ ߿ϴ. ġ ٿεߴٸ, ο Ʈ ˷ִ ġ ǥ ϸƮ ϱ Ѵ. ġ Ʈ ϴ ڵ鵵 񽺸 Ѵ.

ڵ嶧 ϴ ʴ. ׺ ߰ ڵ, CGI ũƮ, ü ϴ 찡 . ׷Ƿ ׻ ϸ ý Ʈ Ʈؾ Ѵ.

top

ServerRoot 丮

root ڰ ġ , û ϱ User þ ڷ ȯѴ. root ϴ ɾ ִٸ, root ̿ ڰ ϵ ؾ Ѵ. ϵ root ־ ϰ, 丮 丮 . , ServerRoot /usr/local/apache Ѵٸ root ڰ 丮 Ѵ:

mkdir /usr/local/apache
cd /usr/local/apache
mkdir bin conf logs
chown 0 . bin conf logs
chgrp 0 . bin conf logs
chmod 755 . bin conf logs

׷ /, /usr, /usr/local root ִ. httpd ġҶ ȣؾ Ѵ:

cp httpd /usr/local/apache/bin
chown 0 /usr/local/apache/bin/httpd
chgrp 0 /usr/local/apache/bin/httpd
chmod 511 /usr/local/apache/bin/httpd

htdocs 丮 ٸ ڵ ֵ ִ -- root װ ִ , ʾƾ Ѵ.

root ƴ ڰ root ϰų Ⱑ ִٸ ý root ĥ ִ. , httpd Ͽٸ Ҷ ڵ带 ϰ ȴ. logs 丮 (root ƴ ڿ) Ⱑϴٸ α ٸ ýϷ ɺũ ɾ root Ͽ ڷḦ  ִ. α (root ƴ ڿ) Ⱑϴٸ α׿ ̻ ڷḦ ִ.

top

Server Side Includes

Server Side Includes (SSI) ڿ Ȼ  ̴.

ù° ϸ ø ̴. ġ Ͽ SSI þ ִ ο SSI мؾ Ѵ. ϰ , ϴ ȯ濡 ɰ ִ.

, SSI Ϲ CGI ũƮ . SSI Ͽ "exec cmd" ϸ httpd.conf ġ ϵ ڿ ׷ CGI ũƮ α׷ ִ.

Ȱϸ鼭 SSI Ű ִ.

SSI ִ ظ ݸϱ ڴ Ϲ CGI ϴ suexec ִ

.html̳ .htm Ȯڸ SSI Ϸ ϴ ϴ. Ư ϰų ŷ ȯ濡 ϴ. SSI Ϲ ϴ .shtml Ȯڸ Ѵ. ׷ ϸ ּȭϰ Ҹ ִ.

ٸ SSI ũƮ α׷ ϵ ̴. Options þ Includes IncludesNOEXEC Ѵ. ׷ ũƮ ScriptAlias þ 丮 ִٸ <--#include virtual="..." --> Ͽ CGI ũƮ ϶.

top

Ϲ CGI

ᱹ ׻ CGI ũƮ/α׷ ڸ ŷؾ ϰ, ǰ Ǽ̰ CGI Ȼ ߰ ־ Ѵ. ⺻ CGI ũƮ ýۿ  ɾ ֱ⶧ ְ Ȯ ſ ϴ.

CGI ũƮ ڷ DZ⶧ ٸ ũƮ (ǰ Ǽ̰) 浹 ɼ ִ. , A B ſ ȾϿ, B CGI ͺ̽ ũƮ ۼ ִ. ġ 1.2 ԵǾ ġ Ư (hook) ϴ suEXEC ũƮ ٸ ڷ ϴ ϳ. ٸ CGIWrap ִ.

top

ScriptAlias CGI

Ҷ ڰ  丮 CGI ũƮ ϵ ִ:

  • ǰ Ǽ̰ ڰ ý ݿ Ű ũƮ ۼ ʴ´ٰ ϴ´.
  • ý ٸ κ ؼ, ϳ  ٰ ϴ .
  • ڰ , Ƹ ƹ 湮ʴ .
top

ScriptAlias CGI

Ư 丮 CGI ֵ ϸ ڴ ̵ 丮 ִ. scriptalias CGI Ȯ ϴ. , ŷϴ ڸ 丮 ְ, ڰ ο CGI ũƮ/α׷ Ȼ ˻ ̰ ִٸ.

κ Ʈ scriptalias CGI Ѵ.

top

ϴ ٸ

mod_php, mod_perl, mod_tcl, mod_python Ϻη ϴ Ӻ ũƮ ڷ (User þ ) DZ⶧, ũƮ ϴ ũƮ ڰ ִ Ϳ ִ.  ũƮ , ϴٰ ʴ .

top

ý ȣϱ

Ϸ ڰ .htaccess Ͽ ȱ ϱ ٶ ̴. ׷ ִ.

Ͽ ߰Ѵ

<Directory />
AllowOverride None
</Directory>

׷ 밡ϵ 丮 ϰ .htaccess .

top

⺻ ִ ȣϱ

ġ ⺻ ٿ ߸ ˰ִ. , Ϲ URL Ģ Ͽ ã ִٸ, Ư ġ ʴ Ŭ̾Ʈ 񽺵 ִ.

, Ʒ :

# cd /; ln -s / public_html
http://localhost/~root/ Ѵ

׷ Ŭ̾Ʈ ü Ͻý ƴٴ ִ. ̸ ġ Ѵ:

<Directory />
Order Deny,Allow
Deny from all
</Directory>

׷ Ͻý ġ ⺻ źεȴ. ϴ ֵ Directory ߰Ѵ.

<Directory /usr/users/*/public_html>
Order Deny,Allow
Allow from all
</Directory>
<Directory /usr/local/httpd>
Order Deny,Allow
Allow from all
</Directory>

Location Directory þ ϴ Ư Ǹ ←. , <Directory /> źϴ <Location /> þ ̸ ִ

UserDir þ ϴ 쿡 ϶. þ "./" ϸ root ڿ ٷ ߻Ѵ. ġ 1.3 ̻ Ѵٸ Ͽ Ʒ ߰ϱ Ѵ:

UserDir disabled root

top

α 캸

־ ִ ˷ α Ѵ. α ̹ Ͼ ϸ ,  ־ ˷ְ ʿ ŭ Ȯϰ ش.

:

grep -c "/jsp/source.jsp?/jsp/ /jsp/source.jsp??" access_log
grep "client denied" error_log | tail -n 10

ù° ߸ Source.JSP û ˾Ƴ ִ Tomcat ̿Ϸ Ƚ ˷ְ, ι° źε ֱ Ŭ̾Ʈ 10 ش:

[Thu Jul 11 17:18:39 2002] [error] [client foo.bar.com] client denied by server configuration: /usr/local/apache/htdocs/.htpasswd

α ̹ ߻ Ǹ Ѵ. ׷ Ŭ̾Ʈ .htpasswd Ͽ ־ٸ α ̴:

foo.bar.com - - [12/Jul/2002:01:59:13 +0200] "GET /.htpasswd HTTP/1.1"

, Ͽ κ ּó ̴:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
<Files>

mod/beos.html100644 0 0 13463 11237400533 10627 0ustar 0 0 beos - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ MPM beos

ֽ ƴմϴ. ֱٿ ϼ.
:BeOS ȭ ó .
:MPM
:mpm_beos_module
ҽ:beos.c

ó (MPM) BeOS ⺻ Ѵ. μ û ó .

top

MaxRequestsPerThread þ

: 尡 ϴ ó û Ѱ
:MaxRequestsPerThread number
⺻:MaxRequestsPerThread 0
:ּ
:MPM
:beos

MaxRequestsPerThread þ 尡 ó û Ѵ. MaxRequestsPerThread û ó ״´. MaxRequestsPerThread 0̸ 带 ʴ´.

MaxRequestsPerThread 0 ƴ ϸ ΰ ִ:

  • (쿬 ߻) ޸ (memory leakage) 尡 ޸𸮷 Ѵ;
  • Ͽ ϰ Ҷ δ.

:

KeepAlive û ù° û . ׷ þ ϰ ȴ.

mod/core.html100644 0 0 567656 11237400533 10671 0ustar 0 0 core - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Core Features

Description:Core Apache HTTP Server features that are always available
Status:Core
top

AcceptFilter Directive

Description:Configures optimizations for a Protocol's Listener Sockets
Syntax:AcceptFilter protocol accept_filter
Context:server config
Status:Core
Module:core
Compatibility:Available in Apache 2.1.5 and later

This directive enables operating system specific optimizations for a listening socket by the Protocol type. The basic premise is for the kernel to not send a socket to the server process until either data is received or an entire HTTP Request is buffered. Only FreeBSD's Accept Filters and Linux's more primitive TCP_DEFER_ACCEPT are currently supported.

The default values on FreeBSD are:

AcceptFilter http httpready
AcceptFilter https dataready

The httpready accept filter buffers entire HTTP requests at the kernel level. Once an entire request is received, the kernel then sends it to the server. See the accf_http(9) man page for more details. Since HTTPS requests are encrypted only the accf_data(9) filter is used.

The default values on Linux are:

AcceptFilter http data
AcceptFilter https data

Linux's TCP_DEFER_ACCEPT does not support buffering http requests. Any value besides none will enable TCP_DEFER_ACCEPT on that listener. For more details see the Linux tcp(7) man page.

Using none for an argument will disable any accept filters for that protocol. This is useful for protocols that require a server send data first, such as nntp:

AcceptFilter nntp none

top

AcceptPathInfo Directive

Description:Resources accept trailing pathname information
Syntax:AcceptPathInfo On|Off|Default
Default:AcceptPathInfo Default
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in Apache 2.0.30 and later

This directive controls whether requests that contain trailing pathname information that follows an actual filename (or non-existent file in an existing directory) will be accepted or rejected. The trailing pathname information can be made available to scripts in the PATH_INFO environment variable.

For example, assume the location /test/ points to a directory that contains only the single file here.html. Then requests for /test/here.html/more and /test/nothere.html/more both collect /more as PATH_INFO.

The three possible arguments for the AcceptPathInfo directive are:

Off
A request will only be accepted if it maps to a literal path that exists. Therefore a request with trailing pathname information after the true filename such as /test/here.html/more in the above example will return a 404 NOT FOUND error.
On
A request will be accepted if a leading path component maps to a file that exists. The above example /test/here.html/more will be accepted if /test/here.html maps to a valid file.
Default
The treatment of requests with trailing pathname information is determined by the handler responsible for the request. The core handler for normal files defaults to rejecting PATH_INFO requests. Handlers that serve scripts, such as cgi-script and isapi-handler, generally accept PATH_INFO by default.

The primary purpose of the AcceptPathInfo directive is to allow you to override the handler's choice of accepting or rejecting PATH_INFO. This override is required, for example, when you use a filter, such as INCLUDES, to generate content based on PATH_INFO. The core handler would usually reject the request, so you can use the following configuration to enable such a script:

<Files "mypaths.shtml">
Options +Includes
SetOutputFilter INCLUDES
AcceptPathInfo On
 </Files>

top

AccessFileName Directive

Description:Name of the distributed configuration file
Syntax:AccessFileName filename [filename] ...
Default:AccessFileName .htaccess
Context:server config, virtual host
Status:Core
Module:core

While processing a request the server looks for the first existing configuration file from this list of names in every directory of the path to the document, if distributed configuration files are enabled for that directory. For example:

AccessFileName .acl

before returning the document /usr/local/web/index.html, the server will read /.acl, /usr/.acl, /usr/local/.acl and /usr/local/web/.acl for directives, unless they have been disabled with

<Directory />
AllowOverride None
 </Directory>

See also

top

AddDefaultCharset Directive

Description:Default charset parameter to be added when a response content-type is text/plain or text/html
Syntax:AddDefaultCharset On|Off|charset
Default:AddDefaultCharset Off
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

This directive specifies a default value for the media type charset parameter (the name of a character encoding) to be added to a response if and only if the response's content-type is either text/plain or text/html. This should override any charset specified in the body of the response via a META element, though the exact behavior is often dependent on the user's client configuration. A setting of AddDefaultCharset Off disables this functionality. AddDefaultCharset On enables a default charset of iso-8859-1. Any other value is assumed to be the charset to be used, which should be one of the IANA registered charset values for use in MIME media types. For example:

AddDefaultCharset utf-8

AddDefaultCharset should only be used when all of the text resources to which it applies are known to be in that character encoding and it is too inconvenient to label their charset individually. One such example is to add the charset parameter to resources containing generated content, such as legacy CGI scripts, that might be vulnerable to cross-site scripting attacks due to user-provided data being included in the output. Note, however, that a better solution is to just fix (or delete) those scripts, since setting a default charset does not protect users that have enabled the "auto-detect character encoding" feature on their browser.

See also

top

AddOutputFilterByType Directive

Description:assigns an output filter to a particular MIME-type
Syntax:AddOutputFilterByType filter[;filter...] MIME-type [MIME-type] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in Apache 2.0.33 and later; deprecated in Apache 2.1 and later

This directive activates a particular output filter for a request depending on the response MIME-type. Because of certain problems discussed below, this directive is deprecated. The same functionality is available using mod_filter.

The following example uses the DEFLATE filter, which is provided by mod_deflate. It will compress all output (either static or dynamic) which is labeled as text/html or text/plain before it is sent to the client.

AddOutputFilterByType DEFLATE text/html text/plain

If you want the content to be processed by more than one filter, their names have to be separated by semicolons. It's also possible to use one AddOutputFilterByType directive for each of these filters.

The configuration below causes all script output labeled as text/html to be processed at first by the INCLUDES filter and then by the DEFLATE filter.

<Location /cgi-bin/>
Options Includes
AddOutputFilterByType INCLUDES;DEFLATE text/html
 </Location>

Note

Enabling filters with AddOutputFilterByType may fail partially or completely in some cases. For example, no filters are applied if the MIME-type could not be determined and falls back to the DefaultType setting, even if the DefaultType is the same.

However, if you want to make sure, that the filters will be applied, assign the content type to a resource explicitly, for example with AddType or ForceType. Setting the content type within a (non-nph) CGI script is also safe.

See also

top

AllowEncodedSlashes Directive

Description:Determines whether encoded path separators in URLs are allowed to be passed through
Syntax:AllowEncodedSlashes On|Off
Default:AllowEncodedSlashes Off
Context:server config, virtual host
Status:Core
Module:core
Compatibility:Available in Apache 2.0.46 and later

The AllowEncodedSlashes directive allows URLs which contain encoded path separators (%2F for / and additionally %5C for \ on according systems) to be used. Normally such URLs are refused with a 404 (Not found) error.

Turning AllowEncodedSlashes On is mostly useful when used in conjunction with PATH_INFO.

Note

Allowing encoded slashes does not imply decoding. Occurrences of %2F or %5C (only on according systems) will be left as such in the otherwise decoded URL string.

See also

top

AllowOverride Directive

Description:Types of directives that are allowed in .htaccess files
Syntax:AllowOverride All|None|directive-type [directive-type] ...
Default:AllowOverride All
Context:directory
Status:Core
Module:core

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier configuration directives.

Only available in <Directory> sections

AllowOverride is valid only in <Directory> sections specified without regular expressions, not in <Location>, <DirectoryMatch> or <Files> sections.

When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.

When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.

The directive-type can be one of the following groupings of directives.

AuthConfig
Allow use of the authorization directives (AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require, etc.).
FileInfo
Allow use of the directives controlling document types (DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter, and mod_mime Add* and Remove* directives, etc.), document meta data (Header, RequestHeader, SetEnvIf, SetEnvIfNoCase, BrowserMatch, CookieExpires, CookieDomain, CookieStyle, CookieTracking, CookieName), mod_rewrite directives RewriteEngine, RewriteOptions, RewriteBase, RewriteCond, RewriteRule) and Action from mod_actions.
Indexes
Allow use of the directives controlling directory indexing (AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.).
Limit
Allow use of the directives controlling host access (Allow, Deny and Order).
Options[=Option,...]
Allow use of the directives controlling specific directory features (Options and XBitHack). An equal sign may be given followed by a comma (but no spaces) separated lists of options that may be set using the Options command.

Example:

AllowOverride AuthConfig Indexes

In the example above all directives that are neither in the group AuthConfig nor Indexes cause an internal server error.

For security and performance reasons, do not set AllowOverride to anything other than None in your <Directory /> block. Instead, find (or create) the <Directory> block that refers to the directory where you're actually planning to place a .htaccess file.

See also

top

AuthName Directive

Description:Authorization realm for use in HTTP authentication
Syntax:AuthName auth-domain
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

This directive sets the name of the authorization realm for a directory. This realm is given to the client so that the user knows which username and password to send. AuthName takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by AuthType and Require directives, and directives such as AuthUserFile and AuthGroupFile to work.

For example:

AuthName "Top Secret"

The string provided for the AuthName is what will appear in the password dialog provided by most browsers.

See also

top

AuthType Directive

Description:Type of user authentication
Syntax:AuthType Basic|Digest
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

This directive selects the type of user authentication for a directory. The authentication types available are Basic (implemented by mod_auth_basic) and Digest (implemented by mod_auth_digest).

To implement authentication, you must also use the AuthName and Require directives. In addition, the server must have an authentication-provider module such as mod_authn_file and an authorization module such as mod_authz_user.

See also

top

CGIMapExtension Directive

Description:Technique for locating the interpreter for CGI scripts
Syntax:CGIMapExtension cgi-path .extension
Context:directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:NetWare only

This directive is used to control how Apache finds the interpreter used to run CGI scripts. For example, setting CGIMapExtension sys:\foo.nlm .foo will cause all CGI script files with a .foo extension to be passed to the FOO interpreter.

top

ContentDigest Directive

Description:Enables the generation of Content-MD5 HTTP Response headers
Syntax:ContentDigest On|Off
Default:ContentDigest Off
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Core
Module:core

This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2616.

MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.

The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit. Example header:

Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==

Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).

Content-MD5 is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.

top

DefaultType Directive

Description:MIME content-type that will be sent if the server cannot determine a type in any other way
Syntax:DefaultType MIME-type|none
Default:DefaultType text/plain
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:The argument none is available in Apache 2.2.7 and later

There will be times when the server is asked to provide a document whose type cannot be determined by its MIME types mappings.

The server SHOULD inform the client of the content-type of the document. If the server is unable to determine this by normal means, it will set it to the configured DefaultType. For example:

DefaultType image/gif

would be appropriate for a directory which contained many GIF images with filenames missing the .gif extension.

In cases where it can neither be determined by the server nor the administrator (e.g. a proxy), it is preferable to omit the MIME type altogether rather than provide information that may be false. This can be accomplished using

DefaultType None

DefaultType None is only available in httpd-2.2.7 and later.

Note that unlike ForceType, this directive only provides the default mime-type. All other mime-type definitions, including filename extensions, that might identify the media type will override this default.

top

<Directory> Directive

Description:Enclose a group of directives that apply only to the named file-system directory and sub-directories
Syntax:<Directory directory-path> ... </Directory>
Context:server config, virtual host
Status:Core
Module:core

<Directory> and </Directory> are used to enclose a group of directives that will apply only to the named directory and sub-directories of that directory. Any directive that is allowed in a directory context may be used. Directory-path is either the full path to a directory, or a wild-card string using Unix shell-style matching. In a wild-card string, ? matches any single character, and * matches any sequences of characters. You may also use [] character ranges. None of the wildcards match a `/' character, so <Directory /*/public_html> will not match /home/user/public_html, but <Directory /home/*/public_html> will match. Example:

<Directory /usr/local/httpd/htdocs>
Options Indexes FollowSymLinks
 </Directory>

Be careful with the directory-path arguments: They have to literally match the filesystem path which Apache uses to access the files. Directives applied to a particular <Directory> will not apply to files accessed from that same directory via a different path, such as via different symbolic links.

Regular expressions can also be used, with the addition of the ~ character. For example:

<Directory ~ "^/www/.*/[0-9]{3}">

would match directories in /www/ that consisted of three numbers.

If multiple (non-regular expression) <Directory> sections match the directory (or one of its parents) containing a document, then the directives are applied in the order of shortest match first, interspersed with the directives from the .htaccess files. For example, with

<Directory />
AllowOverride None
 </Directory>

<Directory /home/>
AllowOverride FileInfo
 </Directory>

for access to the document /home/web/dir/doc.html the steps are:

  • Apply directive AllowOverride None (disabling .htaccess files).
  • Apply directive AllowOverride FileInfo (for directory /home).
  • Apply any FileInfo directives in /home/.htaccess, /home/web/.htaccess and /home/web/dir/.htaccess in that order.

Regular expressions are not considered until after all of the normal sections have been applied. Then all of the regular expressions are tested in the order they appeared in the configuration file. For example, with

<Directory ~ abc$>
# ... directives here ...
 </Directory>

the regular expression section won't be considered until after all normal <Directory>s and .htaccess files have been applied. Then the regular expression will match on /home/abc/public_html/abc and the corresponding <Directory> will be applied.

Note that the default Apache access for <Directory /> is Allow from All. This means that Apache will serve any file mapped from an URL. It is recommended that you change this with a block such as

<Directory />
Order Deny,Allow
Deny from All
 </Directory>

and then override this for directories you want accessible. See the Security Tips page for more details.

The directory sections occur in the httpd.conf file. <Directory> directives cannot nest, and cannot appear in a <Limit> or <LimitExcept> section.

See also

top

<DirectoryMatch> Directive

Description:Enclose directives that apply to file-system directories matching a regular expression and their subdirectories
Syntax:<DirectoryMatch regex> ... </DirectoryMatch>
Context:server config, virtual host
Status:Core
Module:core

<DirectoryMatch> and </DirectoryMatch> are used to enclose a group of directives which will apply only to the named directory and sub-directories of that directory, the same as <Directory>. However, it takes as an argument a regular expression. For example:

<DirectoryMatch "^/www/(.+/)?[0-9]{3}">

would match directories in /www/ that consisted of three numbers.

See also

top

DocumentRoot Directive

Description:Directory that forms the main document tree visible from the web
Syntax:DocumentRoot directory-path
Default:DocumentRoot /usr/local/apache/htdocs
Context:server config, virtual host
Status:Core
Module:core

This directive sets the directory from which httpd will serve files. Unless matched by a directive like Alias, the server appends the path from the requested URL to the document root to make the path to the document. Example:

DocumentRoot /usr/web

then an access to http://www.my.host.com/index.html refers to /usr/web/index.html. If the directory-path is not absolute then it is assumed to be relative to the ServerRoot.

The DocumentRoot should be specified without a trailing slash.

See also

top

EnableMMAP Directive

Description:Use memory-mapping to read files during delivery
Syntax:EnableMMAP On|Off
Default:EnableMMAP On
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

This directive controls whether the httpd may use memory-mapping if it needs to read the contents of a file during delivery. By default, when the handling of a request requires access to the data within a file -- for example, when delivering a server-parsed file using mod_include -- Apache memory-maps the file if the OS supports it.

This memory-mapping sometimes yields a performance improvement. But in some environments, it is better to disable the memory-mapping to prevent operational problems:

  • On some multiprocessor systems, memory-mapping can reduce the performance of the httpd.
  • With an NFS-mounted DocumentRoot, the httpd may crash due to a segmentation fault if a file is deleted or truncated while the httpd has it memory-mapped.

For server configurations that are vulnerable to these problems, you should disable memory-mapping of delivered files by specifying:

EnableMMAP Off

For NFS mounted files, this feature may be disabled explicitly for the offending files by specifying:

<Directory "/path-to-nfs-files"> EnableMMAP Off </Directory>

Please note that the per-directory and .htaccess configuration of EnableSendfile is not supported by mod_disk_cache. Only global definition of EnableSendfile is taken into account by the module.

top

EnableSendfile Directive

Description:Use the kernel sendfile support to deliver files to the client
Syntax:EnableSendfile On|Off
Default:EnableSendfile On
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Available in version 2.0.44 and later

This directive controls whether httpd may use the sendfile support from the kernel to transmit file contents to the client. By default, when the handling of a request requires no access to the data within a file -- for example, when delivering a static file -- Apache uses sendfile to deliver the file contents without ever reading the file if the OS supports it.

This sendfile mechanism avoids separate read and send operations, and buffer allocations. But on some platforms or within some filesystems, it is better to disable this feature to avoid operational problems:

  • Some platforms may have broken sendfile support that the build system did not detect, especially if the binaries were built on another box and moved to such a machine with broken sendfile support.
  • On Linux the use of sendfile triggers TCP-checksum offloading bugs on certain networking cards when using IPv6.
  • On Linux on Itanium, sendfile may be unable to handle files over 2GB in size.
  • With a network-mounted DocumentRoot (e.g., NFS or SMB), the kernel may be unable to serve the network file through its own cache.

For server configurations that are vulnerable to these problems, you should disable this feature by specifying:

EnableSendfile Off

For NFS or SMB mounted files, this feature may be disabled explicitly for the offending files by specifying:

<Directory "/path-to-nfs-files"> EnableSendfile Off </Directory>

top

ErrorDocument Directive

Description:What the server will return to the client in case of an error
Syntax:ErrorDocument error-code document
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Quoting syntax for text messages is different in Apache 2.0

In the event of a problem or error, Apache can be configured to do one of four things,

  1. output a simple hardcoded error message
  2. output a customized message
  3. redirect to a local URL-path to handle the problem/error
  4. redirect to an external URL to handle the problem/error

The first option is the default, while options 2-4 are configured using the ErrorDocument directive, which is followed by the HTTP response code and a URL or a message. Apache will sometimes offer additional information regarding the problem/error.

URLs can begin with a slash (/) for local web-paths (relative to the DocumentRoot), or be a full URL which the client can resolve. Alternatively, a message can be provided to be displayed by the browser. Examples:

ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can't allow you access today"

Additionally, the special value default can be used to specify Apache's simple hardcoded message. While not required under normal circumstances, default will restore Apache's simple hardcoded message for configurations that would otherwise inherit an existing ErrorDocument.

ErrorDocument 404 /cgi-bin/bad_urls.pl

<Directory /web/docs>
ErrorDocument 404 default
 </Directory>

Note that when you specify an ErrorDocument that points to a remote URL (ie. anything with a method such as http in front of it), Apache will send a redirect to the client to tell it where to find the document, even if the document ends up being on the same server. This has several implications, the most important being that the client will not receive the original error status code, but instead will receive a redirect status code. This in turn can confuse web robots and other clients which try to determine if a URL is valid using the status code. In addition, if you use a remote URL in an ErrorDocument 401, the client will not know to prompt the user for a password since it will not receive the 401 status code. Therefore, if you use an ErrorDocument 401 directive then it must refer to a local document.

Microsoft Internet Explorer (MSIE) will by default ignore server-generated error messages when they are "too small" and substitute its own "friendly" error messages. The size threshold varies depending on the type of error, but in general, if you make your error document greater than 512 bytes, then MSIE will show the server-generated error rather than masking it. More information is available in Microsoft Knowledge Base article Q294807.

Although most error messages can be overriden, there are certain circumstances where the internal messages are used regardless of the setting of ErrorDocument. In particular, if a malformed request is detected, normal request processing will be immediately halted and the internal error message returned. This is necessary to guard against security problems caused by bad requests.

Prior to version 2.0, messages were indicated by prefixing them with a single unmatched double quote character.

See also

top

ErrorLog Directive

Description:Location where the server will log errors
Syntax: ErrorLog file-path|syslog[:facility]
Default:ErrorLog logs/error_log (Unix) ErrorLog logs/error.log (Windows and OS/2)
Context:server config, virtual host
Status:Core
Module:core

The ErrorLog directive sets the name of the file to which the server will log any errors it encounters. If the file-path is not absolute then it is assumed to be relative to the ServerRoot.

Example

ErrorLog /var/log/httpd/error_log

If the file-path begins with a pipe (|) then it is assumed to be a command to spawn to handle the error log.

Example

ErrorLog "|/usr/local/bin/httpd_errors"

Using syslog instead of a filename enables logging via syslogd(8) if the system supports it. The default is to use syslog facility local7, but you can override this by using the syslog:facility syntax where facility can be one of the names usually documented in syslog(1).

Example

ErrorLog syslog:user

SECURITY: See the security tips document for details on why your security could be compromised if the directory where log files are stored is writable by anyone other than the user that starts the server.

Note

When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashed are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.

See also

top

FileETag Directive

Description:File attributes used to create the ETag HTTP response header
Syntax:FileETag component ...
Default:FileETag INode MTime Size
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

The FileETag directive configures the file attributes that are used to create the ETag (entity tag) response header field when the document is based on a file. (The ETag value is used in cache management to save network bandwidth.) In Apache 1.3.22 and earlier, the ETag value was always formed from the file's inode, size, and last-modified time (mtime). The FileETag directive allows you to choose which of these -- if any -- should be used. The recognized keywords are:

INode
The file's i-node number will be included in the calculation
MTime
The date and time the file was last modified will be included
Size
The number of bytes in the file will be included
All
All available fields will be used. This is equivalent to:

FileETag INode MTime Size

None
If a document is file-based, no ETag field will be included in the response

The INode, MTime, and Size keywords may be prefixed with either + or -, which allow changes to be made to the default setting inherited from a broader scope. Any keyword appearing without such a prefix immediately and completely cancels the inherited setting.

If a directory's configuration includes FileETag INode MTime Size, and a subdirectory's includes FileETag -INode, the setting for that subdirectory (which will be inherited by any sub-subdirectories that don't override it) will be equivalent to FileETag MTime Size.

Warning

Do not change the default for directories or locations that have WebDAV enabled and use mod_dav_fs as a storage provider. mod_dav_fs uses INode MTime Size as a fixed format for ETag comparisons on conditional requests. These conditional requests will break if the ETag format is changed via FileETag.
top

<Files> Directive

Description:Contains directives that apply to matched filenames
Syntax:<Files filename> ... </Files>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <Files> directive limits the scope of the enclosed directives by filename. It is comparable to the <Directory> and <Location> directives. It should be matched with a </Files> directive. The directives given within this section will be applied to any object with a basename (last component of filename) matching the specified filename. <Files> sections are processed in the order they appear in the configuration file, after the <Directory> sections and .htaccess files are read, but before <Location> sections. Note that <Files> can be nested inside <Directory> sections to restrict the portion of the filesystem they apply to.

The filename argument should include a filename, or a wild-card string, where ? matches any single character, and * matches any sequences of characters. Regular expressions can also be used, with the addition of the ~ character. For example:

<Files ~ "\.(gif|jpe?g|png)$">

would match most common Internet graphics formats. <FilesMatch> is preferred, however.

Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside .htaccess files. This allows users to control access to their own files, at a file-by-file level.

See also

top

<FilesMatch> Directive

Description:Contains directives that apply to regular-expression matched filenames
Syntax:<FilesMatch regex> ... </FilesMatch>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <FilesMatch> directive limits the scope of the enclosed directives by filename, just as the <Files> directive does. However, it accepts a regular expression. For example:

<FilesMatch "\.(gif|jpe?g|png)$">

would match most common Internet graphics formats.

See also

top

ForceType Directive

Description:Forces all matching files to be served with the specified MIME content-type
Syntax:ForceType MIME-type|None
Context:directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Moved to the core in Apache 2.0

When placed into an .htaccess file or a <Directory>, or <Location> or <Files> section, this directive forces all matching files to be served with the content type identification given by MIME-type. For example, if you had a directory full of GIF files, but did not want to label them all with .gif, you might want to use:

ForceType image/gif

Note that unlike DefaultType, this directive overrides all mime-type associations, including filename extensions, that might identify the media type.

You can override any ForceType setting by using the value of None:

# force all files to be image/gif:
<Location /images>
ForceType image/gif
 </Location>

# but normal mime-type associations here:
<Location /images/mixed>
ForceType None
 </Location>

top

HostnameLookups Directive

Description:Enables DNS lookups on client IP addresses
Syntax:HostnameLookups On|Off|Double
Default:HostnameLookups Off
Context:server config, virtual host, directory
Status:Core
Module:core

This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). The value Double refers to doing double-reverse DNS lookup. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the IP addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called PARANOID.)

Regardless of the setting, when mod_authz_host is used for controlling access by hostname, a double reverse lookup will be performed. This is necessary for security. Note that the result of this double-reverse isn't generally available unless you set HostnameLookups Double. For example, if only HostnameLookups On and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in REMOTE_HOST.

The default is Off in order to save the network traffic for those sites that don't truly need the reverse lookups done. It is also better for the end users because they don't have to suffer the extra latency that a lookup entails. Heavily loaded sites should leave this directive Off, since DNS lookups can take considerable amounts of time. The utility logresolve, compiled by default to the bin subdirectory of your installation directory, can be used to look up host names from logged IP addresses offline.

top

<IfDefine> Directive

Description:Encloses directives that will be processed only if a test is true at startup
Syntax:<IfDefine [!]parameter-name> ... </IfDefine>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The <IfDefine test>...</IfDefine> section is used to mark directives that are conditional. The directives within an <IfDefine> section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.

The test in the <IfDefine> section directive can be one of two forms:

  • parameter-name
  • !parameter-name

In the former case, the directives between the start and end markers are only processed if the parameter named parameter-name is defined. The second format reverses the test, and only processes the directives if parameter-name is not defined.

The parameter-name argument is a define as given on the httpd command line via -Dparameter- , at the time the server was started.

<IfDefine> sections are nest-able, which can be used to implement simple multiple-parameter tests. Example:

httpd -DReverseProxy -DUseCache -DMemCache ...

# httpd.conf
<IfDefine ReverseProxy>
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
<IfDefine UseCache>
LoadModule cache_module modules/mod_cache.so
<IfDefine MemCache>
LoadModule mem_cache_module modules/mod_mem_cache.so
 </IfDefine>
<IfDefine !MemCache>
LoadModule disk_cache_module modules/mod_disk_cache.so
 </IfDefine> </IfDefine> </IfDefine>

top

<IfModule> Directive

Description:Encloses directives that are processed conditional on the presence or absence of a specific module
Syntax:<IfModule [!]module-file|module-identifier> ... </IfModule>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core
Compatibility:Module identifiers are available in version 2.1 and later.

The <IfModule test>...</IfModule> section is used to mark directives that are conditional on the presence of a specific module. The directives within an <IfModule> section are only processed if the test is true. If test is false, everything between the start and end markers is ignored.

The test in the <IfModule> section directive can be one of two forms:

  • module
  • !module

In the former case, the directives between the start and end markers are only processed if the module named module is included in Apache -- either compiled in or dynamically loaded using LoadModule. The second format reverses the test, and only processes the directives if module is not included.

The module argument can be either the module identifier or the file name of the module, at the time it was compiled. For example, rewrite_module is the identifier and mod_rewrite.c is the file name. If a module consists of several source files, use the name of the file containing the string STANDARD20_MODULE_STUFF.

<IfModule> sections are nest-able, which can be used to implement simple multiple-module tests.

This section should only be used if you need to have one configuration file that works whether or not a specific module is available. In normal operation, directives need not be placed in <IfModule> sections.
top

Include Directive

Description:Includes other configuration files from within the server configuration files
Syntax:Include file-path|directory-path
Context:server config, virtual host, directory
Status:Core
Module:core
Compatibility:Wildcard matching available in 2.0.41 and later

This directive allows inclusion of other configuration files from within the server configuration files.

Shell-style (fnmatch()) wildcard characters can be used to include several files at once, in alphabetical order. In addition, if Include points to a directory, rather than a file, Apache will read all files in that directory and any subdirectory. But including entire directories is not recommended, because it is easy to accidentally leave temporary files in a directory that can cause httpd to fail.

The file path specified may be an absolute path, or may be relative to the ServerRoot directory.

Examples:

Include /usr/local/apache2/conf/ssl.conf
Include /usr/local/apache2/conf/vhosts/*.conf

Or, providing paths relative to your ServerRoot directory:

Include conf/ssl.conf
Include conf/vhosts/*.conf

See also

top

KeepAlive Directive

Description:Enables HTTP persistent connections
Syntax:KeepAlive On|Off
Default:KeepAlive On
Context:server config, virtual host
Status:Core
Module:core

The Keep-Alive extension to HTTP/1.0 and the persistent connection feature of HTTP/1.1 provide long-lived HTTP sessions which allow multiple requests to be sent over the same TCP connection. In some cases this has been shown to result in an almost 50% speedup in latency times for HTML documents with many images. To enable Keep-Alive connections, set KeepAlive On.

For HTTP/1.0 clients, Keep-Alive connections will only be used if they are specifically requested by a client. In addition, a Keep-Alive connection with an HTTP/1.0 client can only be used when the length of the content is known in advance. This implies that dynamic content such as CGI output, SSI pages, and server-generated directory listings will generally not use Keep-Alive connections to HTTP/1.0 clients. For HTTP/1.1 clients, persistent connections are the default unless otherwise specified. If the client requests it, chunked encoding will be used in order to send content of unknown length over persistent connections.

When a client uses a Keep-Alive connection it will be counted as a single "request" for the MaxRequestsPerChild directive, regardless of how many requests are sent using the connection.

See also

top

KeepAliveTimeout Directive

Description:Amount of time the server will wait for subsequent requests on a persistent connection
Syntax:KeepAliveTimeout seconds
Default:KeepAliveTimeout 5
Context:server config, virtual host
Status:Core
Module:core

The number of seconds Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the Timeout directive applies.

Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.

In a name-based virtual host context, the value of the first defined virtual host (the default host) in a set of NameVirtualHost will be used. The other values will be ignored.

top

<Limit> Directive

Description:Restrict enclosed access controls to only certain HTTP methods
Syntax:<Limit method [method] ... > ... </Limit>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Access controls are normally effective for all access methods, and this is the usual desired behavior. In the general case, access control directives should not be placed within a <Limit> section.

The purpose of the <Limit> directive is to restrict the effect of the access controls to the nominated HTTP methods. For all other methods, the access restrictions that are enclosed in the <Limit> bracket will have no effect. The following example applies the access control only to the methods POST, PUT, and DELETE, leaving all other methods unprotected:

<Limit POST PUT DELETE>
Require valid-user
 </Limit>

The method names listed can be one or more of: GET, POST, PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK. The method name is case-sensitive. If GET is used it will also restrict HEAD requests. The TRACE method cannot be limited.

A <LimitExcept> section should always be used in preference to a <Limit> section when restricting access, since a <LimitExcept> section provides protection against arbitrary methods.
top

<LimitExcept> Directive

Description:Restrict access controls to all HTTP methods except the named ones
Syntax:<LimitExcept method [method] ... > ... </LimitExcept>
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

<LimitExcept> and </LimitExcept> are used to enclose a group of access control directives which will then apply to any HTTP access method not listed in the arguments; i.e., it is the opposite of a <Limit> section and can be used to control both standard and nonstandard/unrecognized methods. See the documentation for <Limit> for more details.

For example:

<LimitExcept POST GET>
Require valid-user
 </LimitExcept>

top

LimitInternalRecursion Directive

Description:Determine maximum number of internal redirects and nested subrequests
Syntax:LimitInternalRecursion number [number]
Default:LimitInternalRecursion 10
Context:server config, virtual host
Status:Core
Module:core
Compatibility:Available in Apache 2.0.47 and later

An internal redirect happens, for example, when using the Action directive, which internally redirects the original request to a CGI script. A subrequest is Apache's mechanism to find out what would happen for some URI if it were requested. For example, mod_dir uses subrequests to look for the files listed in the DirectoryIndex directive.

LimitInternalRecursion prevents the server from crashing when entering an infinite loop of internal redirects or subrequests. Such loops are usually caused by misconfigurations.

The directive stores two different limits, which are evaluated on per-request basis. The first number is the maximum number of internal redirects, that may follow each other. The second number determines, how deep subrequests may be nested. If you specify only one number, it will be assigned to both limits.

Example

LimitInternalRecursion 5

top

LimitRequestBody Directive

Description:Restricts the total size of the HTTP request body sent from the client
Syntax:LimitRequestBody bytes
Default:LimitRequestBody 0
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

This directive specifies the number of bytes from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a request body.

The LimitRequestBody directive allows the user to set a limit on the allowed size of an HTTP request message body within the context in which the directive is given (server, per-directory, per-file or per-location). If the client request exceeds that limit, the server will return an error response instead of servicing the request. The size of a normal request message body will vary greatly depending on the nature of the resource and the methods allowed on that resource. CGI scripts typically use the message body for retrieving form information. Implementations of the PUT method will require a value at least as large as any representation that the server wishes to accept for that resource.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

If, for example, you are permitting file upload to a particular location, and wish to limit the size of the uploaded file to 100K, you might use the following directive:

LimitRequestBody 102400

top

LimitRequestFields Directive

Description:Limits the number of HTTP request header fields that will be accepted from the client
Syntax:LimitRequestFields number
Default:LimitRequestFields 100
Context:server config
Status:Core
Module:core

Number is an integer from 0 (meaning unlimited) to 32767. The default value is defined by the compile-time constant DEFAULT_LIMIT_REQUEST_FIELDS (100 as distributed).

The LimitRequestFields directive allows the server administrator to modify the limit on the number of request header fields allowed in an HTTP request. A server needs this value to be larger than the number of fields that a normal client request might include. The number of request header fields used by a client rarely exceeds 20, but this may vary among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. Optional HTTP extensions are often expressed using request header fields.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks. The value should be increased if normal clients see an error response from the server that indicates too many fields were sent in the request.

For example:

LimitRequestFields 50

top

LimitRequestFieldSize Directive

Description:Limits the size of the HTTP request header allowed from the client
Syntax:LimitRequestFieldSize bytes
Default:LimitRequestFieldSize 8190
Context:server config
Status:Core
Module:core

This directive specifies the number of bytes that will be allowed in an HTTP request header.

The LimitRequestFieldSize directive allows the server administrator to reduce or increase the limit on the allowed size of an HTTP request header field. A server needs this value to be large enough to hold any one header field from a normal client request. The size of a normal request header field will vary greatly among different client implementations, often depending upon the extent to which a user has configured their browser to support detailed content negotiation. SPNEGO authentication headers can be up to 12392 bytes.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

For example:

LimitRequestFieldSize 4094

Under normal conditions, the value should not be changed from the default.
top

LimitRequestLine Directive

Description:Limit the size of the HTTP request line that will be accepted from the client
Syntax:LimitRequestLine bytes
Default:LimitRequestLine 8190
Context:server config
Status:Core
Module:core

This directive sets the number of bytes that will be allowed on the HTTP request-line.

The LimitRequestLine directive allows the server administrator to reduce or increase the limit on the allowed size of a client's HTTP request-line. Since the request-line consists of the HTTP method, URI, and protocol version, the LimitRequestLine directive places a restriction on the length of a request-URI allowed for a request on the server. A server needs this value to be large enough to hold any of its resource names, including any information that might be passed in the query part of a GET request.

This directive gives the server administrator greater control over abnormal client request behavior, which may be useful for avoiding some forms of denial-of-service attacks.

For example:

LimitRequestLine 4094

Under normal conditions, the value should not be changed from the default.
top

LimitXMLRequestBody Directive

Description:Limits the size of an XML-based request body
Syntax:LimitXMLRequestBody bytes
Default:LimitXMLRequestBody 1000000
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Limit (in bytes) on maximum size of an XML-based request body. A value of 0 will disable any checking.

Example:

LimitXMLRequestBody 0

top

<Location> Directive

Description:Applies the enclosed directives only to matching URLs
Syntax:<Location URL-path|URL> ... </Location>
Context:server config, virtual host
Status:Core
Module:core

The <Location> directive limits the scope of the enclosed directives by URL. It is similar to the <Directory> directive, and starts a subsection which is terminated with a </Location> directive. <Location> sections are processed in the order they appear in the configuration file, after the <Directory> sections and .htaccess files are read, and after the <Files> sections.

<Location> sections operate completely outside the filesystem. This has several consequences. Most importantly, <Location> directives should not be used to control access to filesystem locations. Since several different URLs may map to the same filesystem location, such access controls may by circumvented.

When to use <Location>

Use <Location> to apply directives to content that lives outside the filesystem. For content that lives in the filesystem, use <Directory> and <Files>. An exception is <Location />, which is an easy way to apply a configuration to the entire server.

For all origin (non-proxy) requests, the URL to be matched is a URL-path of the form /path/. No scheme, hostname, port, or query string may be included. For proxy requests, the URL to be matched is of the form scheme://servername/path, and you must include the prefix.

The URL may use wildcards. In a wild-card string, ? matches any single character, and * matches any sequences of characters. Neither wildcard character matches a / in the URL-path.

Regular expressions can also be used, with the addition of the ~ character. For example:

<Location ~ "/(extra|special)/data">

would match URLs that contained the substring /extra/data or /special/data. The directive <LocationMatch> behaves identical to the regex version of <Location>.

The <Location> functionality is especially useful when combined with the SetHandler directive. For example, to enable status requests, but allow them only from browsers at example.com, you might use:

<Location /status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from .example.com
 </Location>

Note about / (slash)

The slash character has special meaning depending on where in a URL it appears. People may be used to its behavior in the filesystem where multiple adjacent slashes are frequently collapsed to a single slash (i.e., /home///foo is the same as /home/foo). In URL-space this is not necessarily true. The <LocationMatch> directive and the regex version of <Location> require you to explicitly specify multiple slashes if that is your intention.

For example, <LocationMatch ^/abc> would match the request URL /abc but not the request URL //abc. The (non-regex) <Location> directive behaves similarly when used for proxy requests. But when (non-regex) <Location> is used for non-proxy requests it will implicitly match multiple slashes with a single slash. For example, if you specify <Location /abc/def> and the request is to /abc//def then it will match.

See also

top

<LocationMatch> Directive

Description:Applies the enclosed directives only to regular-expression matching URLs
Syntax:<LocationMatch regex> ... </LocationMatch>
Context:server config, virtual host
Status:Core
Module:core

The <LocationMatch> directive limits the scope of the enclosed directives by URL, in an identical manner to <Location>. However, it takes a regular expression as an argument instead of a simple string. For example:

<LocationMatch "/(extra|special)/data">

would match URLs that contained the substring /extra/data or /special/data.

See also

top

LogLevel Directive

Description:Controls the verbosity of the ErrorLog
Syntax:LogLevel level
Default:LogLevel warn
Context:server config, virtual host
Status:Core
Module:core

LogLevel adjusts the verbosity of the messages recorded in the error logs (see ErrorLog directive). The following levels are available, in order of decreasing significance:

Level Description Example
emerg Emergencies - system is unusable. "Child cannot open lock file. Exiting"
alert Action must be taken immediately. "getpwuid: couldn't determine user name from uid"
crit Critical Conditions. "socket: Failed to get a socket, exiting child"
error Error conditions. "Premature end of script headers"
warn Warning conditions. "child process 1234 did not exit, sending another SIGHUP"
notice Normal but significant condition. "httpd: caught SIGBUS, attempting to dump core in ..."
info Informational. "Server seems busy, (you may need to increase StartServers, or Min/MaxSpareServers)..."
debug Debug-level messages "Opening config file ..."

When a particular level is specified, messages from all other levels of higher significance will be reported as well. E.g., when LogLevel info is specified, then messages with log levels of notice and warn will also be posted.

Using a level of at least crit is recommended.

For example:

LogLevel notice

Note

When logging to a regular file messages of the level notice cannot be suppressed and thus are always logged. However, this doesn't apply when logging is done using syslog.

top

MaxKeepAliveRequests Directive

Description:Number of requests allowed on a persistent connection
Syntax:MaxKeepAliveRequests number
Default:MaxKeepAliveRequests 100
Context:server config, virtual host
Status:Core
Module:core

The MaxKeepAliveRequests directive limits the number of requests allowed per connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed. We recommend that this setting be kept to a high value for maximum server performance.

For example:

MaxKeepAliveRequests 500

top

NameVirtualHost Directive

Description:Designates an IP address for name-virtual hosting
Syntax:NameVirtualHost addr[:port]
Context:server config
Status:Core
Module:core

The NameVirtualHost directive is a required directive if you want to configure name-based virtual hosts.

Although addr can be hostname it is recommended that you always use an IP address, e.g.

NameVirtualHost 111.22.33.44

With the NameVirtualHost directive you specify the IP address on which the server will receive requests for the name-based virtual hosts. This will usually be the address to which your name-based virtual host names resolve. In cases where a firewall or other proxy receives the requests and forwards them on a different IP address to the server, you must specify the IP address of the physical interface on the machine which will be servicing the requests. If you have multiple name-based hosts on multiple addresses, repeat the directive for each address.

Note

Note, that the "main server" and any _default_ servers will never be served for a request to a NameVirtualHost IP address (unless for some reason you specify NameVirtualHost but then don't define any VirtualHosts for that address).

Optionally you can specify a port number on which the name-based virtual hosts should be used, e.g.

NameVirtualHost 111.22.33.44:8080

IPv6 addresses must be enclosed in square brackets, as shown in the following example:

NameVirtualHost [2001:db8::a00:20ff:fea7:ccea]:8080

To receive requests on all interfaces, you can use an argument of *

NameVirtualHost *

Argument to <VirtualHost> directive

Note that the argument to the <VirtualHost> directive must exactly match the argument to the NameVirtualHost directive.

NameVirtualHost 1.2.3.4
<VirtualHost 1.2.3.4>
# ...
</VirtualHost>

See also

top

Options Directive

Description:Configures what features are available in a particular directory
Syntax:Options [+|-]option [[+|-]option] ...
Default:Options All
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Core
Module:core

The Options directive controls which server features are available in a particular directory.

option can be set to None, in which case none of the extra features are enabled, or one or more of the following:

All
All options except for MultiViews. This is the default setting.
ExecCGI
Execution of CGI scripts using mod_cgi is permitted.
FollowSymLinks
The server will follow symbolic links in this directory.

Even though the server follows the symlink it does not change the pathname used to match against <Directory> sections.

Note also, that this option gets ignored if set inside a <Location> section.

Omitting this option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.

Includes
Server-side includes provided by mod_include are permitted.
IncludesNOEXEC
Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled. It is still possible to #include virtual CGI scripts from ScriptAliased directories.
Indexes
If a URL which maps to a directory is requested, and there is no DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will return a formatted listing of the directory.
MultiViews
Content negotiated "MultiViews" are allowed using mod_negotiation.
SymLinksIfOwnerMatch
The server will only follow symbolic links for which the target file or directory is owned by the same user id as the link.

Note

This option gets ignored if set inside a <Location> section.

This option should not be considered a security restriction, since symlink testing is subject to race conditions that make it circumventable.

Normally, if multiple Options could apply to a directory, then the most specific one is used and others are ignored; the options are not merged. (See how sections are merged.) However if all the options on the Options directive are preceded by a + or - symbol, the options are merged. Any options preceded by a + are added to the options currently in force, and any options preceded by a - are removed from the options currently in force.

Warning

Mixing Options with a + or - with those without is not valid syntax, and is likely to cause unexpected results.

For example, without any + and - symbols:

<Directory /web/docs>
Options Indexes FollowSymLinks
 </Directory>

<Directory /web/docs/spec>
Options Includes
 </Directory>

then only Includes will be set for the /web/docs/spec directory. However if the second Options directive uses the + and - symbols:

<Directory /web/docs>
Options Indexes FollowSymLinks
 </Directory>

<Directory /web/docs/spec>
Options +Includes -Indexes
 </Directory>

then the options FollowSymLinks and Includes are set for the /web/docs/spec directory.

Note

Using -IncludesNOEXEC or -Includes disables server-side includes completely regardless of the previous setting.

The default in the absence of any other settings is All.

top

Require Directive

Description:Selects which authenticated users can access a resource
Syntax:Require entity-name [entity-name] ...
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core

This directive selects which authenticated users can access a resource. The restrictions are processed by authorization modules. Some of the allowed syntaxes provided by mod_authz_user and mod_authz_groupfile are:

Require user userid [userid] ...
Only the named users can access the resource.
Require group group-name [group-name] ...
Only users in the named groups can access the resource.
Require valid-user
All valid users can access the resource.

Other authorization modules that implement require options include mod_authnz_ldap, mod_authz_dbm, and mod_authz_owner.

Require must be accompanied by AuthName and AuthType directives, and directives such as AuthUserFile and AuthGroupFile (to define users and groups) in order to work correctly. Example:

AuthType Basic
AuthName "Restricted Resource"
AuthUserFile /web/users
AuthGroupFile /web/groups
Require group admin

Access controls which are applied in this way are effective for all methods. This is what is normally desired. If you wish to apply access controls only to specific methods, while leaving other methods unprotected, then place the Require statement into a <Limit> section.

If Require is used together with the Allow or Deny directives, then the interaction of these restrictions is controlled by the Satisfy directive.

Removing controls in subdirectories

The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.

<Directory /path/to/protected/>
Require user david
 </Directory>
<Directory /path/to/protected/unprotected>
# All access controls and authentication are disabled
# in this directory
Satisfy Any
Allow from all
 </Directory>

See also

top

RLimitCPU Directive

Description:Limits the CPU consumption of processes launched by Apache children
Syntax:RLimitCPU seconds|max [seconds|max]
Default:Unset; uses operating system defaults
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. Either parameter can be a number, or max to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs.

CPU resource limits are expressed in seconds per process.

See also

top

RLimitMEM Directive

Description:Limits the memory consumption of processes launched by Apache children
Syntax:RLimitMEM bytes|max [bytes|max]
Default:Unset; uses operating system defaults
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. Either parameter can be a number, or max to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs.

Memory resource limits are expressed in bytes per process.

See also

top

RLimitNPROC Directive

Description:Limits the number of processes that can be launched by processes launched by Apache children
Syntax:RLimitNPROC number|max [number|max]
Default:Unset; uses operating system defaults
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

Takes 1 or 2 parameters. The first parameter sets the soft resource limit for all processes and the second parameter sets the maximum resource limit. Either parameter can be a number, or max to indicate to the server that the limit should be set to the maximum allowed by the operating system configuration. Raising the maximum resource limit requires that the server is running as root, or in the initial startup phase.

This applies to processes forked off from Apache children servicing requests, not the Apache children themselves. This includes CGI scripts and SSI exec commands, but not any processes forked off from the Apache parent such as piped logs.

Process limits control the number of processes per user.

Note

If CGI processes are not running under user ids other than the web server user id, this directive will limit the number of processes that the server itself can create. Evidence of this situation will be indicated by cannot fork messages in the error_log.

See also

top

Satisfy Directive

Description:Interaction between host-level access control and user authentication
Syntax:Satisfy Any|All
Default:Satisfy All
Context:directory, .htaccess
Override:AuthConfig
Status:Core
Module:core
Compatibility:Influenced by <Limit> and <LimitExcept> in version 2.0.51 and later

Access policy if both Allow and Require used. The parameter can be either All or Any. This directive is only useful if access to a particular area is being restricted by both username/password and client host address. In this case the default behavior (All) is to require that the client passes the address access restriction and enters a valid username and password. With the Any option the client will be granted access if they either pass the host restriction or enter a valid username and password. This can be used to password restrict an area, but to let clients from particular addresses in without prompting for a password.

For example, if you wanted to let people on your network have unrestricted access to a portion of your website, but require that people outside of your network provide a password, you could use a configuration similar to the following:

Require valid-user
Order allow,deny
Allow from 192.168.1
Satisfy Any

Since version 2.0.51 Satisfy directives can be restricted to particular methods by <Limit> and <LimitExcept> sections.

See also

top

ScriptInterpreterSource Directive

Description:Technique for locating the interpreter for CGI scripts
Syntax:ScriptInterpreterSource Registry|Registry-Strict|Script
Default:ScriptInterpreterSource Script
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Win32 only; option Registry-Strict is available in Apache 2.0 and later

This directive is used to control how Apache finds the interpreter used to run CGI scripts. The default setting is Script. This causes Apache to use the interpreter pointed to by the shebang line (first line, starting with #!) in the script. On Win32 systems this line usually looks like:

#!C:/Perl/bin/perl.exe

or, if perl is in the PATH, simply:

#!perl

Setting ScriptInterpreterSource Registry will cause the Windows Registry tree HKEY_CLASSES_ROOT to be searched using the script file extension (e.g., .pl) as a search key. The command defined by the registry subkey Shell\ExecCGI\Command or, if it does not exist, by the subkey Shell\Open\Command is used to open the script file. If the registry keys cannot be found, Apache falls back to the behavior of the Script option.

For example, the registry setting to have a script with the .pl extension processed via perl would be:

HKEY_CLASSES_ROOT\.pl\Shell\ExecCGI\Command\(Default) => C:\Perl\bin\perl.exe -wT

Security

Be careful when using ScriptInterpreterSource Registry with ScriptAlias'ed directories, because Apache will try to execute every file within this directory. The Registry setting may cause undesired program calls on files which are typically not executed. For example, the default open command on .htm files on most Windows systems will execute Microsoft Internet Explorer, so any HTTP request for an .htm file existing within the script directory would start the browser in the background on the server. This is a good way to crash your system within a minute or so.

The option Registry-Strict which is new in Apache 2.0 does the same thing as Registry but uses only the subkey Shell\ExecCGI\Command. The ExecCGI key is not a common one. It must be configured manually in the windows registry and hence prevents accidental program calls on your system.

top

ServerAdmin Directive

Description:Email address that the server includes in error messages sent to the client
Syntax:ServerAdmin email-address|URL
Context:server config, virtual host
Status:Core
Module:core

The ServerAdmin sets the contact address that the server includes in any error messages it returns to the client. If the httpd doesn't recognize the supplied argument as an URL, it assumes, that it's an email-address and prepends it with mailto: in hyperlink targets. However, it's recommended to actually use an email address, since there are a lot of CGI scripts that make that assumption. If you want to use an URL, it should point to another server under your control. Otherwise users may not be able to contact you in case of errors.

It may be worth setting up a dedicated address for this, e.g.

ServerAdmin www-admin@foo.example.com

as users do not always mention that they are talking about the server!

top

ServerAlias Directive

Description:Alternate names for a host used when matching requests to name-virtual hosts
Syntax:ServerAlias hostname [hostname] ...
Context:virtual host
Status:Core
Module:core

The ServerAlias directive sets the alternate names for a host, for use with name-based virtual hosts. The ServerAlias may include wildcards, if appropriate.

<VirtualHost *:80>
ServerName server.domain.com
ServerAlias server server2.domain.com server2
ServerAlias *.example.com
# ...
</VirtualHost>

See also

top

ServerName Directive

Description:Hostname and port that the server uses to identify itself
Syntax:ServerName [scheme://]fully-qualified-domain-name[:port]
Context:server config, virtual host
Status:Core
Module:core
Compatibility:In version 2.0, this directive supersedes the functionality of the Port directive from version 1.3.

The ServerName directive sets the request scheme, hostname and port that the server uses to identify itself. This is used when creating redirection URLs. For example, if the name of the machine hosting the web server is simple.example.com, but the machine also has the DNS alias www.example.com and you wish the web server to be so identified, the following directive should be used:

ServerName www.example.com:80

If no ServerName is specified, then the server attempts to deduce the hostname by performing a reverse lookup on the IP address. If no port is specified in the ServerName, then the server will use the port from the incoming request. For optimal reliability and predictability, you should specify an explicit hostname and port using the ServerName directive.

If you are using name-based virtual hosts, the ServerName inside a <VirtualHost> section specifies what hostname must appear in the request's Host: header to match this virtual host.

Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload appliance. When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName directive to make sure that the server generates the correct self-referential URLs.

See the description of the UseCanonicalName and UseCanonicalPhysicalPort directives for settings which determine whether self-referential URLs (e.g., by the mod_dir module) will refer to the specified port, or to the port number given in the client's request.

See also

top

ServerPath Directive

Description:Legacy URL pathname for a name-based virtual host that is accessed by an incompatible browser
Syntax:ServerPath URL-path
Context:virtual host
Status:Core
Module:core

The ServerPath directive sets the legacy URL pathname for a host, for use with name-based virtual hosts.

See also

top

ServerRoot Directive

Description:Base directory for the server installation
Syntax:ServerRoot directory-path
Default:ServerRoot /usr/local/apache
Context:server config
Status:Core
Module:core

The ServerRoot directive sets the directory in which the server lives. Typically it will contain the subdirectories conf/ and logs/. Relative paths in other configuration directives (such as Include or LoadModule, for example) are taken as relative to this directory.

Example

ServerRoot /home/httpd

See also

top

ServerSignature Directive

Description:Configures the footer on server-generated documents
Syntax:ServerSignature On|Off|EMail
Default:ServerSignature Off
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Core
Module:core

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents (error messages, mod_proxy ftp directory listings, mod_info output, ...). The reason why you would want to enable such a footer line is that in a chain of proxies, the user often has no possibility to tell which of the chained servers actually produced a returned error message.

The Off setting, which is the default, suppresses the footer line (and is therefore compatible with the behavior of Apache-1.2 and below). The On setting simply adds a line with the server version number and ServerName of the serving virtual host, and the EMail setting additionally creates a "mailto:" reference to the ServerAdmin of the referenced document.

After version 2.0.44, the details of the server version number presented are controlled by the ServerTokens directive.

See also

top

ServerTokens Directive

Description:Configures the Server HTTP response header
Syntax:ServerTokens Major|Minor|Min[imal]|Prod[uctOnly]|OS|Full
Default:ServerTokens Full
Context:server config
Status:Core
Module:core

This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

This setting applies to the entire server, and cannot be enabled or disabled on a virtualhost-by-virtualhost basis.

After version 2.0.44, this directive also controls the information presented by the ServerSignature directive.

See also

top

SetHandler Directive

Description:Forces all matching files to be processed by a handler
Syntax:SetHandler handler-name|None
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core
Compatibility:Moved into the core in Apache 2.0

When placed into an .htaccess file or a <Directory> or <Location> section, this directive forces all matching files to be parsed through the handler given by handler-name. For example, if you had a directory you wanted to be parsed entirely as imagemap rule files, regardless of extension, you might put the following into an .htaccess file in that directory:

SetHandler imap-file

Another example: if you wanted to have the server display a status report whenever a URL of http://servername/status was called, you might put the following into httpd.conf:

<Location /status>
SetHandler server-status
 </Location>

You can override an earlier defined SetHandler directive by using the value None.

See also

top

SetInputFilter Directive

Description:Sets the filters that will process client requests and POST input
Syntax:SetInputFilter filter[;filter...]
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

The SetInputFilter directive sets the filter or filters which will process client requests and POST input when they are received by the server. This is in addition to any filters defined elsewhere, including the AddInputFilter directive.

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content.

See also

top

SetOutputFilter Directive

Description:Sets the filters that will process responses from the server
Syntax:SetOutputFilter filter[;filter...]
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Core
Module:core

The SetOutputFilter directive sets the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including the AddOutputFilter directive.

For example, the following configuration will process all files in the /www/data/ directory for server-side includes.

<Directory /www/data/>
SetOutputFilter INCLUDES
 </Directory>

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content.

See also

top

TimeOut Directive

Description:Amount of time the server will wait for certain events before failing a request
Syntax:TimeOut seconds
Default:TimeOut 300
Context:server config, virtual host
Status:Core
Module:core

The TimeOut directive defines the length of time Apache will wait for I/O in various circumstances:

  1. When reading data from the client, the length of time to wait for a TCP packet to arrive if the read buffer is empty.
  2. When writing data to the client, the length of time to wait for an acknowledgement of a packet if the send buffer is full.
  3. In mod_cgi, the length of time to wait for output from a CGI script.
  4. In mod_ext_filter, the length of time to wait for output from a filtering process.
  5. In mod_proxy, the default timeout value if ProxyTimeout is not configured.
top

TraceEnable Directive

Description:Determines the behaviour on TRACE requests
Syntax:TraceEnable [on|off|extended]
Default:TraceEnable on
Context:server config
Status:Core
Module:core
Compatibility:Available in Apache 1.3.34, 2.0.55 and later

This directive overrides the behavior of TRACE for both the core server and mod_proxy. The default TraceEnable on permits TRACE requests per RFC 2616, which disallows any request body to accompany the request. TraceEnable off causes the core server and mod_proxy to return a 405 (Method not allowed) error to the client.

Finally, for testing and diagnostic purposes only, request bodies may be allowed using the non-compliant TraceEnable extended directive. The core (as an origin server) will restrict the request body to 64k (plus 8k for chunk headers if Transfer-Encoding: chunked is used). The core will reflect the full headers and all chunk headers with the response body. As a proxy server, the request body is not restricted to 64k.

top

UseCanonicalName Directive

Description:Configures how the server determines its own name and port
Syntax:UseCanonicalName On|Off|DNS
Default:UseCanonicalName Off
Context:server config, virtual host, directory
Status:Core
Module:core

In many situations Apache must construct a self-referential URL -- that is, a URL that refers back to the same server. With UseCanonicalName On Apache will use the hostname and port specified in the ServerName directive to construct the canonical name for the server. This name is used in all self-referential URLs, and for the values of SERVER_NAME and SERVER_PORT in CGIs.

With UseCanonicalName Off Apache will form self-referential URLs using the hostname and port supplied by the client if any are supplied (otherwise it will use the canonical name, as defined above). These values are the same that are used to implement name based virtual hosts, and are available with the same clients. The CGI variables SERVER_NAME and SERVER_PORT will be constructed from the client supplied values as well.

An example where this may be useful is on an intranet server where you have users connecting to the machine using short names such as www. You'll notice that if the users type a shortname, and a URL which is a directory, such as http://www/splat, without the trailing slash then Apache will redirect them to http://www.domain.com/splat/. If you have authentication enabled, this will cause the user to have to authenticate twice (once for www and once again for www.domain.com -- see the FAQ on this subject for more information). But if UseCanonicalName is set Off, then Apache will redirect to http://www/splat/.

There is a third option, UseCanonicalName DNS, which is intended for use with mass IP-based virtual hosting to support ancient clients that do not provide a Host: header. With this option Apache does a reverse DNS lookup on the server IP address that the client connected to in order to work out self-referential URLs.

Warning

If CGIs make assumptions about the values of SERVER_NAME they may be broken by this option. The client is essentially free to give whatever value they want as a hostname. But if the CGI is only using SERVER_NAME to construct self-referential URLs then it should be just fine.

See also

top

UseCanonicalPhysicalPort Directive

Description:Configures how the server determines its own name and port
Syntax:UseCanonicalPhysicalPort On|Off
Default:UseCanonicalPhysicalPort Off
Context:server config, virtual host, directory
Status:Core
Module:core

In many situations Apache must construct a self-referential URL -- that is, a URL that refers back to the same server. With UseCanonicalPhysicalPort On Apache will, when constructing the canonical port for the server to honor the UseCanonicalName directive, provide the actual physical port number being used by this request as a potential port. With UseCanonicalPhysicalPort Off Apache will not ever use the actual physical port number, instead relying on all configured information to construct a valid port number.

Note

The ordering of when the physical port is used is as follows:

UseCanonicalName On

  • Port provided in Servername
  • Physical port
  • Default port
UseCanonicalName Off | DNS
  • Parsed port from Host: header
  • Physical port
  • Port provided in Servername
  • Default port

With UseCanonicalPhysicalPort Off, the physical ports are removed from the ordering.

See also

top

<VirtualHost> Directive

Description:Contains directives that apply only to a specific hostname or IP address
Syntax:<VirtualHost addr[:port] [addr[:port]] ...> ... </VirtualHost>
Context:server config
Status:Core
Module:core

<VirtualHost> and </VirtualHost> are used to enclose a group of directives that will apply only to a particular virtual host. Any directive that is allowed in a virtual host context may be used. When the server receives a request for a document on a particular virtual host, it uses the configuration directives enclosed in the <VirtualHost> section. Addr can be:

  • The IP address of the virtual host;
  • A fully qualified domain name for the IP address of the virtual host (not recommended);
  • The character *, which is used only in combination with NameVirtualHost * to match all IP addresses; or
  • The string _default_, which is used only with IP virtual hosting to catch unmatched IP addresses.

Example

<VirtualHost 10.1.2.3>
ServerAdmin webmaster@host.example.com
DocumentRoot /www/docs/host.example.com
ServerName host.example.com
ErrorLog logs/host.example.com-error_log
TransferLog logs/host.example.com-access_log
 </VirtualHost>

IPv6 addresses must be specified in square brackets because the optional port number could not be determined otherwise. An IPv6 example is shown below:

<VirtualHost [2001:db8::a00:20ff:fea7:ccea]>
ServerAdmin webmaster@host.example.com
DocumentRoot /www/docs/host.example.com
ServerName host.example.com
ErrorLog logs/host.example.com-error_log
TransferLog logs/host.example.com-access_log
 </VirtualHost>

Each Virtual Host must correspond to a different IP address, different port number or a different host name for the server, in the former case the server machine must be configured to accept IP packets for multiple addresses. (If the machine does not have multiple network interfaces, then this can be accomplished with the ifconfig alias command -- if your OS supports it).

Note

The use of <VirtualHost> does not affect what addresses Apache listens on. You may need to ensure that Apache is listening on the correct addresses using Listen.

When using IP-based virtual hosting, the special name _default_ can be specified in which case this virtual host will match any IP address that is not explicitly listed in another virtual host. In the absence of any _default_ virtual host the "main" server config, consisting of all those definitions outside any VirtualHost section, is used when no IP-match occurs. (But note that any IP address that matches a NameVirtualHost directive will use neither the "main" server config nor the _default_ virtual host. See the name-based virtual hosting documentation for further details.)

You can specify a :port to change the port that is matched. If unspecified then it defaults to the same port as the most recent Listen statement of the main server. You may also specify :* to match all ports on that address. (This is recommended when used with _default_.)

A ServerName should be specified inside each <VirtualHost> block. If it is absent, the ServerName from the "main" server configuration will be inherited.

Security

See the security tips document for details on why your security could be compromised if the directory where log files are stored is writable by anyone other than the user that starts the server.

See also

mod/directive-dict.html100644 0 0 27655 11237400533 12606 0ustar 0 0 þ ϴµ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

þ ϴµ

ֽ ƴմϴ. ֱٿ ϼ.

ġ þ ϴµ Ѵ.

top

(Description)

þ .

top

(Syntax)

Ͽ þ ˷ش. þ ſ ٸ, þ ڼ Ѵ. Ϲ þ ̸ ڿ ƱԸƮ ´. ƱԸƮ Ѵٸ ƱԸƮ ֵǥ Ѵ. ƱԸƮ ߰ȣ ´. ƱԸƮ ϳ "|" Ѵ. ڱ״ κ ⺻ ü , ü ƱԸƮ Ѵ. ƱԸƮ þ ƱԸƮ ݺ Ÿ "..." .

þ ſ پ ƱԸƮ ޴´. ϴ Ʒ .

URL
http://www.example.com/path/to/file.html Ŵ(scheme), ȣƮ, θ Uniform Resource Locator
URL-path
/path/to/file.html url Ŵ ȣƮ ڿ κ. url-path Ͻýۿ ƴ ڷḦ Ÿ.
file-path
/usr/local/apache/htdocs/path/to/file.html root 丮 ϴ Ͻýۻ . , file-path ServerRoot η Ѵ.
directory-path
/usr/local/apache/htdocs/path/to/ root 丮 ϴ Ͻýۻ 丮 .
filename
file.html ϸ.
regex
Perl ǥ(regular expression). þ regex ΰ ˻Ѵ.
extension
Ϲ filename ħǥ ڿ κ̴. ׷ ġ Ȯڸ ν ֱ⶧, filename ħǥ Ե ħǥ е κ Ȯ(extension) óѴ. , ϸ file.html.en .html .en̶ ΰ Ȯڸ . ġ þ extension տ ħǥ ־ ǰ  ȴ. , extension ҹڸ ʴ´.
MIME-type
text/html major format type minor format type Ͽ ϴ .
env-variable
ġ ȯ溯 ̸. ü ȯ溯 ٸ ϶. ڼ ȯ溯 ϶.
top

⺻ (Default)

þ ⺻ ִٸ ( , þ ġ Ѵ.) ׸ ´. ⺻ ٸ ׸ "None"̾ Ѵ. ⺻ Ե ⺻ httpd.conf þ ٸ ϶.

top

(Context)

þ ִ ˷ش. ǥ ̴:

ּ (server config)
þ Ͽ ( , httpd.conf) , <VirtualHost> <Directory> Ѵ. þ .htaccess Ͽ .
ȣƮ (virtual host)
þ <VirtualHost> ȿ Ѵ.
丮 (directory)
þ , <Directory>, <Location>, <Files>, <Proxy> Ѵ.
.htaccess
þ 丮 .htaccess Ͽ Ѵ. þ ϴ overrides õ ִ.

þ ҿ ִ. ٸ ϸ ߻ϰ κп û ùٷ ó ϰų ۵, , ȵ ִ.

þ ִ Ҵ Ҹ Ҹ(boolean) OR ̴. , "server config, .htaccess" ϴٴ þ httpd.conf ϰ .htaccess Ͽ , <Directory> <VirtualHost> .

top

Override ɼ (Override)

þ .htaccess Ͽ Ϸ  override ɼ ؾ ϴ Ÿ. þ þ .htaccess Ͽ ٰ Ѵٸ  ҵ ʴ´.

Overrides AllowOverride þ ϰ, (丮 ) Ư ٸ AllowOverride þ ٸ ʾҴٸ ״ ȴ. þ 밡 override ̸ ´.

top

(Status)

þ ġ 󸶳 ִ Ÿ. , þ ϱ ٽ ʿ䰡 ִ. :

Core
þ "Core" ¸ , þ ġ ٽɺκп ϰ ׻ 밡 Ѵ.
MPM
"MPM" þ ó Ѵ. ̷ þ þ ŵ MPM ϳ Ҷ ϴ.
Base
⺻ ϵǹǷ ʾҴٸ Ϲ 밡 ǥ ġ ϴ þ "Base" ̴.
Extension
ġ Ե ϵʴ ϴ þ "Extension" ̴. ̷ þ Ϸ ϰ ġ ٽ ؾ Ѵ.
Experimental
"Experimental" þ ġ Ե, ڽ å Ÿ. þ ȭ, ٸ ִ. þ ϴ ⺻ ġ ϵ ȵ ִ. þ ϴ տ ִ .
top

(Module)

ܼ þ ҽ Ѵ.

top

(Compatibility)

þ ġ 2 Ϻΰ ƴϿٸ, þ ߰ϱ ´. ,  ÷ 밡 þ ´.

mod/directives.html100644 0 0 72764 11237400533 12051 0ustar 0 0 þ - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

þ

ǥ ġ 밡 þ ̴. ̵ Ͽ, ִ.

þ Ͽ þ ִ.

 A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  K  |  L  |  M  |  N  |  O  |  P  |  R  |  S  |  T  |  U  |  V  |  W  |  X 

mod/event.html100644 0 0 21443 11237400533 11015 0ustar 0 0 event - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache MPM event

Description:An experimental variant of the standard worker MPM
Status:MPM
ModuleIdentifier:mpm_event_module
SourceFile:event.c

Summary

Warning

This MPM is experimental, so it may or may not work as expected.

The event Multi-Processing Module (MPM) is designed to allow more requests to be served simultaneously by passing off some processing work to supporting threads, freeing up the main threads to work on new requests. It is based on the worker MPM, which implements a hybrid multi-process multi-threaded server. Run-time configuration directives are identical to those provided by worker.

To use the event MPM, add --with-mpm=event to the configure script's arguments when building the httpd.

top

How it Works

This MPM tries to fix the 'keep alive problem' in HTTP. After a client completes the first request, the client can keep the connection open, and send further requests using the same socket. This can save signifigant overhead in creating TCP connections. However, Apache traditionally keeps an entire child process/thread waiting for data from the client, which brings its own disadvantages. To solve this problem, this MPM uses a dedicated thread to handle both the Listening sockets, and all sockets that are in a Keep Alive state.

The MPM assumes that the underlying apr_pollset implementation is reasonably threadsafe. This enables the MPM to avoid excessive high level locking, or having to wake up the listener thread in order to send it a keep-alive socket. This is currently only compatible with KQueue and EPoll.

top

Requirements

This MPM depends on APR's atomic compare-and-swap operations for thread synchronization. If you are compiling for an x86 target and you don't need to support 386s, or you are compiling for a SPARC and you don't need to run on pre-UltraSPARC chips, add --enable-nonportable-atomics=yes to the configure script's arguments. This will cause APR to implement atomic operations using efficient opcodes not available in older CPUs.

This MPM does not perform well on older platforms which lack good threading, but the requirement for EPoll or KQueue makes this moot.

  • To use this MPM on FreeBSD, FreeBSD 5.3 or higher is recommended. However, it is possible to run this MPM on FreeBSD 5.2.1, if you use libkse (see man libmap.conf).
  • For NetBSD, at least version 2.0 is recommended.
  • For Linux, a 2.6 kernel is recommended. It is also necessary to ensure that your version of glibc has been compiled with support for EPoll.
top

Issues

At present, this MPM is incompatible with mod_ssl, and other input filters.

mod/index.html100644 0 0 31440 11237400533 11001 0ustar 0 0 - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ Ե ̴. ġ þ ϵ ϶.

top

ٽ ɰ ó

core
Core Apache HTTP Server features that are always available
mpm_common
A collection of directives that are implemented by more than one multi-processing module (MPM)
beos
BeOS ȭ ó .
event
An experimental variant of the standard worker MPM
mpm_netware
Multi-Processing Module implementing an exclusively threaded web server optimized for Novell NetWare
mpmt_os2
Hybrid multi-process, multi-threaded MPM for OS/2
prefork
Implements a non-threaded, pre-forking web server
mpm_winnt
This Multi-Processing Module is optimized for Windows NT.
worker
Multi-Processing Module implementing a hybrid multi-threaded multi-process web server
top

ٸ

 A  |  C  |  D  |  E  |  F  |  H  |  I  |  L  |  M  |  N  |  P  |  R  |  S  |  U  |  V 

mod_actions
̵ û޼忡 CGI ũƮ Ѵ.
mod_alias
Ͻý ٸ κе ϰ, URL ̷ Ѵ
mod_asis
HTTP
mod_auth_basic
Basic authentication
mod_auth_digest
MD5 Digest Authentication .
mod_authn_alias
Provides the ability to create extended authentication providers based on actual providers
mod_authn_anon
"͸(anonymous)" Ѵ
mod_authn_dbd
User authentication using an SQL database
mod_authn_dbm
DBM
mod_authn_default
mod_authn_file
̿
mod_authnz_ldap
Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
mod_authz_dbm
DBM ׷
mod_authz_default
Ѻο
mod_authz_groupfile
Ϲ ̿ ׷ Ѻο
mod_authz_host
ȣƮ (̸̳ IP ּ) ׷ Ѻο
mod_authz_owner
ڸ ̿ Ѻο
mod_authz_user
Ѻο
mod_autoindex
ڵ н ls ɾ Win32 dir ɾ 丮
mod_cache
URI Ű Ͽ ijѴ.
mod_cern_meta
CERN Ÿ
mod_cgi
CGI ũƮ
mod_cgid
ܺ CGI Ͽ CGI ũƮ
mod_charset_lite
ȯ
mod_dav
Distributed Authoring and Versioning (WebDAV)
mod_dav_fs
mod_dav Ͻý
mod_dav_lock
generic locking module for mod_dav
mod_dbd
Manages SQL database connections
mod_deflate
Ŭ̾Ʈ Ѵ
mod_dir
" " ̷ ϰ 丮 index Ѵ
mod_disk_cache
Content cache storage manager keyed to URIs
mod_dumpio
Dumps all I/O to error log as desired.
mod_echo
ϱ echo
mod_env
CGI ũƮ SSI ȯ溯 Ѵ
mod_example
ġ API Ѵ
mod_expires
ڰ ؿ Expires Cache-Control HTTP Ѵ
mod_ext_filter
ܺ α׷ ó Ŭ̾Ʈ
mod_file_cache
޸𸮿 ϵ ij
mod_filter
Context-sensitive smart filter configuration module
mod_headers
HTTP û
mod_ident
RFC 1413 ident ˻
mod_imagemap
̹(imagemap) ó
mod_include
Server-parsed html documents (Server Side Includes)
mod_info
ش
mod_isapi
Windows ġ ISAPI Extension
mod_ldap
LDAP connection pooling and result caching services for use by other LDAP modules
mod_log_config
û α׿ Ѵ
mod_log_forensic
Forensic Logging of the requests made to the server
mod_logio
û Ʈ
mod_mem_cache
URI Ű Ͽ ijѴ.
mod_mime
Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)
mod_mime_magic
Determines the MIME type of a file by looking at a few bytes of its contents
mod_negotiation
Provides for content negotiation
mod_nw_ssl
Enable SSL encryption for NetWare
mod_proxy
HTTP/1.1 proxy/gateway server
mod_proxy_ajp
AJP support module for mod_proxy
mod_proxy_balancer
mod_proxy extension for load balancing
mod_proxy_connect
mod_proxy extension for CONNECT request handling
mod_proxy_ftp
FTP support module for mod_proxy
mod_proxy_http
HTTP support module for mod_proxy
mod_rewrite
Provides a rule-based rewriting engine to rewrite requested URLs on the fly
mod_setenvif
û ݿ ȯ溯 Ѵ
mod_so
Ҷ Ȥ Ҷ డ ڵ оδ
mod_speling
ڰ ҹڸ ߸ ϰų Ʋ ѹ Ͽ ߸ URL ġ õѴ
mod_ssl
Strong cryptography using the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols
mod_status
Ȱ ɿ Ѵ
mod_substitute
Perform search and replace operations on response bodies
mod_suexec
CGI ũƮ Ư ڿ ׷ Ѵ
mod_unique_id
û ĺڸ ȯ溯 Ѵ
mod_userdir
ں 丮
mod_usertrack
Clickstream logging of user activity on a site
mod_version
mod_vhost_alias
Provides for dynamically configured mass virtual hosting
mod/mod_actions.html100644 0 0 20640 11237400533 12171 0ustar 0 0 mod_actions - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_actions

ֽ ƴմϴ. ֱٿ ϼ.
: ̵ û޼忡 CGI ũƮ Ѵ.
:Base
:actions_module
ҽ:mod_actions.c

⿡ ΰ þ ִ. Action þ ûϴ MIME content type CGI ũƮ Ѵ. Script þ û Ư ޼带 CGI ũƮ Ѵ. ׷ óϴ ũƮ ſ ִ.

top

Action þ

:Ư ڵ鷯 content-type CGI ũƮ Ѵ
:Action action-type cgi-script [virtual]
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_actions
:virtual ڿ ڵ鷯 ġ 2.1 ߰Ǿ

þ û action-type̸ cgi-script ϴ ൿ ߰Ѵ. cgi-script ScriptAlias AddHandler Ͽ CGI ũƮ ҽ URL̴. action-type ڵ鷯 MIME content type ִ. þ PATH_INFO PATH_TRANSLATED CGI ǥ ȯ溯 û URL ϰθ Ѵ. REDIRECT_HANDLER Ư û ڵ鷯 Ѵ.

# Ư MIME content type û:
Action image/gif /cgi-bin/images.cgi

# Ư Ȯڸ
AddHandler my-file-type .xyz
Action my-file-type /cgi-bin/program.cgi

ù° MIME content type image/gif ûϸ cgi ũƮ /cgi-bin/images.cgi óѴ.

ι° Ȯڰ .xyz ûϸ cgi ũƮ /cgi-bin/program.cgi óѴ.

In the second example, requests for files with a file extension of .xyz are handled instead by the specified cgi script /cgi-bin/program.cgi.

virtual ڴ û ϴ ˻ ʵ Ѵ. , ġ Action þ Ϸ ϴ.

<Location /news>
SetHandler news-handler
Action news-handler /cgi-bin/news.cgi virtual
 </Location>

top

Script þ

:Ư û޼忡 CGI ũƮ Ѵ.
:Script method cgi-script
:ּ, ȣƮ, directory
:Base
:mod_actions

þ method ޼带 Ͽ ûϸ cgi-script ϴ ൿ ߰Ѵ. cgi-script ScriptAlias AddHandler Ͽ CGI ũƮ ҽ URL̴. þ PATH_INFO PATH_TRANSLATED CGI ǥ ȯ溯 û URL ϰθ Ѵ.

 ޼ ̸̶ ִ. ޼ ̸ ҹڸ Ѵ. ׷ Script PUT Script put ٸ.

Script ɾ ⺻ ൿ ó ϶. CGI ũƮ Ҹų, û ޼带 ˾Ƽ ó ִ ҽ ״ óѴ. GET ޼ Script ǾƱԸƮ (, foo.html?hi) ϶. ǾƱԸƮ ٸ û óѴ.

# <ISINDEX> ˻
Script GET /cgi-bin/search

# CGI PUT ڵ鷯
Script PUT /~bob/put.cgi

mod/mod_alias.html100644 0 0 45773 11237400533 11640 0ustar 0 0 mod_alias - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_alias

ֽ ƴմϴ. ֱٿ ϼ.
:Ͻý ٸ κе ϰ, URL ̷ Ѵ
:Base
:alias_module
ҽ:mod_alias.c

ϴ þ Ͽ û URL ϰų ִ. Alias ScriptAlias þ URL Ͻý η Ѵ. ׷ DocumentRoot Ʒ ִ. , ScriptAlias þ 丮 CGI ũƮۿ ٰ ˸.

Redirect þ Ŭ̾Ʈ ٸ URL ο û ϵ Ѵ. ڿ ο ҷ ű Ѵ.

mod_alias URL Ǿ. ǹڿ ۰ ۾ mod_rewrite ϴ ̿϶.

top

ó

ٸ ҿ Alias Redirect ϸ ٸ þ ǥ óѴ. ׷ ҿ ( , <VirtualHost> ǿ) Alias Redirect ϸ Ʒ óѴ.

Redirect ó Alias óѴ. ׷ Redirect RedirectMatch شϴ û Alias ʴ´. ׸ Alias Redirect Ͽ ù° Ѵ.

׷ þ ο شϴ þ ϱؼ θ ؾ Ѵ. , ǵѴ Ѵ:

Alias /foo/bar /baz
Alias /foo /gaq

׷ þ ٲٸ /foo/bar Alias /foo Alias ϹǷ ׻ ι° þ Ѵ.

top

Alias þ

:URL Ư Ͻý ҷ Ѵ
:Alias URL-path file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

Alias þ ϸ Ͻýۿ DocumentRoot ۿ ִ ִ. url-path ϴ (% ڵ) URL directory-path ϴ Ͽ Ѵ.

:

Alias /image /ftp/pub/image

http://myserver/image/foo.gif ûϸ /ftp/pub/image/foo.gif Ѱش.

url-path / ϸ, URL / ؾ߸ ϶. , Alias /icons/ /usr/local/apache/icons/ url /icons 谡 .

ϴ <Directory> ʿ 𸥴. þ <Directory> ˻ϱ óϹǷ, ޴´. (׷ <Location> þ óϱ ѹ ˻ϹǷ URL ü ش.)

Ư DocumentRoot ۿ ִ 丮 Alias ٸ, 丮 Ѵ.

:

Alias /image /ftp/pub/image
<Directory /ftp/pub/image>
Order allow,deny
Allow from all
 </Directory>

top

AliasMatch þ

:ǥ Ͽ URL Ͻý ҷ Ѵ
:AliasMatch regex file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

þ Alias , URL պκи ϴ ǥ ǥ Ѵ. ǥ URL ο Ͽ ´ٸ, ȣ κ üϿ ϸ Ѵ. , /icons 丮 ִ:

AliasMatch ^/icons(.*) /usr/local/apache/icons$1

top

Redirect þ

:Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ̷
:Redirect [status] URL-path URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

Redirect þ URL ο URL Ѵ. Ŭ̾Ʈ ο URL , Ŭ̾Ʈ ο ּҷ ٽ ѹ Ѵ. (% ڵ) URL-path ϴ û (% ڵ) URL ϴ ο URL ̷ .

:

Redirect /service http://foo2.bar.com/service

Ŭ̾Ʈ http://myserver/service/foo.txt ûϸ http://foo2.bar.com/service/foo.txt ϶ ޴´.

Redirect þ Ͽ Alias ScriptAlias þ 켱 . , .htaccess ̳ <Directory> ǿ ϴ URL-path ΰ ƴ϶ ݵ URL ؾ Ѵ.

status ƱԸƮ , "ӽ (temporary)" (HTTP 302) ̷ . , Ŭ̾Ʈ ڿ ӽ÷ Űٰ ˸. status ƱԸƮ Ͽ ٸ HTTP ڵ带 ȯ ִ:

permanent
ڿ Ű ϴ ̷ ¸ (301) ȯѴ.
temp
ӽ ̷ ¸ (302) ȯѴ. ⺻̴.
seeother
ڿ üǾ ϴ " (See Other)" ¸ (303) ȯѴ.
gone
ڿ Ǿ ϴ "Ҹ (Gone)" ¸ (410) ȯѴ. ¸ ϸ URL ƱԸƮ .

status ڵ带 Ͽ ٸ ڵ嵵 ȯ ִ. ° 300 399 ̶ URL ƱԸƮ ؾ ϰ, ƴ϶ ؾ Ѵ. , ġ ڵ忡 ° ǵ־ Ѵ (http_protocol.c send_error_response Լ ).

:

Redirect permanent /one http://example.com/two
Redirect 303 /three http://example.com/other

top

RedirectMatch þ

: URL ǥĿ شϸ ܺ ̷
:RedirectMatch [status] regex URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

þ Redirect , URL պκи ϴ ǥ ǥ Ѵ. ǥ URL ο Ͽ ´ٸ, ȣ κ üϿ ϸ Ѵ. , GIF û ٸ ̸ JPEG Ϸ ̷ :

RedirectMatch (.*)\.gif$ http://www.anotherserver.com$1.jpg

top

RedirectPermanent þ

:Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ̷
:RedirectPermanent URL-path URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

þ Ŭ̾Ʈ ̷ ( 301) ˸. Redirect permanent Ȯ .

top

RedirectTemp þ

:Ŭ̾Ʈ ٸ URL ϵ ûϴ ܺ ӽ ̷
:RedirectTemp URL-path URL
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_alias

þ Ŭ̾Ʈ ̷ ӽ ( 302) ˸. Redirect temp Ȯ .

top

ScriptAlias þ

:URL Ư Ͻý ҷ ϰ CGI ũƮ ˸
:ScriptAlias URL-path file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

ScriptAlias þ Alias þ , ߰ 丮 mod_cgi cgi-script ڵ鷯 ó CGI ũƮ ִٰ ˸. URL-path ϴ (% ڵ) URL Ͻý ι° ƱԸƮ ϴ ũƮ Ѵ.

:

ScriptAlias /cgi-bin/ /web/cgi-bin/

http://myserver/cgi-bin/foo ûϸ /web/cgi-bin/foo ũƮ Ѵ.

top

ScriptAliasMatch þ

:ǥ Ͽ URL Ư Ͻý ҷ ϰ CGI ũƮ ˸
:ScriptAliasMatch regex file-path|directory-path
:ּ, ȣƮ
:Base
:mod_alias

þ ScriptAlias , URL պκи ϴ ǥ ǥ Ѵ. ǥ URL ο Ͽ ´ٸ, ȣ κ üϿ ϸ Ѵ. , ǥ /cgi-bin ִ:

ScriptAliasMatch ^/cgi-bin(.*) /usr/local/apache/cgi-bin$1

mod/mod_asis.html100644 0 0 11374 11237400533 11474 0ustar 0 0 mod_asis - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_asis

ֽ ƴմϴ. ֱٿ ϼ.
:HTTP
:Base
:asis_module
ҽ:mod_asis.c

ġ Ϲ HTTP κ ߰ʰ send-as-is ڵ鷯 Ѵ.

׷ cgi ũƮ nph ũƮ ʰ ̷ǰ ٸ Ư HTTP  ڷᵵ ִ.

ſ mime type httpd/send-as-is ϵ óߴ.

top

Ͽ ϰ send-as-is ڵ鷯 Ѵ.

AddHandler send-as-is asis

ġ .asis Ȯڸ ʰ Ŭ̾Ʈ . Ŭ̾Ʈ HTTP ʿϹǷ . Status: ʿϴ. ڸ HTTP ڵ ̴.

״ Ŭ̾Ʈ ̷¼ǵǾٰ ˸ ̴.

Status: 301 Now where did I leave that URL
Location: http://xyz.abc.com/foo/bar.html
Content-type: text/html

<html>
<head>
<title>Lame excuses'R'us</title>
</head>
<body>
<h1>Fred's exceptionally wonderful page has moved to
<a href="http://xyz.abc.com/foo/bar.html">Joe's</a> site.
</h1>
</body>
</html>

:

ڷḦ Ŭ̾Ʈ ׻ Date: Server: ߰ϹǷ, Ͽ ȵȴ. Last-Modified ߰ ʴ´. ׷ Ƹ ؾ Ѵ.

mod/mod_auth_basic.html100644 0 0 16274 11237400533 12643 0ustar 0 0 mod_auth_basic - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_auth_basic

ֽ ƴմϴ. ֱٿ ϼ.
:Basic authentication
:Base
:auth_basic_module
ҽ:mod_auth_basic.c
:ġ 2.1 ĺ

ش (provider) Ͽ ں ϴ HTTP Basic Authentication Ѵ. HTTP Digest Authentication mod_auth_digest Ѵ.

top

AuthBasicAuthoritative þ

: Ѻο ⿡ Ѱ Ѵ
:AuthBasicAuthoritative On|Off
⺻:AuthBasicAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_auth_basic

AuthBasicAuthoritative þ Off ϸ ־ ̵ شϴ ̵ Ģ ã Ѻο θ (modules.c Ͽ ) Ѱش. ־ ̵ Ģ ãҴٸ 붧 ȣ 뿩θ ˻ϰ, ϸ "Authentication Required ( ʿ)" Ѵ.

׷ ͺ̽ ̵ ְų ȿ Require þ ⿡ ϸ, ù° ڸ ˻ϰ, AuthBasicAuthoritative ѱʴ´.

⺻  ѱʰ, 𸣴 ̵ Ģ "Authentication Required ( ʿ)" Ѵ. þ ý ϰ Ǹ, NCSA Ѵ.

top

AuthBasicProvider þ

: ġ ڸ Ѵ
:AuthBasicProvider On|Off|provider-name [provider-name] ...
⺻:AuthBasicProvider On
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_auth_basic

AuthBasicProvider þ ġ ڸ ڸ Ѵ. On̸ ⺻(file) Ѵ. mod_authn_file file ڸ ϱ⶧ ִ Ȯؾ Ѵ.

<Location /secure>
AuthBasicProvider dbm
AuthDBMType SDBM
AuthDBMUserFile /www/etc/dbmpasswd
Require valid-user
 </Location>

ڴ mod_authn_dbm mod_authn_file ϶.

Off̸ ⺻· ư.

mod/mod_auth_digest.html100644 0 0 45711 11237400533 13037 0ustar 0 0 mod_auth_digest - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_auth_digest

ֽ ƴմϴ. ֱٿ ϼ.
:MD5 Digest Authentication .
:Experimental
:auth_digest_module
ҽ:mod_auth_digest.c

HTTP Digest Authentication Ѵ. ׷ ׽Ʈ ġ ̴.

top

Digest Authentication ϱ

MD5 Digest authentication ſ ִ. AuthType Basic AuthBasicProvider AuthType Digest AuthDigestProvider Ͽ ִ. ׸ ּ ȣϷ ⺻ URI AuthDigestDomain þ Ѵ.

htdigest Ͽ () ִ.

:

<Location /private/>
AuthType Digest
AuthName "private area"
AuthDigestDomain /private/ http://mirror.my.dom/private2/

AuthDigestProvider file
AuthUserFile /web/auth/.digest_pw
Require valid-user
 </Location>

Digest authentication Basic authentication , ؾ Ѵ. 2002 11 digest authentication ϴ Amaya, Konqueror, (Windows ǹڿ Բ ϸ ȵ - ذ Ʒ "MS Internet Explorer ذϱ" ) Mac OS X Windows MS Internet Explorer, Mozilla, Netscape 7, Opera, Safari ִ. lynx digest authentication ʴ´. digest authentication basic authentication ŭ θ ʾұ⶧ ڰ ϴ ϴ 쿡 ؾ Ѵ.

top

MS Internet Explorer ذϱ

Windows Internet Explorer Digest authentication ǹڿ ִ GET û RFC ٸ óϴ ִ.  ذ ִ.

ù° α׷ ڷḦ Ѱֱ GET POST û ϴ ̴. ϴٸ ذå̴.

, ġ 2.0.51 AuthDigestEnableQueryStringHack ȯ溯 Ͽ ذѴ. û AuthDigestEnableQueryStringHack ϸ ġ MSIE ׸ ذ ġ ϰ û URI digest 񱳿 Ѵ. Ѵ.

MSIE Digest Authentication ϱ:

BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On

ȯ溯 ڼ BrowserMatch þ ϶.

top

AuthDigestAlgorithm þ

:digest authentication challenge response hash ϴ ˰ Ѵ
:AuthDigestAlgorithm MD5|MD5-sess
⺻:AuthDigestAlgorithm MD5
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestAlgorithm þ challenge response hash ϴ ˰ Ѵ.

MD5-sess ʾҴ.
top

AuthDigestDomain þ

:digest authentication ȣ ϴ URI
:AuthDigestDomain URI [URI] ...
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestDomain þ ȣ ִ ( ڸ/ȣ ϴ) URI Ѵ. URI λ Ѵ. Ŭ̾Ʈ URI "Ʒ" θ ڸ/ȣ ȣѴٰ Ѵ. URI (, Ŵ(scheme), ȣƮ, Ʈ ϴ) URL̰ų URI̴.

þ ׻ ؾ ϸ, ּ ⺻ URI() ؾ Ѵ. ϸ Ŭ̾Ʈ û Authorization Ѵ. ׷ û ũⰡ Ŀ, AuthDigestNcCheck Ѵٸ ɿ ִ.

ٸ URI ϸ, (̸ ϴ) Ŭ̾Ʈ Ź ڿ ʰ ڸ/ȣ ִ.

top

AuthDigestNcCheck þ

: nonce-count ˻
:AuthDigestNcCheck On|Off
⺻:AuthDigestNcCheck Off
:ּ
:Experimental
:mod_auth_digest
ʾҴ.
top

AuthDigestNonceFormat þ

:nonce Ѵ
:AuthDigestNonceFormat format
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest
ʾҴ.
top

AuthDigestNonceLifetime þ

: nonce ȿ Ⱓ
:AuthDigestNonceLifetime seconds
⺻:AuthDigestNonceLifetime 300
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestNonceLifetime þ nonce ȿ Ⱓ Ѵ. Ŭ̾Ʈ nonce ϸ stale=true Բ 401 ȯѴ. seconds 0 ũ nonce ȿ Ⱓ Ѵ. Ƹ 10 ʺ ۰ ϸ ȵȴ. seconds 0 nonce ʴ´.

top

AuthDigestProvider þ

: ġ ڸ Ѵ
:AuthDigestProvider On|Off|provider-name [provider-name] ...
⺻:AuthDigestProvider On
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestProvider þ ġ ڸ ڸ Ѵ. On̸ ⺻(file) Ѵ. mod_authn_file file ڸ ϱ⶧ ִ Ȯؾ Ѵ.

ڴ mod_authn_dbm mod_authn_file ϶.

Off̸ ⺻· ư.

top

AuthDigestQop þ

:digest authentication ȣ(quality-of-protection) Ѵ.
:AuthDigestQop none|auth|auth-int [auth|auth-int]
⺻:AuthDigestQop auth
:directory, .htaccess
Override ɼ:AuthConfig
:Experimental
:mod_auth_digest

AuthDigestQop þ ȣ(quality-of-protection) Ѵ. auth (ڸ/ȣ) ϰ, auth-int ϰἺ ˻縦 (MD5 ؽ Ͽ ˻Ѵ) Ѵ. none (ϰἺ ˻縦 ʴ) RFC-2069 digest ˰ Ѵ. auth auth-int ִ.  Ѵ. challenge ʴ´ٸ none ؾ Ѵ.

auth-int ʾҴ.
top

AuthDigestShmemSize þ

:Ŭ̾Ʈ ϱ Ҵϴ ޸𸮷
:AuthDigestShmemSize size
⺻:AuthDigestShmemSize 1000
:ּ
:Experimental
:mod_auth_digest

AuthDigestShmemSize þ Ŭ̾Ʈ ϱ Ҷ Ҵϴ ޸𸮷 Ѵ. ޸𸮴 ּ ϳ Ŭ̾Ʈ ϱ ʿ ϶. ýۿ ٸ. Ȯ ˷ AuthDigestShmemSize 0 ϰ ϶.

size Ʈ , ڿ K M Ͽ KBytes MBytes Ÿ ִ. , þ :

AuthDigestShmemSize 1048576
AuthDigestShmemSize 1024K
AuthDigestShmemSize 1M

mod/mod_authn_alias.html100644 0 0 16671 11237400533 13032 0ustar 0 0 mod_authn_alias - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_authn_alias

Description:Provides the ability to create extended authentication providers based on actual providers
Status:Extension
ModuleIdentifier:authn_alias_module
SourceFile:mod_authn_alias.c
Compatibility:Available in Apache 2.1 and later

Summary

This module allows extended authentication providers to be created within the configuration file and assigned an alias name. The alias providers can then be referenced through the directives AuthBasicProvider or AuthDigestProvider in the same way as a base authentication provider. Besides the ability to create and alias an extended provider, it also allows the same extended authentication provider to be reference by multiple locations.

Directives

Topics

top

Examples

This example checks for passwords in two different text files.

Checking multiple text password files

# Check here first
<AuthnProviderAlias file file1>
AuthUserFile /www/conf/passwords1
 </AuthnProviderAlias>

# Then check here
<AuthnProviderAlias file file2>
AuthUserFile /www/conf/passwords2
 </AuthnProviderAlias>

<Directory /var/web/pages/secure>
AuthBasicProvider file1 file2

AuthType Basic
AuthName "Protected Area"
Require valid-user
 </Directory>

The example below creates two different ldap authentication provider aliases based on the ldap provider. This allows a single authenticated location to be serviced by multiple ldap hosts:

Checking multiple LDAP servers

LoadModule authn_alias_module modules/mod_authn_alias.so

<AuthnProviderAlias ldap ldap-alias1>
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindPassword yourpassword
AuthLDAPURL ldap://ldap.host/o=ctx
 </AuthnProviderAlias>

<AuthnProviderAlias ldap ldap-other-alias>
AuthLDAPBindDN cn=yourotheruser,o=dev
AuthLDAPBindPassword yourotherpassword
AuthLDAPURL ldap://other.ldap.host/o=dev?cn
 </AuthnProviderAlias>

Alias /secure /webpages/secure
<Directory /webpages/secure>
Order deny,allow
Allow from all

AuthBasicProvider ldap-other-alias ldap-alias1

AuthType Basic
AuthName LDAP_Protected_Place
AuthzLDAPAuthoritative off
Require valid-user
 </Directory>

top

<AuthnProviderAlias> Directive

Description:Enclose a group of directives that represent an extension of a base authentication provider and referenced by the specified alias
Syntax:<AuthnProviderAlias baseProvider Alias> ... </AuthnProviderAlias>
Context:server config
Status:Extension
Module:mod_authn_alias

<AuthnProviderAlias> and </AuthnProviderAlias> are used to enclose a group of authentication directives that can be referenced by the alias name using one of the directives AuthBasicProvider or AuthDigestProvider.

mod/mod_authn_anon.html100644 0 0 30143 11237400533 12662 0ustar 0 0 mod_authn_anon - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authn_anon

: "͸(anonymous)" Ѵ
:Extension
:authn_anon_module
ҽ:mod_authn_anon.c
:ġ 2.1 ĺ

mod_auth_basic մܸ ( 'Ư' ̵ 'anonymous' ڿ ּҸ ȣ ϴ) ͸-ftp Ʈ Ѵ. ڿ ּҸ α׿ ִ.

ٸ (ͺ̽) İ Բ Ͽ '' ڿ Ʈ θ鼭 ȿ ǰ ϴ. Ű URL λ/̻ ޸ ̰ ڰ URL ִٴ ִ.

mod_auth_basic Ҷ AuthBasicProvider anon ϸ Ѵ.

top

"Ϲ" htpasswd-ϱ ߰ ڰ Ѵٸ 'մ(guest)' ֵ Ѵ:

<Directory /foo> AuthName "մ 湮Ϸ 'anonymous' ڿ ּҸ ϶"
AuthType Basic
AuthBasicProvider file anon
AuthUserFile /path/to/your/.htpasswd

Anonymous_NoUserID off
Anonymous_MustGiveEmail on
Anonymous_VerifyEmail on
Anonymous_LogEmail on
Anonymous anonymous guest www test welcome

Order Deny,Allow
Allow from all

Require valid-user
 </Directory>

top

Anonymous þ

:ȣ˻ ̵ Ѵ
:Anonymous user [user] ...
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_anon

ȣ˻ 'Ư' ̵ . ̵ Ѵ. ǥ ' " Ż⹮ \ Ͽ ̵ ȿ ִ.

̵ ҹڸ ϶.
̵ Ư ڸ 'anonymous' ׻ ϱ Ѵ.

:

Anonymous anonymous "Not Registered" "I don't know"

"anonymous", "AnonyMous", "Not Registered", "I Don't Know" ̵ ϸ ȣ˻ ڸ Ѵ.

ġ 2.1 ̵ "*" ִ. ׷ ̵ ޾Ƶδ.

top

Anonymous_LogEmail þ

:Է ȣ α׿
:Anonymous_LogEmail On|Off
⺻:Anonymous_LogEmail On
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_anon

On ϸ (Ƹ ڿ ּ) Է 'ȣ' α׿ Ѵ.

top

Anonymous_MustGiveEmail þ

:ȣ 
:Anonymous_MustGiveEmail On|Off
⺻:Anonymous_MustGiveEmail On
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_anon

ڰ ȣ ڿ ּҸ Էؾ ϴ θ Ѵ. ȣ źѴ.

top

Anonymous_NoUserID þ

: ̵ 
:Anonymous_NoUserID On|Off
⺻:Anonymous_NoUserID Off
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_anon

On ϸ ڴ ̵ (Ƹ ȣ) Է ʾƵ ȴ. ̴ ڿ ׳ return ġų OK ư Ŭϴ MS-Explorer ڿ ſ ϴ.

top

Anonymous_VerifyEmail þ

:ȣ ùٸ ڿ ּ ˻
:Anonymous_VerifyEmail On|Off
⺻:Anonymous_VerifyEmail Off
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_anon

On ϸ ڰ ùٸ ڿ ּҸ Էϵ Է 'ȣ' ּ '@' '.' Ѱ ϴ ˻Ѵ ( Anonymous_LogEmail ).

mod/mod_authn_dbd.html100644 0 0 24761 11237400533 12471 0ustar 0 0 mod_authn_dbd - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_authn_dbd

Description:User authentication using an SQL database
Status:Extension
ModuleIdentifier:authn_dbd_module
SourceFile:mod_authn_dbd.c
Compatibility:Available in Apache 2.1 and later

Summary

This module provides authentication front-ends such as mod_auth_digest and mod_auth_basic to authenticate users by looking up users in SQL tables. Similar functionality is provided by, for example, mod_authn_file.

This module relies on mod_dbd to specify the backend database driver and connection parameters, and manage the database connections.

When using mod_auth_basic or mod_auth_digest, this module is invoked via the AuthBasicProvider or AuthDigestProvider with the dbd value.

top

Configuration Example

This simple example shows use of this module in the context of the Authentication and DBD frameworks. Please note that you need to load an authorization module, such as mod_authz_user, to get it working.

# mod_dbd configuration
DBDriver pgsql
DBDParams "dbname=apacheauth user=apache password=xxxxxx"

DBDMin  4
DBDKeep 8
DBDMax  20
DBDExptime 300

<Directory /usr/www/myhost/private>
  # core authentication and mod_auth_basic configuration
  # for mod_authn_dbd
  AuthType Basic
  AuthName "My Server"
  AuthBasicProvider dbd

  # core authorization configuration
  Require valid-user

  # mod_authn_dbd SQL query to authenticate a user
  AuthDBDUserPWQuery \
    "SELECT password FROM authn WHERE user = %s"
</Directory>
top

Exposing Login Information

If httpd was built against APR version 1.3.0 or higher, then whenever a query is made to the database server, all column values in the first row returned by the query are placed in the environment, using environment variables with the prefix "AUTHENTICATE_".

If a database query for example returned the username, full name and telephone number of a user, a CGI program will have access to this information without the need to make a second independent database query to gather this additional information.

This has the potential to dramatically simplify the coding and configuration required in some web applications.

top

AuthDBDUserPWQuery Directive

Description:SQL query to look up a password for a user
Syntax:AuthDBDUserPWQuery query
Context:directory
Status:Extension
Module:mod_authn_dbd

The AuthDBDUserPWQuery specifies an SQL query to look up a password for a specified user. The user's ID will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

Example

AuthDBDUserPWQuery \
  "SELECT password FROM authn WHERE user = %s"

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd.

If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.

top

AuthDBDUserRealmQuery Directive

Description:SQL query to look up a password hash for a user and realm.
Syntax:AuthDBDUserRealmQuery query
Context:directory
Status:Extension
Module:mod_authn_dbd

The AuthDBDUserRealmQuery specifies an SQL query to look up a password for a specified user and realm. The user's ID and the realm, in that order, will be passed as string parameters when the SQL query is executed. They may be referenced within the query statement using %s format specifiers.

Example

AuthDBDUserRealmQuery \
  "SELECT password FROM authn WHERE user = %s AND realm = %s"

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user will not be authenticated through mod_authn_dbd.

If httpd was built against APR version 1.3.0 or higher, any additional column values in the first row returned by the query statement will be stored as environment variables with names of the form AUTHENTICATE_COLUMN.

mod/mod_authn_dbm.html100644 0 0 16475 11237400533 12505 0ustar 0 0 mod_authn_dbm - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authn_dbm

ֽ ƴմϴ. ֱٿ ϼ.
:DBM
:Extension
:authn_dbm_module
ҽ:mod_authn_dbm.c
:ġ 2.1 ĺ

mod_auth_digest mod_auth_basic մܸ dbm ȣϿ ڸ ãƼ Ѵ. mod_authn_file Ѵ.

mod_auth_basic̳ mod_auth_digest Ҷ AuthBasicProvider AuthDigestProvider dbm ϸ Ѵ.

top

AuthDBMType þ

:ȣ ϴ ͺ̽ Ѵ
:AuthDBMType default|SDBM|GDBM|NDBM|DB
⺻:AuthDBMType default
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_dbm

ȣ ϴ ͺ̽ Ѵ. ⺻ ͺ̽ ϶ ǴѴ. ִ ٸ ͺ̽ ޷ȴ.

ȣ α׷ ͺ̽ ϵ ؾ Ѵ.

top

AuthDBMUserFile þ

: ڿ ȣ ϴ ͺ̽ ϸ Ѵ
:AuthDBMUserFile file-path
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authn_dbm

AuthDBMUserFile þ ڿ ȣ ϴ DBM ϸ Ѵ. File-path ̴.

ڸ Ű Ѵ. ڿ ڵ ȣ̴. ȣ ڿ ݷа ִ. ݷа ڿ Ѵ.

:

AuthDBMUserFile ۿ Ȯ϶. ȣ 丮 ȿ . ׷ , Ŭ̾Ʈ AuthDBMUserFile ٿε ִ.

߿ ȣȯ : ġ dbmopen ڿ NULL ʰ DBM ڷᱸ ؽ̰ ڿ ̸ д´. Netscape  α׷ ڿ NULL ٰ ϱ⶧ α׷ DBM ϸ ִ.

ġ dbmmanage Perl ũƮ Ѵ. α׷ DBM ȣ Ѵ.

mod/mod_authn_default.html100644 0 0 10373 11237400533 13356 0ustar 0 0 mod_authn_default - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authn_default

:
:Base
:authn_default_module
ҽ:mod_authn_default.c
:ġ 2.1 ĺ

mod_auth_basic Ѵ. ڰ  źѴ.

top

AuthDefaultAuthoritative þ

: Ѱ
:AuthDefaultAuthoritative On|Off
⺻:AuthDefaultAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_authn_default

AuthDefaultAuthoritative þ Off ϸ (modules.c Ͽ ) Ѱش.

mod_authn_default ̹ ſ ǵֱ . ׷Ƿ AuthDefaultAuthoritative ⺻(On) ܵ־ Ѵ.

mod/mod_authn_file.html100644 0 0 15374 11237400533 12657 0ustar 0 0 mod_authn_file - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authn_file

ֽ ƴմϴ. ֱٿ ϼ.
: ̿
:Base
:authn_file_module
ҽ:mod_authn_file.c
:ġ 2.1

mod_auth_digest mod_auth_basic մܸ Ϲ ȣϿ ڸ ãƼ Ѵ. mod_authn_dbm ϴ.

mod_auth_basic̳ mod_auth_digest Ҷ AuthBasicProvider AuthDigestProvider file ϸ Ѵ.

top

AuthUserFile þ

: ڸ ȣ ϴ ϸ Ѵ
:AuthUserFile file-path
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_authn_file

AuthUserFile þ ڸ ȣ ϴ ϸ Ѵ. File-path ϰ̴. θ ServerRoot η óѴ.

ٿ ڸ, ݷ, ڵ ȣ ´. ٿ ̵ ϸ, mod_authn_file ù° ȣ Ѵ.

ϵ ̳ src/support ִ htpasswd HTTP Basic Authentication ȣ Ѵ. ڼ manpage ϶. ϸ:

ʱ ̵ username ȣ Filename . ȣ :

htpasswd -c Filename username

ȣ Filename username2 ߰ϰų Ѵ:

htpasswd Filename username2

ū ˻ϴ ſ ȿ ϶. ڰ ٸ AuthDBMUserFile ؾ Ѵ.

HTTP Digest Authentication Ѵٸ htpasswd ȵȴ. htdigest ؾ Ѵ. Digest Authentication Basic Authentication ڷḦ Ͽ  ϶.

AuthUserFile ۿ ġ Ȯ϶. ȣ 丮 ȿ . ׷ , Ŭ̾Ʈ AuthUserFile ٿε ִ.

mod/mod_authnz_ldap.html100644 0 0 155255 11237400533 13075 0ustar 0 0 mod_authnz_ldap - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_authnz_ldap

Description:Allows an LDAP directory to be used to store the database for HTTP Basic authentication.
Status:Extension
ModuleIdentifier:authnz_ldap_module
SourceFile:mod_authnz_ldap.c
Compatibility:Available in version 2.1 and later

Summary

This module provides authentication front-ends such as mod_auth_basic to authenticate users through an ldap directory.

mod_authnz_ldap supports the following features:

  • Known to support the OpenLDAP SDK (both 1.x and 2.x), Novell LDAP SDK and the iPlanet (Netscape) SDK.
  • Complex authorization policies can be implemented by representing the policy with LDAP filters.
  • Uses extensive caching of LDAP operations via mod_ldap.
  • Support for LDAP over SSL (requires the Netscape SDK) or TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).

When using mod_auth_basic, this module is invoked via the AuthBasicProvider directive with the ldap value.

top

Contents

top

Operation

There are two phases in granting access to a user. The first phase is authentication, in which the mod_authnz_ldap authentication provider verifies that the user's credentials are valid. This is also called the search/bind phase. The second phase is authorization, in which mod_authnz_ldap determines if the authenticated user is allowed access to the resource in question. This is also known as the compare phase.

mod_authnz_ldap registers both an authn_ldap authentication provider and an authz_ldap authorization handler. The authn_ldap authentication provider can be enabled through the AuthBasicProvider directive using the ldap value. The authz_ldap handler extends the Require directive's authorization types by adding ldap-user, ldap-dn and ldap-group values.

The Authentication Phase

During the authentication phase, mod_authnz_ldap searches for an entry in the directory that matches the username that the HTTP client passes. If a single unique match is found, then mod_authnz_ldap attempts to bind to the directory server using the DN of the entry plus the password provided by the HTTP client. Because it does a search, then a bind, it is often referred to as the search/bind phase. Here are the steps taken during the search/bind phase.

  1. Generate a search filter by combining the attribute and filter provided in the AuthLDAPURL directive with the username passed by the HTTP client.
  2. Search the directory using the generated filter. If the search does not return exactly one entry, deny or decline access.
  3. Fetch the distinguished name of the entry retrieved from the search and attempt to bind to the LDAP server using the DN and the password passed by the HTTP client. If the bind is unsuccessful, deny or decline access.

The following directives are used during the search/bind phase

AuthLDAPURL Specifies the LDAP server, the base DN, the attribute to use in the search, as well as the extra search filter to use.
AuthLDAPBindDN An optional DN to bind with during the search phase.
AuthLDAPBindPassword An optional password to bind with during the search phase.

The Authorization Phase

During the authorization phase, mod_authnz_ldap attempts to determine if the user is authorized to access the resource. Many of these checks require mod_authnz_ldap to do a compare operation on the LDAP server. This is why this phase is often referred to as the compare phase. mod_authnz_ldap accepts the following Require directives to determine if the credentials are acceptable:

  • Grant access if there is a Require ldap-user directive, and the username in the directive matches the username passed by the client.
  • Grant access if there is a Require ldap-dn directive, and the DN in the directive matches the DN fetched from the LDAP directory.
  • Grant access if there is a Require ldap-group directive, and the DN fetched from the LDAP directory (or the username passed by the client) occurs in the LDAP group.
  • Grant access if there is a Require ldap-attribute directive, and the attribute fetched from the LDAP directory matches the given value.
  • Grant access if there is a Require ldap-filter directive, and the search filter successfully finds a single user object that matches the dn of the authenticated user.
  • otherwise, deny or decline access

Other Require values may also be used which may require loading additional authorization modules. Note that if you use a Require value from another authorization module, you will need to ensure that AuthzLDAPAuthoritative is set to off to allow the authorization phase to fall back to the module providing the alternate Require value. When no LDAP-specific Require directives are used, authorization is allowed to fall back to other modules as if AuthzLDAPAuthoritative was set to off.

mod_authnz_ldap uses the following directives during the compare phase:

AuthLDAPURL The attribute specified in the URL is used in compare operations for the Require ldap-user operation.
AuthLDAPCompareDNOnServer Determines the behavior of the Require ldap-dn directive.
AuthLDAPGroupAttribute Determines the attribute to use for comparisons in the Require ldap-group directive.
AuthLDAPGroupAttributeIsDN Specifies whether to use the user DN or the username when doing comparisons for the Require ldap-group directive.
top

The Require Directives

Apache's Require directives are used during the authorization phase to ensure that a user is allowed to access a resource. mod_authnz_ldap extends the authorization types with ldap-user, ldap-dn, ldap-group, ldap-attribute and ldap-filter. Other authorization types may also be used but may require that additional authorization modules be loaded.

Require valid-user

If this directive exists, mod_authnz_ldap grants access to any user that has successfully authenticated during the search/bind phase. Requires that mod_authz_user be loaded.

Require ldap-user

The Require ldap-user directive specifies what usernames can access the resource. Once mod_authnz_ldap has retrieved a unique DN from the directory, it does an LDAP compare operation using the username specified in the Require ldap-user to see if that username is part of the just-fetched LDAP entry. Multiple users can be granted access by putting multiple usernames on the line, separated with spaces. If a username has a space in it, then it must be surrounded with double quotes. Multiple users can also be granted access by using multiple Require ldap-user directives, with one user per line. For example, with a AuthLDAPURL of ldap://ldap/o=Airius?cn (i.e., cn is used for searches), the following Require directives could be used to restrict access:

Require ldap-user "Barbara Jenson"
Require ldap-user "Fred User"
Require ldap-user "Joe Manager"

Because of the way that mod_authnz_ldap handles this directive, Barbara Jenson could sign on as Barbara Jenson, Babs Jenson or any other cn that she has in her LDAP entry. Only the single Require ldap-user line is needed to support all values of the attribute in the user's entry.

If the uid attribute was used instead of the cn attribute in the URL above, the above three lines could be condensed to

Require ldap-user bjenson fuser jmanager

Require ldap-group

This directive specifies an LDAP group whose members are allowed access. It takes the distinguished name of the LDAP group. Note: Do not surround the group name with quotes. For example, assume that the following entry existed in the LDAP directory:

dn: cn=Administrators, o=Airius
objectClass: groupOfUniqueNames
uniqueMember: cn=Barbara Jenson, o=Airius
uniqueMember: cn=Fred User, o=Airius

The following directive would grant access to both Fred and Barbara:

Require ldap-group cn=Administrators, o=Airius

Behavior of this directive is modified by the AuthLDAPGroupAttribute and AuthLDAPGroupAttributeIsDN directives.

Require ldap-dn

The Require ldap-dn directive allows the administrator to grant access based on distinguished names. It specifies a DN that must match for access to be granted. If the distinguished name that was retrieved from the directory server matches the distinguished name in the Require ldap-dn, then authorization is granted. Note: do not surround the distinguished name with quotes.

The following directive would grant access to a specific DN:

Require ldap-dn cn=Barbara Jenson, o=Airius

Behavior of this directive is modified by the AuthLDAPCompareDNOnServer directive.

Require ldap-attribute

The Require ldap-attribute directive allows the administrator to grant access based on attributes of the authenticated user in the LDAP directory. If the attribute in the directory matches the value given in the configuration, access is granted.

The following directive would grant access to anyone with the attribute employeeType = active

Require ldap-attribute employeeType=active

Multiple attribute/value pairs can be specified on the same line separated by spaces or they can be specified in multiple Require ldap-attribute directives. The effect of listing multiple attribute/values pairs is an OR operation. Access will be granted if any of the listed attribute values match the value of the corresponding attribute in the user object. If the value of the attribute contains a space, only the value must be within double quotes.

The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"

Require ldap-attribute city="San Jose" status=active

Require ldap-filter

The Require ldap-filter directive allows the administrator to grant access based on a complex LDAP search filter. If the dn returned by the filter search matches the authenticated user dn, access is granted.

The following directive would grant access to anyone having a cell phone and is in the marketing department

Require ldap-filter &(cell=*)(department=marketing)

The difference between the Require ldap-filter directive and the Require ldap-attribute directive is that ldap-filter performs a search operation on the LDAP directory using the specified search filter rather than a simple attribute comparison. If a simple attribute comparison is all that is required, the comparison operation performed by ldap-attribute will be faster than the search operation used by ldap-filter especially within a large directory.

top

Examples

  • Grant access to anyone who exists in the LDAP directory, using their UID for searches.

    AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)"
    Require valid-user

  • The next example is the same as above; but with the fields that have useful defaults omitted. Also, note the use of a redundant LDAP server.

    AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"
    Require valid-user

  • The next example is similar to the previous one, but it uses the common name instead of the UID. Note that this could be problematical if multiple people in the directory share the same cn, because a search on cn must return exactly one entry. That's why this approach is not recommended: it's a better idea to choose an attribute that is guaranteed unique in your directory, such as uid.

    AuthLDAPURL "ldap://ldap.airius.com/ou=People, o=Airius?cn"
    Require valid-user

  • Grant access to anybody in the Administrators group. The users must authenticate using their UID.

    AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid
    Require ldap-group cn=Administrators, o=Airius

  • The next example assumes that everyone at Airius who carries an alphanumeric pager will have an LDAP attribute of qpagePagerID. The example will grant access only to people (authenticated via their UID) who have alphanumeric pagers:

    AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)
    Require valid-user

  • The next example demonstrates the power of using filters to accomplish complicated administrative requirements. Without filters, it would have been necessary to create a new LDAP group and ensure that the group's members remain synchronized with the pager users. This becomes trivial with filters. The goal is to grant access to anyone who has a pager, plus grant access to Joe Manager, who doesn't have a pager, but does need to access the same resource:

    AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))
    Require valid-user

    This last may look confusing at first, so it helps to evaluate what the search filter will look like based on who connects, as shown below. If Fred User connects as fuser, the filter would look like

    (&(|(qpagePagerID=*)(uid=jmanager))(uid=fuser))

    The above search will only succeed if fuser has a pager. When Joe Manager connects as jmanager, the filter looks like

    (&(|(qpagePagerID=*)(uid=jmanager))(uid=jmanager))

    The above search will succeed whether jmanager has a pager or not.

top

Using TLS

To use TLS, see the mod_ldap directives LDAPTrustedClientCert, LDAPTrustedGlobalCert and LDAPTrustedMode.

An optional second parameter can be added to the AuthLDAPURL to override the default connection type set by LDAPTrustedMode. This will allow the connection established by an ldap:// Url to be upgraded to a secure connection on the same port.

top

Using SSL

To use SSL, see the mod_ldap directives LDAPTrustedClientCert, LDAPTrustedGlobalCert and LDAPTrustedMode.

To specify a secure LDAP server, use ldaps:// in the AuthLDAPURL directive, instead of ldap://.

top

Exposing Login Information

When this module performs authentication, LDAP attributes specified in the AuthLDAPUrl directive are placed in environment variables with the prefix "AUTHENTICATE_".

If the attribute field contains the username, common name and telephone number of a user, a CGI program will have access to this information without the need to make a second independent LDAP query to gather this additional information.

This has the potential to dramatically simplify the coding and configuration required in some web applications.

top

Using Microsoft FrontPage with mod_authnz_ldap

Normally, FrontPage uses FrontPage-web-specific user/group files (i.e., the mod_authn_file and mod_authz_groupfile modules) to handle all authentication. Unfortunately, it is not possible to just change to LDAP authentication by adding the proper directives, because it will break the Permissions forms in the FrontPage client, which attempt to modify the standard text-based authorization files.

Once a FrontPage web has been created, adding LDAP authentication to it is a matter of adding the following directives to every .htaccess file that gets created in the web

AuthLDAPURL            "the url"
AuthGroupFile mygroupfile
Require group mygroupfile

How It Works

FrontPage restricts access to a web by adding the Require valid-user directive to the .htaccess files. The Require valid-user directive will succeed for any user who is valid as far as LDAP is concerned. This means that anybody who has an entry in the LDAP directory is considered a valid user, whereas FrontPage considers only those people in the local user file to be valid. By substituting the ldap-group with group file authorization, Apache is allowed to consult the local user file (which is managed by FrontPage) - instead of LDAP - when handling authorizing the user.

Once directives have been added as specified above, FrontPage users will be able to perform all management operations from the FrontPage client.

Caveats

  • When choosing the LDAP URL, the attribute to use for authentication should be something that will also be valid for putting into a mod_authn_file user file. The user ID is ideal for this.
  • When adding users via FrontPage, FrontPage administrators should choose usernames that already exist in the LDAP directory (for obvious reasons). Also, the password that the administrator enters into the form is ignored, since Apache will actually be authenticating against the password in the LDAP database, and not against the password in the local user file. This could cause confusion for web administrators.
  • Apache must be compiled with mod_auth_basic, mod_authn_file and mod_authz_groupfile in order to use FrontPage support. This is because Apache will still use the mod_authz_groupfile group file for determine the extent of a user's access to the FrontPage web.
  • The directives must be put in the .htaccess files. Attempting to put them inside <Location> or <Directory> directives won't work. This is because mod_authnz_ldap has to be able to grab the AuthGroupFile directive that is found in FrontPage .htaccess files so that it knows where to look for the valid user list. If the mod_authnz_ldap directives aren't in the same .htaccess file as the FrontPage directives, then the hack won't work, because mod_authnz_ldap will never get a chance to process the .htaccess file, and won't be able to find the FrontPage-managed user file.
top

AuthLDAPBindDN Directive

Description:Optional DN to use in binding to the LDAP server
Syntax:AuthLDAPBindDN distinguished-name
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

An optional DN used to bind to the server when searching for entries. If not provided, mod_authnz_ldap will use an anonymous bind.

top

AuthLDAPBindPassword Directive

Description:Password used in conjuction with the bind DN
Syntax:AuthLDAPBindPassword password
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

A bind password to use in conjunction with the bind DN. Note that the bind password is probably sensitive data, and should be properly protected. You should only use the AuthLDAPBindDN and AuthLDAPBindPassword if you absolutely need them to search the directory.

top

AuthLDAPCharsetConfig Directive

Description:Language to charset conversion configuration file
Syntax:AuthLDAPCharsetConfig file-path
Context:server config
Status:Extension
Module:mod_authnz_ldap

The AuthLDAPCharsetConfig directive sets the location of the language to charset conversion configuration file. File-path is relative to the ServerRoot. This file specifies the list of language extensions to character sets. Most administrators use the provided charset.conv file, which associates common language extensions to character sets.

The file contains lines in the following format:

Language-Extension charset [Language-String] ...

The case of the extension does not matter. Blank lines, and lines beginning with a hash character (#) are ignored.

top

AuthLDAPCompareDNOnServer Directive

Description:Use the LDAP server to compare the DNs
Syntax:AuthLDAPCompareDNOnServer on|off
Default:AuthLDAPCompareDNOnServer on
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

When set, mod_authnz_ldap will use the LDAP server to compare the DNs. This is the only foolproof way to compare DNs. mod_authnz_ldap will search the directory for the DN specified with the Require dn directive, then, retrieve the DN and compare it with the DN retrieved from the user entry. If this directive is not set, mod_authnz_ldap simply does a string comparison. It is possible to get false negatives with this approach, but it is much faster. Note the mod_ldap cache can speed up DN comparison in most situations.

top

AuthLDAPDereferenceAliases Directive

Description:When will the module de-reference aliases
Syntax:AuthLDAPDereferenceAliases never|searching|finding|always
Default:AuthLDAPDereferenceAliases Always
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

This directive specifies when mod_authnz_ldap will de-reference aliases during LDAP operations. The default is always.

top

AuthLDAPGroupAttribute Directive

Description:LDAP attributes used to check for group membership
Syntax:AuthLDAPGroupAttribute attribute
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

This directive specifies which LDAP attributes are used to check for group membership. Multiple attributes can be used by specifying this directive multiple times. If not specified, then mod_authnz_ldap uses the member and uniquemember attributes.

top

AuthLDAPGroupAttributeIsDN Directive

Description:Use the DN of the client username when checking for group membership
Syntax:AuthLDAPGroupAttributeIsDN on|off
Default:AuthLDAPGroupAttributeIsDN on
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

When set on, this directive says to use the distinguished name of the client username when checking for group membership. Otherwise, the username will be used. For example, assume that the client sent the username bjenson, which corresponds to the LDAP DN cn=Babs Jenson, o=Airius. If this directive is set, mod_authnz_ldap will check if the group has cn=Babs Jenson, o=Airius as a member. If this directive is not set, then mod_authnz_ldap will check if the group has bjenson as a member.

top

AuthLDAPRemoteUserAttribute Directive

Description:Use the value of the attribute returned during the user query to set the REMOTE_USER environment variable
Syntax:AuthLDAPRemoteUserAttribute uid
Default:none
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

If this directive is set, the value of the REMOTE_USER environment variable will be set to the value of the attribute specified. Make sure that this attribute is included in the list of attributes in the AuthLDAPUrl definition, otherwise this directive will have no effect. This directive, if present, takes precedence over AuthLDAPRemoteUserIsDN. This directive is useful should you want people to log into a website using an email address, but a backend application expects the username as a userid.

top

AuthLDAPRemoteUserIsDN Directive

Description:Use the DN of the client username to set the REMOTE_USER environment variable
Syntax:AuthLDAPRemoteUserIsDN on|off
Default:AuthLDAPRemoteUserIsDN off
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

If this directive is set to on, the value of the REMOTE_USER environment variable will be set to the full distinguished name of the authenticated user, rather than just the username that was passed by the client. It is turned off by default.

top

AuthLDAPUrl Directive

Description:URL specifying the LDAP search parameters
Syntax:AuthLDAPUrl url [NONE|SSL|TLS|STARTTLS]
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

An RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is

ldap://host:port/basedn?attribute?scope?filter

ldap
For regular ldap, use the string ldap. For secure LDAP, use ldaps instead. Secure LDAP is only available if Apache was linked to an LDAP library with SSL support.
host:port

The name/port of the ldap server (defaults to localhost:389 for ldap, and localhost:636 for ldaps). To specify multiple, redundant LDAP servers, just list all servers, separated by spaces. mod_authnz_ldap will try connecting to each server in turn, until it makes a successful connection.

Once a connection has been made to a server, that connection remains active for the life of the httpd process, or until the LDAP server goes down.

If the LDAP server goes down and breaks an existing connection, mod_authnz_ldap will attempt to re-connect, starting with the primary server, and trying each redundant server in turn. Note that this is different than a true round-robin search.

basedn
The DN of the branch of the directory where all searches should start from. At the very least, this must be the top of your directory tree, but could also specify a subtree in the directory.
attribute
The attribute to search for. Although RFC 2255 allows a comma-separated list of attributes, only the first attribute will be used, no matter how many are provided. If no attributes are provided, the default is to use uid. It's a good idea to choose an attribute that will be unique across all entries in the subtree you will be using.
scope
The scope of the search. Can be either one or sub. Note that a scope of base is also supported by RFC 2255, but is not supported by this module. If the scope is not provided, or if base scope is specified, the default is to use a scope of sub.
filter
A valid LDAP search filter. If not provided, defaults to (objectClass=*), which will search for all objects in the tree. Filters are limited to approximately 8000 characters (the definition of MAX_STRING_LEN in the Apache source code). This should be more than sufficient for any application.

When doing searches, the attribute, filter and username passed by the HTTP client are combined to create a search filter that looks like (&(filter)(attribute=username)).

For example, consider an URL of ldap://ldap.airius.com/o=Airius?cn?sub?(posixid=*). When a client attempts to connect using a username of Babs Jenson, the resulting search filter will be (&(posixid=*)(cn=Babs Jenson)).

An optional parameter can be added to allow the LDAP Url to override the connection type. This parameter can be one of the following:

NONE
Establish an unsecure connection on the default LDAP port. This is the same as ldap:// on port 389.
SSL
Establish a secure connection on the default secure LDAP port. This is the same as ldaps://
TLS | STARTTLS
Establish an upgraded secure connection on the default LDAP port. This connection will be initiated on port 389 by default and then upgraded to a secure connection on the same port.

See above for examples of AuthLDAPURL URLs.

When AuthLDAPURL is enabled in a particular context, but some other module has performed authentication for the request, the server will try to map the username to a DN during authorization regardless of whether or not LDAP-specific requirements are present. To ignore the failures to map a username to a DN during authorization, set AuthzLDAPAutoritative to "off".

top

AuthzLDAPAuthoritative Directive

Description:Prevent other authentication modules from authenticating the user if this one fails
Syntax:AuthzLDAPAuthoritative on|off
Default:AuthzLDAPAuthoritative on
Context:directory, .htaccess
Override:AuthConfig
Status:Extension
Module:mod_authnz_ldap

Set to off if this module should let other authorization modules attempt to authorize the user, should authorization with this module fail. Control is only passed on to lower modules if there is no DN or rule that matches the supplied user name (as passed by the client).

When no LDAP-specific Require directives are used, authorization is allowed to fall back to other modules as if AuthzLDAPAuthoritative was set to off.

mod/mod_authz_dbm.html100644 0 0 22636 11237400533 12515 0ustar 0 0 mod_authz_dbm - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authz_dbm

ֽ ƴմϴ. ֱٿ ϼ.
:DBM ׷
:Extension
:authz_dbm_module
ҽ:mod_authz_dbm.c
:ġ 2.1 ĺ

׷ Ϻθ ִ Ͽ Ѻο Ѵ. mod_authz_groupfile ϴ.

top

AuthDBMGroupFile þ

: ׷ ϴ ͺ̽ ϸ Ѵ
:AuthDBMGroupFile file-path
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authz_dbm

AuthDBMGroupFile þ ׷ ϴ DBM ϸ Ѵ. File-path ̴.

ڸ Ű Ѵ. ڿ ǥ ڰ ׷ ̴. ̳ ݷ .

AuthDBMGroupFile ۿ ġ Ȯ϶. ȣ 丮 ȿ . ׷ , Ŭ̾Ʈ AuthDBMGroupFile ٿε ִ.

׷ DBM ϰ ȣ DBM ϱ: ڿ ȣ ׷ θ ͺ̽ ϴ ﶧ ִ. ۼ α׷ . α׷ DBM ϸ װ ȴ. ׷ϰ ȣ DBMϷ ϸ ϴ:

AuthDBMGroupFile /www/userbase
AuthDBMUserFile /www/userbase

DBM Ű ڸ̴.

ڵ ȣ : ׷ [ : () ]

ȣ κ ڵ ȣ̴. ݷ ڿ ǥ ׷ ´. ٽ ݷ ٸ ִ. κ Ѵ. www.telescope.org ̷ ȣ ͺ̽ ׷ ͺ̽ Ѵ.

top

AuthzDBMAuthoritative þ

:Ѻο Ѱ
:AuthzDBMAuthoritative On|Off
⺻:AuthzDBMAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authz_dbm

AuthzDBMAuthoritative þ Off ϸ ش ̵ ׷ ׷ Ѻο (modules.c Ͽ ) Ѱش. ׷ ִٸ 붧 ˻ϰ, ϸ ʿ Ѵ.

׷ ͺ̽ ̵ ְų ȿ Require þ ⿡ ϸ, ù° ڸ ˻ϰ, AuthAuthoritative ѱʴ´.

Ϲ mod_authn_dbm̳ mod_authn_file ڿ Ѵ. 뷮 ˻翡 ˻ DBM , Ҽ() ˻ ȣ .htpasswd Ϸ ѱ.

⺻  ѱʰ, 𸣴 ׷ ʿ Ѵ. þ ý ϰ Ǹ, NCSA Ѵ.

ڰ ڽ .htaccess ϰ Ǵ 캸, ̷ ൿ ϶. Ϲ ִ ͺ̽ ȣϴ ͺ ϳ .htpasswd ȣϴ .

top

AuthzDBMType þ

:ȣ ϴ ͺ̽ Ѵ
:AuthzDBMType default|SDBM|GDBM|NDBM|DB
⺻:AuthzDBMType default
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authz_dbm

ȣ ϴ ͺ̽ Ѵ. ͺ̽ ⺻ ϶ . ִ ٸ ͺ̽ ޷ȴ.

ȣ α׷ ͺ̽ ϵ ؾ Ѵ.

mod/mod_authz_default.html100644 0 0 10567 11237400533 13377 0ustar 0 0 mod_authz_default - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authz_default

: Ѻο
:Base
:authz_default_module
ҽ:mod_authz_default.c
:ġ 2.1 ĺ

mod_authz_user mod_authz_groupfile Ѻο Ѵ. Ѻο û źѴ.

top

AuthzDefaultAuthoritative þ

:Ѻο Ѱ
:AuthzDefaultAuthoritative On|Off
⺻:AuthzDefaultAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_authz_default

AuthzDefaultAuthoritative þ Off ϸ (modules.c Ͽ ) Ѻο Ѱش.

mod_authz_default ̹ ſ ǵֱ . ׷Ƿ AuthzDefaultAuthoritative ⺻(On) ܵ־ Ѵ.

mod/mod_authz_groupfile.html100644 0 0 15375 11237400533 13751 0ustar 0 0 mod_authz_groupfile - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authz_groupfile

:Ϲ ̿ ׷ Ѻο
:Base
:authz_groupfile_module
ҽ:mod_authz_groupfile.c
:ġ 2.1 ĺ

׷ Ʈ Ϻθ ִ Ͽ Ѻο Ѵ. mod_authz_dbm ϴ.

top

AuthGroupFile þ

: ׷ ϴ ϸ Ѵ
:AuthGroupFile file-path
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_authz_groupfile

AuthGroupFile þ ׷ ϴ ϸ Ѵ. File-path ׷ ̴. θ ServerRoot η ޾Ƶδ.

׷ ٿ ׷, ݷ, ڸ ´.

:

mygroup: bob joe anne

׷ ū ˻ϴ ſ ȿ ϶. AuthDBMGroupFile .

AuthGroupFile ۿ ġ Ȯ϶. ȣ 丮 ȿ . ׷ , Ŭ̾Ʈ AuthGroupFile ٿε ִ.

top

AuthzGroupFileAuthoritative þ

:Ѻο Ѱ
:AuthzGroupFileAuthoritative On|Off
⺻:AuthzGroupFileAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_authz_groupfile

AuthzGroupFileAuthoritative þ Off ϸ ش ̵ ׷ ׷ Ѻο (modules.c Ͽ ) Ѱش.

⺻  ѱʰ, 𸣴 ׷ ʿ Ѵ. þ ý ϰ Ǹ, NCSA Ѵ.

ڰ ڽ .htaccess ϰ Ǵ 캸, ̷ ൿ ϶. Ϲ ִ ͺ̽ ȣϴ ͺ ϳ .htpasswd ȣϴ .

mod/mod_authz_host.html100644 0 0 37005 11237400533 12724 0ustar 0 0 mod_authz_host - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authz_host

ֽ ƴմϴ. ֱٿ ϼ.
:ȣƮ (̸̳ IP ּ) ׷ Ѻο
:Base
:authz_host_module
ҽ:mod_authz_host.c
:ġ 2.1 ĺ

<Directory>, <Files>, <Location> ǰ .htaccess Ͽ Ư κ ϱ mod_authz_host ϴ þ Ѵ. Ŭ̾Ʈ ȣƮ, IP ּ, ȯ溯 ϵ û Ư Ѵ. Allow Deny þ  Ŭ̾Ʈ ִ ϰ, Order þ ⺻ ź ο  Allow þ Deny þ ġ Ѵ.

ȣƮ Ѱ ȣ ÿ ִ. Satisfy þ Ͽ  ġ Ѵ.

Ϲ þ (GET, PUT, POST ) ޼忡 Ǹ, ൿ κ ٶϴ. ׷ <Limit> Ǿȿ þ Ͽ Ư ޼忡 ִ.

top

Allow þ

: Ϻο ִ ȣƮ Ѵ
: Allow from all|host|env=env-variable [host|env=env-variable] ...
:directory, .htaccess
Override ɼ:Limit
:Base
:mod_authz_host

Allow þ  ȣƮ Ϻο ִ Ѵ. ȣƮ, IP ּ, IP ּҿ, ȯ溯 ϵ ٸ Ư ִ.

þ ù° ƱԸƮ ׻ from̴. ƱԸƮ ִ. Allow from all ϸ, Ʒ Deny Order þ ȣƮ 㰡Ѵ. Ư ȣƮ Ϸ host ִ:

ȣƮ (Ϻ)

:

Allow from apache.org

ȣƮ ڿ ų ڿ Ѵ. ׷ foo.apache.org شǰ, fooapache.org ش ʴ´. ϸ ġ HostnameLookups þ Ŭ̾Ʈ IP ּҸ ߺ- DNS ˻ Ѵ. , ȣƮ ã IP ּҸ DNS ˻ , ٽ ȣƮ ˻Ͽ IP ּҿ ġϴ ȮѴ. ȣƮ شϸ, Ѵ.

IP ּ ü

:

Allow from 10.1.2.3

㰡ϴ ȣƮ IP ּ

IP ּ Ϻ

:

Allow from 10.1

Ʈũ ϱ IP ּ 1 3 Ʈ.

Ʈũ/ݸŽũ

:

Allow from 10.1.0.0/255.255.0.0

Ʈũ a.b.c.d ݸŽũ w.x.y.z. ϰ Ʈũ Ҷ Ѵ.

Ʈũ/nnn CIDR Ծ

:

Allow from 10.1.0.0/16

, nnn Ʈ 1 ݸŽũ Ѵ.

Ȯ ȣƮ ĪѴ.

IPv6 ּҿ IPv6 Ʈũ ִ:

Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10

Allow þ ƱԸƮ ° ȯ溯 Ѵ. Allow from env=env-variable ϸ, env-variable ȯ溯 ǵ 㰡Ѵ. mod_setenvif ϴ þ Ͽ Ŭ̾Ʈ û Ư Ӱ ȯ溯 ִ. ׷Ƿ þ Ͽ Ŭ̾Ʈ User-Agent ( ), Referer, ٸ HTTP û 㰡 ִ.

:

SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
<Directory /docroot>
Order Deny,Allow
Deny from all
Allow from env=let_me_in
 </Directory>

user-agent ڿ KnockKnock/2.0 ϴ ϰ, źѴ.

top

Deny þ

: ź ȣƮ Ѵ
: Deny from all|host|env=env-variable [host|env=env-variable] ...
:directory, .htaccess
Override ɼ:Limit
:Base
:mod_authz_host

þ Ͽ ȣƮ, IP ּ, ȯ溯 ִ. Deny þ ƱԸƮ Allow þ ϴ.

top

Order þ

:⺻ ź ο Allow Deny ó Ѵ.
: Order ordering
⺻:Order Deny,Allow
:directory, .htaccess
Override ɼ:Limit
:Base
:mod_authz_host

Order þ ⺻ ź ο Allow Deny þ ó Ѵ. ordering ϳ̴

Deny,Allow
Deny þ Allow þ 캻. ׸ ⺻ Ѵ. Deny Allow þ ش ʴ Ŭ̾Ʈ Ѵ.
Allow,Deny
Allow þ Deny þ 캻. ׸ ⺻ ʴ´. Deny Allow þ ش ʴ Ŭ̾Ʈ źѴ.
Mutual-failure
Deny Ͽ ȳ Allow Ͽ ȣƮ Ѵ. Order Allow,Deny ϱ⶧ ʴ´.

Ű ǥθ Ѵ; ̿ ȵȴ. Allow Deny 캽 ϶.

Ʒ apache.org ȣƮ , ٸ ȣƮ źѴ.

Order Deny,Allow
Deny from all
Allow from apache.org

Ʒ foo.apache.org ο ִ ȣƮ źϰ, apache.org ο ִ ȣƮ Ѵ. ⺻ źϱ⶧ apache.org ο ʴ ȣƮ źѴ.

Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org

ݴ Order Deny,Allow ϸ, ȣƮ Ѵ. Ͽ þ Allow from apache.org óϿ Deny from foo.apache.org ȿ ϱ ̴. , ⺻ ϹǷ apache.org ο ʴ ȣƮ 㰡Ѵ.

Order þ ⺻ ź ϱ⶧ Allow Deny þ ʾƵ ٰ ο ش. ,

<Directory /www>
Order Allow,Deny
 </Directory>

źϱ⶧ /www 丮 źѴ.

Order þ ϴ þ ó ش óܰ迡 ش. , Order þ <Location> ȿ ִ Allow Deny þ <Directory> ̳ .htaccess Ͽ ִ Allow Deny þ ó Ŀ óѴ. ǵ ϴ ؼ  Directory, Location, Files ϳ ϶.

mod/mod_authz_owner.html100644 0 0 22166 11237400533 13103 0ustar 0 0 mod_authz_owner - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authz_owner

: ڸ ̿ Ѻο
:Extension
:authz_owner_module
ҽ:mod_authz_owner.c
:ġ 2.1 ĺ

HTTP ̵( ̵) û Ͻý /׷ Ͽ ٱ οѴ. ⼭ ڸ ȣ ̹ mod_auth_basic̳ mod_auth_digest Ȯ ƴ. mod_authz_owner Require þ ƱԸƮ, file-owner file-group óѴ:

file-owner
ڸ û ý ̸ ƾ Ѵ. , ü û ڰ jones, Ͽ ϴ ڵ jones̾ Ѵ.
file-group
ý ׷ mod_authz_groupfile̳ mod_authz_dbm ׷ ͺ̽ ְ, ڸ ش ׷쿡 ؾ Ѵ. , ü û accounts (ý) ׷ ϰ ִٸ, ׷ ͺ̽ accounts ׷ ְ û ڸ ׷쿡 ؾ Ѵ.

mod_authz_owner Ͻýۿ ʴ ڿ (, ڿ) ѺοѴٸ, źѴ.

Ư "MultiViews" ڿ Ѻο ʴ´.

top

Require file-owner

ġ ϴ ߻ ýۿ ڰ ~/public_html/private ڽ Ѵٰ . ڸ ϴ AuthDBMUserFile ͺ̽ ְ, ⿡ ڸ ϴ ý ڸ ϴ. Ʒ ڿԸ Ѵ. jones jones ƴ smith ϰ ִ /home/smith/public_html/private ִ Ͽ .

<Directory /home/*/public_html/private>
AuthType Basic
AuthName MyPrivateFiles
AuthBasicProvider dbm
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
Satisfy All
Require file-owner
 </Directory>

Require file-group

Ȳ ~/public_html/project-foo Ʈ Ѵٰ . ϵ ý ׷ foo ϸ, ڸ ׷ ϴ AuthDBMGroupFile ͺ̽ ִ. , ּ foo ׷쿡 ִ. jones smith ׷ foo ̶, project-foo 丮 ִ.

<Directory /home/*/public_html/project-foo>
AuthType Basic
AuthName "Project Foo Files"
AuthBasicProvider dbm

# combined user/group database
AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all

Satisfy All
Require file-group
 </Directory>

top

AuthzOwnerAuthoritative þ

:Ѻο Ѱ
:AuthzOwnerAuthoritative On|Off
⺻:AuthzOwnerAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Extension
:mod_authz_owner

AuthzOwnerAuthoritative þ Off ϸ Ѻο (modules.c Ͽ ) Ѱش.

  • file-owner ϸ Ͻý ڸ ų ־ ڸ ٸ
  • file-group ϸ Ͻý ׷ ų ־ ڸ ƴ .

, Off ϸ file-owner file-group Ͽ, ϳ ص 㰡Ѵ.

⺻  ѱʰ, 𸣴 ׷ ʿ Ѵ. þ Off ý ϰ Ǹ, NCSA Ѵ.

mod/mod_authz_user.html100644 0 0 11143 11237400533 12720 0ustar 0 0 mod_authz_user - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_authz_user

ֽ ƴմϴ. ֱٿ ϼ.
: Ѻο
:Base
:authz_user_module
ҽ:mod_authz_user.c
:ġ 2.1 ĺ

οϿ, ڰ Ʈ Ϻο ִ Ѵ. mod_authz_user Require user þ Ͽ ڰ Ѵ. , require valid-user ο Ѵ.

top

AuthzUserAuthoritative þ

:Ѻο Ѱ
:AuthzUserAuthoritative On|Off
⺻:AuthzUserAuthoritative On
:directory, .htaccess
Override ɼ:AuthConfig
:Base
:mod_authz_user

AuthzUserAuthoritative þ Off ϸ ش ڰ Ѻο (modules.c Ͽ ) Ѱش.

⺻  ѱʰ, 𸣴 ʿ Ѵ. þ Off ý ϰ Ǹ, NCSA Ѵ.

mod/mod_autoindex.html100644 0 0 127730 11237400533 12561 0ustar 0 0 mod_autoindex - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_autoindex

ֽ ƴմϴ. ֱٿ ϼ.
:ڵ н ls ɾ Win32 dir ɾ 丮
:Base
:autoindex_module
ҽ:mod_autoindex.c

丮 ΰ:

, Ѵٸ ڵ (Ȥ ü) ִ.

ڵ Options +Indexes ϴ. ڼ Options þ ϶.

IndexOptions þ FancyIndexing ɼ ָ, ̸ ٲٴ ũ . ̸ ũ ϸ ٽ . ̸ ݺؼ ϸ ̸ . IndexOptions þ SuppressColumnSorting ɼ ̷ ̸ ũ ʴ´.

"Size(ũ)" µǴ ƴ϶ ũ ϶. , 1010 Ʈ ϰ 1011 Ʈ Ѵ "1K" ̴ ׻ 1010 Ʈ տ ´.

top

Autoindex û ƱԸƮ

ġ 2.0.23 û ƱԸƮ ϰ, ο ɼǵ ߰ߴ. Ŭ̾Ʈ IndexOptions IgnoreClient ɼ ߰Ǿ.

̸ Ʒ û ɼ ڱ ũ. Ʒ ɼ 丮 ڿ  û ִ.

  • C=N ϸ ̴
  • C=M ֱ , ׸ ϸ ̴
  • C=S ũ , ׸ ϸ ̴
  • C=D , ׸ ϸ ̴
  • O=A Ѵ
  • O=D Ѵ
  • F=0 (FancyIndexed ƴ) ̴
  • F=1 FancyIndexed ̴
  • F=2 HTMLTable FancyIndexed ̴
  • V=0 ʴ´
  • V=1 Ѵ
  • P=pattern ־ pattern شϴ ϸ

'P'attern ƱԸƮ Ϲ IndexIgnore þ ó Ŀ ˻ϱ⶧, ٸ autoindex ϶. mod_autoindex û ƱԸƮ о϶ ɼ ߰ϸ ̻ ʴ´. û ƱԸƮ ǥ Ѵ.

header.html Ͽ ִ Ʒ ɼǵ Ѵ. submit "X" ƱԸƮ mod_autoindex X=Go ƱԸƮ о Ȯϱ ߴ.

<form action="" method="get">
Show me a <select name="F">
<option value="0"> Plain list</option>
<option value="1" selected="selected"> Fancy list</option>
<option value="2"> Table list</option>
 </select>
Sorted by <select name="C">
<option value="N" selected="selected"> Name</option>
<option value="M"> Date Modified</option>
<option value="S"> Size</option>
<option value="D"> Description</option>
 </select>
<select name="O">
<option value="A" selected="selected"> Ascending</option>
<option value="D"> Descending</option>
 </select>
<select name="V">
<option value="0" selected="selected"> in Normal order</option>
<option value="1"> in Version order</option>
 </select>
Matching <input type="text" name="P" value="*" />
<input type="submit" name="X" value="Go" />
 </form>

top

AddAlt þ

:ϸ ܴ
:AddAlt string file [file] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

AddAlt FancyIndexing Ͽ ܴ Ѵ. File Ȯ, ϸ Ϻ, ϵī ǥ, ü ϸ ִ. String ٸ ǥ(" Ȥ ') Ѵ. Ŭ̾Ʈ ̹ ų, ̹ ʰų, ߰ ̰ ȴ.

AddAlt "PDF file" *.pdf
AddAlt Compressed *.gz *.zip *.Z

top

AddAltByEncoding þ

:MIME-encoding ܴ
:AddAltByEncoding string MIME-encoding [MIME-encoding] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

AddAltByEncoding FancyIndexing Ͽ ܴ Ѵ. MIME-encoding x-compress ȿ content-encoding̴. String ٸ ǥ(" Ȥ ') Ѵ. Ŭ̾Ʈ ̹ ų, ̹ ʰų, ߰ ̰ ȴ.

AddAltByEncoding gzip x-gzip

top

AddAltByType þ

:MIME content-type ܴ
:AddAltByType string MIME-type [MIME-type] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

AddAltByType FancyIndexing Ͽ ܴ Ѵ. MIME-type text/html ȿ content-type̴. String ٸ ǥ(" Ȥ ') Ѵ. Ŭ̾Ʈ ̹ ų, ̹ ʰų, ߰ ̰ ȴ.

AddAltByType 'plain text' text/plain

top

AddDescription þ

:Ͽ
:AddDescription string file [file] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing Ͽ Ѵ. File Ȯ, ϸ Ϻ, ϵī ǥ, ü ϸ ִ. String ǥ(") Ѵ.

AddDescription "The planet Mars" /web/pics/mars.gif

⺻ ʵ 23 Ʈ. IndexOptions SuppressIcon ɼ ϸ ⺻ 6 Ʈ ߰ϰ, IndexOptions SuppressSize ɼ 7 Ʈ, IndexOptions SuppressLastModified ɼ 19 Ʈ ߰Ѵ. ׷Ƿ 55 Ʈ.

ʵ ٲٰų ̸ Ѵ DescriptionWidth IndexOptions Ű带 ϶.

AddDescription ۿ ±׳ character entity(; &lt;, &amp; Ī) HTML ִ. ׷ ±װ ִ κ ©ԵǸ ( ü κ ©) 丮 Ͽ ִ.

top

AddIcon þ

:̸ Ͽ
:AddIcon icon name [name] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing name Ѵ. Icon (%-escaped) URL Ȥ (alttext,url) ̴. ⼭ alttext ׸ ܴ ̴.

Name 丮 Ÿ ^^DIRECTORY^^, ( ùٷ ߱) Ÿ ^^BLANKICON^^, Ȯ, ϵī ǥ, ϸ Ϻ Ȥ ü ִ.

AddIcon (IMG,/icons/image.xbm) .gif .jpg .xbm
AddIcon /icons/dir.xbm ^^DIRECTORY^^
AddIcon /icons/backup.xbm *~

ϸ AddIconٴ AddIconByType ؾ Ѵ.

top

AddIconByEncoding þ

:MIME content-encoding Ͽ
:AddIconByEncoding icon MIME-encoding [MIME-encoding] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing Ѵ. Icon (%-escaped) URL Ȥ (alttext,url) ̴. ⼭ alttext ׸ ܴ ̴.

MIME-encoding content-encoding شϴ ϵī ǥ̴.

AddIconByEncoding /icons/compress.xbm x-compress

top

AddIconByType þ

:MIME content-type Ͽ
:AddIconByType icon MIME-type [MIME-type] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

þ FancyIndexing MIME-type Ѵ. Icon (%-escaped) URL Ȥ (alttext,url) ̴. ⼭ alttext ׸ ܴ ̴.

MIME-type mime type شϴ ϵī ǥ̴.

AddIconByType (IMG,/icons/image.xbm) image/*

top

DefaultIcon þ

:Ư Ͽ
:DefaultIcon url-path
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

DefaultIcon þ FancyIndexing Ư ̴. Icon (%-escaped) URL̴.

DefaultIcon /icon/unknown.xbm

top

HeaderName þ

:ϸ ̸
:HeaderName filename
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

HeaderName þ ϸ տ ̸ Ѵ. Filename ϸ̴.

HeaderName HEADER.html

HeaderName ReadmeName Filename Ϸ 丮 URI η ޾Ƶδ. Filename ϸ DocumentRoot η ޾Ƶδ.

HeaderName /include/HEADER.html

Filename major content type text/* ( , text/html, text/plain, ) ؾ Ѵ. , ũƮ ( ƴ) type text/html Ѵٸ filename CGI ũƮ ִ:

AddType text/html .cgi

Options MultiViews ϸ Ѵ. filename (CGI ũƮ ƴ) text/html ̰ options Includes IncludesNOEXEC ϳ Ѵٸ server-side includes óѴ. (mod_include )

HeaderName Ͽ (<html>, <head>, ) HTML ۺκ Եִٸ IndexOptions +SuppressHTMLPreamble Ͽ κ ߰ʴ .

top

IndexIgnore þ

:丮 Ͽ ϸ ߰Ѵ
:IndexIgnore file [file] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexIgnore þ 丮 Ͽ ϸ ߰Ѵ. File ( ϴ) ȭϵī ǥ̳ ü ϸ ִ. IndexIgnore þ ϸ ϸ üʰ Ͽ ϵ ߰Ѵ. ⺻ . ( 丮) Ѵ.

IndexIgnore README .htaccess *.bak *~

top

IndexOptions þ

:
:IndexOptions [+|-]option [[+|-]option] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexOptions þ 丮 Ѵ. Option ϳ̴

DescriptionWidth=[n | *] (ġ 2.0.23 )
DescriptionWidth Ű带 Ͽ ڴ ִ.
-DescriptionWidth ϸ (Ȥ ƹ͵ ) mod_autoindex Ѵ.
DescriptionWidth=n n Ʈ Ѵ.
DescriptionWidth=* ִ¸ŭ ø.
© ִ AddDescription ϶.
FancyIndexing
丮 fancy .
FoldersFirst (ġ 2.0.23 )
ɼ ϸ 丮 ׻ , 丮 ִ Ϲ ڿ ´. ⺻ ϰ 丮 , Ͽ 丮 δ. , ̸ ϰ FoldersFirst Ѵٸ 丮 ZedBeta տ , 丮 Beta Ϲ Gamma Alpha տ ´. ɼ FancyIndexing Բ Ҷ ȿ ִ.
HTMLTable (, ġ 2.0.23 )
FancyIndexing ɼ HTML ǥ fancy 丮 . ɼ ȥ ϶. ɼ WinNT ٸ utf-8 ÷ ϸ̳ б (ʿ Ȥ ʿ ) ٸ Ư ϴ.
IconsAreLinks
fancy Ͽ ϸ ũ Ѵ.
IconHeight[=pixels]
ɼ IconWidth ϸ img ±׿ height width Ӽ Ѵ. ׷ ̹ Ȳ ̸ ִ. ɼǿ ġ ϴ ǥ ̸ Ѵ.
IconWidth[=pixels]
ɼ IconHeight ϸ img ±׿ height width Ӽ Ѵ. ׷ ̹ Ȳ ̸ ִ. ɼǿ ġ ϴ ǥ Ѵ.
IgnoreCase
ɼ ϸ ҹ ʰ ̸ Ѵ. , ̸ ̰ IgnoreCase ϸ Zeta alfa ڿ ´ (: GAMMA ׻ gamma տ ´).
IgnoreClient
ɼ ϸ mod_autoindex Ͽ Ŭ̾Ʈ Ǻ Ѵ. (SuppressColumnSorting Ѵ.)
NameWidth=[n | *]
NameWidth Ű Ʈ ϸ Ѵ.
-NameWidth ϸ (Ȥ ƹ͵ ) mod_autoindex Ѵ.
NameWidth=n n Ʈ Ѵ.
NameWidth=* ʿѸŭ ø.
ScanHTMLTitles
fancy Ͽ HTML title ̴´. Ͽ AddDescription ٸ title Ұ оδ. ۾ CPU ũ Ѵ.
SuppressColumnSorting
ɼ ϸ ġ FancyIndexed 丮 Ͽ ̸ ٲٴ ũ ʴ´. ̸ ũ , ̸ ϸ ִ 丮 . ġ 2.0.23 ƱԸƮ ʾҴ. ġ 2.0.23 IndexOptions IgnoreClient Ͽ ƱԸƮ ʴ´.
SuppressDescription
fancy Ͽ ʴ´. ⺻  ǵʰ, ɼ ϸ 23 ٸ 뵵 Ѵ. ϴ AddDescription ϶. ũ⸦ ϴ DescriptionWidth ɼǵ ϶.
SuppressHTMLPreamble
HeaderName þ ִ ǥ HTML ۺκ (<html>, <head>, et cetera) ڿ ÷Ѵ. ׷ SuppressHTMLPreamble ɼ ϸ ó header Ѵ. header Ͽ HTML ־ Ѵ. header ٸ Ϲ ۺκ .
SuppressIcon (ġ 2.0.23 )
fancy Ͽ . SuppressIcon SuppressRules ϸ, (FancyIndexed ) pre ȿ img hr ǥ HTML 3.2 ˸ ȴ.
SuppressLastModified
fancy Ͽ ǥ ʴ´.
SuppressRules (ġ 2.0.23 )
丮 Ͽ (hr ) ʴ´. SuppressIcon SuppressRules ϸ, (FancyIndexed ) pre ȿ img hr ǥ HTML 3.2 ˸ ȴ.
SuppressSize
fancy Ͽ ũ⸦ ǥ ʴ´.
TrackModified (ġ 2.0.23 )
丮 HTTP Last-Modified ETag Ѵ. ɼ ü Ͻýۿ stat() ȿϴ. н ý۰ OS2 JFS, Win32 NTFS ϴ. , OS2 Win32 FAT Ұϴ. ϸ Ŭ̾Ʈ Ͻô HEAD û Ͽ ϸ ȭ ִ.  ü ο ϰ ùٷ , 丮 ִ ũ⳪ ¥ ȭ ϶. н ÷ ũ⳪ ¥ ȭ Last-Modified ٲʴ´. ̷ ȭ ߿ϴٸ ɼ .
VersionSort (ġ 2.0a3 )
VersionSort Ű ȣ ϸ ڿ Ѵ. κ , ϰ ִ κ ڰ Ѵ.

:

foo-1.7
foo-1.7.2
foo-1.7.12
foo-1.8.2
foo-1.8.2a
foo-1.12

0 ϸ, м Ѵ:

foo-1.001
foo-1.002
foo-1.030
foo-1.04

XHTML (ġ 2.0.49 )
XHTML Ű带 ϸ mod_autoindex HTML 3.2 XHTML 1.0 ڵ带 Ѵ.
IndexOptions

ġ 1.3.3 IndexOptions þ ó ũ ȭǾ. Ư:

  • IndexOptions þ Ѵ. :

    <Directory /foo> IndexOptions HTMLTable
    IndexOptions SuppressColumnsorting     </Directory>

    IndexOptions HTMLTable SuppressColumnsorting

  • ( , Ű տ + - ̴) ߰Ǿ.

Ű տ '+' '-' ش Ű尡 ( 丮 ӵǾ) IndexOptions ݿȴ. ׷ տ ƹ͵ Ű带 ӵǰų . 캸:

IndexOptions +ScanHTMLTitles -IconsAreLinks FancyIndexing
IndexOptions +SuppressSize

տ ƹ͵ FancyIndexing ٽ ߰ǿ IndexOptions FancyIndexing +SuppressSize .

Ư 丮 IndexOptions Ϸ Ű տ + - ӵ .

top

IndexOrderDefault þ

:丮 ⺻ Ѵ
:IndexOrderDefault Ascending|Descending Name|Date|Size|Description
⺻:IndexOrderDefault Ascending Name
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexOrderDefault þ FancyIndexing ɼǰ Բ Ѵ. ⺻ fancyindexed 丮 ϸ ̴. IndexOrderDefault ʱ ִ.

IndexOrderDefault ƱԸƮ ޴´. ù° ϴ Ascending () ̳ Descending () ϳ. ι° ƱԸƮ Ÿ Ű Name, Date, Size, Description ϳ. ׻ ϸ ̴.

þ SuppressColumnSorting ɼ ϸ Ư θ 丮 . Ŭ̾Ʈ ٸ 丮 û Ѵ.

top

IndexStyleSheet þ

:丮 Ͽ CSS ŸϽƮ ߰Ѵ
:IndexStyleSheet url-path
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

IndexStyleSheet þ 丮 Ͽ CSS ϸ Ѵ.

Example

IndexStyleSheet "/css/style.css"

top

ReadmeName þ

:ϸ ̸
:ReadmeName filename
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_autoindex

ReadmeName þ ϸ ̸ Ѵ. Filename ϸ̰, ġ η ޾Ƶδ. Filename ϸ DocumentRoot η ޾Ƶδ.

ReadmeName FOOTER.html

2

ReadmeName /include/FOOTER.html

ڼ HeaderName ϶.

mod/mod_cache.html100644 0 0 52635 11237400533 11605 0ustar 0 0 mod_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_cache

ֽ ƴմϴ. ֱٿ ϼ.
:URI Ű Ͽ ijѴ.
:Experimental
:cache_module
ҽ:mod_cache.c

̴. ۾̴...

mod_cache ǻͿ ִ ̳ Ͻõ ij ִ RFC 2616 ȣȯ HTTP ij Ѵ. mod_cache Ϸ (storage management module) ʿϴ. ⺻ ġ ΰ ִ:

mod_disk_cache
ũ ڸ Ѵ.
mod_mem_cache
޸𸮱 ڸ Ѵ. mod_mem_cache ϱڸ ijϰų (heap) ü ijϴ ΰ Ѱ ϵ ִ. mod_mem_cache ڽ ijϰų, (Ͻ(reverse proxy) ˷) ProxyPass Ͽ mod_proxy ޴ ij ִ.

URI Ű ij ϰ ´. ٺȣ ijʴ´.

top

õ þ

õ õ þ
top

Sample httpd.conf

#
# ij
#
LoadModule cache_module modules/mod_cache.so

<IfModule mod_cache.c>
#LoadModule disk_cache_module modules/mod_disk_cache.so
<IfModule mod_disk_cache.c>
CacheRoot c:/cacheroot
CacheSize 256
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
 </IfModule>

LoadModule mem_cache_module modules/mod_mem_cache.so
<IfModule mod_mem_cache.c>
CacheEnable mem /
MCacheSize 4096
MCacheMaxObjectCount 100
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
 </IfModule>
 </IfModule>

top

CacheDefaultExpire þ

:ð ij ⺻ Ⱓ.
:CacheDefaultExpire seconds
⺻:CacheDefaultExpire 3600 (one hour)
:ּ, ȣƮ
:Experimental
:mod_cache

CacheDefaultExpire þ ð ֱټð ij ʴ ⺻ ð Ѵ. CacheMaxExpire ʴ´.

CacheDefaultExpire 86400

top

CacheDisable þ

:Ư URL ij ʴ´
:CacheDisable url-string
:ּ, ȣƮ
:Experimental
:mod_cache

CacheDisable þ ϸ mod_cache url-string url ij ʴ´.

CacheDisable /local_files

top

CacheEnable þ

: ڸ Ͽ URL ijѴ
:CacheEnable cache_type url-string
:ּ, ȣƮ
:Experimental
:mod_cache

CacheEnable þ ϸ mod_cache url-string url ijѴ. ij ڴ cache_type ƱԸƮ Ѵ. cache_type mem mod_mem_cache ϴ ޸𸮱 ڸ Ѵ. cache_type disk mod_disk_cache ϴ ũ ڸ Ѵ. cache_type fd mod_mem_cache ϴ ϱ ij Ѵ.

(Ʒ ) URL ٸ CacheEnable þ ġ ڰ û óҶ ڸ Ѵ. Ͽ CacheEnable þ ڰ ȴ.

CacheEnable mem /manual
CacheEnable fd /images
CacheEnable disk /

top

CacheIgnoreCacheControl þ

:Ŭ̾Ʈ ijʴ û Ѵ.
:CacheIgnoreCacheControl On|Off
⺻:CacheIgnoreCacheControl Off
:ּ, ȣƮ
:Experimental
:mod_cache

no-cache no-store ij ʴ´. CacheIgnoreCacheControl þ ̷ ൿ Ѵ. CacheIgnoreCacheControl On ϸ no-cache no-store ־ ijѴ. ʿ ij ʴ´.

CacheIgnoreCacheControl On

top

CacheIgnoreHeaders þ

:ij HTTP () ʴ´
:CacheIgnoreHeaders header-string [header-string] ...
⺻:CacheIgnoreHeaders None
:ּ, ȣƮ
:Experimental
:mod_cache

RFC 2616 ȩ(hop-by-hop) HTTP ij ʴ´. ȩ HTTP , CacheIgnoreHeaders 쿡 ij ʴ´.

  • Connection
  • Keep-Alive
  • Proxy-Authenticate
  • Proxy-Authorization
  • TE
  • Trailers
  • Transfer-Encoding
  • Upgrade

CacheIgnoreHeaders ij ϸ ȵǴ HTTP ߰ Ѵ. , Ű(cookie) ij ϸ ȵǴ 찡 ִ.

CacheIgnoreHeaders ij HTTP ޴´. (RFC 2616 ) ij ȩ , CacheIgnoreHeaders None Ѵ.

1

CacheIgnoreHeaders Set-Cookie

2

CacheIgnoreHeaders None

:

CacheIgnoreHeaders Ͽ Expires ij ʿ , mod_cache Ѵ.
top

CacheIgnoreNoLastMod þ

:信 Last Modified ٴ Ѵ.
:CacheIgnoreNoLastMod On|Off
⺻:CacheIgnoreNoLastMod Off
:ּ, ȣƮ
:Experimental
:mod_cache

ֱټ ij ʴ´.  ֱټ ( mod_include ó߿) ų ó ִ. CacheIgnoreNoLastMod þ ֱټ ݵ ijϵ . ֱټϰ ð CacheDefaultExpire þ ð Ѵ.

CacheIgnoreNoLastMod On

top

CacheLastModifiedFactor þ

:LastModified ð ð ϴµ ϴ .
:CacheLastModifiedFactor float
⺻:CacheLastModifiedFactor 0.1
:ּ, ȣƮ
:Experimental
:mod_cache

ð ֱټ ִ ֱټ ð ð Ѵ. CacheLastModifiedFactor þ ð ϴ Ŀ factor Ѵ: expiry-period = time-since-last-modified-date * factor expiry-date = current-date + expiry-period , 10 ð Ǿ factor 0.1̶ Ⱓ 10*01 = 1 ð ȴ. ð 3:00pm̶ ð 3:00pm + 1ð = 4:00pm̴. Ⱓ CacheMaxExpire ٸ CacheMaxExpire Ѵ.

CacheLastModifiedFactor 0.5

top

CacheMaxExpire þ

: ijϴ ʴ ִð
:CacheMaxExpire seconds
⺻:CacheMaxExpire 86400 (Ϸ)
:ּ, ȣƮ
:Experimental
:mod_cache

CacheMaxExpire þ ˻ʰ ij HTTP ִ ʴ ִð Ѵ. , ִ ŭ Ǿ. ð Ͽ ִ밪 Ų.

CacheMaxExpire 604800

mod/mod_cern_meta.html100644 0 0 15552 11237400533 12474 0ustar 0 0 mod_cern_meta - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_cern_meta

:CERN Ÿ
:Extension
:cern_meta_module
ҽ:mod_cern_meta.c

CERN Ÿ 䳻. Ÿ ϴ Ͽ Ϲ ܿ ߰ HTTP ִ. ġ .asis ϰ ϰ, Expires: ϰų ٸ ű ϵ ִ. Ÿ ٷ پ, ̹ ϴ CERN ڵ ߴ.

ڼ CERN metafile semantics ϶.

top

MetaDir þ

:CERN Ÿ ã 丮 ̸
:MetaDir directory
⺻:MetaDir .web
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_cern_meta

ġ Ÿ ã 丮 Ѵ. 丮 ִ 丮 '' 丮. "." ϸ 丮 ã´:

MetaDir .

ƴϸ ִ 丮 Ѵ:

MetaDir .meta

top

MetaFiles þ

:CERN Ÿ óѴ
:MetaFiles on|off
⺻:MetaFiles off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_cern_meta

丮 Ÿ óθ Ѵ.

top

MetaSuffix þ

:CERN Ÿ ϴ ̻
:MetaSuffix suffix
⺻:MetaSuffix .meta
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_cern_meta

Ÿ ϴ ̻縦 Ѵ. , þ ⺻ DOCUMENT_ROOT/somedir/index.html ûϸ DOCUMENT_ROOT/somedir/.web/index.html.meta Ͽ MIME ߰Ѵ.

:

MetaSuffix .meta

mod/mod_cgi.html100644 0 0 31143 11237400533 11273 0ustar 0 0 mod_cgi - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_cgi

ֽ ƴմϴ. ֱٿ ϼ.
:CGI ũƮ
:Base
:cgi_module
ҽ:mod_cgi.c

mime type application/x-httpd-cgḭų (ġ 1.1 ) ڵ鷯 cgi-script CGI ũƮ νϿ, ϰ, Ŭ̾Ʈ . AddType þ Ȯڸ ų, ScriptAlias 丮 ȿ CGI óȴ.

CGI ũƮ θ DOCUMENT_ROOT ȯ溯 ߰Ѵ. DocumentRoot .

ġ CGI ũƮ ϴ Ұ CGI 丮 ϶.

н ߾ MPM Ѵٸ mod_cgid ؾ Ѵ. 忡 ⺻ ϴ.

top

CGI ȯ溯

CGI ǥ ϴ CGI ȯ溯 Ѵ:

PATH_INFO
AcceptPathInfo þ off 쿡 Ѵ. AcceptPathInfo ⺻ ִ û 404 NOT FOUND , mod_cgi (URI ũƮ ϸ ڿ /more/path/info) ޴´. AcceptPathInfo þ ϸ mod_cgi û ؼ AcceptPathInfo On Ͱ .
REMOTE_HOST
HostnameLookups on̰ (⺻ off), ȣƮ ּҸ DNS ˻Ͽ ȣƮ ã 쿡 Ѵ.
REMOTE_IDENT
IdentityCheck on̰, ȣƮ ident ϴ 쿡 Ѵ. ֱ⶧ ȵǰ, Ŭ̾Ʈ ̿ Ͻð ִٸ ǹ ϶.
REMOTE_USER
CGI ũƮ ľϴ 쿡 Ѵ.
top

CGI

𿡼 ߸ Ǵ ũƮ (ǥ° ǥؿ) ⶧ CGI ũƮ ϱ . ġ 1.2 Ŀ ߰ þ ϸ ߻ ڼ α׿ ִ.

CGI α

CGI α״ CGI Ѵ. ߻ CGI ũƮ α׿ . ù° ׻ Ʒ ̴:

%% [ð] û
%% HTTP- CGI-ũƮ-ϸ

CGI ũƮ αϿ ߰ Ѵ:

%%error

ũƮ ( ũƮ ׶) ߸ ȯϴ , α׿ Ѵ:

%request
HTTP
(ִٸ) POST PUT
%response
CGI ũƮ
%stdout
CGI ǥ
%stderr
CGI ǥؿ

(ũƮ ǥ̳ ǥؿ ƹ 뵵 ʾҴٸ %stdout %stderr κ ִ).

top

ScriptLog þ

:CGI ũƮ α ġ
:ScriptLog file-path
:ּ, ȣƮ
:Base
:mod_cgi, mod_cgid

ScriptLog þ CGI ũƮ α Ѵ. ScriptLog α׸ ʴ´. ϸ ƱԸƮ Ͽ CGI Ѵ. θ ϸ ServerRoot η ޾Ƶδ.

ScriptLog logs/cgi_log

ڽ μ ϴ , User þ α׸ . ׷ ڰ ũƮ αװ ִ 丮 ִ, ̸  ڿ Ѵ. ũƮ α׸ α 丮 дٸ ڽ μ ϴ ڿ ֱ 丮 .

ũƮ α״ CGI ũƮ ۼҶ 뵵 ϴ ϱ ƴ ϶. ӵ ȿ鿡 ȭ ȵְ, ̿ ϸ Ȼ ִ.

top

ScriptLogBuffer þ

:ũƮ α׿ PUT Ȥ POST û ִ뷮
:ScriptLogBuffer bytes
⺻:ScriptLogBuffer 1024
:ּ, ȣƮ
:Base
:mod_cgi, mod_cgid

ū ޾Ƽ α ʹ Ŀ Ͽ PUT Ȥ POST ũ⸦ Ѵ. ⺻ 1024 Ʈ α׿ , þ Ͽ ִ.

top

ScriptLogLength þ

:CGI ũƮ α ũ
:ScriptLogLength bytes
⺻:ScriptLogLength 10385760
:ּ, ȣƮ
:Base
:mod_cgi, mod_cgid

ScriptLogLength CGI ũƮ α ũ⸦ Ѵ. CGI ߻Ҷ ( û , ũƮ ) α׿ ϵDZ⶧ ſ Ŀ ִ. Ŀ þ Ͽ CGI α ִ ũ⸦ Ѵ. ũⰡ ̻ ʴ´.

mod/mod_cgid.html100644 0 0 13052 11237400533 11436 0ustar 0 0 mod_cgid - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_cgid

ֽ ƴմϴ. ֱٿ ϼ.
:ܺ CGI Ͽ CGI ũƮ
:Base
:cgid_module
ҽ:mod_cgid.c
:н 带 ϴ MPMs

Ʒ ϴ ߰ ScriptSock þ ϰ mod_cgid mod_cgi ϰ Ѵ. ġ CGI ڼ mod_cgi ϶.

 н ü ߾ μ ũ(fork)ϸ ο μ θ μ 带 ؾ ϹǷ δ ȴ. CGI ึ ̷ δ ʱ mod_cgid CGI ũƮ ϴ ڽ μ ũϴ ܺ . ּ н(unix domain socket) Ͽ Ѵ.

Ҷ ߾ MPM ϸ ⺻ mod_cgi Ѵ. 忡 mod_cgi ϴ. cgi ̸ ϴ ScriptSock þ ߰ ̴.

top

ScriptSock þ

:cgi ̸
:ScriptSock file-path
⺻:ScriptSock logs/cgisock
:ּ, ȣƮ
:Base
:mod_cgid

þ CGI ̸ Ѵ. ġ ( root) . CGI ũƮ ٸ ڰ ִ 丮 ʴ ߿ϴ.

ScriptSock /var/run/cgid.sock

mod/mod_charset_lite.html100644 0 0 25217 11237400533 13204 0ustar 0 0 mod_charset_lite - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_charset_lite

ֽ ƴմϴ. ֱٿ ϼ.
: ȯ
:Experimental
:charset_lite_module
ҽ:mod_charset_lite.c

̰, ְ ؾ Ѵ. ϴ ϴ mod_charset_lite غ.

mod_charset_lite Ͽ հ Ŭ̾Ʈ ȯ ִ. mod_charset_lite ڷḦ ȯʰ ġ ȯ϶ ûѴ. mod_charset_lite EBCDIC ASCII ȯ濡 ִ. EBCDIC ȯ濡 ġ ġ μ ڵ ISO-8859-1 ȯѴ. mod_charset_lite Ͽ ٸ ȯ ִ. ASCII ȯ濡 ġ ⺻ ȯ ʱ⶧,  ȯ ؼ mod_charset_lite ʿϴ.

þ ġ mod_charset ϴ Ϻθ Ѵ.

top

Ϲ

߸ ̸

mod_charset_lite ϴ ý ARP CharsetSourceEnc CharsetDefault Ķ ̸ ó ־ Ѵ. ̸ ǥȭ ʾҰ, http ϴ ׻ ʴ. APR iconv(3) ϱ⶧, iconv(1) α׷ Ͽ Ư ̸ ִ ִ:

iconv -f charsetsourceenc-value -t charsetdefault-value

ȯĢ ٸ

ȯĢ Ȳ ȯ ִ:

  • ȯ ȯڵ带 ȯϰ ִ.
  • Է¹۸ ȯ Ҷ ¹ۿ Ư ڸ (, ǥ) ִ.
top

CharsetDefault þ

:ȯ
:CharsetDefault charset
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Experimental
:mod_charset_lite

CharsetDefault þ þ ġ ִ ȯ Ѵ.

charset ƱԸƮ APR ϴ ̸ ؾ Ѵ. Ϲ iconv ϴ ǹѴ.

<Directory /export/home/trawick/apacheinst/htdocs/convert>
CharsetSourceEnc UTF-16BE
CharsetDefault ISO-8859-1
 </Directory>

top

CharsetOptions þ

: ȯ
:CharsetOptions option [option] ...
⺻:CharsetOptions DebugLevel=0 NoImplicitAdd
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Experimental
:mod_charset_lite

CharsetOptions þ mod_charset_lite Ѵ. Option Ʒ ׸ ִ

DebugLevel=n
DebugLevel Ű mod_charset_lite ϴ ׹ Ѵ. ⺻  ͵ ʴ´. ̴ DebugLevel=0 . ڸ Ҽ ׹ ϰԵǾ . ڰ ǹ̴ mod_charset_lite.c պκ DBGLVL_ Ǹ ϶.
ImplicitAdd | NoImplicitAdd
ImplicitAdd Ű ȯ ϸ ڵ mod_charset_lite Ϳ ߰Ѵ. AddOutputFilter þ ͼ Ѵٸ, NoImplicitAdd Ͽ mod_charset_lite ڵ Ϳ ߰ʵ ؾ Ѵ.
top

CharsetSourceEnc þ

:
:CharsetSourceEnc charset
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Experimental
:mod_charset_lite

CharsetSourceEnc þ þ ġ ִ ϵ Ѵ.

charset ƱԸƮ APR ϴ ̸ ؾ Ѵ. Ϲ iconv ϴ ǹѴ.

<Directory /export/home/trawick/apacheinst/htdocs/convert>
CharsetSourceEnc UTF-16BE
CharsetDefault ISO-8859-1
 </Directory>

Solaris 8 iconv Ѵ.

mod/mod_dav.html100644 0 0 34012 11237400533 11301 0ustar 0 0 mod_dav - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_dav

ֽ ƴմϴ. ֱٿ ϼ.
:Distributed Authoring and Versioning (WebDAV)
:Extension
:dav_module
ҽ:mod_dav.c

ġ WebDAV ('Web-based Distributed Authoring and Versioning') class 1 class 2 ߰Ѵ. WebDAV ڿ ݷ(collection) (; ݷ Ͻý 丮 ̴) , ű, ϰ, ֵ HTTP Ȯ ̴.

top

WebDAV ϱ

mod_dav Ϸ httpd.conf Ͽ Ʒ ߰Ѵ:

Dav On

׷ mod_dav_fs ϴ DAV Ͻý (provider) Ѵ. ׷Ƿ ⵵ ϵְų LoadModule þ ߿ о鿩 Ѵ.

, DAV (lock) ͺ̽ ġ httpd.conf κп DavLockDB þ Ͽ ؾ Ѵ:

DavLockDB /usr/local/apache2/var/DavLock

ġ ϴ User Group ͺ̽ ִ 丮 Ѵ.

DAV ϴ ġ ϱ <Location> þ ȿ <Limit> þ ִ. DAV Ŭ̾Ʈ ѹ û ִ ִ Ʈ Ϸ LimitXMLRequestBody þ Ѵ. "Ϲ" LimitRequestBody þ DAV û .

ü

DavLockDB /usr/local/apache2/var/DavLock

<Location /foo>
Dav On

AuthType Basic
AuthName DAV
AuthUserFile user.passwd

<LimitExcept GET OPTIONS>
require user admin
 </LimitExcept>
 </Location>

mod_dav Greg Stein Apache 1.3 mod_dav . ⿡ ڼ Ʈ ϶.

top

DAV ϸ Ŭ̾Ʈ ֱ⶧, mod_dav ϱ Ư Ѵ.

DAV ġ ȣؾ Ѵ. HTTP Basic Authentication õ ʴ´. ּ mod_auth_digest ϴ HTTP Digest Authentication ؾ Ѵ. WebDAV Ŭ̾Ʈ Ѵ. ƴϸ SSL ῡ Basic Authentication ִ.

mod_dav Ϸ, ġ ϴ User Group ش 丮 Ͽ Ѵ. , User Group ϰ ȴ. ׷ ƹ ϶. DAV Ҵ ġ ִٰ Ѵ. ġ ʰ ( FTP Ͻý Ͽ) ϸ ȵȴ.

mod_dav 񽺰ź ִ. LimitXMLRequestBody þ Ͽ ū DAV û ޸𸮷 ִ. DavDepthInfinity þ Ͽ ޸𸮸 Ҹϱ ſ ū PROPFIND û ִ. ܼ Ŭ̾Ʈ ū ϵ ũ ä 񽺰ź ݵ ϴ. ġ ̸ . ׷Ƿ ŷʴ ڿ DAV ʵ϶.

top

Ϲ ϳ (PHP ũƮ, CGI ũƮ ) ۾ mod_dav ϴ ̴. ̴ GET û ٿε ʰ ׻ ũƮ ϹǷ ƴ. ذ ϳ 뿡 ΰ URL ϴ ̴. URL ũƮ ϰ, ٸ URLδ ٿεϿ DAV ۾ ִ.

Alias /phparea /home/gstein/php_files
Alias /php-source /home/gstein/php_files
<Location /php-source> DAV On
ForceType text/plain
 </Location>

http://example.com/phparea PHP ũƮ ְ, http://example.com/php-sourceδ DAV Ŭ̾Ʈ ũƮ ִ.

top

Dav þ

:WebDAV HTTP ޽带 Ѵ
:Dav On|Off|provider-name
⺻:Dav Off
:directory
:Extension
:mod_dav

ġ WebDAV HTTP ޽带 Ϸ Dav þ Ѵ:

<Location /foo>
Dav On
 </Location>

On mod_dav_fs ϴ ⺻ filesystem Ī̴.  ġ DAV ϸ DAV ϵ ϶. ϶.

ϰ Ҷ WebDAV . ׷ й ְ ȴ.
top

DavDepthInfinity þ

:PROPFIND Depth: Infinity û 㰡Ѵ
:DavDepthInfinity on|off
⺻:DavDepthInfinity off
:ּ, ȣƮ, directory
:Extension
:mod_dav

DavDepthInfinity þ ϸ 'Depth: Infinity' PROPFIND û 㰡Ѵ. ̷ û Ͽ 񽺰ź ϱ ⺻ ʴ´.

top

DavMinTimeout þ

: DAV ڿ ּҽð
:DavMinTimeout seconds
⺻:DavMinTimeout 0
:ּ, ȣƮ, directory
:Extension
:mod_dav

Ŭ̾Ʈ DAV ڿ (lock) ûҶ ˾Ƽ ִ ð ˷ ִ. ûϻ̸, Ŭ̾Ʈ û ϰ Ŭ̾Ʈ ð ˷ ִ.

DavMinTimeout þ Ŭ̾Ʈ ּ ð (ʴ) Ѵ. Microsoft Web Folders ⺻ 120 ʸ Ѵ. DavMinTimeout (600 ʿ ) ϸ Ŭ̾Ʈ Ʈ ҰԵǴ 츦 ִ.

<Location /MSWord>
DavMinTimeout 600
 </Location>

mod/mod_dav_fs.html100644 0 0 12101 11237400533 11764 0ustar 0 0 mod_dav_fs - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_dav_fs

:mod_dav Ͻý
:Extension
:dav_fs_module
ҽ:mod_dav_fs.c

mod_dav 񽺿 ʿϴ. mod_dav ϴ Ͻýۿ ִ ڿ ֵ Ѵ. (provider) ĸĪ filesystem̴. Dav þ Ͽ mod_dav ޴ ڸ Ѵ:

Dav filesystem

filesystem mod_dav ⺻ ̹Ƿ On ִ.

top

DavLockDB þ

:DAV ͺ̽ ġ
:DavLockDB file-path
:ּ, ȣƮ
:Extension
:mod_dav_fs

DavLockDB þ ͺ̽ ü θ Ȯڸ ϰ Ѵ. ΰ ƴϸ ServerRoot η óѴ. mod_dav_fs SDBM ͺ̽ Ѵ.

DavLockDB var/DavLock

ġ ϴ User Group ͺ̽ ִ 丮 Ѵ. Ȼ 丮 ٲٱ⺸ٴ ͺ̽ 丮 Ѵ. ġ ServerRoot Ʒ var/ 丮 Ȯ DavLock .

mod/mod_dav_lock.html100644 0 0 14266 11237400533 12322 0ustar 0 0 mod_dav_lock - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_dav_lock

Description:generic locking module for mod_dav
Status:Extension
ModuleIdentifier:dav_lock_module
SourceFile:mod_dav_lock.c
Compatibility:Available in version 2.1 and later

Summary

This module implements a generic locking API which can be used by any backend provider of mod_dav. It requires at least the service of mod_dav. But without a backend provider which makes use of it, it's useless and should not be loaded into the server. A sample backend module which actually utilizes mod_dav_lock is mod_dav_svn, the subversion provider module.

Note that mod_dav_fs does not need this generic locking module, because it uses its own more specialized version.

In order to make mod_dav_lock functional, you just have to specify the location of the lock database using the DavGenericLockDB directive described below.

Developer's Note

In order to retrieve the pointer to the locking provider function, you have to use the ap_lookup_provider API with the arguments dav-lock, generic, and 0.

Directives

See also

top

DavGenericLockDB Directive

Description:Location of the DAV lock database
Syntax:DavGenericLockDB file-path
Context:server config, virtual host, directory
Status:Extension
Module:mod_dav_lock

Use the DavGenericLockDB directive to specify the full path to the lock database, excluding an extension. If the path is not absolute, it will be interpreted relative to ServerRoot. The implementation of mod_dav_lock uses a SDBM database to track user locks.

Example

DavGenericLockDB var/DavLock

The directory containing the lock database file must be writable by the User and Group under which Apache is running. For security reasons, you should create a directory for this purpose rather than changing the permissions on an existing directory. In the above example, Apache will create files in the var/ directory under the ServerRoot with the base filename DavLock and an extension added by the server.

mod/mod_dbd.html100644 0 0 40637 11237400533 11272 0ustar 0 0 mod_dbd - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_dbd

Description:Manages SQL database connections
Status:Extension
ModuleIdentifier:dbd_module
SourceFile:mod_dbd.c
Compatibility:Version 2.1 and later

Summary

mod_dbd manages SQL database connections using APR. It provides database connections on request to modules requiring SQL database functions, and takes care of managing databases with optimal efficiency and scalability for both threaded and non-threaded MPMs. For details, see the APR website and this overview of the Apache DBD Framework by its original developer.

top

Connection Pooling

This module manages database connections, in a manner optimised for the platform. On non-threaded platforms, it provides a persistent connection in the manner of classic LAMP (Linux, Apache, Mysql, Perl/PHP/Python). On threaded platform, it provides an altogether more scalable and efficient connection pool, as described in this article at ApacheTutor. Note that mod_dbd supersedes the modules presented in that article.

top

Apache DBD API

mod_dbd exports five functions for other modules to use. The API is as follows:

typedef struct {
    apr_dbd_t *handle;
    apr_dbd_driver_t *driver;
    apr_hash_t *prepared;
} ap_dbd_t;

/* Export functions to access the database */

/* acquire a connection that MUST be explicitly closed.
 * Returns NULL on error
 */
AP_DECLARE(ap_dbd_t*) ap_dbd_open(apr_pool_t*, server_rec*);

/* release a connection acquired with ap_dbd_open */
AP_DECLARE(void) ap_dbd_close(server_rec*, ap_dbd_t*);

/* acquire a connection that will have the lifetime of a request
 * and MUST NOT be explicitly closed.  Return NULL on error.
 * This is the preferred function for most applications.
 */
AP_DECLARE(ap_dbd_t*) ap_dbd_acquire(request_rec*);

/* acquire a connection that will have the lifetime of a connection
 * and MUST NOT be explicitly closed.  Return NULL on error.
 */
AP_DECLARE(ap_dbd_t*) ap_dbd_cacquire(request_rec*);

/* Prepare a statement for use by a client module */
AP_DECLARE(void) ap_dbd_prepare(server_rec*, const char*, const char*);

/* Also export them as optional functions for modules that prefer it */
APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_open, (apr_pool_t*, server_rec*));
APR_DECLARE_OPTIONAL_FN(void, ap_dbd_close, (server_rec*, ap_dbd_t*));
APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_acquire, (request_rec*));
APR_DECLARE_OPTIONAL_FN(ap_dbd_t*, ap_dbd_cacquire, (conn_rec*));
APR_DECLARE_OPTIONAL_FN(void, ap_dbd_prepare, (server_rec*, const char*, const char*));
top

SQL Prepared Statements

mod_dbd supports SQL prepared statements on behalf of modules that may wish to use them. Each prepared statement must be assigned a name (label), and they are stored in a hash: the prepared field of an ap_dbd_t. Hash entries are of type apr_dbd_prepared_t and can be used in any of the apr_dbd prepared statement SQL query or select commands.

It is up to dbd user modules to use the prepared statements and document what statements can be specified in httpd.conf, or to provide their own directives and use ap_dbd_prepare.

top

DBDExptime Directive

Description:Keepalive time for idle connections
Syntax:DBDExptime time-in-seconds
Default:DBDExptime 300
Context:server config, virtual host
Status:Extension
Module:mod_dbd

Set the time to keep idle connections alive when the number of connections specified in DBDKeep has been exceeded (threaded platforms only).

top

DBDKeep Directive

Description:Maximum sustained number of connections
Syntax:DBDKeep number
Default:DBDKeep 2
Context:server config, virtual host
Status:Extension
Module:mod_dbd

Set the maximum number of connections per process to be sustained, other than for handling peak demand (threaded platforms only).

top

DBDMax Directive

Description:Maximum number of connections
Syntax:DBDMax number
Default:DBDMax 10
Context:server config, virtual host
Status:Extension
Module:mod_dbd

Set the hard maximum number of connections per process (threaded platforms only).

top

DBDMin Directive

Description:Minimum number of connections
Syntax:DBDMin number
Default:DBDMin 1
Context:server config, virtual host
Status:Extension
Module:mod_dbd

Set the minimum number of connections per process (threaded platforms only).

top

DBDParams Directive

Description:Parameters for database connection
Syntax:DBDParams param1=value1[,param2=value2]
Context:server config, virtual host
Status:Extension
Module:mod_dbd

As required by the underlying driver. Typically this will be used to pass whatever cannot be defaulted amongst username, password, database name, hostname and port number for connection.

Connection string parameters for current drivers include:

MySQL
host, port, user, pass, dbname, sock
Oracle
user, pass, dbname, server
PostgreSQL
The connection string is passed straight through to PQconnectdb
SQLite2
The connection string is split on a colon, and part1:part2 is used as sqlite_open(part1, atoi(part2), NULL)
SQLite3
The connection string is passed straight through to sqlite3_open
top

DBDPersist Directive

Description:Whether to use persistent connections
Syntax:DBDPersist On|Off
Context:server config, virtual host
Status:Extension
Module:mod_dbd

If set to Off, persistent and pooled connections are disabled. A new database connection is opened when requested by a client, and closed immediately on release. This option is for debugging and low-usage servers.

The default is to enable a pool of persistent connections (or a single LAMP-style persistent connection in the case of a non-threaded server), and should almost always be used in operation.

Prior to version 2.2.2, this directive accepted only the values 0 and 1 instead of Off and On, respectively.

top

DBDPrepareSQL Directive

Description:Define an SQL prepared statement
Syntax:DBDPrepareSQL "SQL statement" label
Context:server config, virtual host
Status:Extension
Module:mod_dbd

For modules such as authentication that repeatedly use a single SQL statement, optimum performance is achieved by preparing the statement at startup rather than every time it is used. This directive prepares an SQL statement and assigns it a label.

top

DBDriver Directive

Description:Specify an SQL driver
Syntax:DBDriver name
Context:server config, virtual host
Status:Extension
Module:mod_dbd

Selects an apr_dbd driver by name. The driver must be installed on your system (on most systems, it will be a shared object or dll). For example, DBDriver mysql will select the MySQL driver in apr_dbd_mysql.so.

mod/mod_deflate.html100644 0 0 44541 11237400533 12143 0ustar 0 0 mod_deflate - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_deflate

ֽ ƴմϴ. ֱٿ ϼ.
: Ŭ̾Ʈ Ѵ
:Extension
:deflate_module
ҽ:mod_deflate.c

mod_deflate Ʈ Ŭ̾Ʈ ϴ DEFLATE ͸ Ѵ.

top

ߺ

ߺ ̴.

Ϻ type

AddOutputFilterByType DEFLATE text/html text/plain text/xml

Ʒ Ͽ ׷ ϴ. ϶.

̹

<Location />
# ͸ ߰Ѵ
SetOutputFilter DEFLATE

# Netscape 4.x ִ...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 ִ
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE Netscape ڽ ˸,
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# : ġ 2.0.48 mod_setenvif ׶
# ǥ ʴ´. ϴ ȿ
# Ͽ Ѵ:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# ̹ ʴ´
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Ͻð ߸ ʵ Ѵ
Header append Vary User-Agent env=!dont-vary
 </Location>

top

ϱ

DEFLATE Ѵ. þ þ ִ ġ Ѵ:

SetOutputFilter DEFLATE

ϸ ó ϴ ֱ⶧ html ϸ ϱ (Ʒ ) gzip-only-text/html 1 𸥴. ̸ 1 ƴ ϸ Ѵ.

Ư MIME type Ϸ AddOutputFilterByType þ Ѵ. html ϸ Ѵ:

<Directory "/your-server-root/manual">
AddOutputFilterByType DEFLATE text/html
 </Directory>

ó ϴ Դ ʰ BrowserMatch þ no-gzip Ѵ. no-gzip gzip-only-text/html ִ. ڰ ڸ Ѵ. Ϻθ 캸:

BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

User-Agent ڿ Netscape Navigator 4.x ˻Ѵ. text/html ƴ type ó Ѵ. 4.06, 4.07, 4.08 html óϴ´뵵 ִ. ׷ 츮 deflate ͸ ʴ´.

° BrowserMatch þ Microsoft Internet Explorer ڽ "Mozilla/4" ˸ û ó ֱ⶧ user agent Ѵ. User-Agent "MSIE" (\b "ܾ " Ѵ) ڿ ߰ϸ տ Ǭ.

DEFLATE ʹ ׻ PHP SSI RESOURCE ڿ . , û(subrequest) ʴ´.

SetEnv force-gzip ȯ溯 ϸ accept-encoding ϰ .

Ǯ

mod_deflate gzip Ǫ ͵ Ѵ. Ϸ SetOutputFilter AddOutputFilter Ͽ ͼ INFLATE ͸ ߰Ѵ.

<Location /dav-area>
ProxyPass http://example.com/
SetOutputFilter INFLATE
 </Location>

example.com gzip Ǯ, ٸ Ͱ ó ֵ Ѵ.

Է Ǯ

mod_deflate gzip û Ǫ ͵ Ѵ. Ϸ SetInputFilter AddInputFilter Ͽ Էͼ DEFLATE ͸ ߰Ѵ.

<Location /dav-area>
SetInputFilter DEFLATE
 </Location>

û Content-Encoding: gzip ִٸ ڵ Ǭ. gzip û ִ 幰. ׷  WebDAV Ŭ̾Ʈ Ư α׷ û Ѵ.

Content-Length

û 캻ٸ, Content-Length ! Content-Length Ŭ̾Ʈ , Ǭ Ʈ ƴϴ.

top

Ͻ ٷ

mod_deflate Ͻð ڽ ij Accept-Encoding û Ŭ̾ƮԸ Vary: Accept-Encoding HTTP ߰Ѵ. ׷ Ŭ̾Ʈ ʵ Ѵ.

, User-Agent  Ư Ѵٸ, Ͻÿ ̷ ˷ֱ Vary ߰ؾ Ѵ. , User-Agent DEFLATE ͸ ߰Ѵٸ Ѵ:

Header append Vary User-Agent

û ٸ ( , HTTP ) ΰ ȴٸ, Vary * ؾ Ѵ. ׷ ǥ Ͻô ij ʰ ȴ.

Header set Vary *

top

DeflateBufferSize þ

:zlib ѹ ũ
:DeflateBufferSize value
⺻:DeflateBufferSize 8096
:ּ, ȣƮ
:Extension
:mod_deflate

DeflateBufferSize þ zlib ѹ Ʈ Ѵ.

top

DeflateCompressionLevel þ

: ϴ°
:DeflateCompressionLevel value
⺻:Zlib's default
:ּ, ȣƮ
:Extension
:mod_deflate
:ġ 2.0.45

DeflateCompressionLevel þ Ѵ. Ŭ , CPU Ѵ.

( ) 1 ( ) 9 Ѵ.

top

DeflateFilterNote þ

: α׿ Ѵ
:DeflateFilterNote [type] notename
:ּ, ȣƮ
:Extension
:mod_deflate
:type ġ 2.0.4

DeflateFilterNote þ û α׿ ϴ ȣ Ѵ. ȣ ̸ þ ̴. 踦 α ȣ ִ.

DeflateFilterNote ratio

LogFormat '"%r" %b (%{ratio}n) "%{User-agent}i"' deflate
CustomLog logs/deflate_log deflate

α׿ Ȯ Ϸ type ƱԸƮ ڷḦ Ѵ. type ϳ̴:

Input
Է½Ʈ Ʈ Ѵ.
Output
½Ʈ Ʈ Ѵ..
Ratio
(output/input * 100) Ѵ. type ƱԸƮ ϸ ϴ ⺻̴.

׷ ̷ α׿ ִ:

α

DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio

LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog logs/deflate_log deflate

top

DeflateMemLevel þ

:zlib Ҷ ϴ ޸𸮷
:DeflateMemLevel value
⺻:DeflateMemLevel 9
:ּ, ȣƮ
:Extension
:mod_deflate

DeflateMemLevel þ zlib Ҷ 󸶸ŭ ޸𸮸 Ѵ. (1 9 )

top

DeflateWindowSize þ

:Zlib window size
:DeflateWindowSize value
⺻:DeflateWindowSize 15
:ּ, ȣƮ
:Extension
:mod_deflate

DeflateWindowSize þ zlib window size (1 15 ) Ѵ. Ϲ window size Ŭ Ѵ.

mod/mod_dir.html100644 0 0 21242 11237400533 11306 0ustar 0 0 mod_dir - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_dir

ֽ ƴմϴ. ֱٿ ϼ.
:" " ̷ ϰ 丮 index Ѵ
:Base
:dir_module
ҽ:mod_dir.c

丮 index Ѱ ȴ:

Ѵٸ ڵ index (Ȥ ü) ִ.

dirname 丮 URL http://servername/foo/dirname û " " ̷ . 丮 ʿϴ. ׷ mod_dir http://servername/foo/dirname/ ̷ .

top

DirectoryIndex þ

:Ŭ̾Ʈ 丮 ûҶ ãƺ ڿ
:DirectoryIndex local-url [local-url] ...
⺻:DirectoryIndex index.html
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_dir

DirectoryIndex þ Ŭ̾Ʈ 丮 / ٿ 丮 index ûҶ ãƺ ڿ Ѵ. Local-url û 丮 (% ڵ) URL̴. 丮 ִ ϸ̴. URL ְ, ù° ã . ڿ ã Indexes ɼ Ͽٸ 丮 .

DirectoryIndex index.html

http://myserver/docs/ ûҶ http://myserver/docs/index.html ̸ , ٸ 丮 .

ݵ 丮 ʿ .

DirectoryIndex index.html index.txt /cgi-bin/index.pl

index.html̳ index.txt CGI ũƮ /cgi-bin/index.pl Ѵ.

top

DirectorySlash þ

: ̷ Ű
:DirectorySlash On|Off
⺻:DirectorySlash On
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_dir
:ġ 2.0.51 ĺ

DirectorySlash þ mod_dir 丮 Ű URL θ Ѵ.

ڰ 丮 شϴ ڿ ûϸ, mod_dir ڸ ڿ ̷Ѵ.

׷ ʰ ſ ˸ ʴٸ ̷ ִ.

# Ʒ !
<Location /some/path>
DirectorySlash Off
SetHandler some-handler
 </Location>

̷ ִ. (Options +Indexes) mod_autoindex ϰ DirectoryIndex (index.html ) ȿ ڿ Ͽ ش URL ٸ Ư ڵ鷯 Ȳ غ. ִ û index.html ش. ׷ û 丮 ش.

mod/mod_disk_cache.html100644 0 0 23634 11237400533 12614 0ustar 0 0 mod_disk_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_disk_cache

ֽ ƴմϴ. ֱٿ ϼ.
:Content cache storage manager keyed to URIs
:Experimental
:disk_cache_module
ҽ:mod_disk_cache.c

̴. ۾̴...

mod_disk_cache ũ ڸ Ѵ. ⺻ mod_proxy Ѵ.

URI Ű ij ϰ ´. ٺȣ ijʴ´.

:

mod_disk_cache mod_cache ʿϴ.

top

CacheDirLength þ

:丮 ڰ
:CacheDirLength length
⺻:CacheDirLength 2
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheDirLength þ ij 丮 ڼ Ѵ.

CacheDirLevels CacheDirLength Ͽ 20 ũ ȵȴ.

CacheDirLength 4

top

CacheDirLevels þ

:ij 丮 .
:CacheDirLevels levels
⺻:CacheDirLevels 3
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheDirLevels þ ij 丮 ̸ Ѵ. ij ڷḦ CacheRoot 丮 Ʒ ̱ Ѵ.

CacheDirLevels CacheDirLength Ͽ 20 ũ ȵȴ.

CacheDirLevels 5

top

CacheMaxFileSize þ

:ij ִũ (Ʈ )
:CacheMaxFileSize bytes
⺻:CacheMaxFileSize 1000000
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheMaxFileSize þ ij ִũ⸦ Ʈ Ѵ.

CacheMaxFileSize 64000

top

CacheMinFileSize þ

:ij ּũ (Ʈ )
:CacheMinFileSize bytes
⺻:CacheMinFileSize 1
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheMinFileSize þ ij ּũ⸦ Ʈ Ѵ.

CacheMinFileSize 64

top

CacheRoot þ

:ij 丮 root
:CacheRoot directory
:ּ, ȣƮ
:Experimental
:mod_disk_cache

CacheRoot þ ũ ij 丮 Ѵ. mod_disk_cache ġ Ͽų о ݵ þ ؾ Ѵ. CacheRoot ó ʴ´. CacheDirLevels CacheDirLength þ þ root 丮 丮 Ѵ.

CacheRoot c:/cacheroot

mod/mod_dumpio.html100644 0 0 16527 11237400533 12037 0ustar 0 0 mod_dumpio - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_dumpio

Description:Dumps all I/O to error log as desired.
Status:Extension
ModuleIdentifier:dumpio_module
SourceFile:mod_dumpio.c

Summary

mod_dumpio allows for the logging of all input received by Apache and/or all output sent by Apache to be logged (dumped) to the error.log file.

The data logging is done right after SSL decoding (for input) and right before SSL encoding (for output). As can be expected, this can produce extreme volumes of data, and should only be used when debugging problems.

top

Enabling dumpio Support

To enable the module, it should be compiled and loaded in to your running Apache configuration. Logging can then be enabled or disabled via the below directives.

top

DumpIOInput Directive

Description:Dump all input data to the error log
Syntax:DumpIOInput On|Off
Default:DumpIOInput Off
Context:server config
Status:Extension
Module:mod_dumpio
Compatibility:DumpIOInput is only available in Apache 2.1.3 and later.

Enable dumping of all input.

Example

DumpIOInput On

top

DumpIOLogLevel Directive

Description:Controls the logging level of the DumpIO output
Syntax:DumpIOLogLevel level
Default:DumpIOLogLevel debug
Context:server config
Status:Extension
Module:mod_dumpio
Compatibility:DumpIOLogLevel is only available in Apache 2.2.4 and later.

Enable dumping of all output at a specific LogLevel level.

Example

DumpIOLogLevel notice

Compatibility

Prior to 2.2.4 mod_dumpio would only dump to the log when LogLevel was set to debug
top

DumpIOOutput Directive

Description:Dump all output data to the error log
Syntax:DumpIOOutput On|Off
Default:DumpIOOutput Off
Context:server config
Status:Extension
Module:mod_dumpio
Compatibility:DumpIOOutput is only available in Apache 2.1.3 and later.

Enable dumping of all output.

Example

DumpIOOutput On

mod/mod_echo.html100644 0 0 7444 11237400533 11436 0ustar 0 0 mod_echo - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_echo

ֽ ƴմϴ. ֱٿ ϼ.
: ϱ echo
:Experimental
:echo_module
ҽ:mod_echo.c
:Apache 2.0 ĺ

ϱ ̴. echo Ѵ. telnetϿ 𰡸 Էϸ, Է ״ ȯѴ.

top

ProtocolEcho þ

:echo Ű
:ProtocolEcho On|Off
:ּ, ȣƮ
:Experimental
:mod_echo
:ProtocolEcho 2.0 Ŀ ִ.

ProtocolEcho þ echo Ű .

ProtocolEcho On

mod/mod_env.html100644 0 0 13747 11237400533 11333 0ustar 0 0 mod_env - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_env

ֽ ƴմϴ. ֱٿ ϼ.
:CGI ũƮ SSI ȯ溯 Ѵ
:Base
:env_module
ҽ:mod_env.c

CGI ũƮ SSI ȯ溯 Ѵ. ȯ溯 ִ. ƴϸ ߿ ȯ溯 ϰ ִ.

top

PassEnv þ

: ȯ溯 ´
:PassEnv env-variable [env-variable] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_env

Ư ȯ溯 CGI ũƮ SSI Ѵ.

PassEnv LD_LIBRARY_PATH

top

SetEnv þ

:ȯ溯 Ѵ
:SetEnv env-variable value
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_env

CGI ũƮ SSI ȯ溯 Ѵ.

SetEnv SPECIAL_PATH /foo/bin

top

UnsetEnv þ

:ȯ溯 Ѵ
:UnsetEnv env-variable [env-variable] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_env

CGI ũƮ SSI ȯ溯 ʴ´.

UnsetEnv LD_LIBRARY_PATH

mod/mod_example.html100644 0 0 16040 11237400533 12163 0ustar 0 0 mod_example - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_example

ֽ ƴմϴ. ֱٿ ϼ.
:ġ API Ѵ
:Experimental
:example_module
ҽ:mod_example.c

ġ modules/experimental 丮 ִ ϵ ġ API Ͽ ۼϷ .

mod_example.c ݹ(callback) ȣ ϴ ̴. ⿡ ݹ ʿ䰡 . ݴ!

example ϴ ̴. ϰ Ư ġ "example-handler" ڵ鷯 ҴϿ װ ¡ϸ example ݹ Ȯ ִ.

top

example ϱ

example Ϸ ģ:

  1. --enable-example ɼǰ Բ configure Ѵ.
  2. Ѵ ("make" Ѵ).

ڽ ߰Ϸ:

  1. cp modules/experimental/mod_example.c modules/new_module/mod_myexample.c
  2. Ѵ.
  3. modules/new_module/config.m4 .
    1. APACHE_MODPATH_INIT(new_module) ߰Ѵ.
    2. modules/experimental/config.m4 Ͽ "example" ִ APACHE_MODULE ؿ´.
    3. ù° ƱԸƮ "example" myexample Ѵ.
    4. ι° ƱԸƮ ڸ ڽ ⿡ ´. configure --help ϸ ⿡ ش.
    5. Ҷ Ư C Ϸ ɼ, Ŀ ɼ, ̺귯 ʿϸ CFLAGS, LDFLAGS, LIBS ߰Ѵ. modules 丮 ִ ٸ config.m4 ϵ ϶.
    6. APACHE_MODPATH_FINISH ߰Ѵ.
  4. module/new_module/Makefile.in . ϴµ Ư ɾ ʿٸ, Ͽ include $(top_srcdir)/build/special.mk ־ ȴ.
  5. ֻ 丮 ./buildconf Ѵ.
  6. --enable-myexample ɼ Ͽ Ѵ
top

mod_example ϱ

example Ϸ httpd.conf Ͽ ߰϶:

<Location /example-info>
SetHandler example-handler
</Location>

ƴϸ .htaccess Ͽ ߰ϰ, ġ "test.example" û϶:

AddHandler example-handler .example

ġ ¡ϸ տ Ե ̴.

top

Example þ

:ġ API ϱ þ
:Example
:ּ, ȣƮ, directory, .htaccess
:Experimental
:mod_example

Example þ example ڵ鷯 θ Ѵ. þ ƱԸƮ ʴ´. example ڵ鷯 URL ϸ û ϱ ȿ Լ  ׸  Ҹ ִ. þ ȿ "Example directive declared here: YES/NO" Ȯ ִ.

mod/mod_expires.html100644 0 0 26253 11237400533 12216 0ustar 0 0 mod_expires - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_expires

:ڰ ؿ Expires Cache-Control HTTP Ѵ
:Extension
:expires_module
ҽ:mod_expires.c

Expires HTTP Cache-Control HTTP max-age þ Ѵ. ð Ȥ Ŭ̾Ʈ ð ִ.

HTTP Ŭ̾Ʈ ȿ Ӽ ˷ش. ð ʾҴٸ, ij ͵ ȴ. ٸ ij "ǰ" ȿ ʴٰ Ͽ, ҽ ; Ѵ.

Header þ Ͽ max-age ٸ Cache-Control þ(RFC 2616, 14.9 ) ִ.

top

ٸ

ExpiresDefault ExpiresByType þ б ִ:

ExpiresDefault "<base> [plus] {<num> <type>}*"
ExpiresByType type/encoding "<base> [plus] {<num> <type>}*"

<base> ϳ̴:

  • access
  • now ('access' )
  • modification

plus Ű  ȴ. <num> [atoi() ִ] ̴. <type> ϳ̴:

  • years
  • months
  • weeks
  • days
  • hours
  • minutes
  • seconds

, δ ⺻ ӵ 1Ŀ ȴٰ Ѵ:

ExpiresDefault "access plus 1 month"
ExpiresDefault "access plus 4 weeks"
ExpiresDefault "access plus 30 days"

'<num> <type>' ݺؼ Ͽ ð ڼ ִ:

ExpiresByType text/html "access plus 1 month 15 days 2 hours"
ExpiresByType image/gif "modification plus 5 hours 3 minutes"

ð(modification) ð ϴ ũ ִ Ͽ ʴ´ٸ Expires ʴ´. 뿡 ð ̴.

top

ExpiresActive þ

:Expires Ѵ
:ExpiresActive On|Off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_expires

þ ش (, .htaccess Ͽ Ѵٸ 丮 Ʒ ִ 鸸 شȴ.) Expires Cache-Control Ѵ. (.htaccess ܰ迡 ʴ ) Off̸ ش ִ ̵ ʴ´. On̸ ExpiresByType ExpiresDefault þ (ش ׸ ϶) Ģ Ϸ Ѵ.

þ Expires Cache-Control ʴ´. Ģ ش ʴٸ ġ þ ó ʴ´.

top

ExpiresByType þ

:MIME type Expires Ѵ
:ExpiresByType MIME-type <code>seconds
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_expires

þ Ư ( , text/html) Expires Cache-Control max-age þ Ѵ. ι° ƱԸƮ ð Ҷ ð ʴ Ѵ. Cache-Control: max-age ð û ð ϰ, ʴ ǥѴ.

ð ֱ ð Ȥ Ŭ̾Ʈ ð̴. ̶ <code> ʵ ؾ Ѵ. M ð ֱ ð ϰ, A Ŭ̾Ʈ ð Ѵ.

̴ ̹ϴ. M ϸ ij ִ 纻 ð ȴ. ׷ ׻ URL ãƺ ִ ְ 뵵 . A ϸ 纻 ð ٸ. ̴ ʴ ׸Ͽ, Ư ׸ Ҷ ( , ̹ ª Ⱓ ݺؼ ٵȴ), ϴ.

:

# Ѵ
ExpiresActive On
# Ŭ̾Ʈ ij GIF ׸ Ŀ Ѵ
ExpiresByType image/gif A2592000
# HTML ϰ ȿϴ ExpiresByType text/html M604800

þ ExpiresActive On Ҷ ȿ ϶. ExpiresDefault þ Ͽ Ư MIME type ؼ ð ִ.

տ ٸ Ͽ ð ִ.

top

ExpiresDefault þ

:ð ϴ ⺻ ˰
:ExpiresDefault <code>seconds
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Extension
:mod_expires

þ ش ִ ð ϴ ⺻ ˰ Ѵ. ExpiresByType þ Ͽ ִ. ƱԸƮ ڼ þ ٸ ϶.

mod/mod_ext_filter.html100644 0 0 36235 11237400533 12705 0ustar 0 0 mod_ext_filter - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_ext_filter

ֽ ƴմϴ. ֱٿ ϼ.
: ܺ α׷ ó Ŭ̾Ʈ
:Extension
:ext_filter_module
ҽ:mod_ext_filter.c

mod_ext_filter ϸ ϰ ͼ ִ. ǥԷ¿ а ǥ¿ α׷(, н ɾ) ġ ͷ ִ. ̷ ʹ ġ API ġ μ ȿ Ǵ Ϳ ſ , ִ:

  • α׷ ſ ϴ
  • α׷ ǥԷ¿ а ǥ¿ ִٸ  α׷/ũƮ ִ
  • ̹ ִ α׷ ġ ͷ ִ

ϱ⿡ , mod_ext_filter Ͽ ͸  ִ.

top

ٸ type HTML

# mod_ext_filter þ
# ܺ α׷ /usr/bin/enscript Ͽ
# ϰ text/c HTML
# type text/html ϴ ͸ Ѵ
ExtFilterDefine c-to-html mode=output \
intype=text/c outtype=text/html \
cmd="/usr/bin/enscript --color -W html -Ec -o - -"
<Directory "/export/home/trawick/apacheinst/htdocs/c">
# ¿ ο ͸ ϴ core þ
SetOutputFilter c-to-html

# .c type text/c mod_mime
# þ
AddType text/c .c

# û
# ˷ִ α׹ ϴ mod_ext_filter
# þ
ExtFilterOptions DebugLevel=1
 </Directory>

content ڵ ϱ

Note: Ʒ gzip ̴. 񽺿 Ϸ mod_deflate ϱ ٶ.

# ܺ ͸ ϴ mod_ext_filter þ
ExtFilterDefine gzip mode=output cmd=/bin/gzip

<Location /gzipped>
# Ҷ gzip ͸ ϴ core þ
SetOutputFilter gzip

# "Content-Encoding: gzip" ߰ϴ
# mod_header þ
Header set Content-Encoding gzip
 </Location>

ϱ

# cat ϴ ͸ ϴ
# mod_ext_filter þ; cat ƹ͵
# ʴ´; óθ Ͽ ڿ ҸѴ
ExtFilterDefine slowdown mode=output cmd=/bin/cat \
preservescontentlength
<Location />
# Ҷ slowdown ͸ ϴ core þ
#
SetOutputFilter slowdown;slowdown;slowdown
 </Location>

sed Ͽ 信 üϱ

# 信 üϴ ͸ ϴ
# mod_ext_filter þ
#
ExtFilterDefine fixtext mode=output intype=text/html \
cmd="/bin/sed s/verdana/arial/g"
<Location />
# Ҷ fixtext ͸ ϴ core þ
SetOutputFilter fixtext
 </Location>

ٸ ͸ ϱ

# ִ Ư Ŭ̾Ʈ(IP 192.168.1.31)
# mod_deflate а ڷḦ Ѵ.
# ʹ mod_deflate ڷḦ Ѵ.
ExtFilterDefine tracebefore \
cmd="/bin/tracefilter.pl /tmp/tracebefore" \
EnableEnv=trace_this_client
# ʹ mod_deflate ڷḦ Ѵ.
# ftype Ķ͸ ʴ , ⺻
# AP_FTYPE_RESOURCE mod_deflate **
# д. AP_FTYPE_CONTENT_SET ڰ
# ϸ mod_deflate Ŀ Ѵ.
ExtFilterDefine traceafter \
cmd="/bin/tracefilter.pl /tmp/traceafter" \
EnableEnv=trace_this_client ftype=21
<Directory /usr/local/docs>
SetEnvIf Remote_Addr 192.168.1.31 trace_this_client
SetOutputFilter tracebefore;deflate;traceafter
 </Directory>

ڷḦ ϴ ̴:

#!/usr/local/bin/perl -w
use strict;

open(SAVE, ">$ARGV[0]")
or die "can't open $ARGV[0]: $?";
while (<STDIN>) {
print SAVE $_;
print $_;
 }

close(SAVE);

top

ExtFilterDefine þ

:ܺ ͸ Ѵ
:ExtFilterDefine filtername parameters
:ּ
:Extension
:mod_ext_filter

ExtFilterDefine þ ܺ α׷, ƱԸƮ Ѵ.

filtername ̸ Ѵ. ̸ SetOutputFilter þ Ѵ. ͵鰣 ̸ ġ ȵȴ. ͵ API ʴ´. ׷ ڴ ̸ ġ Ѵ.

ܺ ɾ ٸ ϴ ƱԸƮ  ͵ ϴ. , cmd= Ķʹ ݵ ʿϴ. ִ Ķʹ :

cmd=cmdline
cmd= Ű ܺ ɾ Ѵ. α׷ ڿ ƱԸƮ ִٸ ֵǥ Ѵ ( , cmd="/bin/mypgm arg1 arg2"). ġʰ α׷ ϱ⶧ Ϲ ǥ ʿ. α׷ ƱԸƮ Ѵ. α׷ ƱԸƮ ִٸ տ 齽 ؾ Ѵ. 齽 ƱԸƮ Ϻζ 齽 ι ؾ Ѵ. α׷ Ҷ ǥ CGI ȯ溯 ߰ DOCUMENT_URI, DOCUMENT_PATH_INFO, QUERY_STRING_UNESCAPED Ѵ.
mode=mode
óϴ ʹ (⺻) mode=output Ѵ. û óϴ ʹ mode=input Ѵ. mode=input ġ 2.1 ߰Ǿ.
intype=imt
Ķʹ ͷ ó ͳ media type(, MIME type) Ѵ. ⺻ ͷ óѴ. intype= ϸ ٸ type ͷ ó ʴ´.
outtype=imt
Ķʹ ͷ ó ͳ media type(, MIME type) Ѵ. ó ۾߿ ͳ media type Ҷ ϴ. ⺻, ͳ media type ʴ´.
PreservesContentLength
PreservesContentLength Ű Ͱ content length ϵ Ѵ. κ Ͱ content length ϹǷ Ű ⺻ ƴϴ. Ͱ ̸ Ҷ Ű带 ؾ Ѵ.
ftype=filtertype
Ķʹ ڰ Ѵ. κ ⺻ AP_FTYPE_RESOURCE ϴ. ͸ ϴ ڿͿ ޶ϴ ĶͰ ʿϴ. ˷ util_filter.h ִ AP_FTYPE_* Ǹ ϶.
disableenv=env
Ķͷ ȯ溯 ǵǾٸ ͸ ʴ´.
enableenv=env
Ķͷ ȯ溯 ǵ ͸ Ѵ.
top

ExtFilterOptions þ

:mod_ext_filter ɼ Ѵ
:ExtFilterOptions option [option] ...
⺻:ExtFilterOptions DebugLevel=0 NoLogStderr
:directory
:Extension
:mod_ext_filter

ExtFilterOptions þ mod_ext_filter Ư óɼ Ѵ. Option ϳ.

DebugLevel=n
DebugLevel Ű mod_ext_filter ϴ Ѵ. ⺻ ׹ ʴ´. ̴ DebugLevel=0 . ڸ Ҽ, ׹ ϵǰ . ڰ ǹ̴ mod_ext_filter.c պκп ִ DBGLVL_ ǿ ִ.

: α׸ Ϸ core þ LogLevel Ͽ ׹ ġ α׿ ؾ Ѵ.

LogStderr | NoLogStderr
LogStderr Ű ܺ α׷ ǥؿ ϴ ġ α׿ Ѵ. NoLogStderr ʴ´.

ExtFilterOptions LogStderr DebugLevel=0

ϸ Ͱ ǥؿ ϴ ġ α׿ ϰ, mod_ext_filter ü ׹ ʴ´.

mod/mod_file_cache.html100644 0 0 25527 11237400533 12604 0ustar 0 0 mod_file_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_file_cache

ֽ ƴմϴ. ֱٿ ϼ.
:޸𸮿 ϵ ij
:Experimental
:file_cache_module
ҽ:mod_file_cache.c

ؼ ؾ Ѵ. mod_file_cache Ͽ Ʈ ⶧ IJ б ٶ.

ʰ ûǴ ij Ͽ ϸ ִ. mod_file_cache ûǴ ΰ ij Ѵ. þ Ͽ mod_file_cache (open) mmap() ƴϸ ڵ Ѵ. ϱ ʿ ۾ Ϻθ (Ư ۾) û Ź ϴ Ҷ ѹ Ͽ ϰ Ѵ.

: CGI α׷̳ Ư ڵ鷯 ϴ ӵ . ġ core ڵ鷯 ϴ ϹϿ ȴ.

ġ 1.3 ִ mod_mmap_static Ȯ .

top

mod_file_cache ϱ

mod_file_cache ּ MMapFile CacheFile þ Ͽ ϵ ij Ѵ.

÷ þ ϴ ƴϴ. , ġ MMapStatic þ , AIX ٸ ÷ θ Ѵ. ʴ þ α׿ . ʴ þ ص ij ʴ´. þ ϴ ÷ Ѵٸ  غ.

MMapFile þ

mod_file_cache MMapFile þ ϵ mmap() ýȣ Ͽ ޸𸮿 Ѵ. ֽ н ü ýȣ , ü ִ. , mmap() ִ ũ ý Ƿ ̸ غ .

Ҷ Ҷ mmap()Ѵ. ׷ Ͻýۿ ش ϳ Ǹ ؾ Ѵ (ߴܰ ). ٽ ؼ Ǿµ ̻ϰ û 𸥴. (unlink) ڸ ο ؾ Ѵ. rdist mv ټ ̷ Ѵ. Ź ߰ ʿ stat() ˻簡 ʿϰ Ҷ ǵ ϱ⶧ ȭ Ѵ.

CacheFile þ

mod_file_cache CacheFile þ þ ( ϵ)  ڵ(handle) Ȥ (file descriptor) ij Ѵ. ûϸ ij ڵ ãƼ API sendfile() ( TransmitFile()) ѱ.

Ҷ Ҷ ڵ ijѴ. ׷ Ͻýۿ ij ϳ Ǹ ؾ Ѵ (ߴܰ ). ٽ ؼ Ǿµ ̻ϰ û 𸥴. (unlink) ڸ ο ؾ Ѵ. rdist mv ټ ̷ Ѵ.

丮 ij ϴ þ . غ... Include þ Ͽ ɾ Ѵ:

find /www/htdocs -type f -print \
| sed -e 's/.*/mmapfile &/' > /www/conf/mmap.conf

top

CacheFile þ

:۽ ڵ ijѴ
:CacheFile file-path [file-path] ...
:ּ
:Experimental
:mod_file_cache

CacheFile þ Ҷ (open) ϵ ڵ ij Ѵ. ڵ ij ڵ ݴ´(close). Ͻýۿ Ǹ ٽ ijϱ ؾ Ѵ.

file-path ƱԸƮ ض. ƱԸƮ ġ URL-ϸ ȯ ڵ鷯 Ͻý ο Ȯ ġؾ Ѵ. ѹ ʿ stat() ýȣ ʿϱ⶧ inode ɺũ θ . mod_alias mod_rewrite ۼ ϸ ٷ ֱ⵵ ⵵ ϴ.

CacheFile /usr/local/apache/htdocs/index.html

top

MMapFile þ

:۽ ޸𸮿 Ѵ
:MMapFile file-path [file-path] ...
:ּ
:Experimental
:mod_file_cache

MMapFile þ Ҷ ( ƱԸƮ ) ޸𸮿 Ѵ(map). ڵ Ǭ(unmap). Ͻýۿ Ǹ ϵ ٽ mmap()ϱ ּ HUP̳ USR1 ñ׳ Ѵ.

file-path ƱԸƮ ض. ƱԸƮ ġ URL-ϸ ȯ ڵ鷯 Ͻý ο Ȯ ġؾ Ѵ. ѹ ʿ stat() ýȣ ʿϱ⶧ inode ɺũ θ . mod_alias mod_rewrite ۼ ϸ ٷ ֱ⵵ ⵵ ϴ.

MMapFile /usr/local/apache/htdocs/index.html

mod/mod_filter.html100644 0 0 61465 11237400533 12030 0ustar 0 0 mod_filter - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_filter

Description:Context-sensitive smart filter configuration module
Status:Base
ModuleIdentifier:filter_module
SourceFile:mod_filter.c
Compatibility:Version 2.1 and later

Summary

This module enables smart, context-sensitive configuration of output content filters. For example, apache can be configured to process different content-types through different filters, even when the content-type is not known in advance (e.g. in a proxy).

mod_filter works by introducing indirection into the filter chain. Instead of inserting filters in the chain, we insert a filter harness which in turn dispatches conditionally to a filter provider. Any content filter may be used as a provider to mod_filter; no change to existing filter modules is required (although it may be possible to simplify them).

top

Smart Filtering

In the traditional filtering model, filters are inserted unconditionally using AddOutputFilter and family. Each filter then needs to determine whether to run, and there is little flexibility available for server admins to allow the chain to be configured dynamically.

mod_filter by contrast gives server administrators a great deal of flexibility in configuring the filter chain. In fact, filters can be inserted based on any Request Header, Response Header or Environment Variable. This generalises the limited flexibility offered by AddOutputFilterByType, and fixes it to work correctly with dynamic content, regardless of the content generator. The ability to dispatch based on Environment Variables offers the full flexibility of configuration with mod_rewrite to anyone who needs it.

top

Filter Declarations, Providers and Chains

[This image displays the traditional filter model]
Figure 1: The traditional filter model

In the traditional model, output filters are a simple chain from the content generator (handler) to the client. This works well provided the filter chain can be correctly configured, but presents problems when the filters need to be configured dynamically based on the outcome of the handler.

[This image shows the mod_filter model]
Figure 2: The mod_filter model

mod_filter works by introducing indirection into the filter chain. Instead of inserting filters in the chain, we insert a filter harness which in turn dispatches conditionally to a filter provider. Any content filter may be used as a provider to mod_filter; no change to existing filter modules is required (although it may be possible to simplify them). There can be multiple providers for one filter, but no more than one provider will run for any single request.

A filter chain comprises any number of instances of the filter harness, each of which may have any number of providers. A special case is that of a single provider with unconditional dispatch: this is equivalent to inserting the provider filter directly into the chain.

top

Configuring the Chain

There are three stages to configuring a filter chain with mod_filter. For details of the directives, see below.

Declare Filters
The FilterDeclare directive declares a filter, assigning it a name and filter type. Required only if the filter is not the default type AP_FTYPE_RESOURCE.
Register Providers
The FilterProvider directive registers a provider with a filter. The filter may have been declared with FilterDeclare; if not, FilterProvider will implicitly declare it with the default type AP_FTYPE_RESOURCE. The provider must have been registered with ap_register_output_filter by some module. The remaining arguments to FilterProvider are a dispatch criterion and a match string. The former may be an HTTP request or response header, an environment variable, or the Handler used by this request. The latter is matched to it for each request, to determine whether this provider will be used to implement the filter for this request.
Configure the Chain
The above directives build components of a smart filter chain, but do not configure it to run. The FilterChain directive builds a filter chain from smart filters declared, offering the flexibility to insert filters at the beginning or end of the chain, remove a filter, or clear the chain.
top

Examples

Server side Includes (SSI)
A simple case of using mod_filter in place of AddOutputFilterByType

FilterDeclare SSI
FilterProvider SSI INCLUDES resp=Content-Type $text/html
FilterChain SSI

Server side Includes (SSI)
The same as the above but dispatching on handler (classic SSI behaviour; .shtml files get processed).

FilterProvider SSI INCLUDES Handler server-parsed
FilterChain SSI

Emulating mod_gzip with mod_deflate
Insert INFLATE filter only if "gzip" is NOT in the Accept-Encoding header. This filter runs with ftype CONTENT_SET.

FilterDeclare gzip CONTENT_SET
FilterProvider gzip inflate req=Accept-Encoding !$gzip
FilterChain gzip

Image Downsampling
Suppose we want to downsample all web images, and have filters for GIF, JPEG and PNG.

FilterProvider unpack jpeg_unpack Content-Type $image/jpeg
FilterProvider unpack gif_unpack Content-Type $image/gif
FilterProvider unpack png_unpack Content-Type $image/png

FilterProvider downsample downsample_filter Content-Type $image
FilterProtocol downsample "change=yes"

FilterProvider repack jpeg_pack Content-Type $image/jpeg
FilterProvider repack gif_pack Content-Type $image/gif
FilterProvider repack png_pack Content-Type $image/png
<Location /image-filter>
FilterChain unpack downsample repack
 </Location>

top

Protocol Handling

Historically, each filter is responsible for ensuring that whatever changes it makes are correctly represented in the HTTP response headers, and that it does not run when it would make an illegal change. This imposes a burden on filter authors to re-implement some common functionality in every filter:

  • Many filters will change the content, invalidating existing content tags, checksums, hashes, and lengths.
  • Filters that require an entire, unbroken response in input need to ensure they don't get byteranges from a backend.
  • Filters that transform output in a filter need to ensure they don't violate a Cache-Control: no-transform header from the backend.
  • Filters may make responses uncacheable.

mod_filter aims to offer generic handling of these details of filter implementation, reducing the complexity required of content filter modules. This is work-in-progress; the FilterProtocol implements some of this functionality for back-compatibility with Apache 2.0 modules. For httpd 2.1 and later, the ap_register_output_filter_protocol and ap_filter_protocol API enables filter modules to declare their own behaviour.

At the same time, mod_filter should not interfere with a filter that wants to handle all aspects of the protocol. By default (i.e. in the absence of any FilterProtocol directives), mod_filter will leave the headers untouched.

At the time of writing, this feature is largely untested, as modules in common use are designed to work with 2.0. Modules using it should test it carefully.

top

FilterChain Directive

Description:Configure the filter chain
Syntax:FilterChain [+=-@!]filter-name ...
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Base
Module:mod_filter

This configures an actual filter chain, from declared filters. FilterChain takes any number of arguments, each optionally preceded with a single-character control that determines what to do:

+filter-name
Add filter-name to the end of the filter chain
@filter-name
Insert filter-name at the start of the filter chain
-filter-name
Remove filter-name from the filter chain
=filter-name
Empty the filter chain and insert filter-name
!
Empty the filter chain
filter-name
Equivalent to +filter-name
top

FilterDeclare Directive

Description:Declare a smart filter
Syntax:FilterDeclare filter-name [type]
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Base
Module:mod_filter

This directive declares an output filter together with a header or environment variable that will determine runtime configuration. The first argument is a filter-name for use in FilterProvider, FilterChain and FilterProtocol directives.

The final (optional) argument is the type of filter, and takes values of ap_filter_type - namely RESOURCE (the default), CONTENT_SET, PROTOCOL, TRANSCODE, CONNECTION or NETWORK.

top

FilterProtocol Directive

Description:Deal with correct HTTP protocol handling
Syntax:FilterProtocol filter-name [provider-name] proto-flags
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Base
Module:mod_filter

This directs mod_filter to deal with ensuring the filter doesn't run when it shouldn't, and that the HTTP response headers are correctly set taking into account the effects of the filter.

There are two forms of this directive. With three arguments, it applies specifically to a filter-name and a provider-name for that filter. With two arguments it applies to a filter-name whenever the filter runs any provider.

proto-flags is one or more of

change=yes
The filter changes the content, including possibly the content length
change=1:1
The filter changes the content, but will not change the content length
byteranges=no
The filter cannot work on byteranges and requires complete input
proxy=no
The filter should not run in a proxy context
proxy=transform
The filter transforms the response in a manner incompatible with the HTTP Cache-Control: no-transform header.
cache=no
The filter renders the output uncacheable (eg by introducing randomised content changes)
top

FilterProvider Directive

Description:Register a content filter
Syntax:FilterProvider filter-name provider-name [req|resp|env]=dispatch match
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Base
Module:mod_filter

This directive registers a provider for the smart filter. The provider will be called if and only if the match declared here matches the value of the header or environment variable declared as dispatch.

provider-name must have been registered by loading a module that registers the name with ap_register_output_filter.

The dispatch argument is a string with optional req=, resp= or env= prefix causing it to dispatch on (respectively) the request header, response header, or environment variable named. In the absence of a prefix, it defaults to a response header. A special case is the word handler, which causes mod_filter to dispatch on the content handler.

The match argument specifies a match that will be applied to the filter's dispatch criterion. The match may be a string match (exact match or substring), a regex, an integer (greater, lessthan or equals), or unconditional. The first characters of the match argument determines this:

First, if the first character is an exclamation mark (!), this reverses the rule, so the provider will be used if and only if the match fails.

Second, it interprets the first character excluding any leading ! as follows:

CharacterDescription
(none)exact match
$substring match
/regex match (delimited by a second /)
=integer equality
<integer less-than
<=integer less-than or equal
>integer greater-than
>=integer greater-than or equal
*Unconditional match
top

FilterTrace Directive

Description:Get debug/diagnostic information from mod_filter
Syntax:FilterTrace filter-name level
Context:server config, virtual host, directory
Status:Base
Module:mod_filter

This directive generates debug information from mod_filter. It is designed to help test and debug providers (filter modules), although it may also help with mod_filter itself.

The debug output depends on the level set:

0 (default)
No debug information is generated.
1
mod_filter will record buckets and brigades passing through the filter to the error log, before the provider has processed them. This is similar to the information generated by mod_diagnostics.
2 (not yet implemented)
Will dump the full data passing through to a tempfile before the provider. For single-user debug only; this will not support concurrent hits.
mod/mod_headers.html100644 0 0 37114 11237400533 12150 0ustar 0 0 mod_headers - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_headers

ֽ ƴմϴ. ֱٿ ϼ.
:HTTP û
:Extension
:headers_module
ҽ:mod_headers.c

HTTP û ϰ ϴ þ Ѵ. ġų ü, ִ.

top

ó

mod_headers ϴ þ ҿ , μ þ ִ.

ó ߿ϸ, Ͽ ޴´. þ ݴ ȿ ޶.

RequestHeader append MirrorID "mirror 12"
RequestHeader unset MirrorID

MirrorID ʴ´. ݴ MirrorID "mirror 12" Ѵ.

top

̸(early) ó (late) ó

mod_headers û ʱ⳪ ߿ ִ. ڸ ϱ û ϰ Ʈ ϴ (late) Ѵ. ϴ ׻ ϶.

̸(early) ڸ ˻/ . early Ű带 Ͽ þ û óϱ Ҷ Ѵ. , ٸ û ǽϰų ˻縦 ϱ , ϱ ٸ ҽÿ ִ.

ûο 캸 ̸ þ óϱ⶧ ̸ þ ּ̳ ȣƮ ҿ ִ. ̸ þ ûο ⶧ <Directory> <Location> ҿ .

top

  1. "TS" ϴ û Ѵ.

    Header echo ^TS

  2. 信 û ð û ϴµ ɸ ð ˷ִ MyHeader ߰Ѵ. Ŭ̾Ʈ ϸ ϰų Ŭ̾Ʈ ã ִ.

    Header add MyHeader "%D %t"

    信 .

    MyHeader: D=3775428 t=991424704447256

  3. Joe ȳ

    Header add MyHeader "Hello Joe. It took %D microseconds \
    for Apache to serve this request."

    信 .

    MyHeader: Hello Joe. It took D=3775428 microseconds for Apache to serve this request.

  4. û "MyRequestHeader" ִ 쿡 信 MyHeader . Ư Ŭ̾ƮԸ 信 ߰Ҷ ϴ. Ϸ mod_setenvif ʿϴ.

    SetEnvIf MyRequestHeader value HAVE_MyRequestHeader
    Header add MyHeader "%D %t mytext" env=HAVE_MyRequestHeader

    HTTP û MyRequestHeader: value ִٸ, 信 .

    MyHeader: D=3775428 t=991424704447256 mytext

top

Header þ

:HTTP Ѵ
:Header [condition] set|append|add|unset|echo header [value] [early|env=[!]variable]
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Extension
:mod_headers

þ HTTP ġų ü, Ѵ. ڵ鷯 Ͱ Ŀ ϱ⶧ ִ.

condition ϸ, onsuccess Ȥ always Ѵ. ̴  ǥ Ѵ. onsuccess 2xx ڵ带 ϰ, always (2xx ) ڵ带 Ѵ. Ư  ϰ ʹٸ,  Ѵ.

ι° ƱԸƮ ٸ. ι° ƱԸƮ Ʒ ϳ ִ.

set
Ѵ. ̸ ̹ ִٸ üѴ. value Ĺڿ ִ.
append
̹ ϴ ̸ ߰Ѵ. ο ġ, ο ̿ ǥ δ. ̴ ϴ HTTP ǥ ̴.
add
̹ ִ ߰Ѵ. ׷ ̸ ΰ (Ȥ ) ִ. ǿ ߻ ֱ⶧ append ؾ Ѵ.
unset
̷ ̸ ִٸ Ѵ. ̸ ִٸ Ѵ. value ʴ´.
echo
̷ ̸ û ״ . header ǥ ִ. value ʴ´.

ƱԸƮ ڿ header ̸ ´. ڿ ݷ ,  ȴ. set, append, add, unset ҹڴ Ѵ. echo header ̸ ڸ ϰ ǥ ִ.

add, append, set Ҷ ° ƱԸƮ value ʿϴ. value ȿ ִٸ ֵǥ Ѵ. value Ϲ ڿ̳ ϴ ڿ̸, ΰ ִ. value ϴ ıڴ .

%% ۼƮ ȣ
%t û ð ǥؽ÷ epoch (1970 1 1) ũ . տ t= ٴ´.
%D û ð Ʈ ɸ ð. û Ⱓ . տ D= ٴ´.
%{FOOBAR}e ȯ溯 FOOBAR .
%{FOOBAR}s mod_ssl Ѵٸ, SSL ȯ溯 FOOBAR .

%s ڴ ġ 2.1 Ŀ ִ. ڴ SSLOptions +StdEnvVars ϴ δ %e ִ.  SSLOptions +StdEnvVars ؾ Ѵٸ, %e %s ξ ȿ̴.

Header þ ڿ ൿ Ͼ ϴ ߰ ƱԸƮ ̸ ó ϴ Ű early ִ. env=... ƱԸƮ ش ȯ溯 Ѵٸ (Ȥ env=!... ȯ溯 ʴٸ) Header þ Ѵ. ׷ þ û ƹ ġ ʴ´.

̸ ƴ϶ Ʈ Header þ óѴ. ׷ Ͱ ߰ϴ κ ϰų  ִ.

top

RequestHeader þ

:HTTP û Ѵ
:RequestHeader set|append|add|unset header [value] [early|env=[!]variable]
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Extension
:mod_headers

þ HTTP û ġų ü, Ѵ. ڵ鷯 ϱ ϱ⶧ ִ. ù° ƱԸƮ ٸ. ù° ƱԸƮ Ʒ ϳ ִ.

set
û Ѵ. ̸ ̹ ִٸ üѴ
append
̹ ϴ ̸ û ߰Ѵ. ο ġ, ο ̿ ǥ δ. ̴ ϴ HTTP ǥ ̴.
add
̹ ִ û ߰Ѵ. ׷ ̸ ΰ (Ȥ ) ִ. ǿ ߻ ֱ⶧ append ؾ Ѵ.
unset
̷ ̸ û ִٸ Ѵ. ̸ ִٸ Ѵ. value ʴ´.

ƱԸƮ ڿ ´. ڿ ݷ ,  ȴ. ҹڴ Ѵ. add, append, set Ҷ ° ƱԸƮ value ʿϴ. value ȿ ִٸ ֵǥ Ѵ. unset Ҷ value ȵȴ. value Ϲ ڿ̳ ϴ ڿ̸, ΰ ִ. ϴ ıڴ Header Ƿ ڼ װ ϶.

RequestHeader þ ڿ ൿ Ͼ ϴ ߰ ƱԸƮ ̸ ó ϴ Ű early ִ. env=... ƱԸƮ ش ȯ溯 Ѵٸ (Ȥ env=!... ȯ溯 ʴٸ) RequestHeader þ Ѵ. ׷ þ û ƹ ġ ʴ´.

̸ ƴ϶ fixup ܰ迡 û شϴ ڵ鷯 ϱ RequestHeader þ óѴ. ׷ Ȥ ġ ԷͰ ų ִ.

mod/mod_ident.html100644 0 0 13361 11237400533 11636 0ustar 0 0 mod_ident - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_ident

:RFC 1413 ident ˻
:Extension
:ident_module
ҽ:mod_ident.c
:ġ 2.1 ĺ

ڸ ã ȣƮ ִ RFC 1413 ȣȯ ˻Ѵ.

top

IdentityCheck þ

: RFC 1413 ſ α׿ Ѵ
:IdentityCheck On|Off
⺻:IdentityCheck Off
:ּ, ȣƮ, directory
:Extension
:mod_ident
:ġ 2.1 core Դ

þ RFC 1413 ̿Ͽ Ŭ̾Ʈ ӽ identd Ѵٸ ῡ ڸ α׿ Ѵ. Ĺڿ %...l Ͽ α׿ Ѵ.

⺻ 뵵 ŷ .

û ˻ ؾ ϱ⶧ Ǵ ߻ ϶. ߰ ȭ̳ Ͻü ִٸ, Ƹ ˻ ̰ û IdentityCheckTimeout þ Ѹŭ ߻Ѵ. ׷ ͳ ʴ.

top

IdentityCheckTimeout þ

:ident û ð Ѵ
:IdentityCheckTimeout seconds
⺻:IdentityCheckTimeout 30
:ּ, ȣƮ, directory
:Extension
:mod_ident

þ ident û ð Ѵ. ⺻ Ʈ Ͽ RFC 1413 ϴ 30 ̴. ׷ Ʈ ӵ Ȳ ðѰ ִ.

mod/mod_imagemap.html100644 0 0 40255 11237400533 12315 0ustar 0 0 mod_imagemap - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_imagemap

ֽ ƴմϴ. ֱٿ ϼ.
: ̹(imagemap) ó
:Base
:imagemap_module
ҽ:mod_imagemap.c

imagemap CGI α׷ Ͽ .map óѴ. (AddHandler SetHandler Ͽ) imap-file ڵ鷯 ϵ 丮 óѴ.

Ʒ þ .map ̹ Ϸ Ѵ.

AddHandler imap-file map

Ʒ Ѵ.

AddType application/x-httpd-imap map

׷ 츮 " Ư ǹ̰ ִ MIME type" Ϸ ϱ⶧ ̴.

top

ο

̹ ⿡ ̹ α׷  ο ִ.

  • Referer: URL .
  • ο base þ Ͽ ⺻ <base> .
  • imagemap.conf ʿ.
  • (point) .
  • ̹ ޴ .
top

̹

̹ Ʒ ۼѴ.

directive value [x,y ...]
directive value "Menu text" [x,y ...]
directive value x,y ... "Menu text"

directive base, default, poly, circle, rect, point ϳ. value URL̳ URL Ȥ Ʒ Ư Ѵ. ǥ x,y ̴. ǥ ̹ ޴ 鶧 ũ Ѵ. '#' ϴ ̴ּ.

̹ þ

̹ Ͽ 6 þ ִ. þ Ư , ̹ Ͽ óѴ.

base þ

<base href="value"> Ѵ. Ͽ URL URL ƴ϶ URL Ѵ. base þ .htaccess ̳ Ͽ ImapBase Ѵ. ImapBase þ ٸ ⺻ base http://server_name/̴.

base_uri base . URL .

default þ
ش ǥ poly, circle, rect þ ش ʰ point þ ൿ Ѵ. ImapDefault ٸ ⺻ 204 No Content ڵ带 ȯϴ nocontent̴. Ŭ̾Ʈ Ѵ.
poly þ
鰳 ִ. ڰ ̷ ٰ ǥ 쿡 Ѵ.
circle
߽ɰ ǥ ޴´. ڰ ǥ 쿡 Ѵ.
rect þ
簢 𼭸 ǥ ޴´. 簢 ǥ 쿡 Ѵ.
point þ
ǥ ޴´. ٸ þ ڰ ǥ point þ Ѵ. point þ ϰ ȿ ǥ default ʴ´.

þ ִ

þ Ʒ value ִ.

URL

URL̳ URL ִ. URL '..' , base ã´.

base Ҷ base Ѵ. ׷, base mailto: ִ.

map
̹ ü URL . ǥ ImapMenu none ƴ϶ ޴ .
menu
map .
referer
(ũ ) URL . Referer: ٸ ⺻ http://servername/̴.
nocontent
Ŭ̾Ʈ ״ ֶ 204 No Content ڵ带 . base þ ִ.
error
и Ÿ 500 Server Error . base þ , default ܿ .

ǥ

0,0 200,200
ǥ ǥ x y ̴. ǥ Ѵ. ̹ ٷ Ļ Lynx Ǹ ڰ 0,0 ǥ Ͽٸ ǥ ó Ѵ.

ǥ

"Menu Text"

value ڳ ǥ ڿ ֵǥ ִ. ڿ ޴ 鶧 ũ Ѵ.

<a href="http://foo.com/">Menu text</a>

ǥ ٸ ũ ũ Ѵ.

<a href="http://foo.com/">http://foo.com</a>

ֵǥ &quot; Ѵ.

top

#'formatted' 'semiformatted' ޴ ּ Ѵ.
#׸ ּ html ±׸ ִ. <hr>
base referer
poly map "޴ ּ." 0,0 0,10 10,10 10,0
rect .. 0,0 77,27 " ִ 丮"
circle http://www.inetnebr.com/lincoln/feedback/ 195,0 305,27
rect another_file " 丮 ִ" 306,0 419,27
point http://www.zyzzyva.com/ 100,100
point http://www.tripod.com/ 200,200
rect mailto:nate@tripod.com 100,150 200,0 "?"

top

ϱ

HTML

<a href="/maps/imagemap1.map">
<img ismap src="/images/imagemap1.gif">
 </a>

XHTML

<a href="/maps/imagemap1.map">
<img ismap="ismap" src="/images/imagemap1.gif" />
 </a>

top

ImapBase þ

:̹ Ͽ base
:ImapBase map|referer|URL
⺻:ImapBase http://servername/
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_imagemap

ImapBase þ ̹ Ͽ base ⺻ Ѵ. ̹ ȿ base þ ϸ ⼭ Ѵ. ٸ, basehttp://servername/̴.

top

ImapDefault þ

:̹ʿ ش ʴ ǥ ⺻ ൿ
:ImapDefault error|nocontent|map|referer|URL
⺻:ImapDefault nocontent
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_imagemap

ImapDefault þ ̹ Ͽ default ⺻ Ѵ. ̹ ȿ default þ ϸ ⼭ Ѵ. ٸ, default ൿ Ŭ̾Ʈ 204 No Content nocontent̴. Ŭ̾Ʈ ״ Ѵ.

top

ImapMenu þ

:ǥ ̹ û ൿ
:ImapMenu none|formatted|semiformatted|unformatted
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Indexes
:Base
:mod_imagemap

ImapMenu þ ̹ Ͽ ȿ ǥ ൿ Ѵ.

none
ImapMenu none̸, ޴ ʰ default ൿ Ѵ.
formatted
formatted ޴ ޴. ̹ ּ Ѵ. ū ǥ ϰ, ũ پ Ѵ. ޴ ϰǰ ϸ, 丮 ϰ ϴ.
semiformatted
semiformatted ޴ ̹ Ͽ ּ Ѵ. HTML ٲ ȯѴ. ǥ ׸ , formatted ޴ .
unformatted
ּ ϰ, Ѵ. ̹ Ͽ ִ 븸 Ѵ. ̹ ּ ʿ ٲް ǥ Ѵ. ޴ ܰ ٹ , ̹ ǻ Ϲ ƴ HTML Ѵ.
mod/mod_include.html100644 0 0 126034 11237400533 12200 0ustar 0 0 mod_include - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_include

Description:Server-parsed html documents (Server Side Includes)
Status:Base
ModuleIdentifier:include_module
SourceFile:mod_include.c
Compatibility:Implemented as an output filter since Apache 2.0

Summary

This module provides a filter which will process files before they are sent to the client. The processing is controlled by specially formatted SGML comments, referred to as elements. These elements allow conditional text, the inclusion of other files or programs, as well as the setting and printing of environment variables.

top

Enabling Server-Side Includes

Server Side Includes are implemented by the INCLUDES filter. If documents containing server-side include directives are given the extension .shtml, the following directives will make Apache parse them and assign the resulting document the mime type of text/html:

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

The following directive must be given for the directories containing the shtml files (typically in a <Directory> section, but this directive is also valid in .htaccess files if AllowOverride Options is set):

Options +Includes

For backwards compatibility, the server-parsed handler also activates the INCLUDES filter. As well, Apache will activate the INCLUDES filter for any document with mime type text/x-server-parsed-html or text/x-server-parsed-html3 (and the resulting output will have the mime type text/html).

For more information, see our Tutorial on Server Side Includes.

top

PATH_INFO with Server Side Includes

Files processed for server-side includes no longer accept requests with PATH_INFO (trailing pathname information) by default. You can use the AcceptPathInfo directive to configure the server to accept requests with PATH_INFO.

top

Basic Elements

The document is parsed as an HTML document, with special commands embedded as SGML comments. A command has the syntax:

<!--#element attribute=value attribute=value ... -->

The value will often be enclosed in double quotes, but single quotes (') and backticks (`) are also possible. Many commands only allow a single attribute-value pair. Note that the comment terminator (-->) should be preceded by whitespace to ensure that it isn't considered part of an SSI token. Note that the leading <!--# is one token and may not contain any whitespaces.

The allowed elements are listed in the following table:

ElementDescription
config configure output formats
echo print variables
exec execute external programs
fsize print size of a file
flastmod print last modification time of a file
include include a file
printenv print all available variables
set set a value of a variable

SSI elements may be defined by modules other than mod_include. In fact, the exec element is provided by mod_cgi, and will only be available if this module is loaded.

The config Element

This command controls various aspects of the parsing. The valid attributes are:

echomsg (Apache 2.1 and later)
The value is a message that is sent back to the client if the echo element attempts to echo an undefined variable. This overrides any SSIUndefinedEcho directives.
errmsg
The value is a message that is sent back to the client if an error occurs while parsing the document. This overrides any SSIErrorMsg directives.
sizefmt
The value sets the format to be used when displaying the size of a file. Valid values are bytes for a count in bytes, or abbrev for a count in Kb or Mb as appropriate, for example a size of 1024 bytes will be printed as "1K".
timefmt
The value is a string to be used by the strftime(3) library routine when printing dates.

The echo Element

This command prints one of the include variables defined below. If the variable is unset, the result is determined by the SSIUndefinedEcho directive. Any dates printed are subject to the currently configured timefmt.

Attributes:

var
The value is the name of the variable to print.
encoding

Specifies how Apache should encode special characters contained in the variable before outputting them. If set to none, no encoding will be done. If set to url, then URL encoding (also known as %-encoding; this is appropriate for use within URLs in links, etc.) will be performed. At the start of an echo element, the default is set to entity, resulting in entity encoding (which is appropriate in the context of a block-level HTML element, e.g. a paragraph of text). This can be changed by adding an encoding attribute, which will remain in effect until the next encoding attribute is encountered or the element ends, whichever comes first.

The encoding attribute must precede the corresponding var attribute to be effective, and only special characters as defined in the ISO-8859-1 character encoding will be encoded. This encoding process may not have the desired result if a different character encoding is in use.

In order to avoid cross-site scripting issues, you should always encode user supplied data.

The exec Element

The exec command executes a given shell command or CGI script. It requires mod_cgi to be present in the server. If Options IncludesNOEXEC is set, this command is completely disabled. The valid attributes are:

cgi

The value specifies a (%-encoded) URL-path to the CGI script. If the path does not begin with a slash (/), then it is taken to be relative to the current document. The document referenced by this path is invoked as a CGI script, even if the server would not normally recognize it as such. However, the directory containing the script must be enabled for CGI scripts (with ScriptAlias or Options ExecCGI).

The CGI script is given the PATH_INFO and query string (QUERY_STRING) of the original request from the client; these cannot be specified in the URL path. The include variables will be available to the script in addition to the standard CGI environment.

Example

<!--#exec cgi="/cgi-bin/example.cgi" -->

If the script returns a Location: header instead of output, then this will be translated into an HTML anchor.

The include virtual element should be used in preference to exec cgi. In particular, if you need to pass additional arguments to a CGI program, using the query string, this cannot be done with exec cgi, but can be done with include virtual, as shown here:

<!--#include virtual="/cgi-bin/example.cgi?argument=value" -->

cmd

The server will execute the given string using /bin/sh. The include variables are available to the command, in addition to the usual set of CGI variables.

The use of #include virtual is almost always prefered to using either #exec cgi or #exec cmd. The former (#include virtual) uses the standard Apache sub-request mechanism to include files or scripts. It is much better tested and maintained.

In addition, on some platforms, like Win32, and on unix when using suexec, you cannot pass arguments to a command in an exec directive, or otherwise include spaces in the command. Thus, while the following will work under a non-suexec configuration on unix, it will not produce the desired result under Win32, or when running suexec:

<!--#exec cmd="perl /path/to/perlscript arg1 arg2" -->

The fsize Element

This command prints the size of the specified file, subject to the sizefmt format specification. Attributes:

file
The value is a path relative to the directory containing the current document being parsed.
virtual
The value is a (%-encoded) URL-path. If it does not begin with a slash (/) then it is taken to be relative to the current document. Note, that this does not print the size of any CGI output, but the size of the CGI script itself.

The flastmod Element

This command prints the last modification date of the specified file, subject to the timefmt format specification. The attributes are the same as for the fsize command.

The include Element

This command inserts the text of another document or file into the parsed file. Any included file is subject to the usual access control. If the directory containing the parsed file has Options IncludesNOEXEC set, then only documents with a text MIME-type (text/plain, text/html etc.) will be included. Otherwise CGI scripts are invoked as normal using the complete URL given in the command, including any query string.

An attribute defines the location of the document; the inclusion is done for each attribute given to the include command. The valid attributes are:

file
The value is a path relative to the directory containing the current document being parsed. It cannot contain ../, nor can it be an absolute path. Therefore, you cannot include files that are outside of the document root, or above the current document in the directory structure. The virtual attribute should always be used in preference to this one.
virtual

The value is a (%-encoded) URL-path. The URL cannot contain a scheme or hostname, only a path and an optional query string. If it does not begin with a slash (/) then it is taken to be relative to the current document.

A URL is constructed from the attribute, and the output the server would return if the URL were accessed by the client is included in the parsed output. Thus included files can be nested.

If the specified URL is a CGI program, the program will be executed and its output inserted in place of the directive in the parsed file. You may include a query string in a CGI url:

<!--#include virtual="/cgi-bin/example.cgi?argument=value" -->

include virtual should be used in preference to exec cgi to include the output of CGI programs into an HTML document.

The printenv Element

This prints out a listing of all existing variables and their values. Special characters are entity encoded (see the echo element for details) before being output. There are no attributes.

Example

<!--#printenv -->

The set Element

This sets the value of a variable. Attributes:

var
The name of the variable to set.
value
The value to give a variable.

Example

<!--#set var="category" value="help" -->

top

Include Variables

In addition to the variables in the standard CGI environment, these are available for the echo command, for if and elif, and to any program invoked by the document.

DATE_GMT
The current date in Greenwich Mean Time.
DATE_LOCAL
The current date in the local time zone.
DOCUMENT_NAME
The filename (excluding directories) of the document requested by the user.
DOCUMENT_URI
The (%-decoded) URL path of the document requested by the user. Note that in the case of nested include files, this is not the URL for the current document. Note also that if the URL is modified internally (e.g. by an alias or directoryindex), the modified URL is shown.
LAST_MODIFIED
The last modification date of the document requested by the user.
QUERY_STRING_UNESCAPED
If a query string is present, this variable contains the (%-decoded) query string, which is escaped for shell usage (special characters like & etc. are preceded by backslashes).
top

Variable Substitution

Variable substitution is done within quoted strings in most cases where they may reasonably occur as an argument to an SSI directive. This includes the config, exec, flastmod, fsize, include, echo, and set directives, as well as the arguments to conditional operators. You can insert a literal dollar sign into the string using backslash quoting:

<!--#if expr="$a = \$test" -->

If a variable reference needs to be substituted in the middle of a character sequence that might otherwise be considered a valid identifier in its own right, it can be disambiguated by enclosing the reference in braces, a la shell substitution:

<!--#set var="Zed" value="${REMOTE_HOST}_${REQUEST_METHOD}" -->

This will result in the Zed variable being set to "X_Y" if REMOTE_HOST is "X" and REQUEST_METHOD is "Y".

The below example will print "in foo" if the DOCUMENT_URI is /foo/file.html, "in bar" if it is /bar/file.html and "in neither" otherwise:

<!--#if expr='"$DOCUMENT_URI" = "/foo/file.html"' -->
in foo
 <!--#elif expr='"$DOCUMENT_URI" = "/bar/file.html"' -->
in bar
 <!--#else -->
in neither
 <!--#endif -->

top

Flow Control Elements

The basic flow control elements are:

<!--#if expr="test_condition" -->
<!--#elif expr="test_condition" -->
<!--#else -->
<!--#endif -->

The if element works like an if statement in a programming language. The test condition is evaluated and if the result is true, then the text until the next elif, else or endif element is included in the output stream.

The elif or else statements are used to put text into the output stream if the original test_condition was false. These elements are optional.

The endif element ends the if element and is required.

test_condition is one of the following:

string
true if string is not empty
-A string

true if the URL represented by the string is accessible by configuration, false otherwise. This test only has an effect if SSIEnableAccess is on. This is useful where content on a page is to be hidden from users who are not authorized to view the URL, such as a link to that URL. Note that the URL is only tested for whether access would be granted, not whether the URL exists.

Example

<!--#if expr="-A /private" -->
Click <a href="/private">here</a> to access private information.
 <!--#endif -->

string1 = string2
string1 == string2
string1 != string2

Compare string1 with string2. If string2 has the form /string2/ then it is treated as a regular expression. Regular expressions are implemented by the PCRE engine and have the same syntax as those in perl 5. Note that == is just an alias for = and behaves exactly the same way.

If you are matching positive (= or ==), you can capture grouped parts of the regular expression. The captured parts are stored in the special variables $1 .. $9.

Example

<!--#if expr="$QUERY_STRING = /^sid=([a-zA-Z0-9]+)/" -->
<!--#set var="session" value="$1" -->
 <!--#endif -->

string1 < string2
string1 <= string2
string1 > string2
string1 >= string2
Compare string1 with string2. Note, that strings are compared literally (using strcmp(3)). Therefore the string "100" is less than "20".
( test_condition )
true if test_condition is true
! test_condition
true if test_condition is false
test_condition1 && test_condition2
true if both test_condition1 and test_condition2 are true
test_condition1 || test_condition2
true if either test_condition1 or test_condition2 is true

"=" and "!=" bind more tightly than "&&" and "||". "!" binds most tightly. Thus, the following are equivalent:

<!--#if expr="$a = test1 && $b = test2" -->
<!--#if expr="($a = test1) && ($b = test2)" -->

The boolean operators && and || share the same priority. So if you want to bind such an operator more tightly, you should use parentheses.

Anything that's not recognized as a variable or an operator is treated as a string. Strings can also be quoted: 'string'. Unquoted strings can't contain whitespace (blanks and tabs) because it is used to separate tokens such as variables. If multiple strings are found in a row, they are concatenated using blanks. So,

string1    string2 results in string1 string2

and

'string1    string2' results in string1    string2.

Optimization of Boolean Expressions

If the expressions become more complex and slow down processing significantly, you can try to optimize them according to the evaluation rules:

  • Expressions are evaluated from left to right
  • Binary boolean operators (&& and ||) are short circuited wherever possible. In conclusion with the rule above that means, mod_include evaluates at first the left expression. If the left result is sufficient to determine the end result, processing stops here. Otherwise it evaluates the right side and computes the end result from both left and right results.
  • Short circuit evaluation is turned off as long as there are regular expressions to deal with. These must be evaluated to fill in the backreference variables ($1 .. $9).

If you want to look how a particular expression is handled, you can recompile mod_include using the -DDEBUG_INCLUDE compiler option. This inserts for every parsed expression tokenizer information, the parse tree and how it is evaluated into the output sent to the client.

Escaping slashes in regex strings

All slashes which are not intended to act as delimiters in your regex must be escaped. This is regardless of their meaning to the regex engine.

top

SSIEnableAccess Directive

Description:Enable the -A flag during conditional flow control processing.
Syntax:SSIEnableAccess on|off
Default:SSIEnableAccess off
Context:directory, .htaccess
Status:Base
Module:mod_include

The SSIEnableAccess directive controls whether the -A test is enabled during conditional flow control processing. SSIEnableAccess can take on the following values:

off
<!--#if expr="-A /foo"--> will be interpreted as a series of string and regular expression tokens, the -A has no special meaning.
on
<!--#if expr="-A /foo"--> will evaluate to false if the URL /foo is inaccessible by configuration, or true otherwise.
top

SSIEndTag Directive

Description:String that ends an include element
Syntax:SSIEndTag tag
Default:SSIEndTag "-->"
Context:server config, virtual host
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

This directive changes the string that mod_include looks for to mark the end of an include element.

Example

SSIEndTag "%>"

See also

top

SSIErrorMsg Directive

Description:Error message displayed when there is an SSI error
Syntax:SSIErrorMsg message
Default:SSIErrorMsg "[an error occurred while processing this directive]"
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

The SSIErrorMsg directive changes the error message displayed when mod_include encounters an error. For production servers you may consider changing the default error message to "<!-- Error -->" so that the message is not presented to the user.

This directive has the same effect as the <!--#config errmsg=message --> element.

Example

SSIErrorMsg "<!-- Error -->"

top

SSIStartTag Directive

Description:String that starts an include element
Syntax:SSIStartTag tag
Default:SSIStartTag "<!--#"
Context:server config, virtual host
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

This directive changes the string that mod_include looks for to mark an include element to process.

You may want to use this option if you have 2 servers parsing the output of a file each processing different commands (possibly at different times).

Example

SSIStartTag "<%"
SSIEndTag "%>"

The example given above, which also specifies a matching SSIEndTag, will allow you to use SSI directives as shown in the example below:

SSI directives with alternate start and end tags

<%printenv %>

See also

top

SSITimeFormat Directive

Description:Configures the format in which date strings are displayed
Syntax:SSITimeFormat formatstring
Default:SSITimeFormat "%A, %d-%b-%Y %H:%M:%S %Z"
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.30 and later.

This directive changes the format in which date strings are displayed when echoing DATE environment variables. The formatstring is as in strftime(3) from the C standard library.

This directive has the same effect as the <!--#config timefmt=formatstring --> element.

Example

SSITimeFormat "%R, %B %d, %Y"

The above directive would cause times to be displayed in the format "22:26, June 14, 2002".

top

SSIUndefinedEcho Directive

Description:String displayed when an unset variable is echoed
Syntax:SSIUndefinedEcho string
Default:SSIUndefinedEcho "(none)"
Context:server config, virtual host, directory, .htaccess
Override:All
Status:Base
Module:mod_include
Compatibility:Available in version 2.0.34 and later.

This directive changes the string that mod_include displays when a variable is not set and "echoed".

Example

SSIUndefinedEcho "<!-- undef -->"

top

XBitHack Directive

Description:Parse SSI directives in files with the execute bit set
Syntax:XBitHack on|off|full
Default:XBitHack off
Context:server config, virtual host, directory, .htaccess
Override:Options
Status:Base
Module:mod_include

The XBitHack directive controls the parsing of ordinary html documents. This directive only affects files associated with the MIME-type text/html. XBitHack can take on the following values:

off
No special treatment of executable files.
on
Any text/html file that has the user-execute bit set will be treated as a server-parsed html document.
full
As for on but also test the group-execute bit. If it is set, then set the Last-modified date of the returned file to be the last modified time of the file. If it is not set, then no last-modified date is sent. Setting this bit allows clients and proxies to cache the result of the request.

Note

You would not want to use the full option, unless you assure the group-execute bit is unset for every SSI script which might #include a CGI or otherwise produces different output on each hit (or could potentially change on subsequent requests).

mod/mod_info.html100644 0 0 21517 11237400533 11470 0ustar 0 0 mod_info - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_info

ֽ ƴմϴ. ֱٿ ϼ.
: ش
:Extension
:info_module
ҽ:mod_info.c

mod_info Ϸ httpd.conf Ͽ ߰Ѵ.

<Location /server-info>
SetHandler server-info
 </Location>

̷ ϸ http://your.host.example.com/server-info Ͽ ִ.

top

ѹ mod_info о̸, 丮 ( , .htaccess) Ͽ ڵ鷯 ִ. ׷ Ʈ Ȱ ִ.

Ư ý , ڸ/ȣ, ͺ̽ ̸ ġ þ ΰ ִ. ׷ ׻ ؾ ϸ ȯ濡 ؾ Ѵ.

mod_authz_host Ͽ ִ.

<Location /server-info>
SetHandler server-info
Order allow,deny
# ڽ 㰡
Allow from 127.0.0.1
# ߰, ó ִ ũ̼ 㰡
Allow from 192.168.1.17
 </Location>

top

ִ ϱ

⺻ ϴ ϰ ⺰ ϴ þ , (hook), þ ִ.

server-info û ǹڿ ٿ ٸ ִ. , http://your.host.example.com/server-info?config þ ش.

?<module-name>
?config
⺰ ʰ, þ
?hooks
(hook) ϸ
?list
ϴ ϸ
?server
top

˷ Ѱ

mod_info ʰ ̹ о Ͽ ش. Ľϴ  Ѱ谡 ִ.

top

AddModuleInfo þ

:⿡ ߰ server-info ڵ鷯 ֵ ߰Ѵ
:AddModuleInfo module-name string
:ּ, ȣƮ
:Extension
:mod_info
:ġ 1.3

module-name߰ string HTML ش. ,

AddModuleInfo mod_deflate.c 'See <a \
href="http://www.apache.org/docs/2.2/mod/mod_deflate.html">\
http://www.apache.org/docs/2.2/mod/mod_deflate.html</a>'

mod/mod_isapi.html100644 0 0 44057 11237400533 11646 0ustar 0 0 mod_isapi - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_isapi

ֽ ƴմϴ. ֱٿ ϼ.
:Windows ġ ISAPI Extension
:Base
:isapi_module
ҽ:mod_isapi.c
:Win32 only

Internet Server extension API Ѵ. ׷ Windows ġ Internet Server extension (, ISAPI .dll ) ִ.

ISAPI extension (.dll ) ڰ ۼѴ. Apache Group ̵ ʾ, ʴ´. ISAPI extension 뿡 ISAPI ڿ ϱ ٶ. ̷ ġ ϸƮ ׺ ø .

top

Ͽ AddHandler þ Ͽ ISAPI Ȯڿ isapi-handler ڵ鷯 Ѵ. .dll ISAPI extension óϷ httpd.conf Ͽ ߰Ѵ.

AddHandler isapi-handler .dll

ġ û ޸𸮿 . ׷ httpd.conf Ư ̸ о ִ.

ISAPICacheFile c:/WebWork/Scripts/ISAPI/mytest.dll

ISAPI extension ̸ о̴ ̸ о ʴ ISAPI extension CGI ũƮ Ѱ . , ISAPI .dll ִ 丮 Options ExecCGI ʿϴ.

mod_isapi ISAPI ڼ ߰ ϶.

top

߰

ġ ISAPI 񵿱 ¿ "ũμƮ Ư" Ȯ ISAPI 2.0 Ծ Ѵ. ġ δ ISAPI ִ 񵿱 . ISA 񵿱 ° ʴ Ϸ Ѵٸ, 뿡 ֱ α׿ . αװ ſ Ŀ ֱ⶧ ISAPILogNotSupported Off þ ϸ α׿ ʴ´.

Microsoft IIS ISAPI extension ޸𸮷 о鿩 ޸ 뷮 ſ ʰų Ư ʴ ״ ޸𸮿 д. ġ ISAPICacheFile þ ʴ´ٸ û ISAPI extension ޸𸮿 о̰ . ȿ, ġ ޸ ̰ ȿ ̴. ISAPI ġ ణ ȣȯ ȸ±⶧ ޸𸮿 .

, ġ ISAPI Extension , ISAPI Filter ϶. ߿ ͸ , ȹ .

top

ġ 2.0 mod_isapi α׷Ѵٸ, ServerSupportFunction ȣ þ ؾ Ѵ.

HSE_REQ_SEND_URL_REDIRECT_RESP
ڸ ٸ ġ ̷Ѵ.
URL ؾ Ѵ ( , http://server/location).
HSE_REQ_SEND_URL
ڸ ٸ ġ ̷Ѵ.
URL ƴϸ, ݰ ѱ ( , /location ͸ ).
ƴ϶ ̷ óѴ.

ֱ Microsoft HSE_REQ_SEND_URL ɰ ̸ ó δ. ġ ƱԸƮ ǰ ൿ ٸ ó ̴.

HSE_REQ_SEND_RESPONSE_HEADER
headers ڿ ƱԸƮ (ٹٲ޹ڰ ι ) ִٸ ġ Ѵ. headers ƱԸƮ NULL ⶧, 뿡 NULL .
HSE_REQ_DONE_WITH_SESSION
ISAPI ó ġ ⶧ ġ ƹ ϵ ʴ´.
HSE_REQ_MAP_URL_TO_PATH
ġ ̸ () ̸ ȯѴ.
HSE_APPEND_LOG_PARAMETER
Ʒ α Ѱ .

ù° %{isapi-parameter}n ׸ Ѵ.

HSE_REQ_IS_KEEP_CONN
Keep-Alive ¸ ȯѴ.
HSE_REQ_SEND_RESPONSE_HEADER_EX
fKeepConn ɼ ϴ ϰ µ Ѵ.
HSE_REQ_IS_CONNECTED
û ߰ ٸ false ȯѴ.

ʴ ServerSupportFunction ȣ ϸ ġ FALSE ȯϰ GetLastError ERROR_INVALID_PARAMETER Ѵ.

ReadClient (ISAPIReadAheadBuffer ) ʱũ⸦ Ѿ û ´. ISAPIReadAheadBuffer (ISAPI ڵ鷯 θ Ʈ) ª û extension θ ޵ȴ. û , ISAPI extension ReadClient û ; Ѵ.

WriteClient , HSE_IO_SYNC ɼǸ ϰų (0 ) ƹ ɼǵ ʾƾ Ѵ. ٸ WriteClient û FALSE ȯϸ ϰ, GetLastError ERROR_INVALID_PARAMETER ȴ.

GetServerVariable , (ٸ ϴ) Ȯ . GetServerVariable Ϲ ġ CGI ȯ溯 ALL_HTTP, ALL_RAW ִ.

ġ 2.0 mod_isapi ISAPI Ծ࿡ ߰ ϰ, 񵿱 ° TransmitFile 䳻. , ISAPI .dll ̸ о鿩 ̴ ġ 1.3 mod_isapi Ѵ.

top

ISAPIAppendLogToErrors þ

:ISAPI exntension HSE_APPEND_LOG_PARAMETER û α׿ Ѵ
:ISAPIAppendLogToErrors on|off
⺻:ISAPIAppendLogToErrors off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI exntension HSE_APPEND_LOG_PARAMETER û α׿ Ѵ.

top

ISAPIAppendLogToQuery þ

:ISAPI exntension HSE_APPEND_LOG_PARAMETER û ǹڿ Ѵ
:ISAPIAppendLogToQuery on|off
⺻:ISAPIAppendLogToQuery on
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI exntension HSE_APPEND_LOG_PARAMETER û ǹڿ Ѵ (CustomLog %q ׸ δ).

top

ISAPICacheFile þ

: Ҷ ޸𸮷 о ISAPI .dll ϵ
:ISAPICacheFile file-path [file-path] ...
:ּ, ȣƮ
:Base
:mod_isapi

ġ Ҷ ޸𸮷 о鿩 Ҷ ޸𸮿 ϸ Ͽ Ѵ. þ ISAPI .dll Ϻ ִ. ü θ ´. ΰ ƴϸ ServerRoot η ޾Ƶδ.

top

ISAPIFakeAsync þ

:񵿱 ISAPI ݹ ϴ ôѴ
:ISAPIFakeAsync on|off
⺻:ISAPIFakeAsync off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

on ϸ 񵿱 ISAPI ݹ 䳻.

top

ISAPILogNotSupported þ

:ISAPI extension ʴ ûϸ α׿ Ѵ
:ISAPILogNotSupported on|off
⺻:ISAPILogNotSupported off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI extension ʴ ûϸ α׿ Ѵ. ߿ ڰ ϴµ ȴ. ϴ ISAPI ϸ ٽ off ǵ Ѵ.

top

ISAPIReadAheadBuffer þ

:ISAPI extension ̸б(read ahead buffer) ũ
:ISAPIReadAheadBuffer size
⺻:ISAPIReadAheadBuffer 49152
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_isapi

ISAPI extension ó ȣҶ ̸б ִ ũ⸦ Ѵ. ( ũ⺸ ū) ڷ ReadClient ݹ Ͽ о Ѵ.  ISAPI extension ReadClient ʴ´. ISAPI extension ڿ ϶.

mod/mod_ldap.html100644 0 0 107131 11237400533 11472 0ustar 0 0 mod_ldap - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_ldap

Description:LDAP connection pooling and result caching services for use by other LDAP modules
Status:Extension
ModuleIdentifier:ldap_module
SourceFile:util_ldap.c
Compatibility:Available in version 2.0.41 and later

Summary

This module was created to improve the performance of websites relying on backend connections to LDAP servers. In addition to the functions provided by the standard LDAP libraries, this module adds an LDAP connection pool and an LDAP shared memory cache.

To enable this module, LDAP support must be compiled into apr-util. This is achieved by adding the --with-ldap flag to the configure script when building Apache.

SSL/TLS support is dependant on which LDAP toolkit has been linked to APR. As of this writing, APR-util supports: OpenLDAP SDK (2.x or later), Novell LDAP SDK, Mozilla LDAP SDK, native Solaris LDAP SDK (Mozilla based), native Microsoft LDAP SDK, or the iPlanet (Netscape) SDK. See the APR website for details.

top

Example Configuration

The following is an example configuration that uses mod_ldap to increase the performance of HTTP Basic authentication provided by mod_authnz_ldap.

# Enable the LDAP connection pool and shared
# memory cache. Enable the LDAP cache status
# handler. Requires that mod_ldap and mod_authnz_ldap
# be loaded. Change the "yourdomain.example.com" to
# match your domain.

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600

<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one
AuthzLDAPAuthoritative off
Require valid-user
 </Location>

top

LDAP Connection Pool

LDAP connections are pooled from request to request. This allows the LDAP server to remain connected and bound ready for the next request, without the need to unbind/connect/rebind. The performance advantages are similar to the effect of HTTP keepalives.

On a busy server it is possible that many requests will try and access the same LDAP server connection simultaneously. Where an LDAP connection is in use, Apache will create a new connection alongside the original one. This ensures that the connection pool does not become a bottleneck.

There is no need to manually enable connection pooling in the Apache configuration. Any module using this module for access to LDAP services will share the connection pool.

top

LDAP Cache

For improved performance, mod_ldap uses an aggressive caching strategy to minimize the number of times that the LDAP server must be contacted. Caching can easily double or triple the throughput of Apache when it is serving pages protected with mod_authnz_ldap. In addition, the load on the LDAP server will be significantly decreased.

mod_ldap supports two types of LDAP caching during the search/bind phase with a search/bind cache and during the compare phase with two operation caches. Each LDAP URL that is used by the server has its own set of these three caches.

The Search/Bind Cache

The process of doing a search and then a bind is the most time-consuming aspect of LDAP operation, especially if the directory is large. The search/bind cache is used to cache all searches that resulted in successful binds. Negative results (i.e., unsuccessful searches, or searches that did not result in a successful bind) are not cached. The rationale behind this decision is that connections with invalid credentials are only a tiny percentage of the total number of connections, so by not caching invalid credentials, the size of the cache is reduced.

mod_ldap stores the username, the DN retrieved, the password used to bind, and the time of the bind in the cache. Whenever a new connection is initiated with the same username, mod_ldap compares the password of the new connection with the password in the cache. If the passwords match, and if the cached entry is not too old, mod_ldap bypasses the search/bind phase.

The search and bind cache is controlled with the LDAPCacheEntries and LDAPCacheTTL directives.

Operation Caches

During attribute and distinguished name comparison functions, mod_ldap uses two operation caches to cache the compare operations. The first compare cache is used to cache the results of compares done to test for LDAP group membership. The second compare cache is used to cache the results of comparisons done between distinguished names.

The behavior of both of these caches is controlled with the LDAPOpCacheEntries and LDAPOpCacheTTL directives.

Monitoring the Cache

mod_ldap has a content handler that allows administrators to monitor the cache performance. The name of the content handler is ldap-status, so the following directives could be used to access the mod_ldap cache information:

<Location /server/cache-info>
SetHandler ldap-status
 </Location>

By fetching the URL http://servername/cache-info, the administrator can get a status report of every cache that is used by mod_ldap cache. Note that if Apache does not support shared memory, then each httpd instance has its own cache, so reloading the URL will result in different information each time, depending on which httpd instance processes the request.

top

Using SSL/TLS

The ability to create an SSL and TLS connections to an LDAP server is defined by the directives LDAPTrustedGlobalCert, LDAPTrustedClientCert and LDAPTrustedMode. These directives specify the CA and optional client certificates to be used, as well as the type of encryption to be used on the connection (none, SSL or TLS/STARTTLS).

# Establish an SSL LDAP connection on port 636. Requires that
# mod_ldap and mod_authnz_ldap be loaded. Change the
# "yourdomain.example.com" to match your domain.

LDAPTrustedGlobalCert CA_DER /certs/certfile.der

<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
AuthzLDAPAuthoritative off
Require valid-user
 </Location>

# Establish a TLS LDAP connection on port 389. Requires that
# mod_ldap and mod_authnz_ldap be loaded. Change the
# "yourdomain.example.com" to match your domain.

LDAPTrustedGlobalCert CA_DER /certs/certfile.der

<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one TLS
AuthzLDAPAuthoritative off
Require valid-user
 </Location>

top

SSL/TLS Certificates

The different LDAP SDKs have widely different methods of setting and handling both CA and client side certificates.

If you intend to use SSL or TLS, read this section CAREFULLY so as to understand the differences between configurations on the different LDAP toolkits supported.

Netscape/Mozilla/iPlanet SDK

CA certificates are specified within a file called cert7.db. The SDK will not talk to any LDAP server whose certificate was not signed by a CA specified in this file. If client certificates are required, an optional key3.db file may be specified with an optional password. The secmod file can be specified if required. These files are in the same format as used by the Netscape Communicator or Mozilla web browsers. The easiest way to obtain these files is to grab them from your browser installation.

Client certificates are specified per connection using the LDAPTrustedClientCert directive by referring to the certificate "nickname". An optional password may be specified to unlock the certificate's private key.

The SDK supports SSL only. An attempt to use STARTTLS will cause an error when an attempt is made to contact the LDAP server at runtime.

# Specify a Netscape CA certificate file
LDAPTrustedGlobalCert CA_CERT7_DB /certs/cert7.db
# Specify an optional key3.db file for client certificate support
LDAPTrustedGlobalCert CERT_KEY3_DB /certs/key3.db
# Specify the secmod file if required
LDAPTrustedGlobalCert CA_SECMOD /certs/secmod
<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
LDAPTrustedClientCert CERT_NICKNAME <nickname> [password]
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
AuthzLDAPAuthoritative off
Require valid-user
 </Location>

Novell SDK

One or more CA certificates must be specified for the Novell SDK to work correctly. These certificates can be specified as binary DER or Base64 (PEM) encoded files.

Note: Client certificates are specified globally rather than per connection, and so must be specified with the LDAPTrustedGlobalCert directive as below. Trying to set client certificates via the LDAPTrustedClientCert directive will cause an error to be logged when an attempt is made to connect to the LDAP server..

The SDK supports both SSL and STARTTLS, set using the LDAPTrustedMode parameter. If an ldaps:// URL is specified, SSL mode is forced, override this directive.

# Specify two CA certificate files
LDAPTrustedGlobalCert CA_DER /certs/cacert1.der
LDAPTrustedGlobalCert CA_BASE64 /certs/cacert2.pem
# Specify a client certificate file and key
LDAPTrustedGlobalCert CERT_BASE64 /certs/cert1.pem
LDAPTrustedGlobalCert KEY_BASE64 /certs/key1.pem [password]
# Do not use this directive, as it will throw an error
#LDAPTrustedClientCert CERT_BASE64 /certs/cert1.pem

OpenLDAP SDK

One or more CA certificates must be specified for the OpenLDAP SDK to work correctly. These certificates can be specified as binary DER or Base64 (PEM) encoded files.

Client certificates are specified per connection using the LDAPTrustedClientCert directive.

The documentation for the SDK claims to support both SSL and STARTTLS, however STARTTLS does not seem to work on all versions of the SDK. The SSL/TLS mode can be set using the LDAPTrustedMode parameter. If an ldaps:// URL is specified, SSL mode is forced. The OpenLDAP documentation notes that SSL (ldaps://) support has been deprecated to be replaced with TLS, although the SSL functionality still works.

# Specify two CA certificate files
LDAPTrustedGlobalCert CA_DER /certs/cacert1.der
LDAPTrustedGlobalCert CA_BASE64 /certs/cacert2.pem
<Location /ldap-status>
SetHandler ldap-status
Order deny,allow
Deny from all
Allow from yourdomain.example.com
LDAPTrustedClientCert CERT_BASE64 /certs/cert1.pem
LDAPTrustedClientCert KEY_BASE64 /certs/key1.pem
AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
AuthzLDAPAuthoritative off
Require valid-user
 </Location>

Solaris SDK

SSL/TLS for the native Solaris LDAP libraries is not yet supported. If required, install and use the OpenLDAP libraries instead.

Microsoft SDK

SSL/TLS certificate configuration for the native Microsoft LDAP libraries is done inside the system registry, and no configuration directives are required.

Both SSL and TLS are supported by using the ldaps:// URL format, or by using the LDAPTrustedMode directive accordingly.

Note: The status of support for client certificates is not yet known for this toolkit.

top

LDAPCacheEntries Directive

Description:Maximum number of entries in the primary LDAP cache
Syntax:LDAPCacheEntries number
Default:LDAPCacheEntries 1024
Context:server config
Status:Extension
Module:mod_ldap

Specifies the maximum size of the primary LDAP cache. This cache contains successful search/binds. Set it to 0 to turn off search/bind caching. The default size is 1024 cached searches.

top

LDAPCacheTTL Directive

Description:Time that cached items remain valid
Syntax:LDAPCacheTTL seconds
Default:LDAPCacheTTL 600
Context:server config
Status:Extension
Module:mod_ldap

Specifies the time (in seconds) that an item in the search/bind cache remains valid. The default is 600 seconds (10 minutes).

top

LDAPConnectionTimeout Directive

Description:Specifies the socket connection timeout in seconds
Syntax:LDAPConnectionTimeout seconds
Context:server config
Status:Extension
Module:mod_ldap

Specifies the timeout value (in seconds) in which the module will attempt to connect to the LDAP server. If a connection is not successful with the timeout period, either an error will be returned or the module will attempt to connect to a secondary LDAP server if one is specified. The default is 10 seconds.

top

LDAPOpCacheEntries Directive

Description:Number of entries used to cache LDAP compare operations
Syntax:LDAPOpCacheEntries number
Default:LDAPOpCacheEntries 1024
Context:server config
Status:Extension
Module:mod_ldap

This specifies the number of entries mod_ldap will use to cache LDAP compare operations. The default is 1024 entries. Setting it to 0 disables operation caching.

top

LDAPOpCacheTTL Directive

Description:Time that entries in the operation cache remain valid
Syntax:LDAPOpCacheTTL seconds
Default:LDAPOpCacheTTL 600
Context:server config
Status:Extension
Module:mod_ldap

Specifies the time (in seconds) that entries in the operation cache remain valid. The default is 600 seconds.

top

LDAPSharedCacheFile Directive

Description:Sets the shared memory cache file
Syntax:LDAPSharedCacheFile directory-path/filename
Context:server config
Status:Extension
Module:mod_ldap

Specifies the directory path and file name of the shared memory cache file. If not set, anonymous shared memory will be used if the platform supports it.

top

LDAPSharedCacheSize Directive

Description:Size in bytes of the shared-memory cache
Syntax:LDAPSharedCacheSize bytes
Default:LDAPSharedCacheSize 102400
Context:server config
Status:Extension
Module:mod_ldap

Specifies the number of bytes to allocate for the shared memory cache. The default is 100kb. If set to 0, shared memory caching will not be used.

top

LDAPTrustedClientCert Directive

Description:Sets the file containing or nickname referring to a per connection client certificate. Not all LDAP toolkits support per connection client certificates.
Syntax:LDAPTrustedClientCert type directory-path/filename/nickname [password]
Context:server config, virtual host, directory, .htaccess
Status:Extension
Module:mod_ldap

It specifies the directory path, file name or nickname of a per connection client certificate used when establishing an SSL or TLS connection to an LDAP server. Different locations or directories may have their own independant client certificate settings. Some LDAP toolkits (notably Novell) do not support per connection client certificates, and will throw an error on LDAP server connection if you try to use this directive (Use the LDAPTrustedGlobalCert directive instead for Novell client certificates - See the SSL/TLS certificate guide above for details). The type specifies the kind of certificate parameter being set, depending on the LDAP toolkit being used. Supported types are:

  • CERT_DER - binary DER encoded client certificate
  • CERT_BASE64 - PEM encoded client certificate
  • CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)
  • KEY_DER - binary DER encoded private key
  • KEY_BASE64 - PEM encoded private key
top

LDAPTrustedGlobalCert Directive

Description:Sets the file or database containing global trusted Certificate Authority or global client certificates
Syntax:LDAPTrustedGlobalCert type directory-path/filename [password]
Context:server config
Status:Extension
Module:mod_ldap

It specifies the directory path and file name of the trusted CA certificates and/or system wide client certificates mod_ldap should use when establishing an SSL or TLS connection to an LDAP server. Note that all certificate information specified using this directive is applied globally to the entire server installation. Some LDAP toolkits (notably Novell) require all client certificates to be set globally using this directive. Most other toolkits require clients certificates to be set per Directory or per Location using LDAPTrustedClientCert. If you get this wrong, an error may be logged when an attempt is made to contact the LDAP server, or the connection may silently fail (See the SSL/TLS certificate guide above for details). The type specifies the kind of certificate parameter being set, depending on the LDAP toolkit being used. Supported types are:

  • CA_DER - binary DER encoded CA certificate
  • CA_BASE64 - PEM encoded CA certificate
  • CA_CERT7_DB - Netscape cert7.db CA certificate database file
  • CA_SECMOD - Netscape secmod database file
  • CERT_DER - binary DER encoded client certificate
  • CERT_BASE64 - PEM encoded client certificate
  • CERT_KEY3_DB - Netscape key3.db client certificate database file
  • CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)
  • CERT_PFX - PKCS#12 encoded client certificate (Novell SDK)
  • KEY_DER - binary DER encoded private key
  • KEY_BASE64 - PEM encoded private key
  • KEY_PFX - PKCS#12 encoded private key (Novell SDK)
top

LDAPTrustedMode Directive

Description:Specifies the SSL/TLS mode to be used when connecting to an LDAP server.
Syntax:LDAPTrustedMode type
Context:server config, virtual host
Status:Extension
Module:mod_ldap

The following modes are supported:

  • NONE - no encryption
  • SSL - ldaps:// encryption on default port 636
  • TLS - STARTTLS encryption on default port 389

Not all LDAP toolkits support all the above modes. An error message will be logged at runtime if a mode is not supported, and the connection to the LDAP server will fail.

If an ldaps:// URL is specified, the mode becomes SSL and the setting of LDAPTrustedMode is ignored.

top

LDAPVerifyServerCert Directive

Description:Force server certificate verification
Syntax:LDAPVerifyServerCert On|Off
Default:LDAPVerifyServerCert On
Context:server config
Status:Extension
Module:mod_ldap

Specifies whether to force the verification of a server certificate when establishing an SSL connection to the LDAP server.

mod/mod_log_config.html100644 0 0 51301 11237400533 12635 0ustar 0 0 mod_log_config - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_log_config

ֽ ƴմϴ. ֱٿ ϼ.
: û α׿ Ѵ
:Base
:log_config_module
ҽ:mod_log_config.c

Ŭ̾Ʈ û α׿ Ӱ Ѵ. ڽ ϴ α׸ ְ, ̳ ܺ α׷ α׸ ִ. α׸ ϸ û ݿ û α׿ ߰ϰų ִ.

þ Ѵ. TransferLog α , LogFormat ϴ ϰ, CustomLog ѹ αϰ Ѵ. TransferLog CustomLog þ ϸ û Ͽ ִ.

top

α ϱ

LogFormat CustomLog þ ƱԸƮ ڿ̴. ڿ û αϿ Ѵ. ڿ αϿ ״ Ǵ ڿ ٲް Ÿ C "\n" "\t" ڸ ִ. αϿ ǥ 齽 տ ݵ 齽 Ѵ.

û Ư¡ ڿ "%" þ Ͽ Ѵ. þ αϿ ȴ.

 ڿ
%% ۼƮ ȣ
%...a IP-ּ
%...A () IP-ּ
%...B HTTP Ʈ.
%...b HTTP Ʈ. CLF İ 0 '-' ´.
%...{Foobar}C û Foobar Ű .
%...D û óϴµ ɸ ð (ũ ).
%...{FOOBAR}e ȯ溯 FOOBAR
%...f ϸ
%...h ȣƮ
%...H û
%...{Foobar}i û Foobar: .
%...l (ִٸ identd ) αθ. mod_ident ְ IdentityCheck On ƴϸ ȣ Ѵ.
%...m û ޽
%...{Foobar}n ٸ Foobar Ʈ(note) .
%...{Foobar}o Foobar: .
%...p û ϴ Ʈ
%...P û ϴ ڽ μ ID.
%...{format}P û ϴ ڽ μ ID Ȥ ID. format pid tid ϴ.
%...q ǹڿ (ǹڿ ִٸ տ ? ̰, ٸ ڿ)
%...r û ù°
%...s (status). ̷ǵ û ** û ̴. û ´ %...>s.
%...t common log format ð (ǥ ) ð
%...{format}t strftime(3) format ð. (ð )
%...T û óϴµ ɸ ð ( ).
%...u (auth ϸ, (%s) 401 ̻ )
%...U ǹڿ û URL .
%...v û ServerName.
%...V UseCanonicalName .
%...X .
X = ġ .
+ = Ŀ ִ(keep alive).
- = .

(ġ 1.3 Ĺ þ %...c, ssl %...{var}c ļ ߴ.)

%...I û Ʈ 0 . ̸ Ϸ mod_logio ʿϴ.
%...O ۽ Ʈ 0 . ̸ Ϸ mod_logio ʿϴ.

"..." ( , "%h %u %r %s %b") ƹ͵ ų, ׸ ´ ( ڸ "-" Ѵ). տ "!" ̰ų Ⱥ HTTP ڵ ۼѴ. , "%400,501{User-agent}i" 400 (Bad Request) 501 (Not Implemented) ϶ User-agent: α׿ , "%!200,304,302{Referer}i" ° ƴ û Referer: α׿ .

"<" ">" ̷ǵ û ó û û Ѵ. ⺻ %s, %U, %T, %D, %r ó û , % þ û . ׷ %>s û (status) ϰ, %<u ȣ ʴ ڿ ̷ǵ 쿡 ó ڸ Ѵ.

2.0.46 httpd 2.0 %...r, %...i, %...o ڿ ״ ξ. Common Log Format 䱸 ؼ. , Ŭ̾Ʈ ڸ α׿ ֱ⶧ α ״ ٷ ؾ Ѵ.

Ȼ 2.0.46 ڳ ٸ Ưڸ \xhh ǥѴ. ⼭ hh ش Ʈ 16 ǥ Ÿ. Ģ ܴ 齽 տ ̴ " \, ׸ C 鹮ڵ(\n, \t )̴.

Ϲ ϴ α .

Common Log Format (CLF)
"%h %l %u %t \"%r\" %>s %b"
ȣƮ Common Log Format
"%v %h %l %u %t \"%r\" %>s %b"
NCSA extended/combined α
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
Referer α
"%{Referer}i -> %U"
Agent () α
"%{User-agent}i"

û ϴ ServerName Listen %v %p Ѵ. α׺м α׷ û ϴ ȣƮ ˱ ȣƮ ã ˰ ʿ ̵ UseCanonicalName ϴ.

top

Ȼ

ϴ ڿܿ ٸ ڰ α ϴ 丮 ȿ ϶.

top

CookieLog þ

:Ű α׿ ϸ Ѵ
:CookieLog filename
:ּ, ȣƮ
:Base
:mod_log_config
: þ ʴ´.

CookieLog þ Ű α׿ ϸ Ѵ. ϸ ServerRoot ̴. þ mod_cookies ȣȯ , ʴ´.

top

CustomLog þ

:α ̸ Ѵ
:CustomLog file|pipe format|nickname [env=[!]environment-variable]
:ּ, ȣƮ
:Base
:mod_log_config

û α׿ 涧 CustomLog þ Ѵ. α ϰ, ȯ溯 Ͽ û Ư¡ α׸ ִ.

α׸ Ҹ ϴ ù° ƱԸƮ ϳ Ѵ.

file
ServerRoot ϸ.
pipe
"|"ڿ α ǥԷ α׷ θ ´.

:

α׷ Ѵٸ α׷ ȴ. root Ѵٸ α׷ root ϹǷ α׷ Ȯ϶.

н ƴ ÷ ϰθ ԷҶ ÷ 齽 ϴ ݵ ؾ Ѵ. Ϲ Ͽ ׻ ϴ .

ι° ƱԸƮ αϿ Ѵ. LogFormat nickname ϰų α format ڿ ִ.

, þ Ȱ Ѵ.

# Ī CustomLog
LogFormat "%h %l %u %t \"%r\" %>s %b" common
CustomLog logs/access_log common

# ڿ CustomLog
CustomLog logs/access_log "%h %l %u %t \"%r\" %>s %b"

° ƱԸƮ  Ǹ, Ư ȯ溯 û α׿ θ Ѵ. û ȯ溯 ǵִٸ (Ȥ 'env=!name' ٸ) û α׿ Ѵ.

mod_setenvif mod_rewrite Ͽ û ȯ溯 ִ. , GIF ׸ û ּ αװ ƴ ٸ αϿ Ϸ,

SetEnvIf Request_URI \.gif$ gif-image
CustomLog gif-requests.log common env=gif-image
CustomLog nongif-requests.log common env=!gif-image

top

LogFormat þ

:αϿ Ѵ
:LogFormat format|nickname [nickname]
⺻:LogFormat "%h %l %u %t \"%r\" %>s %b"
:ּ, ȣƮ
:Base
:mod_log_config

þ α Ѵ.

LogFormat þ ΰ Ѵ. ù° ƱԸƮ Ѱ Ͽ TransferLog þ α Ѵ. ƱԸƮ α ϱ format ϰų, LogFormat þ ̸ (α Īϴ) nickname ִ.

LogFormat þ ι° format nickname Ѵ. ׷ ڿ ϴ LogFormat̳ CustomLog þ ݺؼ ڿ Էϴ nickname ִ. Ī ϴ LogFormat þ ܿ ƹ ʴ´. , Ī ϸ, ϰų ⺻ ʴ´. ׷Ƿ TransferLog þ ʴ´. , LogFormat Ī ٸ Ī ִ. Ī ̸ ۼƮ ȣ(%) ϶.

LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

top

TransferLog þ

:α ġ Ѵ
:TransferLog file|pipe
:ּ, ȣƮ
:Base
:mod_log_config

þ CustomLog þ ƱԸƮ , α ϰų û ǿ α׿ . ֱ (Ī ) LogFormat þ α Ѵ. ̸ ʾҴٸ Common Log Format Ѵ.

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
TransferLog logs/access_log

mod/mod_log_forensic.html100644 0 0 21333 11237400533 13202 0ustar 0 0 mod_log_forensic - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_log_forensic

Description:Forensic Logging of the requests made to the server
Status:Extension
ModuleIdentifier:log_forensic_module
SourceFile:mod_log_forensic.c
Compatibility:mod_unique_id is no longer required since version 2.1

Summary

This module provides for forensic logging of client requests. Logging is done before and after processing a request, so the forensic log contains two log lines for each request. The forensic logger is very strict, which means:

  • The format is fixed. You cannot modify the logging format at runtime.
  • If it cannot write its data, the child process exits immediately and may dump core (depending on your CoreDumpDirectory configuration).

The check_forensic script, which can be found in the distribution's support directory, may be helpful in evaluating the forensic log output.

top

Forensic Log Format

Each request is logged two times. The first time is before it's processed further (that is, after receiving the headers). The second log entry is written after the request processing at the same time where normal logging occurs.

In order to identify each request, a unique request ID is assigned. This forensic ID can be cross logged in the normal transfer log using the %{forensic-id}n format string. If you're using mod_unique_id, its generated ID will be used.

The first line logs the forensic ID, the request line and all received headers, separated by pipe characters (|). A sample line looks like the following (all on one line):

+yQtJf8CoAB4AAFNXBIEAAAAA|GET /manual/de/images/down.gif HTTP/1.1|Host:localhost%3a8080|User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; rv%3a1.6) Gecko/20040216 Firefox/0.8|Accept:image/png, etc...

The plus character at the beginning indicates that this is the first log line of this request. The second line just contains a minus character and the ID again:

-yQtJf8CoAB4AAFNXBIEAAAAA

The check_forensic script takes as its argument the name of the logfile. It looks for those +/- ID pairs and complains if a request was not completed.

top

Security Considerations

See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.

top

ForensicLog Directive

Description:Sets filename of the forensic log
Syntax:ForensicLog filename|pipe
Context:server config, virtual host
Status:Extension
Module:mod_log_forensic

The ForensicLog directive is used to log requests to the server for forensic analysis. Each log entry is assigned a unique ID which can be associated with the request using the normal CustomLog directive. mod_log_forensic creates a token called forensic-id, which can be added to the transfer log using the %{forensic-id}n format string.

The argument, which specifies the location to which the logs will be written, can take one of the following two types of values:

filename
A filename, relative to the ServerRoot.
pipe
The pipe character "|", followed by the path to a program to receive the log information on its standard input. The program name can be specified relative to the ServerRoot directive.

Security:

If a program is used, then it will be run as the user who started httpd. This will be root if the server was started by root; be sure that the program is secure or switches to a less privileged user.

Note

When entering a file path on non-Unix platforms, care should be taken to make sure that only forward slashes are used even though the platform may allow the use of back slashes. In general it is a good idea to always use forward slashes throughout the configuration files.

mod/mod_logio.html100644 0 0 7742 11237400533 11632 0ustar 0 0 mod_logio - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_logio

ֽ ƴմϴ. ֱٿ ϼ.
:û Ʈ
:Extension
:logio_module
ҽ:mod_logio.c

û Ʈ Ѵ. ڴ Ʈ ְ Ʈ Ÿ, û Ѵ. Է SSL/TLS , SSL/TLS Ŀ ⶧ ȣȭ ùٷ ݿȴ.

Ϸ mod_log_config ʿϴ.

þ

⿡ þ ϴ.

top

α

ΰ ο αþ ߰Ѵ. ûü Ư Ĺڿ "%" þ Ͽ Ѵ. þ αϿ Ѵ:

Ĺڿ
%...I û Ͽ Ʈ. 0 .
%...O Ͽ Ʈ. 0 .

Ѵ:

յ α :
"%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %I %O"
mod/mod_mem_cache.html100644 0 0 33334 11237400533 12436 0ustar 0 0 mod_mem_cache - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_mem_cache

ֽ ƴմϴ. ֱٿ ϼ.
:URI Ű Ͽ ijѴ.
:Experimental
:mem_cache_module
ҽ:mod_mem_cache.c

̴. ۾̴...

Ϸ mod_cache ʿϴ. mod_cache ϸ ޸𸮱 ڸ Ѵ. mod_mem_cache ϱڸ ij ϰų ü ijϴ ΰ Ѵ. mod_mem_cache ijϰų ProxyPass (Ͻ(reverse proxy)) mod_proxy ޴ ijҶ ַ Ѵ.

URI Ű Ͽ ij ϰ ´. ϴ ij ʴ´.

top

MCacheMaxObjectCount þ

:ij ִ ִ ü
:MCacheMaxObjectCount value
⺻:MCacheMaxObjectCount 1009
:ּ
:Experimental
:mod_mem_cache

MCacheMaxObjectCount þ ij ִ ִ ü Ѵ. ؽ̺ 鶧 Ѵ. ο ü ij ߰ؾ ϴµ ִ ü Ͽٸ, ο ü ij ֵ ٸ ü Ѵ. MCacheRemovalAlgorithm ˰ Ͽ ü Ѵ.

MCacheMaxObjectCount 13001

top

MCacheMaxObjectSize þ

:ij ִ ũ (Ʈ )
:MCacheMaxObjectSize bytes
⺻:MCacheMaxObjectSize 10000
:ּ
:Experimental
:mod_mem_cache

MCacheMaxObjectSize þ ij ִ ũ⸦ Ʈ Ѵ.

MCacheMaxObjectSize 6400000

Note

MCacheMaxObjectSize MCacheMinObjectSize þ Ŀ Ѵ.

top

MCacheMaxStreamingBuffer þ

: ijѴٰ ϱ ޸ ۿ Ʈ ִ ũ
:MCacheMaxStreamingBuffer size_in_bytes
⺻:MCacheMaxStreamingBuffer 100000 MCacheMaxObjectSize ߿
:ּ
:Experimental
:mod_mem_cache

MCacheMaxStreamingBuffer þ ʹ Ŀ ij ۿ Ʈ ִ Ʈ Ѵ. Ʈ (streamed response) ü Content-Length 𸣴 ̴. Ͻõ ̳ CGI ũƮ Ʈ 信 Ѵ. ⺻ Content-Length ٸ Ʈ ij ʴ´. ij ϱ⿡ ʹ ū Ϻθ ۿ ϱ ޸𸮸 ʱؼ̴. MCacheMaxStreamingBuffer þ ϸ Content-Length Ʈ ũ ۿ Ѵ. ִ ũ⸦ Ѿ ij ʴ´.

:

MCacheMaxStreamingBuffer 0 ƴ Ͽ Ŭ̾Ʈ ʰ ʴ´. mod_mem_cache Ʈ Ϻθ ۿ ڸ Ŭ̾Ʈ ͷ .

# Ʈ 64KB ijѴ:
MCacheMaxStreamingBuffer 65536

top

MCacheMinObjectSize þ

:ij ּ ũ (Ʈ )
:MCacheMinObjectSize bytes
⺻:MCacheMinObjectSize 0
:ּ
:Experimental
:mod_mem_cache

MCacheMinObjectSize þ ij ּ ũ⸦ Ʈ Ѵ.

MCacheMinObjectSize 10000

top

MCacheRemovalAlgorithm þ

:ij ã ˰
:MCacheRemovalAlgorithm LRU|GDSF
⺻:MCacheRemovalAlgorithm GDSF
:ּ
:Experimental
:mod_mem_cache

MCacheRemovalAlgorithm þ ij ã ˰ Ѵ.

LRU (Least Recently Used)
LRU Ѵ.
GDSF (GreadyDual-Size)
GDSF ij (cache miss) ũ⸦ ij 켱 οѴ. 켱 Ѵ.

MCacheRemovalAlgorithm GDSF
MCacheRemovalAlgorithm LRU

top

MCacheSize þ

:ij ִ ޸𸮷 (KByte )
:MCacheSize KBytes
⺻:MCacheSize 100
:ּ
:Experimental
:mod_mem_cache

MCacheSize þ ij ִ ޸𸮷 KByte (1024 Ʈ ) Ѵ. ο ü ij ߰ؾ ϴµ ü ũⰡ ޸𸮺 ũٸ ο ü ij ٸ ü Ѵ. MCacheRemovalAlgorithm ˰ Ͽ ü Ѵ.

MCacheSize 700000

MCacheSize MCacheMaxObjectSize þ Ŀ Ѵ.

mod/mod_mime.html100644 0 0 165160 11237400533 11507 0ustar 0 0 mod_mime - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_mime

Description:Associates the requested filename's extensions with the file's behavior (handlers and filters) and content (mime-type, language, character set and encoding)
Status:Base
ModuleIdentifier:mime_module
SourceFile:mod_mime.c

Summary

This module is used to associate various bits of "meta information" with files by their filename extensions. This information relates the filename of the document to it's mime-type, language, character set and encoding. This information is sent to the browser, and participates in content negotiation, so the user's preferences are respected when choosing one of several possible files to serve. See mod_negotiation for more information about content negotiation.

The directives AddCharset, AddEncoding, AddLanguage and AddType are all used to map file extensions onto the meta-information for that file. Respectively they set the character set, content-encoding, content-language, and MIME-type (content-type) of documents. The directive TypesConfig is used to specify a file which also maps extensions onto MIME types.

In addition, mod_mime may define the handler and filters that originate and process content. The directives AddHandler, AddOutputFilter, and AddInputFilter control the modules or scripts that serve the document. The MultiviewsMatch directive allows mod_negotiation to consider these file extensions to be included when testing Multiviews matches.

While mod_mime associates meta-information with filename extensions, the core server provides directives that are used to associate all the files in a given container (e.g., <Location>, <Directory>, or <Files>) with particular meta-information. These directives include ForceType, SetHandler, SetInputFilter, and SetOutputFilter. The core directives override any filename extension mappings defined in mod_mime.

Note that changing the meta-information for a file does not change the value of the Last-Modified header. Thus, previously cached copies may still be used by a client or proxy, with the previous headers. If you change the meta-information (language, content type, character set or encoding) you may need to 'touch' affected files (updating their last modified date) to ensure that all visitors are receive the corrected content headers.

top

Files with Multiple Extensions

Files can have more than one extension, and the order of the extensions is normally irrelevant. For example, if the file welcome.html.fr maps onto content type text/html and language French then the file welcome.fr.html will map onto exactly the same information. If more than one extension is given that maps onto the same type of meta-information, then the one to the right will be used, except for languages and content encodings. For example, if .gif maps to the MIME-type image/gif and .html maps to the MIME-type text/html, then the file welcome.gif.html will be associated with the MIME-type text/html.

Languages and content encodings are treated accumulative, because one can assign more than one language or encoding to a particular resource. For example, the file welcome.html.en.de will be delivered with Content-Language: en, de and Content-Type: text/html.

Care should be taken when a file with multiple extensions gets associated with both a MIME-type and a handler. This will usually result in the request being handled by the module associated with the handler. For example, if the .imap extension is mapped to the handler imap-file (from mod_imagemap) and the .html extension is mapped to the MIME-type text/html, then the file world.imap.html will be associated with both the imap-file handler and text/html MIME-type. When it is processed, the imap-file handler will be used, and so it will be treated as a mod_imagemap imagemap file.

If you would prefer only the last dot-separated part of the filename to be mapped to a particular piece of meta-data, then do not use the Add* directives. For example, if you wish to have the file foo.html.cgi processed as a CGI script, but not the file bar.cgi.html, then instead of using AddHandler cgi-script .cgi, use

Configure handler based on final extension only

<FilesMatch \.cgi$> SetHandler cgi-script </FilesMatch>

top

Content encoding

A file of a particular MIME-type can additionally be encoded a particular way to simplify transmission over the Internet. While this usually will refer to compression, such as gzip, it can also refer to encryption, such a pgp or to an encoding such as UUencoding, which is designed for transmitting a binary file in an ASCII (text) format.

The HTTP/1.1 RFC, section 14.11 puts it this way:

The Content-Encoding entity-header field is used as a modifier to the media-type. When present, its value indicates what additional content codings have been applied to the entity-body, and thus what decoding mechanisms must be applied in order to obtain the media-type referenced by the Content-Type header field. Content-Encoding is primarily used to allow a document to be compressed without losing the identity of its underlying media type.

By using more than one file extension (see section above about multiple file extensions), you can indicate that a file is of a particular type, and also has a particular encoding.

For example, you may have a file which is a Microsoft Word document, which is pkzipped to reduce its size. If the .doc extension is associated with the Microsoft Word file type, and the .zip extension is associated with the pkzip file encoding, then the file Resume.doc.zip would be known to be a pkzip'ed Word document.

Apache sends a Content-encoding header with the resource, in order to tell the client browser about the encoding method.

Content-encoding: pkzip

top

Character sets and languages

In addition to file type and the file encoding, another important piece of information is what language a particular document is in, and in what character set the file should be displayed. For example, the document might be written in the Vietnamese alphabet, or in Cyrillic, and should be displayed as such. This information, also, is transmitted in HTTP headers.

The character set, language, encoding and mime type are all used in the process of content negotiation (See mod_negotiation) to determine which document to give to the client, when there are alternative documents in more than one character set, language, encoding or mime type. All filename extensions associations created with AddCharset, AddEncoding, AddLanguage and AddType directives (and extensions listed in the MimeMagicFile) participate in this select process. Filename extensions that are only associated using the AddHandler, AddInputFilter or AddOutputFilter directives may be included or excluded from matching by using the MultiviewsMatch directive.

Charset

To convey this further information, Apache optionally sends a Content-Language header, to specify the language that the document is in, and can append additional information onto the Content-Type header to indicate the particular character set that should be used to correctly render the information.

Content-Language: en, fr
Content-Type: text/plain; charset=ISO-8859-1

The language specification is the two-letter abbreviation for the language. The charset is the name of the particular character set which should be used.

top

AddCharset Directive

Description:Maps the given filename extensions to the specified content charset
Syntax:AddCharset charset extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddCharset directive maps the given filename extensions to the specified content charset. charset is the MIME charset parameter of filenames containing extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension.

Example

AddLanguage ja .ja
AddCharset EUC-JP .euc
AddCharset ISO-2022-JP .jis
AddCharset SHIFT_JIS .sjis

Then the document xxxx.ja.jis will be treated as being a Japanese document whose charset is ISO-2022-JP (as will the document xxxx.jis.ja). The AddCharset directive is useful for both to inform the client about the character encoding of the document so that the document can be interpreted and displayed appropriately, and for content negotiation, where the server returns one from several documents based on the client's charset preference.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

See also

top

AddEncoding Directive

Description:Maps the given filename extensions to the specified encoding type
Syntax:AddEncoding MIME-enc extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddEncoding directive maps the given filename extensions to the specified encoding type. MIME-enc is the MIME encoding to use for documents containing the extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension.

Example

AddEncoding x-gzip .gz
AddEncoding x-compress .Z

This will cause filenames containing the .gz extension to be marked as encoded using the x-gzip encoding, and filenames containing the .Z extension to be marked as encoded with x-compress.

Old clients expect x-gzip and x-compress, however the standard dictates that they're equivalent to gzip and compress respectively. Apache does content encoding comparisons by ignoring any leading x-. When responding with an encoding Apache will use whatever form (i.e., x-foo or foo) the client requested. If the client didn't specifically request a particular form Apache will use the form given by the AddEncoding directive. To make this long story short, you should always use x-gzip and x-compress for these two specific encodings. More recent encodings, such as deflate should be specified without the x-.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

top

AddHandler Directive

Description:Maps the filename extensions to the specified handler
Syntax:AddHandler handler-name extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

Files having the name extension will be served by the specified handler-name. This mapping is added to any already in force, overriding any mappings that already exist for the same extension. For example, to activate CGI scripts with the file extension .cgi, you might use:

AddHandler cgi-script .cgi

Once that has been put into your httpd.conf file, any file containing the .cgi extension will be treated as a CGI program.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

See also

top

AddInputFilter Directive

Description:Maps filename extensions to the filters that will process client requests
Syntax:AddInputFilter filter[;filter...] extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:AddInputFilter is only available in Apache 2.0.26 and later.

AddInputFilter maps the filename extension extension to the filters which will process client requests and POST input when they are received by the server. This is in addition to any filters defined elsewhere, including the SetInputFilter directive. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content. The filter is case-insensitive.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

See also

top

AddLanguage Directive

Description:Maps the given filename extension to the specified content language
Syntax:AddLanguage MIME-lang extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddLanguage directive maps the given filename extension to the specified content language. MIME-lang is the MIME language of filenames containing extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension.

Example

AddEncoding x-compress .Z
AddLanguage en .en
AddLanguage fr .fr

Then the document xxxx.en.Z will be treated as being a compressed English document (as will the document xxxx.Z.en). Although the content language is reported to the client, the browser is unlikely to use this information. The AddLanguage directive is more useful for content negotiation, where the server returns one from several documents based on the client's language preference.

If multiple language assignments are made for the same extension, the last one encountered is the one that is used. That is, for the case of:

AddLanguage en .en
AddLanguage en-gb .en
AddLanguage en-us .en

documents with the extension .en would be treated as being en-us.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

See also

top

AddOutputFilter Directive

Description:Maps filename extensions to the filters that will process responses from the server
Syntax:AddOutputFilter filter[;filter...] extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:AddOutputFilter is only available in Apache 2.0.26 and later.

The AddOutputFilter directive maps the filename extension extension to the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including SetOutputFilter and AddOutputFilterByType directive. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.

For example, the following configuration will process all .shtml files for server-side includes and will then compress the output using mod_deflate.

AddOutputFilter INCLUDES;DEFLATE shtml

If more than one filter is specified, they must be separated by semicolons in the order in which they should process the content. The filter argument is case-insensitive.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

See also

top

AddType Directive

Description:Maps the given filename extensions onto the specified content type
Syntax:AddType MIME-type extension [extension] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The AddType directive maps the given filename extensions onto the specified content type. MIME-type is the MIME type to use for filenames containing extension. This mapping is added to any already in force, overriding any mappings that already exist for the same extension. This directive can be used to add mappings not listed in the MIME types file (see the TypesConfig directive).

Example

AddType image/gif .gif

It is recommended that new MIME types be added using the AddType directive rather than changing the TypesConfig file.

The extension argument is case-insensitive and can be specified with or without a leading dot. Filenames may have multiple extensions and the extension argument will be compared against each of them.

See also

top

DefaultLanguage Directive

Description:Sets all files in the given scope to the specified language
Syntax:DefaultLanguage MIME-lang
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The DefaultLanguage directive tells Apache that all files in the directive's scope (e.g., all files covered by the current <Directory> container) that don't have an explicit language extension (such as .fr or .de as configured by AddLanguage) should be considered to be in the specified MIME-lang language. This allows entire directories to be marked as containing Dutch content, for instance, without having to rename each file. Note that unlike using extensions to specify languages, DefaultLanguage can only specify a single language.

If no DefaultLanguage directive is in force, and a file does not have any language extensions as configured by AddLanguage, then that file will be considered to have no language attribute.

Example

DefaultLanguage en

See also

top

ModMimeUsePathInfo Directive

Description:Tells mod_mime to treat path_info components as part of the filename
Syntax:ModMimeUsePathInfo On|Off
Default:ModMimeUsePathInfo Off
Context:directory
Status:Base
Module:mod_mime
Compatibility:Available in Apache 2.0.41 and later

The ModMimeUsePathInfo directive is used to combine the filename with the path_info URL component to apply mod_mime's directives to the request. The default value is Off - therefore, the path_info component is ignored.

This directive is recommended when you have a virtual filesystem.

Example

ModMimeUsePathInfo On

If you have a request for /bar/foo.shtml where /bar is a Location and ModMimeUsePathInfo is On, mod_mime will treat the incoming request as /bar/foo.shtml and directives like AddOutputFilter INCLUDES .shtml will add the INCLUDES filter to the request. If ModMimeUsePathInfo is not set, the INCLUDES filter will not be added.

See also

top

MultiviewsMatch Directive

Description:The types of files that will be included when searching for a matching file with MultiViews
Syntax:MultiviewsMatch Any|NegotiatedOnly|Filters|Handlers [Handlers|Filters]
Default:MultiviewsMatch NegotiatedOnly
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:Available in Apache 2.0.26 and later.

MultiviewsMatch permits three different behaviors for mod_negotiation's Multiviews feature. Multiviews allows a request for a file, e.g. index.html, to match any negotiated extensions following the base request, e.g. index.html.en, index.html.fr, or index.html.gz.

The NegotiatedOnly option provides that every extension following the base name must correlate to a recognized mod_mime extension for content negotation, e.g. Charset, Content-Type, Language, or Encoding. This is the strictest implementation with the fewest unexpected side effects, and is the default behavior.

To include extensions associated with Handlers and/or Filters, set the MultiviewsMatch directive to either Handlers, Filters, or both option keywords. If all other factors are equal, the smallest file will be served, e.g. in deciding between index.html.cgi of 500 bytes and index.html.pl of 1000 bytes, the .cgi file would win in this example. Users of .asis files might prefer to use the Handler option, if .asis files are associated with the asis-handler.

You may finally allow Any extensions to match, even if mod_mime doesn't recognize the extension. This was the behavior in Apache 1.3, and can cause unpredicatable results, such as serving .old or .bak files the webmaster never expected to be served.

For example, the following configuration will allow handlers and filters to participate in Multviews, but will exclude unknown files:

MultiviewsMatch Handlers Filters

See also

top

RemoveCharset Directive

Description:Removes any character set associations for a set of file extensions
Syntax:RemoveCharset extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveCharset is only available in Apache 2.0.24 and later.

The RemoveCharset directive removes any character set associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive and can be specified with or without a leading dot.

Example

RemoveCharset .html .shtml

top

RemoveEncoding Directive

Description:Removes any content encoding associations for a set of file extensions
Syntax:RemoveEncoding extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The RemoveEncoding directive removes any encoding associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files. An example of its use might be:

/foo/.htaccess:

AddEncoding x-gzip .gz
AddType text/plain .asc
<Files *.gz.asc>
RemoveEncoding .gz
 </Files>

This will cause foo.gz to be marked as being encoded with the gzip method, but foo.gz.asc as an unencoded plaintext file.

Note

RemoveEncoding directives are processed after any AddEncoding directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration.

The extension argument is case-insensitive and can be specified with or without a leading dot.

top

RemoveHandler Directive

Description:Removes any handler associations for a set of file extensions
Syntax:RemoveHandler extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The RemoveHandler directive removes any handler associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files. An example of its use might be:

/foo/.htaccess:

AddHandler server-parsed .html

/foo/bar/.htaccess:

RemoveHandler .html

This has the effect of returning .html files in the /foo/bar directory to being treated as normal files, rather than as candidates for parsing (see the mod_include module).

The extension argument is case-insensitive and can be specified with or without a leading dot.

top

RemoveInputFilter Directive

Description:Removes any input filter associations for a set of file extensions
Syntax:RemoveInputFilter extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveInputFilter is only available in Apache 2.0.26 and later.

The RemoveInputFilter directive removes any input filter associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive and can be specified with or without a leading dot.

See also

top

RemoveLanguage Directive

Description:Removes any language associations for a set of file extensions
Syntax:RemoveLanguage extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveLanguage is only available in Apache 2.0.24 and later.

The RemoveLanguage directive removes any language associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive and can be specified with or without a leading dot.

top

RemoveOutputFilter Directive

Description:Removes any output filter associations for a set of file extensions
Syntax:RemoveOutputFilter extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime
Compatibility:RemoveOutputFilter is only available in Apache 2.0.26 and later.

The RemoveOutputFilter directive removes any output filter associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files.

The extension argument is case-insensitive and can be specified with or without a leading dot.

Example

RemoveOutputFilter shtml

See also

top

RemoveType Directive

Description:Removes any content type associations for a set of file extensions
Syntax:RemoveType extension [extension] ...
Context:virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_mime

The RemoveType directive removes any MIME type associations for files with the given extensions. This allows .htaccess files in subdirectories to undo any associations inherited from parent directories or the server config files. An example of its use might be:

/foo/.htaccess:

RemoveType .cgi

This will remove any special handling of .cgi files in the /foo/ directory and any beneath it, causing the files to be treated as being of the DefaultType.

Note

RemoveType directives are processed after any AddType directives, so it is possible they may undo the effects of the latter if both occur within the same directory configuration.

The extension argument is case-insensitive and can be specified with or without a leading dot.

top

TypesConfig Directive

Description:The location of the mime.types file
Syntax:TypesConfig file-path
Default:TypesConfig conf/mime.types
Context:server config
Status:Base
Module:mod_mime

The TypesConfig directive sets the location of the MIME types configuration file. File-path is relative to the ServerRoot. This file sets the default list of mappings from filename extensions to content types. Most administrators use the provided mime.types file, which associates common filename extensions with IANA registered content types. The current list is maintained at http://www.iana.org/assignments/media-types/index.html. This simplifies the httpd.conf file by providing the majority of media-type definitions, and may be overridden by AddType directives as needed. You should not edit the mime.types file, because it may be replaced when you upgrade your server.

The file contains lines in the format of the arguments to an AddType directive:

MIME-type [extension] ...

The case of the extension does not matter. Blank lines, and lines beginning with a hash character (#) are ignored.

Please do not send requests to the Apache HTTP Server Project to add any new entries in the distributed mime.types file unless (1) they are already registered with IANA, and (2) they use widely accepted, non-conflicting filename extensions across platforms. category/x-subtype requests will be automatically rejected, as will any new two-letter extensions as they will likely conflict later with the already crowded language and character set namespace.

See also

mod/mod_mime_magic.html100644 0 0 32371 11237400533 12624 0ustar 0 0 mod_mime_magic - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_mime_magic

Description:Determines the MIME type of a file by looking at a few bytes of its contents
Status:Extension
ModuleIdentifier:mime_magic_module
SourceFile:mod_mime_magic.c

Summary

This module determines the MIME type of files in the same way the Unix file(1) command works: it looks at the first few bytes of the file. It is intended as a "second line of defense" for cases that mod_mime can't resolve.

This module is derived from a free version of the file(1) command for Unix, which uses "magic numbers" and other hints from a file's contents to figure out what the contents are. This module is active only if the magic file is specified by the MimeMagicFile directive.

top

Format of the Magic File

The contents of the file are plain ASCII text in 4-5 columns. Blank lines are allowed but ignored. Commented lines use a hash mark (#). The remaining lines are parsed for the following columns:

ColumnDescription
1 byte number to begin checking from
">" indicates a dependency upon the previous non-">" line
2

type of data to match

byte single character
short machine-order 16-bit integer
long machine-order 32-bit integer
string arbitrary-length string
date long integer date (seconds since Unix epoch/1970)
beshort big-endian 16-bit integer
belong big-endian 32-bit integer
bedate big-endian 32-bit integer date
leshort little-endian 16-bit integer
lelong little-endian 32-bit integer
ledate little-endian 32-bit integer date
3 contents of data to match
4 MIME type if matched
5 MIME encoding if matched (optional)

For example, the following magic file lines would recognize some audio formats:

# Sun/NeXT audio data
0      string      .snd
>12    belong      1       audio/basic
>12    belong      2       audio/basic
>12    belong      3       audio/basic
>12    belong      4       audio/basic
>12    belong      5       audio/basic
>12    belong      6       audio/basic
>12    belong      7       audio/basic
>12    belong     23       audio/x-adpcm

Or these would recognize the difference between *.doc files containing Microsoft Word or FrameMaker documents. (These are incompatible file formats which use the same file suffix.)

# Frame
0  string  \<MakerFile        application/x-frame
0  string  \<MIFFile          application/x-frame
0  string  \<MakerDictionary  application/x-frame
0  string  \<MakerScreenFon   application/x-frame
0  string  \<MML              application/x-frame
0  string  \<Book             application/x-frame
0  string  \<Maker            application/x-frame

# MS-Word
0  string  \376\067\0\043            application/msword
0  string  \320\317\021\340\241\261  application/msword
0  string  \333\245-\0\0\0           application/msword

An optional MIME encoding can be included as a fifth column. For example, this can recognize gzipped files and set the encoding for them.

# gzip (GNU zip, not to be confused with
#       [Info-ZIP/PKWARE] zip archiver)

0  string  \037\213  application/octet-stream  x-gzip
top

Performance Issues

This module is not for every system. If your system is barely keeping up with its load or if you're performing a web server benchmark, you may not want to enable this because the processing is not free.

However, an effort was made to improve the performance of the original file(1) code to make it fit in a busy web server. It was designed for a server where there are thousands of users who publish their own documents. This is probably very common on intranets. Many times, it's helpful if the server can make more intelligent decisions about a file's contents than the file name allows ...even if just to reduce the "why doesn't my page work" calls when users improperly name their own files. You have to decide if the extra work suits your environment.

top

Notes

The following notes apply to the mod_mime_magic module and are included here for compliance with contributors' copyright restrictions that require their acknowledgment.

mod_mime_magic: MIME type lookup via file magic numbers
Copyright (c) 1996-1997 Cisco Systems, Inc.

This software was submitted by Cisco Systems to the Apache Group in July 1997. Future revisions and derivatives of this source code must acknowledge Cisco Systems as the original contributor of this module. All other licensing and usage conditions are those of the Apache Group.

Some of this code is derived from the free version of the file command originally posted to comp.sources.unix. Copyright info for that program is included below as required.

- Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.

This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California.

Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it freely, subject to the following restrictions:

  1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it.
  2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation.
  3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation.
  4. This notice may not be removed or altered.

For compliance with Mr Darwin's terms: this has been very significantly modified from the free "file" command.

  • all-in-one file for compilation convenience when moving from one version of Apache to the next.
  • Memory allocation is done through the Apache API's pool structure.
  • All functions have had necessary Apache API request or server structures passed to them where necessary to call other Apache API routines. (i.e., usually for logging, files, or memory allocation in itself or a called function.)
  • struct magic has been converted from an array to a single-ended linked list because it only grows one record at a time, it's only accessed sequentially, and the Apache API has no equivalent of realloc().
  • Functions have been changed to get their parameters from the server configuration instead of globals. (It should be reentrant now but has not been tested in a threaded environment.)
  • Places where it used to print results to stdout now saves them in a list where they're used to set the MIME type in the Apache request record.
  • Command-line flags have been removed since they will never be used here.
top

MimeMagicFile Directive

Description:Enable MIME-type determination based on file contents using the specified magic file
Syntax:MimeMagicFile file-path
Context:server config, virtual host
Status:Extension
Module:mod_mime_magic

The MimeMagicFile directive can be used to enable this module, the default file is distributed at conf/magic. Non-rooted paths are relative to the ServerRoot. Virtual hosts will use the same file as the main server unless a more specific setting is used, in which case the more specific setting overrides the main server's file.

Example

MimeMagicFile conf/magic

mod/mod_negotiation.html100644 0 0 40565 11237400533 13061 0ustar 0 0 mod_negotiation - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_negotiation

Description:Provides for content negotiation
Status:Base
ModuleIdentifier:negotiation_module
SourceFile:mod_negotiation.c

Summary

Content negotiation, or more accurately content selection, is the selection of the document that best matches the clients capabilities, from one of several available documents. There are two implementations of this.

  • A type map (a file with the handler type-map) which explicitly lists the files containing the variants.
  • A MultiViews search (enabled by the MultiViews Options), where the server does an implicit filename pattern match, and choose from amongst the results.
top

Type maps

A type map has a format similar to RFC822 mail headers. It contains document descriptions separated by blank lines, with lines beginning with a hash character ('#') treated as comments. A document description consists of several header records; records may be continued on multiple lines if the continuation lines start with spaces. The leading space will be deleted and the lines concatenated. A header record consists of a keyword name, which always ends in a colon, followed by a value. Whitespace is allowed between the header name and value, and between the tokens of value. The headers allowed are:

Content-Encoding:
The encoding of the file. Apache only recognizes encodings that are defined by an AddEncoding directive. This normally includes the encodings x-compress for compress'd files, and x-gzip for gzip'd files. The x- prefix is ignored for encoding comparisons.
Content-Language:
The language(s) of the variant, as an Internet standard language tag (RFC 1766). An example is en, meaning English. If the variant contains more than one language, they are separated by a comma.
Content-Length:
The length of the file, in bytes. If this header is not present, then the actual length of the file is used.
Content-Type:
The MIME media type of the document, with optional parameters. Parameters are separated from the media type and from one another by a semi-colon, with a syntax of name=value. Common parameters include:
level
an integer specifying the version of the media type. For text/html this defaults to 2, otherwise 0.
qs
a floating-point number with a value in the range 0.0 to 1.0, indicating the relative 'quality' of this variant compared to the other available variants, independent of the client's capabilities. For example, a jpeg file is usually of higher source quality than an ascii file if it is attempting to represent a photograph. However, if the resource being represented is ascii art, then an ascii file would have a higher source quality than a jpeg file. All qs values are therefore specific to a given resource.

Example

Content-Type: image/jpeg; qs=0.8

URI:
uri of the file containing the variant (of the given media type, encoded with the given content encoding). These are interpreted as URLs relative to the map file; they must be on the same server (!), and they must refer to files to which the client would be granted access if they were to be requested directly.
Body:
New in Apache 2.0, the actual content of the resource may be included in the type-map file using the Body header. This header must contain a string that designates a delimiter for the body content. Then all following lines in the type map file will be considered part of the resource body until the delimiter string is found.

Example:

Body:----xyz----
<html>
<body>
<p>Content of the page.</p>
</body>
</html>
----xyz----

top

MultiViews

A MultiViews search is enabled by the MultiViews Options. If the server receives a request for /some/dir/foo and /some/dir/foo does not exist, then the server reads the directory looking for all files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements, and returns that document.

The MultiViewsMatch directive configures whether Apache will consider files that do not have content negotiation meta-information assigned to them when choosing files.

top

CacheNegotiatedDocs Directive

Description:Allows content-negotiated documents to be cached by proxy servers
Syntax:CacheNegotiatedDocs On|Off
Default:CacheNegotiatedDocs Off
Context:server config, virtual host
Status:Base
Module:mod_negotiation
Compatibility:The syntax changed in version 2.0.

If set, this directive allows content-negotiated documents to be cached by proxy servers. This could mean that clients behind those proxys could retrieve versions of the documents that are not the best match for their abilities, but it will make caching more efficient.

This directive only applies to requests which come from HTTP/1.0 browsers. HTTP/1.1 provides much better control over the caching of negotiated documents, and this directive has no effect in responses to HTTP/1.1 requests.

Prior to version 2.0, CacheNegotiatedDocs did not take an argument; it was turned on by the presence of the directive by itself.

top

ForceLanguagePriority Directive

Description:Action to take if a single acceptable document is not found
Syntax:ForceLanguagePriority None|Prefer|Fallback [Prefer|Fallback]
Default:ForceLanguagePriority Prefer
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_negotiation
Compatibility:Available in version 2.0.30 and later

The ForceLanguagePriority directive uses the given LanguagePriority to satisfy negotation where the server could otherwise not return a single matching document.

ForceLanguagePriority Prefer uses LanguagePriority to serve a one valid result, rather than returning an HTTP result 300 (MULTIPLE CHOICES) when there are several equally valid choices. If the directives below were given, and the user's Accept-Language header assigned en and de each as quality .500 (equally acceptable) then the first matching variant, en, will be served.

LanguagePriority en fr de
ForceLanguagePriority Prefer

ForceLanguagePriority Fallback uses LanguagePriority to serve a valid result, rather than returning an HTTP result 406 (NOT ACCEPTABLE). If the directives below were given, and the user's Accept-Language only permitted an es language response, but such a variant isn't found, then the first variant from the LanguagePriority list below will be served.

LanguagePriority en fr de
ForceLanguagePriority Fallback

Both options, Prefer and Fallback, may be specified, so either the first matching variant from LanguagePriority will be served if more than one variant is acceptable, or first available document will be served if none of the variants matched the client's acceptable list of languages.

See also

top

LanguagePriority Directive

Description:The precendence of language variants for cases where the client does not express a preference
Syntax:LanguagePriority MIME-lang [MIME-lang] ...
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Base
Module:mod_negotiation

The LanguagePriority sets the precedence of language variants for the case where the client does not express a preference, when handling a MultiViews request. The list of MIME-lang are in order of decreasing preference.

Example:

LanguagePriority en fr de

For a request for foo.html, where foo.html.fr and foo.html.de both existed, but the browser did not express a language preference, then foo.html.fr would be returned.

Note that this directive only has an effect if a 'best' language cannot be determined by any other means or the ForceLanguagePriority directive is not None. In general, the client determines the language preference, not the server.

See also

mod/mod_nw_ssl.html100644 0 0 14164 11237400533 12042 0ustar 0 0 mod_nw_ssl - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_nw_ssl

Description:Enable SSL encryption for NetWare
Status:Base
ModuleIdentifier:nwssl_module
SourceFile:mod_nw_ssl.c
Compatibility:NetWare only

Summary

This module enables SSL encryption for a specified port. It takes advantage of the SSL encryption functionality that is built into the NetWare operating system.

top

NWSSLTrustedCerts Directive

Description:List of additional client certificates
Syntax:NWSSLTrustedCerts filename [filename] ...
Context:server config
Status:Base
Module:mod_nw_ssl

Specifies a list of client certificate files (DER format) that are used when creating a proxied SSL connection. Each client certificate used by a server must be listed separately in its own .der file.

top

NWSSLUpgradeable Directive

Description:Allows a connection to be upgraded to an SSL connection upon request
Syntax:NWSSLUpgradeable [IP-address:]portnumber
Context:server config
Status:Base
Module:mod_nw_ssl

Allow a connection that was created on the specified address and/or port to be upgraded to an SSL connection upon request from the client. The address and/or port must have already be defined previously with a Listen directive.

top

SecureListen Directive

Description:Enables SSL encryption for the specified port
Syntax:SecureListen [IP-address:]portnumber Certificate-Name [MUTUAL]
Context:server config
Status:Base
Module:mod_nw_ssl

Specifies the port and the eDirectory based certificate name that will be used to enable SSL encryption. An optional third parameter also enables mutual authentication.

mod/mod_proxy.html100644 0 0 251565 11237400533 11746 0ustar 0 0 mod_proxy - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_proxy

Description:HTTP/1.1 proxy/gateway server
Status:Extension
ModuleIdentifier:proxy_module
SourceFile:mod_proxy.c

Summary

Warning

Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

This module implements a proxy/gateway for Apache. It implements proxying capability for AJP13 (Apache JServe Protocol version 1.3), FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. The module can be configured to connect to other proxy modules for these and other protocols.

Apache's proxy features are divided into several modules in addition to mod_proxy: mod_proxy_http, mod_proxy_ftp, mod_proxy_ajp, mod_proxy_balancer, and mod_proxy_connect. Thus, if you want to use one or more of the particular proxy functions, load mod_proxy and the appropriate module(s) into the server (either statically at compile-time or dynamically via the LoadModule directive).

In addition, extended features are provided by other modules. Caching is provided by mod_cache and related modules. The ability to contact remote servers using the SSL/TLS protocol is provided by the SSLProxy* directives of mod_ssl. These additional modules will need to be loaded and configured to take advantage of these features.

top

Forward Proxies and Reverse Proxies/Gateways

Apache can be configured in both a forward and reverse proxy (also known as gateway) mode.

An ordinary forward proxy is an intermediate server that sits between the client and the origin server. In order to get content from the origin server, the client sends a request to the proxy naming the origin server as the target and the proxy then requests the content from the origin server and returns it to the client. The client must be specially configured to use the forward proxy to access other sites.

A typical usage of a forward proxy is to provide Internet access to internal clients that are otherwise restricted by a firewall. The forward proxy can also use caching (as provided by mod_cache) to reduce network usage.

The forward proxy is activated using the ProxyRequests directive. Because forward proxies allow clients to access arbitrary sites through your server and to hide their true origin, it is essential that you secure your server so that only authorized clients can access the proxy before activating a forward proxy.

A reverse proxy (or gateway), by contrast, appears to the client just like an ordinary web server. No special configuration on the client is necessary. The client makes ordinary requests for content in the name-space of the reverse proxy. The reverse proxy then decides where to send those requests, and returns the content as if it was itself the origin.

A typical usage of a reverse proxy is to provide Internet users access to a server that is behind a firewall. Reverse proxies can also be used to balance load among several back-end servers, or to provide caching for a slower back-end server. In addition, reverse proxies can be used simply to bring several servers into the same URL space.

A reverse proxy is activated using the ProxyPass directive or the [P] flag to the RewriteRule directive. It is not necessary to turn ProxyRequests on in order to configure a reverse proxy.

top

Basic Examples

The examples below are only a very basic idea to help you get started. Please read the documentation on the individual directives.

In addition, if you wish to have caching enabled, consult the documentation from mod_cache.

Forward Proxy

ProxyRequests On
ProxyVia On

<Proxy *>
Order deny,allow
Deny from all
Allow from internal.example.com
 </Proxy>

Reverse Proxy

ProxyRequests Off

<Proxy *>
Order deny,allow
Allow from all
 </Proxy>

ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar

top

Controlling access to your proxy

You can control who can access your proxy via the <Proxy> control block as in the following example:

<Proxy *>
Order Deny,Allow
Deny from all
Allow from 192.168.0
 </Proxy>

For more information on access control directives, see mod_authz_host.

Strictly limiting access is essential if you are using a forward proxy (using the ProxyRequests directive). Otherwise, your server can be used by any client to access arbitrary hosts while hiding his or her true identity. This is dangerous both for your network and for the Internet at large. When using a reverse proxy (using the ProxyPass directive with ProxyRequests Off), access control is less critical because clients can only contact the hosts that you have specifically configured.

top

Slow Startup

If you're using the ProxyBlock directive, hostnames' IP addresses are looked up and cached during startup for later match test. This may take a few seconds (or more) depending on the speed with which the hostname lookups occur.

top

Intranet Proxy

An Apache proxy server situated in an intranet needs to forward external requests through the company's firewall (for this, configure the ProxyRemote directive to forward the respective scheme to the firewall proxy). However, when it has to access resources within the intranet, it can bypass the firewall when accessing hosts. The NoProxy directive is useful for specifying which hosts belong to the intranet and should be accessed directly.

Users within an intranet tend to omit the local domain name from their WWW requests, thus requesting "http://somehost/" instead of http://somehost.example.com/. Some commercial proxy servers let them get away with this and simply serve the request, implying a configured local domain. When the ProxyDomain directive is used and the server is configured for proxy service, Apache can return a redirect response and send the client to the correct, fully qualified, server address. This is the preferred method since the user's bookmark files will then contain fully qualified hosts.

top

Protocol Adjustments

For circumstances where mod_proxy is sending requests to an origin server that doesn't properly implement keepalives or HTTP/1.1, there are two environment variables that can force the request to use HTTP/1.0 with no keepalive. These are set via the SetEnv directive.

These are the force-proxy-request-1.0 and proxy-nokeepalive notes.

<Location /buggyappserver/>
ProxyPass http://buggyappserver:7001/foo/
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
 </Location>

top

Request Bodies

Some request methods such as POST include a request body. The HTTP protocol requires that requests which include a body either use chunked transfer encoding or send a Content-Length request header. When passing these requests on to the origin server, mod_proxy_http will always attempt to send the Content-Length. But if the body is large and the original request used chunked encoding, then chunked encoding may also be used in the upstream request. You can control this selection using environment variables. Setting proxy-sendcl ensures maximum compatibility with upstream servers by always sending the Content-Length, while setting proxy-sendchunked minimizes resource usage by using chunked encoding.

top

Reverse Proxy Request Headers

When acting in a reverse-proxy mode (using the ProxyPass directive, for example), mod_proxy_http adds several request headers in order to pass information to the origin server. These headers are:

X-Forwarded-For
The IP address of the client.
X-Forwarded-Host
The original host requested by the client in the Host HTTP request header.
X-Forwarded-Server
The hostname of the proxy server.

Be careful when using these headers on the origin server, since they will contain more than one (comma-separated) value if the original request already contained one of these headers. For example, you can use %{X-Forwarded-For}i in the log format string of the origin server to log the original clients IP address, but you may get more than one address if the request passes through several proxies.

See also the ProxyPreserveHost and ProxyVia directives, which control other request headers.

top

AllowCONNECT Directive

Description:Ports that are allowed to CONNECT through the proxy
Syntax:AllowCONNECT port [port] ...
Default:AllowCONNECT 443 563
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The AllowCONNECT directive specifies a list of port numbers to which the proxy CONNECT method may connect. Today's browsers use this method when a https connection is requested and proxy tunneling over HTTP is in effect.

By default, only the default https port (443) and the default snews port (563) are enabled. Use the AllowCONNECT directive to override this default and allow connections to the listed ports only.

Note that you'll need to have mod_proxy_connect present in the server in order to get the support for the CONNECT at all.

top

BalancerMember Directive

Description:Add a member to a load balancing group
Syntax:BalancerMember [balancerurl] url [key=value [key=value ...]]
Context:directory
Status:Extension
Module:mod_proxy
Compatibility:BalancerMember is only available in Apache 2.2 and later.

This directive adds a member to a load balancing group. It could be used within a <Proxy balancer://...> container directive, and can take any of the key value pairs available to ProxyPass directives.

The balancerurl is only needed when not in <Proxy balancer://...> container directive. It corresponds to the url of a balancer defined in ProxyPass directive.

top

NoProxy Directive

Description:Hosts, domains, or networks that will be connected to directly
Syntax:NoProxy host [host] ...
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This directive is only useful for Apache proxy servers within intranets. The NoProxy directive specifies a list of subnets, IP addresses, hosts and/or domains, separated by spaces. A request to a host which matches one or more of these is always served directly, without forwarding to the configured ProxyRemote proxy server(s).

Example

ProxyRemote * http://firewall.example.com:81
NoProxy .example.com 192.168.112.0/21

The host arguments to the NoProxy directive are one of the following type list:

Domain

A Domain is a partially qualified DNS domain name, preceded by a period. It represents a list of hosts which logically belong to the same DNS domain or zone (i.e., the suffixes of the hostnames are all ending in Domain).

Examples

.com .apache.org.

To distinguish Domains from Hostnames (both syntactically and semantically; a DNS domain can have a DNS A record, too!), Domains are always written with a leading period.

Note

Domain name comparisons are done without regard to the case, and Domains are always assumed to be anchored in the root of the DNS tree, therefore two domains .ExAmple.com and .example.com. (note the trailing period) are considered equal. Since a domain comparison does not involve a DNS lookup, it is much more efficient than subnet comparison.

SubNet

A SubNet is a partially qualified internet address in numeric (dotted quad) form, optionally followed by a slash and the netmask, specified as the number of significant bits in the SubNet. It is used to represent a subnet of hosts which can be reached over a common network interface. In the absence of the explicit net mask it is assumed that omitted (or zero valued) trailing digits specify the mask. (In this case, the netmask can only be multiples of 8 bits wide.) Examples:

192.168 or 192.168.0.0
the subnet 192.168.0.0 with an implied netmask of 16 valid bits (sometimes used in the netmask form 255.255.0.0)
192.168.112.0/21
the subnet 192.168.112.0/21 with a netmask of 21 valid bits (also used in the form 255.255.248.0)

As a degenerate case, a SubNet with 32 valid bits is the equivalent to an IPAddr, while a SubNet with zero valid bits (e.g., 0.0.0.0/0) is the same as the constant _Default_, matching any IP address.

IPAddr

A IPAddr represents a fully qualified internet address in numeric (dotted quad) form. Usually, this address represents a host, but there need not necessarily be a DNS domain name connected with the address.

Example

192.168.123.7

Note

An IPAddr does not need to be resolved by the DNS system, so it can result in more effective apache performance.

Hostname

A Hostname is a fully qualified DNS domain name which can be resolved to one or more IPAddrs via the DNS domain name service. It represents a logical host (in contrast to Domains, see above) and must be resolvable to at least one IPAddr (or often to a list of hosts with different IPAddrs).

Examples

prep.ai.example.com
www.apache.org

Note

In many situations, it is more effective to specify an IPAddr in place of a Hostname since a DNS lookup can be avoided. Name resolution in Apache can take a remarkable deal of time when the connection to the name server uses a slow PPP link.

Hostname comparisons are done without regard to the case, and Hostnames are always assumed to be anchored in the root of the DNS tree, therefore two hosts WWW.ExAmple.com and www.example.com. (note the trailing period) are considered equal.

See also

top

<Proxy> Directive

Description:Container for directives applied to proxied resources
Syntax:<Proxy wildcard-url> ...</Proxy>
Context:server config, virtual host
Status:Extension
Module:mod_proxy

Directives placed in <Proxy> sections apply only to matching proxied content. Shell-style wildcards are allowed.

For example, the following will allow only hosts in yournetwork.example.com to access content via your proxy server:

<Proxy *>
Order Deny,Allow
Deny from all
Allow from yournetwork.example.com
 </Proxy>

The following example will process all files in the foo directory of example.com through the INCLUDES filter when they are sent through the proxy server:

<Proxy http://example.com/foo/*>
SetOutputFilter INCLUDES
 </Proxy>

top

ProxyBadHeader Directive

Description:Determines how to handle bad header lines in a response
Syntax:ProxyBadHeader IsError|Ignore|StartBody
Default:ProxyBadHeader IsError
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.44 and later

The ProxyBadHeader directive determines the behaviour of mod_proxy if it receives syntactically invalid header lines (i.e. containing no colon). The following arguments are possible:

IsError
Abort the request and end up with a 502 (Bad Gateway) response. This is the default behaviour.
Ignore
Treat bad header lines as if they weren't sent.
StartBody
When receiving the first bad header line, finish reading the headers and treat the remainder as body. This helps to work around buggy backend servers which forget to insert an empty line between the headers and the body.
top

ProxyBlock Directive

Description:Words, hosts, or domains that are banned from being proxied
Syntax:ProxyBlock *|word|host|domain [word|host|domain] ...
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyBlock directive specifies a list of words, hosts and/or domains, separated by spaces. HTTP, HTTPS, and FTP document requests to sites whose names contain matched words, hosts or domains are blocked by the proxy server. The proxy module will also attempt to determine IP addresses of list items which may be hostnames during startup, and cache them for match test as well. That may slow down the startup time of the server.

Example

ProxyBlock joes-garage.com some-host.co.uk rocky.wotsamattau.edu

rocky.wotsamattau.edu would also be matched if referenced by IP address.

Note that wotsamattau would also be sufficient to match wotsamattau.edu.

Note also that

ProxyBlock *

blocks connections to all sites.

top

ProxyDomain Directive

Description:Default domain name for proxied requests
Syntax:ProxyDomain Domain
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This directive is only useful for Apache proxy servers within intranets. The ProxyDomain directive specifies the default domain which the apache proxy server will belong to. If a request to a host without a domain name is encountered, a redirection response to the same host with the configured Domain appended will be generated.

Example

ProxyRemote * http://firewall.example.com:81
NoProxy .example.com 192.168.112.0/21
ProxyDomain .example.com

top

ProxyErrorOverride Directive

Description:Override error pages for proxied content
Syntax:ProxyErrorOverride On|Off
Default:ProxyErrorOverride Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in version 2.0 and later

This directive is useful for reverse-proxy setups, where you want to have a common look and feel on the error pages seen by the end user. This also allows for included files (via mod_include's SSI) to get the error code and act accordingly (default behavior would display the error page of the proxied server, turning this on shows the SSI Error message).

This directive does not affect the processing of informational (1xx), normal success (2xx), or redirect (3xx) responses.

top

ProxyFtpDirCharset Directive

Description:Define the character set for proxied FTP listings
Syntax:ProxyFtpDirCharset character set
Default:ProxyFtpDirCharset ISO-8859-1
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.2.7 and later

The ProxyFtpDirCharset directive defines the character set to be set for FTP directory listings in HTML generated by mod_proxy_ftp.

top

ProxyIOBufferSize Directive

Description:Determine size of internal data throughput buffer
Syntax:ProxyIOBufferSize bytes
Default:ProxyIOBufferSize 8192
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyIOBufferSize directive adjusts the size of the internal buffer, which is used as a scratchpad for the data between input and output. The size must be less or equal 8192.

In almost every case there's no reason to change that value.

top

<ProxyMatch> Directive

Description:Container for directives applied to regular-expression-matched proxied resources
Syntax:<ProxyMatch regex> ...</ProxyMatch>
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The <ProxyMatch> directive is identical to the <Proxy> directive, except it matches URLs using regular expressions.

top

ProxyMaxForwards Directive

Description:Maximium number of proxies that a request can be forwarded through
Syntax:ProxyMaxForwards number
Default:ProxyMaxForwards -1
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0 and later; default behaviour changed in 2.2.7

The ProxyMaxForwards directive specifies the maximum number of proxies through which a request may pass, if there's no Max-Forwards header supplied with the request. This may be set to prevent infinite proxy loops, or a DoS attack.

Example

ProxyMaxForwards 15

Note that setting ProxyMaxForwards is a violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy setting Max-Forwards if the Client didn't set it. Earlier Apache versions would always set it. A negative ProxyMaxForwards value, including the default -1, gives you protocol-compliant behaviour, but may leave you open to loops.

top

ProxyPass Directive

Description:Maps remote servers into the local server URL-space
Syntax:ProxyPass [path] !|url [key=value key=value ...]] [nocanon] [interpolate]
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy

This directive allows remote servers to be mapped into the space of the local server; the local server does not act as a proxy in the conventional sense, but appears to be a mirror of the remote server. The local server is often called a reverse proxy or gateway. The path is the name of a local virtual path; url is a partial URL for the remote server and cannot include a query string.

The ProxyRequests directive should usually be set off when using ProxyPass.

Suppose the local server has address http://example.com/; then

ProxyPass /mirror/foo/ http://backend.example.com/

will cause a local request for http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar.

If the first argument ends with a trailing /, the second argument should also end with a trailing / and vice versa. Otherwise the resulting requests to the backend may miss some needed slashes and do not deliver the expected results.

The ! directive is useful in situations where you don't want to reverse-proxy a subdirectory, e.g.

ProxyPass /mirror/foo/i !
ProxyPass /mirror/foo http://backend.example.com

will proxy all requests to /mirror/foo to backend.example.com except requests made to /mirror/foo/i.

Note

Order is important: exclusions must come before the general ProxyPass directive.

As of Apache 2.1, the ability to use pooled connections to a backend server is available. Using the key=value parameters it is possible to tune this connection pooling. The default for a Hard Maximum for the number of connections is the number of threads per process in the active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM it is controlled by the ThreadsPerChild.

Setting min will determine how many connections will always be open to the backend server. Upto the Soft Maximum or smax number of connections will be created on demand. Any connections above smax are subject to a time to live or ttl. Apache will never create more than the Hard Maximum or max connections to the backend server.

ProxyPass /example http://backend.example.com smax=5 max=20 ttl=120 retry=300

Parameter Default Description
min 0 Minimum number of connections that will always be open to the backend server.
max 1...n Hard Maximum number of connections that will be allowed to the backend server. The default for a Hard Maximum for the number of connections is the number of threads per process in the active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM it is controlled by the ThreadsPerChild. Apache will never create more than the Hard Maximum connections to the backend server.
smax max Upto the Soft Maximum number of connections will be created on demand. Any connections above smax are subject to a time to live or ttl.
acquire - If set this will be the maximum time to wait for a free connection in the connection pool, in milliseconds. If there are no free connections in the pool the Apache will return SERVER_BUSY status to the client.
connectiontimeout timeout Connect timeout in seconds. The number of seconds Apache waits for the creation of a connection to the backend to complete. By adding a postfix of ms the timeout can be also set in milliseconds.
disablereuse Off This parameter should be used when you want to force mod_proxy to immediately close a connection to the backend after being used, and thus, disable its persistent connection and pool for that backend. This helps in various situations where a firewall between Apache and the backend server (regardless of protocol) tends to silently drop connections or when backends themselves may be under round- robin DNS. To disable connection pooling reuse, set this property value to On.
flushpackets off Determines whether the proxy module will auto-flush the output brigade after each "chunk" of data. 'off' means that it will flush only when needed, 'on' means after each chunk is sent and 'auto' means poll/wait for a period of time and flush if no input has been received for 'flushwait' milliseconds. Currently this is in effect only for AJP.
flushwait 10 The time to wait for additional input, in milliseconds, before flushing the output brigade if 'flushpackets' is 'auto'.
keepalive Off This parameter should be used when you have a firewall between your Apache and the backend server, who tend to drop inactive connections. This flag will tell the Operating System to send KEEP_ALIVE messages on inactive connections (interval depends on global OS settings, generally 120ms), and thus prevent the firewall to drop the connection. To enable keepalive set this property value to On.
lbset 0 Sets the load balancer cluster set that the worker is a member of. The load balancer will try all members of a lower numbered lbset before trying higher numbered ones.
ping 0 Ping property tells webserver to send a CPING request on ajp13 connection before forwarding a request. The parameter is the delay in seconds to wait for the CPONG reply. This features has been added to avoid problem with hung and busy Tomcat's and require ajp13 ping/pong support which has been implemented on Tomcat 3.3.2+, 4.1.28+ and 5.0.13+. This will increase the network traffic during the normal operation which could be an issue, but it will lower the traffic in case some of the cluster nodes are down or busy. Currently this has an effect only for AJP. By adding a postfix of ms the delay can be also set in milliseconds.
loadfactor 1 Worker load factor. Used with BalancerMember. It is a number between 1 and 100 and defines the normalized weighted load applied to the worker.
redirect - Redirection Route of the worker. This value is usually set dynamically to enable safe removal of the node from the cluster. If set all requests without session id will be redirected to the BalancerMember that has route parametar equal as this value.
retry 60 Connection pool worker retry timeout in seconds. If the connection pool worker to the backend server is in the error state, Apache will not forward any requests to that server until the timeout expires. This enables to shut down the backend server for maintenance, and bring it back online later. A value of 0 means always retry workers in an error state with no timeout.
route - Route of the worker when used inside load balancer. The route is a value appended to session id.
status - Single letter value defining the initial status of this worker: 'D' is disabled, 'S' is stopped, 'I' is ignore-errors, 'H' is hot-standby and 'E' is in an error state. Status can be set (which is the default) by prepending with '+' or cleared by prepending with '-'. Thus, a setting of 'S-E' sets this worker to Stopped and clears the in-error flag.
timeout ProxyTimeout Connection timeout in seconds. The number of seconds Apache waits for data sent by / to the backend.
ttl - Time To Live for the inactive connections above the smax connections in seconds. Apache will close all connections that has not been used inside that time period.

If the Proxy directive scheme starts with the balancer:// (eg: balancer://cluster/, any path information is ignored) then a virtual worker that does not really communicate with the backend server will be created. Instead it is responsible for the management of several "real" workers. In that case the special set of parameters can be add to this virtual worker. See mod_proxy_balancer for more information about how the balancer works.

Parameter Default Description
lbmethod byrequests Balancer load-balance method. Select the load-balancing scheduler method to use. Either byrequests, to perform weighted request counting, bytraffic, to perform weighted traffic byte count balancing, or bybusyness, to perform pending request balancing. Default is byrequests.
maxattempts 1 Maximum number of failover attempts before giving up.
nofailover Off If set to On the session will break if the worker is in error state or disabled. Set this value to On if backend servers do not support session replication.
stickysession - Balancer sticky session name. The value is usually set to something like JSESSIONID or PHPSESSIONID, and it depends on the backend application server that support sessions. If the backend application server uses different name for cookies and url encoded id (like servlet containers) use | to to separate them. The first part is for the cookie the second for the path.
scolonpathdelim Off If set to On the semi-colon character ';' will be used as an additional sticky session path deliminator/separator. This is mainly used to emulate mod_jk's behavior when dealing with paths such as JSESSIONID=6736bcf34;foo=aabfa
timeout 0 Balancer timeout in seconds. If set this will be the maximum time to wait for a free worker. Default is not to wait.

A sample balancer setup

ProxyPass /special-area http://special.example.com/ smax=5 max=10
ProxyPass / balancer://mycluster/ stickysession=JSESSIONID|jsessionid nofailover=On
<Proxy balancer://mycluster>
BalancerMember http://1.2.3.4:8009
BalancerMember http://1.2.3.5:8009 smax=10
# Less powerful server, don't send as many requests there
BalancerMember http://1.2.3.6:8009 smax=1 loadfactor=20
 </Proxy>

Setting up a hot-standby, that will only be used if no other members are available

ProxyPass / balancer://hotcluster/
<Proxy balancer://hotcluster>
BalancerMember http://1.2.3.4:8009 loadfactor=1
BalancerMember http://1.2.3.5:8009 loadfactor=2
# The below is the hot standby
BalancerMember http://1.2.3.6:8009 status=+H
ProxySet lbmethod=bytraffic </Proxy>

Normally, mod_proxy will canonicalise ProxyPassed URLs. But this may be incompatible with some backends, particularly those that make use of PATH_INFO. The optional nocanon keyword suppresses this, and passes the URL path "raw" to the backend. Note that may affect the security of your backend, as it removes the normal limited protection against URL-based attacks provided by the proxy.

The optional interpolate keyword (available in httpd 2.2.9 and later), in combination with ProxyPassInterpolateEnv causes the ProxyPass to interpolate environment variables, using the syntax ${VARNAME}. Note that many of the standard CGI-derived environment variables will not exist when this interpolation happens, so you may still have to resort to mod_rewrite for complex rules.

When used inside a <Location> section, the first argument is omitted and the local directory is obtained from the <Location>.

If you require a more flexible reverse-proxy configuration, see the RewriteRule directive with the [P] flag.

top

ProxyPassInterpolateEnv Directive

Description:Enable Environment Variable interpolation in Reverse Proxy configurations
Syntax:ProxyPassInterpolateEnv On|Off
Default:ProxyPassInterpolateEnv Off
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy
Compatibility:Available in httpd 2.2.9 and later

This directive, together with the interpolate argument to ProxyPass, ProxyPassReverse, ProxyPassReverseCookieDomain and ProxyPassReverseCookiePath enables reverse proxies to be dynamically configured using environment variables, which may be set by another module such as mod_rewrite. It affects the ProxyPass, ProxyPassReverse, ProxyPassReverseCookieDomain, and ProxyPassReverseCookiePath directives, and causes them to substitute the value of an environment variable varname for the string ${varname} in configuration directives.

Keep this turned off (for server performance) unless you need it!

top

ProxyPassMatch Directive

Description:Maps remote servers into the local server URL-space using regular expressions
Syntax:ProxyPassMatch [regex] !|url [key=value [key=value ...]]
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy
Compatibility:available in Apache 2.2.5 and later

This directive is equivalent to ProxyPass, but makes use of regular expressions, instead of simple prefix matching. The supplied regular expression is matched against the url, and if it matches, the server will substitute any parenthesized matches into the given string and use it as a new url.

Suppose the local server has address http://example.com/; then

ProxyPassMatch ^(/.*\.gif)$ http://backend.example.com$1

will cause a local request for http://example.com/foo/bar.gif to be internally converted into a proxy request to http://backend.example.com/foo/bar.gif.

The ! directive is useful in situations where you don't want to reverse-proxy a subdirectory.

top

ProxyPassReverse Directive

Description:Adjusts the URL in HTTP response headers sent from a reverse proxied server
Syntax:ProxyPassReverse [path] url [interpolate]
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy

This directive lets Apache adjust the URL in the Location, Content-Location and URI headers on HTTP redirect responses. This is essential when Apache is used as a reverse proxy (or gateway) to avoid by-passing the reverse proxy because of HTTP redirects on the backend servers which stay behind the reverse proxy.

Only the HTTP response headers specifically mentioned above will be rewritten. Apache will not rewrite other response headers, nor will it rewrite URL references inside HTML pages. This means that if the proxied content contains absolute URL references, they will by-pass the proxy. A third-party module that will look inside the HTML and rewrite URL references is Nick Kew's mod_proxy_html.

path is the name of a local virtual path. url is a partial URL for the remote server - the same way they are used for the ProxyPass directive.

For example, suppose the local server has address http://example.com/; then

ProxyPass /mirror/foo/ http://backend.example.com/
ProxyPassReverse /mirror/foo/ http://backend.example.com/
ProxyPassReverseCookieDomain backend.example.com public.example.com
ProxyPassReverseCookiePath / /mirror/foo/

will not only cause a local request for the http://example.com/mirror/foo/bar to be internally converted into a proxy request to http://backend.example.com/bar (the functionality ProxyPass provides here). It also takes care of redirects the server backend.example.com sends: when http://backend.example.com/bar is redirected by him to http://backend.example.com/quux Apache adjusts this to http://example.com/mirror/foo/quux before forwarding the HTTP redirect response to the client. Note that the hostname used for constructing the URL is chosen in respect to the setting of the UseCanonicalName directive.

Note that this ProxyPassReverse directive can also be used in conjunction with the proxy pass-through feature (RewriteRule ... [P]) from mod_rewrite because it doesn't depend on a corresponding ProxyPass directive.

The optional interpolate keyword (available in httpd 2.2.9 and later), used together with ProxyPassInterpolateEnv, enables interpolation of environment variables specified using the format ${VARNAME}.

When used inside a <Location> section, the first argument is omitted and the local directory is obtained from the <Location>.

top

ProxyPassReverseCookieDomain Directive

Description:Adjusts the Domain string in Set-Cookie headers from a reverse- proxied server
Syntax:ProxyPassReverseCookieDomain internal-domain public-domain [interpolate]
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy

Usage is basically similar to ProxyPassReverse, but instead of rewriting headers that are a URL, this rewrites the domain string in Set-Cookie headers.

top

ProxyPassReverseCookiePath Directive

Description:Adjusts the Path string in Set-Cookie headers from a reverse- proxied server
Syntax:ProxyPassReverseCookiePath internal-path public-path [interpolate]
Context:server config, virtual host, directory
Status:Extension
Module:mod_proxy

Usage is basically similar to ProxyPassReverse, but instead of rewriting headers that are a URL, this rewrites the path string in Set-Cookie headers.

top

ProxyPreserveHost Directive

Description:Use incoming Host HTTP request header for proxy request
Syntax:ProxyPreserveHost On|Off
Default:ProxyPreserveHost Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.31 and later.

When enabled, this option will pass the Host: line from the incoming request to the proxied host, instead of the hostname specified in the ProxyPass line.

This option should normally be turned Off. It is mostly useful in special configurations like proxied mass name-based virtual hosting, where the original Host header needs to be evaluated by the backend server.

top

ProxyReceiveBufferSize Directive

Description:Network buffer size for proxied HTTP and FTP connections
Syntax:ProxyReceiveBufferSize bytes
Default:ProxyReceiveBufferSize 0
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyReceiveBufferSize directive specifies an explicit (TCP/IP) network buffer size for proxied HTTP and FTP connections, for increased throughput. It has to be greater than 512 or set to 0 to indicate that the system's default buffer size should be used.

Example

ProxyReceiveBufferSize 2048

top

ProxyRemote Directive

Description:Remote proxy used to handle certain requests
Syntax:ProxyRemote match remote-server
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This defines remote proxies to this proxy. match is either the name of a URL-scheme that the remote server supports, or a partial URL for which the remote server should be used, or * to indicate the server should be contacted for all requests. remote-server is a partial URL for the remote server. Syntax:

remote-server = scheme://hostname[:port]

scheme is effectively the protocol that should be used to communicate with the remote server; only http is supported by this module.

Example

ProxyRemote http://goodguys.example.com/ http://mirrorguys.example.com:8000
ProxyRemote * http://cleverproxy.localdomain
ProxyRemote ftp http://ftpproxy.mydomain:8080

In the last example, the proxy will forward FTP requests, encapsulated as yet another HTTP proxy request, to another proxy which can handle them.

This option also supports reverse proxy configuration - a backend webserver can be embedded within a virtualhost URL space even if that server is hidden by another forward proxy.

top

ProxyRemoteMatch Directive

Description:Remote proxy used to handle requests matched by regular expressions
Syntax:ProxyRemoteMatch regex remote-server
Context:server config, virtual host
Status:Extension
Module:mod_proxy

The ProxyRemoteMatch is identical to the ProxyRemote directive, except the first argument is a regular expression match against the requested URL.

top

ProxyRequests Directive

Description:Enables forward (standard) proxy requests
Syntax:ProxyRequests On|Off
Default:ProxyRequests Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This allows or prevents Apache from functioning as a forward proxy server. (Setting ProxyRequests to Off does not disable use of the ProxyPass directive.)

In a typical reverse proxy or gateway configuration, this option should be set to Off.

In order to get the functionality of proxying HTTP or FTP sites, you need also mod_proxy_http or mod_proxy_ftp (or both) present in the server.

Warning

Do not enable proxying with ProxyRequests until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

See also

top

ProxySet Directive

Description:Set various Proxy balancer or member parameters
Syntax:ProxySet url key=value [key=value ...]
Context:directory
Status:Extension
Module:mod_proxy
Compatibility:ProxySet is only available in Apache 2.2 and later.

This directive is used as an alternate method of setting any of the parameters available to Proxy balancers and workers normally done via the ProxyPass directive. If used within a <Proxy balancer url|worker url> container directive, the url argument is not required. As a side effect the respective balancer or worker gets created. This can be useful when doing reverse proxying via a RewriteRule instead of a ProxyPass directive.

<Proxy balancer://hotcluster>
BalancerMember http://www2.example.com:8009 loadfactor=1
BalancerMember http://www3.example.com:8009 loadfactor=2
ProxySet lbmethod=bytraffic
 </Proxy>

<Proxy http://backend>
ProxySet keepalive=On
 </Proxy>

ProxySet balancer://foo lbmethod=bytraffic timeout=15

ProxySet ajp://backend:7001 timeout=15

Warning

Keep in mind that the same parameter key can have a different meaning depending whether it is applied to a balancer or a worker as shown by the two examples above regarding timeout.

top

ProxyStatus Directive

Description:Show Proxy LoadBalancer status in mod_status
Syntax:ProxyStatus Off|On|Full
Default:ProxyStatus Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in version 2.2 and later

This directive determines whether or not proxy loadbalancer status data is displayed via the mod_status server-status page.

Note

Full is synonymous with On

top

ProxyTimeout Directive

Description:Network timeout for proxied requests
Syntax:ProxyTimeout seconds
Default:Value of Timeout
Context:server config, virtual host
Status:Extension
Module:mod_proxy
Compatibility:Available in Apache 2.0.31 and later

This directive allows a user to specifiy a timeout on proxy requests. This is useful when you have a slow/buggy appserver which hangs, and you would rather just return a timeout and fail gracefully instead of waiting however long it takes the server to return.

top

ProxyVia Directive

Description:Information provided in the Via HTTP response header for proxied requests
Syntax:ProxyVia On|Off|Full|Block
Default:ProxyVia Off
Context:server config, virtual host
Status:Extension
Module:mod_proxy

This directive controls the use of the Via: HTTP header by the proxy. Its intended use is to control the flow of proxy requests along a chain of proxy servers. See RFC 2616 (HTTP/1.1), section 14.45 for an explanation of Via: header lines.

  • If set to Off, which is the default, no special processing is performed. If a request or reply contains a Via: header, it is passed through unchanged.
  • If set to On, each request and reply will get a Via: header line added for the current host.
  • If set to Full, each generated Via: header line will additionally have the Apache server version shown as a Via: comment field.
  • If set to Block, every proxy request will have all its Via: header lines removed. No new Via: header will be generated.
mod/mod_proxy_ajp.html100644 0 0 61772 11237400533 12557 0ustar 0 0 mod_proxy_ajp - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_proxy_ajp

Description:AJP support module for mod_proxy
Status:Extension
ModuleIdentifier:proxy_ajp_module
SourceFile:mod_proxy_ajp.c
Compatibility:Available in version 2.1 and later

Summary

This module requires the service of mod_proxy. It provides support for the Apache JServ Protocol version 1.3 (hereafter AJP13).

Thus, in order to get the ability of handling AJP13 protocol, mod_proxy and mod_proxy_ajp have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

top

Overview of the protocol

The AJP13 protocol is packet-oriented. A binary format was presumably chosen over the more readable plain text for reasons of performance. The web server communicates with the servlet container over TCP connections. To cut down on the expensive process of socket creation, the web server will attempt to maintain persistent TCP connections to the servlet container, and to reuse a connection for multiple request/response cycles.

Once a connection is assigned to a particular request, it will not be used for any others until the request-handling cycle has terminated. In other words, requests are not multiplexed over connections. This makes for much simpler code at either end of the connection, although it does cause more connections to be open at once.

Once the web server has opened a connection to the servlet container, the connection can be in one of the following states:

  • Idle
    No request is being handled over this connection.
  • Assigned
    The connecton is handling a specific request.

Once a connection is assigned to handle a particular request, the basic request informaton (e.g. HTTP headers, etc) is sent over the connection in a highly condensed form (e.g. common strings are encoded as integers). Details of that format are below in Request Packet Structure. If there is a body to the request (content-length > 0), that is sent in a separate packet immediately after.

At this point, the servlet container is presumably ready to start processing the request. As it does so, it can send the following messages back to the web server:

  • SEND_HEADERS
    Send a set of headers back to the browser.
  • SEND_BODY_CHUNK
    Send a chunk of body data back to the browser.
  • GET_BODY_CHUNK
    Get further data from the request if it hasn't all been transferred yet. This is necessary because the packets have a fixed maximum size and arbitrary amounts of data can be included the body of a request (for uploaded files, for example). (Note: this is unrelated to HTTP chunked tranfer).
  • END_RESPONSE
    Finish the request-handling cycle.

Each message is accompanied by a differently formatted packet of data. See Response Packet Structures below for details.

top

Basic Packet Structure

There is a bit of an XDR heritage to this protocol, but it differs in lots of ways (no 4 byte alignment, for example).

Byte order: I am not clear about the endian-ness of the individual bytes. I'm guessing the bytes are little-endian, because that's what XDR specifies, and I'm guessing that sys/socket library is magically making that so (on the C side). If anyone with a better knowledge of socket calls can step in, that would be great.

There are four data types in the protocol: bytes, booleans, integers and strings.

Byte
A single byte.
Boolean
A single byte, 1 = true, 0 = false. Using other non-zero values as true (i.e. C-style) may work in some places, but it won't in others.
Integer
A number in the range of 0 to 2^16 (32768). Stored in 2 bytes with the high-order byte first.
String
A variable-sized string (length bounded by 2^16). Encoded with the length packed into two bytes first, followed by the string (including the terminating '\0'). Note that the encoded length does not include the trailing '\0' -- it is like strlen. This is a touch confusing on the Java side, which is littered with odd autoincrement statements to skip over these terminators. I believe the reason this was done was to allow the C code to be extra efficient when reading strings which the servlet container is sending back -- with the terminating \0 character, the C code can pass around references into a single buffer, without copying. if the \0 was missing, the C code would have to copy things out in order to get its notion of a string.

Packet Size

According to much of the code, the max packet size is 8 * 1024 bytes (8K). The actual length of the packet is encoded in the header.

Packet Headers

Packets sent from the server to the container begin with 0x1234. Packets sent from the container to the server begin with AB (that's the ASCII code for A followed by the ASCII code for B). After those first two bytes, there is an integer (encoded as above) with the length of the payload. Although this might suggest that the maximum payload could be as large as 2^16, in fact, the code sets the maximum to be 8K.

Packet Format (Server->Container)
Byte 0 1 2 3 4...(n+3)
Contents 0x12 0x34 Data Length (n) Data
Packet Format (Container->Server)
Byte 0 1 2 3 4...(n+3)
Contents A B Data Length (n) Data

For most packets, the first byte of the payload encodes the type of message. The exception is for request body packets sent from the server to the container -- they are sent with a standard packet header ( 0x1234 and then length of the packet), but without any prefix code after that.

The web server can send the following messages to the servlet container:

Code Type of Packet Meaning
2 Forward Request Begin the request-processing cycle with the following data
7 Shutdown The web server asks the container to shut itself down.
8 Ping The web server asks the container to take control (secure login phase).
10 CPing The web server asks the container to respond quickly with a CPong.
none Data Size (2 bytes) and corresponding body data.

To ensure some basic security, the container will only actually do the Shutdown if the request comes from the same machine on which it's hosted.

The first Data packet is send immediatly after the Forward Request by the web server.

The servlet container can send the following types of messages to the webserver:

Code Type of Packet Meaning
3 Send Body Chunk Send a chunk of the body from the servlet container to the web server (and presumably, onto the browser).
4 Send Headers Send the response headers from the servlet container to the web server (and presumably, onto the browser).
5 End Response Marks the end of the response (and thus the request-handling cycle).
6 Get Body Chunk Get further data from the request if it hasn't all been transferred yet.
9 CPong Reply The reply to a CPing request

Each of the above messages has a different internal structure, detailed below.

top

Request Packet Structure

For messages from the server to the container of type Forward Request:

AJP13_FORWARD_REQUEST :=
    prefix_code      (byte) 0x02 = JK_AJP13_FORWARD_REQUEST
    method           (byte)
    protocol         (string)
    req_uri          (string)
    remote_addr      (string)
    remote_host      (string)
    server_name      (string)
    server_port      (integer)
    is_ssl           (boolean)
    num_headers      (integer)
    request_headers *(req_header_name req_header_value)
    attributes      *(attribut_name attribute_value)
    request_terminator (byte) OxFF

The request_headers have the following structure: 

req_header_name := 
    sc_req_header_name | (string)  [see below for how this is parsed]

sc_req_header_name := 0xA0xx (integer)

req_header_value := (string)

The attributes are optional and have the following structure:

attribute_name := sc_a_name | (sc_a_req_attribute string)

attribute_value := (string)

Not that the all-important header is content-length, because it determines whether or not the container looks for another packet immediately.

Detailed description of the elements of Forward Request

Request prefix

For all requests, this will be 2. See above for details on other Prefix codes.

Method

The HTTP method, encoded as a single byte:

Command NameCode
OPTIONS1
GET2
HEAD3
POST4
PUT5
DELETE6
TRACE7
PROPFIND8
PROPPATCH9
MKCOL10
COPY11
MOVE12
LOCK13
UNLOCK14
ACL15
REPORT16
VERSION-CONTROL17
CHECKIN18
CHECKOUT19
UNCHECKOUT20
SEARCH21
MKWORKSPACE22
UPDATE23
LABEL24
MERGE25
BASELINE_CONTROL26
MKACTIVITY27

Later version of ajp13, will transport additional methods, even if they are not in this list.

protocol, req_uri, remote_addr, remote_host, server_name, server_port, is_ssl

These are all fairly self-explanatory. Each of these is required, and will be sent for every request.

Headers

The structure of request_headers is the following: First, the number of headers num_headers is encoded. Then, a series of header name req_header_name / value req_header_value pairs follows. Common header names are encoded as integers, to save space. If the header name is not in the list of basic headers, it is encoded normally (as a string, with prefixed length). The list of common headers sc_req_header_nameand their codes is as follows (all are case-sensitive):

NameCode valueCode name
accept0xA001SC_REQ_ACCEPT
accept-charset0xA002SC_REQ_ACCEPT_CHARSET
accept-encoding0xA003SC_REQ_ACCEPT_ENCODING
accept-language0xA004SC_REQ_ACCEPT_LANGUAGE
authorization0xA005SC_REQ_AUTHORIZATION
connection0xA006SC_REQ_CONNECTION
content-type0xA007SC_REQ_CONTENT_TYPE
content-length0xA008SC_REQ_CONTENT_LENGTH
cookie0xA009SC_REQ_COOKIE
cookie20xA00ASC_REQ_COOKIE2
host0xA00BSC_REQ_HOST
pragma0xA00CSC_REQ_PRAGMA
referer0xA00DSC_REQ_REFERER
user-agent0xA00ESC_REQ_USER_AGENT

The Java code that reads this grabs the first two-byte integer and if it sees an '0xA0' in the most significant byte, it uses the integer in the second byte as an index into an array of header names. If the first byte is not 0xA0, it assumes that the two-byte integer is the length of a string, which is then read in.

This works on the assumption that no header names will have length greater than 0x9999 (==0xA000 - 1), which is perfectly reasonable, though somewhat arbitrary.

Note:

The content-length header is extremely important. If it is present and non-zero, the container assumes that the request has a body (a POST request, for example), and immediately reads a separate packet off the input stream to get that body.

Attributes

The attributes prefixed with a ? (e.g. ?context) are all optional. For each, there is a single byte code to indicate the type of attribute, and then its value (string or integer). They can be sent in any order (though the C code always sends them in the order listed below). A special terminating code is sent to signal the end of the list of optional attributes. The list of byte codes is:

InformationCode ValueType Of ValueNote
?context0x01-Not currently implemented
?servlet_path0x02-Not currently implemented
?remote_user0x03String
?auth_type0x04String
?query_string0x05String
?jvm_route0x06String
?ssl_cert0x07String
?ssl_cipher0x08String
?ssl_session0x09String
?req_attribute0x0AStringName (the name of the attribute follows)
?ssl_key_size0x0BInteger
are_done0xFF-request_terminator

The context and servlet_path are not currently set by the C code, and most of the Java code completely ignores whatever is sent over for those fields (and some of it will actually break if a string is sent along after one of those codes). I don't know if this is a bug or an unimplemented feature or just vestigial code, but it's missing from both sides of the connection.

The remote_user and auth_type presumably refer to HTTP-level authentication, and communicate the remote user's username and the type of authentication used to establish their identity (e.g. Basic, Digest).

The query_string, ssl_cert, ssl_cipher, and ssl_session refer to the corresponding pieces of HTTP and HTTPS.

The jvm_route, is used to support sticky sessions -- associating a user's sesson with a particular Tomcat instance in the presence of multiple, load-balancing servers.

Beyond this list of basic attributes, any number of other attributes can be sent via the req_attribute code 0x0A. A pair of strings to represent the attribute name and value are sent immediately after each instance of that code. Environment values are passed in via this method.

Finally, after all the attributes have been sent, the attribute terminator, 0xFF, is sent. This signals both the end of the list of attributes and also then end of the Request Packet.

top

Response Packet Structure

for messages which the container can send back to the server.

AJP13_SEND_BODY_CHUNK :=
  prefix_code   3
  chunk_length  (integer)
  chunk        *(byte)
  chunk_terminator (byte) Ox00

AJP13_SEND_HEADERS :=
  prefix_code       4
  http_status_code  (integer)
  http_status_msg   (string)
  num_headers       (integer)
  response_headers *(res_header_name header_value)

res_header_name :=
    sc_res_header_name | (string)   [see below for how this is parsed]

sc_res_header_name := 0xA0 (byte)

header_value := (string)

AJP13_END_RESPONSE :=
  prefix_code       5
  reuse             (boolean)


AJP13_GET_BODY_CHUNK :=
  prefix_code       6
  requested_length  (integer)

Details:

Send Body Chunk

The chunk is basically binary data, and is sent directly back to the browser.

Send Headers

The status code and message are the usual HTTP things (e.g. 200 and OK). The response header names are encoded the same way the request header names are. See header_encoding above for details about how the codes are distinguished from the strings.
The codes for common headers are:

NameCode value
Content-Type0xA001
Content-Language0xA002
Content-Length0xA003
Date0xA004
Last-Modified0xA005
Location0xA006
Set-Cookie0xA007
Set-Cookie20xA008
Servlet-Engine0xA009
Status0xA00A
WWW-Authenticate0xA00B

After the code or the string header name, the header value is immediately encoded.

End Response

Signals the end of this request-handling cycle. If the reuse flag is true (==1), this TCP connection can now be used to handle new incoming requests. If reuse is false (anything other than 1 in the actual C code), the connection should be closed.

Get Body Chunk

The container asks for more data from the request (If the body was too large to fit in the first packet sent over or when the request is chuncked). The server will send a body packet back with an amount of data which is the minimum of the request_length, the maximum send body size (8186 (8 Kbytes - 6)), and the number of bytes actually left to send from the request body.
If there is no more data in the body (i.e. the servlet container is trying to read past the end of the body), the server will send back an empty packet, which is a body packet with a payload length of 0. (0x12,0x34,0x00,0x00)

mod/mod_proxy_balancer.html100644 0 0 41650 11237400533 13545 0ustar 0 0 mod_proxy_balancer - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_proxy_balancer

Description:mod_proxy extension for load balancing
Status:Extension
ModuleIdentifier:proxy_balancer_module
SourceFile:mod_proxy_balancer.c
Compatibility:Available in version 2.1 and later

Summary

This module requires the service of mod_proxy. It provides load balancing support for HTTP, FTP and AJP13 protocols

Thus, in order to get the ability of load balancing, mod_proxy and mod_proxy_balancer have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

top

Load balancer scheduler algorithm

At present, there are 3 load balancer scheduler algorithms available for use: Request Counting, Weighted Traffic Counting and Pending Request Counting. These are controlled via the lbmethod value of the Balancer definition. See the ProxyPass directive for more information.

top

Example of a balancer configuration

Before we dive into the technical details, here's an example of how you might use mod_proxy_balancer to provide load balancing between two back-end servers:

<Proxy balancer://mycluster>
BalancerMember http://192.168.1.50:80
BalancerMember http://192.168.1.51:80
</Proxy>
ProxyPass /test balancer://mycluster/

top

Request Counting Algorithm

Enabled via lbmethod=byrequests, the idea behind this scheduler is that we distribute the requests among the various workers to ensure that each gets their configured share of the number of requests. It works as follows:

lbfactor is how much we expect this worker to work, or the workers's work quota. This is a normalized value representing their "share" of the amount of work to be done.

lbstatus is how urgent this worker has to work to fulfill its quota of work.

The worker is a member of the load balancer, usually a remote host serving one of the supported protocols.

We distribute each worker's work quota to the worker, and then look which of them needs to work most urgently (biggest lbstatus). This worker is then selected for work, and its lbstatus reduced by the total work quota we distributed to all workers. Thus the sum of all lbstatus does not change(*) and we distribute the requests as desired.

If some workers are disabled, the others will still be scheduled correctly.

for each worker in workers
    worker lbstatus += worker lbfactor
    total factor    += worker lbfactor
    if worker lbstatus > candidate lbstatus
        candidate = worker

candidate lbstatus -= total factor

If a balancer is configured as follows:

worker a b c d
lbfactor 25 25 25 25
lbstatus 0 0 0 0

And b gets disabled, the following schedule is produced:

worker a b c d
lbstatus -50 0 25 25
lbstatus -25 0 -25 50
lbstatus 0 0 0 0
(repeat)

That is it schedules: a c d a c d a c d ... Please note that:

worker a b c d
lbfactor 25 25 25 25

Has the exact same behavior as:

worker a b c d
lbfactor 1 1 1 1

This is because all values of lbfactor are normalized with respect to the others. For:

worker a b c
lbfactor 1 4 1

worker b will, on average, get 4 times the requests that a and c will.

The following asymmetric configuration works as one would expect:

worker a b
lbfactor 70 30
 
lbstatus -30 30
lbstatus 40 -40
lbstatus 10 -10
lbstatus -20 20
lbstatus -50 50
lbstatus 20 -20
lbstatus -10 10
lbstatus -40 40
lbstatus 30 -30
lbstatus 0 0
(repeat)

That is after 10 schedules, the schedule repeats and 7 a are selected with 3 b interspersed.

top

Weighted Traffic Counting Algorithm

Enabled via lbmethod=bytraffic, the idea behind this scheduler is very similar to the Request Counting method, with the following changes:

lbfactor is how much traffic, in bytes, we want this worker to handle. This is also a normalized value representing their "share" of the amount of work to be done, but instead of simply counting the number of requests, we take into account the amount of traffic this worker has seen.

If a balancer is configured as follows:

worker a b c
lbfactor 1 2 1

Then we mean that we want b to process twice the amount of bytes than a or c should. It does not necessarily mean that b would handle twice as many requests, but it would process twice the I/O. Thus, the size of the request and response are applied to the weighting and selection algorithm.

top

Pending Request Counting Algorithm

Enabled via lbmethod=bybusyness, this scheduler keeps track of how many requests each worker is assigned at present. A new request is automatically assigned to the worker with the lowest number of active requests. This is useful in the case of workers that queue incoming requests independently of Apache, to ensure that queue length stays even and a request is always given to the worker most likely to service it fastest.

In the case of multiple least-busy workers, the statistics (and weightings) used by the Request Counting method are used to break the tie. Over time, the distribution of work will come to resemble that characteristic of byrequests.

top

Exported Environment Variables

At present there are 6 environment variables exported:

BALANCER_SESSION_STICKY

This is assigned the stickysession value used in the current request. It is the cookie or parameter name used for sticky sessions

BALANCER_SESSION_ROUTE

This is assigned the route parsed from the current request.

BALANCER_NAME

This is assigned the name of the balancer used for the current request. The value is something like balancer://foo.

BALANCER_WORKER_NAME

This is assigned the name of the worker used for the current request. The value is something like http://hostA:1234.

BALANCER_WORKER_ROUTE

This is assigned the route of the worker that will be used for the current request.

BALANCER_ROUTE_CHANGED

This is set to 1 if the session route does not match the worker route (BALANCER_SESSION_ROUTE != BALANCER_WORKER_ROUTE) or the session does not yet have an established route. This can be used to determine when/if the client needs to be sent an updated route when sticky sessions are used.

top

Enabling Balancer Manager Support

This module requires the service of mod_status. Balancer manager enables dynamic update of balancer members. You can use balancer manager to change the balance factor or a particular member, or put it in the off line mode.

Thus, in order to get the ability of load balancer management, mod_status and mod_proxy_balancer have to be present in the server.

To enable load balancer management for browsers from the example.com domain add this code to your httpd.conf configuration file

<Location /balancer-manager>
SetHandler balancer-manager

Order Deny,Allow
Deny from all
Allow from .example.com
</Location>

You can now access load balancer manager by using a Web browser to access the page http://your.server.name/balancer-manager

mod/mod_proxy_connect.html100644 0 0 6775 11237400533 13420 0ustar 0 0 mod_proxy_connect - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_proxy_connect

Description:mod_proxy extension for CONNECT request handling
Status:Extension
ModuleIdentifier:proxy_connect_module
SourceFile:mod_proxy_connect.c

Summary

This module requires the service of mod_proxy. It provides support for the CONNECT HTTP method. This method is mainly used to tunnel SSL requests through proxy servers.

Thus, in order to get the ability of handling CONNECT requests, mod_proxy and mod_proxy_connect have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

Directives

This module provides no directives.

See also

mod/mod_proxy_ftp.html100644 0 0 21705 11237400533 12566 0ustar 0 0 mod_proxy_ftp - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_proxy_ftp

Description:FTP support module for mod_proxy
Status:Extension
ModuleIdentifier:proxy_ftp_module
SourceFile:mod_proxy_ftp.c

Summary

This module requires the service of mod_proxy. It provides support for the proxying FTP sites. Note that FTP support is currently limited to the GET method.

Thus, in order to get the ability of handling FTP proxy requests, mod_proxy and mod_proxy_ftp have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

top

Why doesn't file type xxx download via FTP?

You probably don't have that particular file type defined as application/octet-stream in your proxy's mime.types configuration file. A useful line can be

application/octet-stream   bin dms lha lzh exe class tgz taz

Alternatively you may prefer to default everything to binary:

DefaultType application/octet-stream
top

How can I force an FTP ASCII download of File xxx?

In the rare situation where you must download a specific file using the FTP ASCII transfer method (while the default transfer is in binary mode), you can override mod_proxy's default by suffixing the request with ;type=a to force an ASCII transfer. (FTP Directory listings are always executed in ASCII mode, however.)

top

How can I do FTP upload?

Currently, only GET is supported for FTP in mod_proxy. You can of course use HTTP upload (POST or PUT) through an Apache proxy.

top

How can I access FTP files outside of my home directory?

An FTP URI is interpreted relative to the home directory of the user who is logging in. Alas, to reach higher directory levels you cannot use /../, as the dots are interpreted by the browser and not actually sent to the FTP server. To address this problem, the so called Squid %2f hack was implemented in the Apache FTP proxy; it is a solution which is also used by other popular proxy servers like the Squid Proxy Cache. By prepending /%2f to the path of your request, you can make such a proxy change the FTP starting directory to / (instead of the home directory). For example, to retrieve the file /etc/motd, you would use the URL:

ftp://user@host/%2f/etc/motd

top

How can I hide the FTP cleartext password in my browser's URL line?

To log in to an FTP server by username and password, Apache uses different strategies. In absense of a user name and password in the URL altogether, Apache sends an anonymous login to the FTP server, i.e.,

user: anonymous
password: apache_proxy@

This works for all popular FTP servers which are configured for anonymous access.

For a personal login with a specific username, you can embed the user name into the URL, like in:

ftp://username@host/myfile

If the FTP server asks for a password when given this username (which it should), then Apache will reply with a 401 (Authorization required) response, which causes the Browser to pop up the username/password dialog. Upon entering the password, the connection attempt is retried, and if successful, the requested resource is presented. The advantage of this procedure is that your browser does not display the password in cleartext (which it would if you had used

ftp://username:password@host/myfile

in the first place).

Note

The password which is transmitted in such a way is not encrypted on its way. It travels between your browser and the Apache proxy server in a base64-encoded cleartext string, and between the Apache proxy and the FTP server as plaintext. You should therefore think twice before accessing your FTP server via HTTP (or before accessing your personal files via FTP at all!) When using unsecure channels, an eavesdropper might intercept your password on its way.

mod/mod_proxy_http.html100644 0 0 16672 11237400533 12763 0ustar 0 0 mod_proxy_http - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_proxy_http

Description:HTTP support module for mod_proxy
Status:Extension
ModuleIdentifier:proxy_http_module
SourceFile:mod_proxy_http.c

Summary

This module requires the service of mod_proxy. It provides the features used for proxying HTTP requests. mod_proxy_http supports HTTP/0.9, HTTP/1.0 and HTTP/1.1. It does not provide any caching abilities. If you want to set up a caching proxy, you might want to use the additional service of the mod_cache module.

Thus, in order to get the ability of handling HTTP proxy requests, mod_proxy and mod_proxy_http have to be present in the server.

Warning

Do not enable proxying until you have secured your server. Open proxy servers are dangerous both to your network and to the Internet at large.

Directives

This module provides no directives.

Topics

See also

top

Environment Variables

In addition to the configuration directives that control the behaviour of mod_proxy, there are a number of environment variables that control the HTTP protocol provider:

proxy-sendextracrlf
Causes proxy to send an extra CR-LF newline on the end of a request. This is a workaround for a bug in some browsers.
force-proxy-request-1.0
Forces the proxy to send requests to the backend as HTTP/1.0 and disables HTTP/1.1 features.
proxy-nokeepalive
Forces the proxy to close the backend connection after each request.
proxy-chain-auth
If the proxy requires authentication, it will read and consume the proxy authentication credentials sent by the client. With proxy-chain-auth it will also forward the credentials to the next proxy in the chain. This may be necessary if you have a chain of proxies that share authentication information. Security Warning: Do not set this unless you know you need it, as it forwards sensitive information!
proxy-sendcl
HTTP/1.0 required all HTTP requests that include a body (e.g. POST requests) to include a Content-Length header. This environment variable forces the Apache proxy to send this header to the backend server, regardless of what the Client sent to the proxy. It ensures compatibility when proxying for an HTTP/1.0 or unknown backend. However, it may require the entire request to be buffered by the proxy, so it becomes very inefficient for large requests.
proxy-sendchunks or proxy-sendchunked
This is the opposite of proxy-sendcl. It allows request bodies to be sent to the backend using chunked transfer encoding. This allows the request to be efficiently streamed, but requires that the backend server supports HTTP/1.1.
proxy-interim-response
This variable takes values RFC or Suppress. Earlier httpd versions would suppress HTTP interim (1xx) responses sent from the backend. This is technically a violation of the HTTP protocol. In practice, if a backend sends an interim response, it may itself be extending the protocol in a manner we know nothing about, or just broken. So this is now configurable: set proxy-interim-response RFC to be fully protocol compliant, or proxy-interim-response Suppress to suppress interim responses.
proxy-initial-not-pooled
If this variable is set no pooled connection will be reused if the client connection is an initial connection. This avoids the "proxy: error reading status line from remote server" error message caused by the race condition that the backend server closed the pooled connection after the connection check by the proxy and before data sent by the proxy reached the backend. It has to be kept in mind that setting this variable downgrades performance, especially with HTTP/1.0 clients.
mod/mod_rewrite.html100644 0 0 233473 11237400533 12244 0ustar 0 0 mod_rewrite - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_rewrite

Description:Provides a rule-based rewriting engine to rewrite requested URLs on the fly
Status:Extension
ModuleIdentifier:rewrite_module
SourceFile:mod_rewrite.c
Compatibility:Available in Apache 1.3 and later

Summary

This module uses a rule-based rewriting engine (based on a regular-expression parser) to rewrite requested URLs on the fly. It supports an unlimited number of rules and an unlimited number of attached rule conditions for each rule, to provide a really flexible and powerful URL manipulation mechanism. The URL manipulations can depend on various tests, of server variables, environment variables, HTTP headers, or time stamps. Even external database lookups in various formats can be used to achieve highly granular URL matching.

This module operates on the full URLs (including the path-info part) both in per-server context (httpd.conf) and per-directory context (.htaccess) and can generate query-string parts on result. The rewritten result can lead to internal sub-processing, external request redirection or even to an internal proxy throughput.

Further details, discussion, and examples, are provided in the detailed mod_rewrite documentation.

top

Quoting Special Characters

As of Apache 1.3.20, special characters in TestString and Substitution strings can be escaped (that is, treated as normal characters without their usual special meaning) by prefixing them with a slash ('\') character. In other words, you can include an actual dollar-sign character in a Substitution string by using '\$'; this keeps mod_rewrite from trying to treat it as a backreference.

top

Environment Variables

This module keeps track of two additional (non-standard) CGI/SSI environment variables named SCRIPT_URL and SCRIPT_URI. These contain the logical Web-view to the current resource, while the standard CGI/SSI variables SCRIPT_NAME and SCRIPT_FILENAME contain the physical System-view.

Notice: These variables hold the URI/URL as they were initially requested, that is, before any rewriting. This is important to note because the rewriting process is primarily used to rewrite logical URLs to physical pathnames.

Example

SCRIPT_NAME=/sw/lib/w3s/tree/global/u/rse/.www/index.html
SCRIPT_FILENAME=/u/rse/.www/index.html
SCRIPT_URL=/u/rse/
SCRIPT_URI=http://en1.engelschall.com/u/rse/
top

Rewriting in Virtual Hosts

By default, mod_rewrite configuration settings from the main server context are not inherited by virtual hosts. To make the main server settings apply to virtual hosts, you must place the following directives in each <VirtualHost> section:

RewriteEngine On
RewriteOptions Inherit

top

Practical Solutions

For numerous examples of common, and not-so-common, uses for mod_rewrite, see the Rewrite Guide, and the Advanced Rewrite Guide documents.

top

RewriteBase Directive

Description:Sets the base URL for per-directory rewrites
Syntax:RewriteBase URL-path
Default:See usage for information.
Context:directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteBase directive explicitly sets the base URL for per-directory rewrites. As you will see below, RewriteRule can be used in per-directory config files (.htaccess). In such a case, it will act locally, stripping the local directory prefix before processing, and applying rewrite rules only to the remainder. When processing is complete, the prefix is automatically added back to the path. The default setting is; RewriteBase physical-directory-path

When a substitution occurs for a new URL, this module has to re-inject the URL into the server processing. To be able to do this it needs to know what the corresponding URL-prefix or URL-base is. By default this prefix is the corresponding filepath itself. However, for most websites, URLs are NOT directly related to physical filename paths, so this assumption will often be wrong! Therefore, you can use the RewriteBase directive to specify the correct URL-prefix.

If your webserver's URLs are not directly related to physical file paths, you will need to use RewriteBase in every .htaccess file where you want to use RewriteRule directives.

For example, assume the following per-directory config file:

#
#  /abc/def/.htaccess -- per-dir config file for directory /abc/def
#  Remember: /abc/def is the physical path of /xyz, i.e., the server
#            has a 'Alias /xyz /abc/def' directive e.g.
#

RewriteEngine On

#  let the server know that we were reached via /xyz and not
#  via the physical path prefix /abc/def
RewriteBase   /xyz

#  now the rewriting rules
RewriteRule   ^oldstuff\.html$  newstuff.html

In the above example, a request to /xyz/oldstuff.html gets correctly rewritten to the physical file /abc/def/newstuff.html.

For Apache Hackers

The following list gives detailed information about the internal processing steps:

Request:
  /xyz/oldstuff.html

Internal Processing:
  /xyz/oldstuff.html     -> /abc/def/oldstuff.html  (per-server Alias)
  /abc/def/oldstuff.html -> /abc/def/newstuff.html  (per-dir    RewriteRule)
  /abc/def/newstuff.html -> /xyz/newstuff.html      (per-dir    RewriteBase)
  /xyz/newstuff.html     -> /abc/def/newstuff.html  (per-server Alias)

Result:
  /abc/def/newstuff.html

This seems very complicated, but is in fact correct Apache internal processing. Because the per-directory rewriting comes late in the process, the rewritten request has to be re-injected into the Apache kernel, as if it were a new request. (See mod_rewrite technical details.) This is not the serious overhead it may seem to be - this re-injection is completely internal to the Apache server (and the same procedure is used by many other operations within Apache).

top

RewriteCond Directive

Description:Defines a condition under which rewriting will take place
Syntax: RewriteCond TestString CondPattern
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteCond directive defines a rule condition. One or more RewriteCond can precede a RewriteRule directive. The following rule is then only used if both the current state of the URI matches its pattern, and if these conditions are met.

TestString is a string which can contain the following expanded constructs in addition to plain text:

  • RewriteRule backreferences: These are backreferences of the form $N (0 <= N <= 9), which provide access to the grouped parts (in parentheses) of the pattern, from the RewriteRule which is subject to the current set of RewriteCond conditions..
  • RewriteCond backreferences: These are backreferences of the form %N (1 <= N <= 9), which provide access to the grouped parts (again, in parentheses) of the pattern, from the last matched RewriteCond in the current set of conditions.
  • RewriteMap expansions: These are expansions of the form ${mapname:key|default}. See the documentation for RewriteMap for more details.
  • Server-Variables: These are variables of the form %{ NAME_OF_VARIABLE } where NAME_OF_VARIABLE can be a string taken from the following list:
    HTTP headers: connection & request:
    HTTP_USER_AGENT
    HTTP_REFERER
    HTTP_COOKIE
    HTTP_FORWARDED
    HTTP_HOST
    HTTP_PROXY_CONNECTION
    HTTP_ACCEPT
    		 REMOTE_ADDR
    REMOTE_HOST
    REMOTE_PORT
    REMOTE_USER
    REMOTE_IDENT
    REQUEST_METHOD
    SCRIPT_FILENAME
    PATH_INFO
    QUERY_STRING
    AUTH_TYPE
    server internals: date and time: specials:
    DOCUMENT_ROOT
    SERVER_ADMIN
    SERVER_NAME
    SERVER_ADDR
    SERVER_PORT
    SERVER_PROTOCOL
    SERVER_SOFTWARE
    		 TIME_YEAR
    TIME_MON
    TIME_DAY
    TIME_HOUR
    TIME_MIN
    TIME_SEC
    TIME_WDAY
    TIME
    		 API_VERSION
    THE_REQUEST
    REQUEST_URI
    REQUEST_FILENAME
    IS_SUBREQ
    HTTPS

    These variables all correspond to the similarly named HTTP MIME-headers, C variables of the Apache server or struct tm fields of the Unix system. Most are documented elsewhere in the Manual or in the CGI specification. Those that are special to mod_rewrite include those below.

    IS_SUBREQ
    Will contain the text "true" if the request currently being processed is a sub-request, "false" otherwise. Sub-requests may be generated by modules that need to resolve additional files or URIs in order to complete their tasks.
    API_VERSION
    This is the version of the Apache module API (the internal interface between server and module) in the current httpd build, as defined in include/ap_mmn.h. The module API version corresponds to the version of Apache in use (in the release version of Apache 1.3.14, for instance, it is 19990320:10), but is mainly of interest to module authors.
    THE_REQUEST
    The full HTTP request line sent by the browser to the server (e.g., "GET /index.html HTTP/1.1"). This does not include any additional headers sent by the browser.
    REQUEST_URI
    The resource requested in the HTTP request line. (In the example above, this would be "/index.html".)
    REQUEST_FILENAME
    The full local filesystem path to the file or script matching the request.
    HTTPS
    Will contain the text "on" if the connection is using SSL/TLS, or "off" otherwise. (This variable can be safely used regardless of whether or not mod_ssl is loaded).

Other things you should be aware of:

  1. The variables SCRIPT_FILENAME and REQUEST_FILENAME contain the same value - the value of the filename field of the internal request_rec structure of the Apache server. The first name is the commonly known CGI variable name while the second is the appropriate counterpart of REQUEST_URI (which contains the value of the uri field of request_rec).
  2. %{ENV:variable}, where variable can be any environment variable, is also available. This is looked-up via internal Apache structures and (if not found there) via getenv() from the Apache server process.
  3. %{SSL:variable}, where variable is the name of an SSL environment variable, can be used whether or not mod_ssl is loaded, but will always expand to the empty string if it is not. Example: %{SSL:SSL_CIPHER_USEKEYSIZE} may expand to 128.
  4. %{HTTP:header}, where header can be any HTTP MIME-header name, can always be used to obtain the value of a header sent in the HTTP request. Example: %{HTTP:Proxy-Connection} is the value of the HTTP header ``Proxy-Connection:''.

    If a HTTP header is used in a condition this header is added to the Vary header of the response in case the condition evaluates to to true for the request. It is not added if the condition evaluates to false for the request. Adding the HTTP header to the Vary header of the response is needed for proper caching.

    It has to be kept in mind that conditions follow a short circuit logic in the case of the 'ornext|OR' flag so that certain conditions might not be evaluated at all.

  5. %{LA-U:variable} can be used for look-aheads which perform an internal (URL-based) sub-request to determine the final value of variable. This can be used to access variable for rewriting which is not available at the current stage, but will be set in a later phase.

    For instance, to rewrite according to the REMOTE_USER variable from within the per-server context (httpd.conf file) you must use %{LA-U:REMOTE_USER} - this variable is set by the authorization phases, which come after the URL translation phase (during which mod_rewrite operates).

    On the other hand, because mod_rewrite implements its per-directory context (.htaccess file) via the Fixup phase of the API and because the authorization phases come before this phase, you just can use %{REMOTE_USER} in that context.

  6. %{LA-F:variable} can be used to perform an internal (filename-based) sub-request, to determine the final value of variable. Most of the time, this is the same as LA-U above.

CondPattern is the condition pattern, a regular expression which is applied to the current instance of the TestString. TestString is first evaluated, before being matched against CondPattern.

Remember: CondPattern is a perl compatible regular expression with some additions:

  1. You can prefix the pattern string with a '!' character (exclamation mark) to specify a non-matching pattern.
  2. There are some special variants of CondPatterns. Instead of real regular expression strings you can also use one of the following:
    • '<CondPattern' (lexicographically precedes)
      Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString lexicographically precedes CondPattern.
    • '>CondPattern' (lexicographically follows)
      Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString lexicographically follows CondPattern.
    • '=CondPattern' (lexicographically equal)
      Treats the CondPattern as a plain string and compares it lexicographically to TestString. True if TestString is lexicographically equal to CondPattern (the two strings are exactly equal, character for character). If CondPattern is "" (two quotation marks) this compares TestString to the empty string.
    • '-d' (is directory)
      Treats the TestString as a pathname and tests whether or not it exists, and is a directory.
    • '-f' (is regular file)
      Treats the TestString as a pathname and tests whether or not it exists, and is a regular file.
    • '-s' (is regular file, with size)
      Treats the TestString as a pathname and tests whether or not it exists, and is a regular file with size greater than zero.
    • '-l' (is symbolic link)
      Treats the TestString as a pathname and tests whether or not it exists, and is a symbolic link.
    • '-x' (has executable permissions)
      Treats the TestString as a pathname and tests whether or not it exists, and has executable permissions. These permissions are determined according to the underlying OS.
    • '-F' (is existing file, via subrequest)
      Checks whether or not TestString is a valid file, accessible via all the server's currently-configured access controls for that path. This uses an internal subrequest to do the check, so use it with care - it can impact your server's performance!
    • '-U' (is existing URL, via subrequest)
      Checks whether or not TestString is a valid URL, accessible via all the server's currently-configured access controls for that path. This uses an internal subrequest to do the check, so use it with care - it can impact your server's performance!

    Note:

    All of these tests can also be prefixed by an exclamation mark ('!') to negate their meaning.
  3. You can also set special flags for CondPattern by appending [flags] as the third argument to the RewriteCond directive, where flags is a comma-separated list of any of the following flags:
    • 'nocase|NC' (no case)
      This makes the test case-insensitive - differences between 'A-Z' and 'a-z' are ignored, both in the expanded TestString and the CondPattern. This flag is effective only for comparisons between TestString and CondPattern. It has no effect on filesystem and subrequest checks.
    • 'ornext|OR' (or next condition)
      Use this to combine rule conditions with a local OR instead of the implicit AND. Typical example: 
      RewriteCond %{REMOTE_HOST}  ^host1.*  [OR]
RewriteCond %{REMOTE_HOST}  ^host2.*  [OR]
RewriteCond %{REMOTE_HOST}  ^host3.*
RewriteRule ...some special stuff for any of these hosts...
      Without this flag you would have to write the condition/rule pair three times.
    • 'novary|NV' (no vary)
      If a HTTP header is used in the condition, this flag prevents this header from being added to the Vary header of the response.
      Using this flag might break proper caching of the response if the representation of this response varies on the value of this header. So this flag should be only used if the meaning of the Vary header is well understood.

Example:

To rewrite the Homepage of a site according to the ``User-Agent:'' header of the request, you can use the following: 

RewriteCond  %{HTTP_USER_AGENT}  ^Mozilla.*
RewriteRule  ^/$                 /homepage.max.html  [L]

RewriteCond  %{HTTP_USER_AGENT}  ^Lynx.*
RewriteRule  ^/$                 /homepage.min.html  [L]

RewriteRule  ^/$                 /homepage.std.html  [L]

Explanation: If you use a browser which identifies itself as 'Mozilla' (including Netscape Navigator, Mozilla etc), then you get the max homepage (which could include frames, or other special features). If you use the Lynx browser (which is terminal-based), then you get the min homepage (which could be a version designed for easy, text-only browsing). If neither of these conditions apply (you use any other browser, or your browser identifies itself as something non-standard), you get the std (standard) homepage.

top

RewriteEngine Directive

Description:Enables or disables runtime rewriting engine
Syntax:RewriteEngine on|off
Default:RewriteEngine off
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteEngine directive enables or disables the runtime rewriting engine. If it is set to off this module does no runtime processing at all. It does not even update the SCRIPT_URx environment variables.

Use this directive to disable the module instead of commenting out all the RewriteRule directives!

Note that rewrite configurations are not inherited by virtual hosts. This means that you need to have a RewriteEngine on directive for each virtual host in which you wish to use rewrite rules.

RewriteMap directives of the type prg are not started during server initialization if they're defined in a context that does not have RewriteEngine set to on

top

RewriteLock Directive

Description:Sets the name of the lock file used for RewriteMap synchronization
Syntax:RewriteLock file-path
Context:server config
Status:Extension
Module:mod_rewrite

This directive sets the filename for a synchronization lockfile which mod_rewrite needs to communicate with RewriteMap programs. Set this lockfile to a local path (not on a NFS-mounted device) when you want to use a rewriting map-program. It is not required for other types of rewriting maps.

top

RewriteLog Directive

Description:Sets the name of the file used for logging rewrite engine processing
Syntax:RewriteLog file-path
Context:server config, virtual host
Status:Extension
Module:mod_rewrite

The RewriteLog directive sets the name of the file to which the server logs any rewriting actions it performs. If the name does not begin with a slash ('/') then it is assumed to be relative to the Server Root. The directive should occur only once per server config.

To disable the logging of rewriting actions it is not recommended to set Filename to /dev/null, because although the rewriting engine does not then output to a logfile it still creates the logfile output internally. This will slow down the server with no advantage to the administrator! To disable logging either remove or comment out the RewriteLog directive or use RewriteLogLevel 0!

Security

See the Apache Security Tips document for details on how your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.

Example

RewriteLog "/usr/local/var/apache/logs/rewrite.log"

top

RewriteLogLevel Directive

Description:Sets the verbosity of the log file used by the rewrite engine
Syntax:RewriteLogLevel Level
Default:RewriteLogLevel 0
Context:server config, virtual host
Status:Extension
Module:mod_rewrite

The RewriteLogLevel directive sets the verbosity level of the rewriting logfile. The default level 0 means no logging, while 9 or more means that practically all actions are logged.

To disable the logging of rewriting actions simply set Level to 0. This disables all rewrite action logs.

Using a high value for Level will slow down your Apache server dramatically! Use the rewriting logfile at a Level greater than 2 only for debugging!

Example

RewriteLogLevel 3

top

RewriteMap Directive

Description:Defines a mapping function for key-lookup
Syntax:RewriteMap MapName MapType:MapSource
Context:server config, virtual host
Status:Extension
Module:mod_rewrite
Compatibility:The choice of different dbm types is available in Apache 2.0.41 and later

The RewriteMap directive defines a Rewriting Map which can be used inside rule substitution strings by the mapping-functions to insert/substitute fields through a key lookup. The source of this lookup can be of various types.

The MapName is the name of the map and will be used to specify a mapping-function for the substitution strings of a rewriting rule via one of the following constructs:

${ MapName : LookupKey }
${ MapName : LookupKey | DefaultValue }

When such a construct occurs, the map MapName is consulted and the key LookupKey is looked-up. If the key is found, the map-function construct is substituted by SubstValue. If the key is not found then it is substituted by DefaultValue or by the empty string if no DefaultValue was specified.

For example, you might define a RewriteMap as:

RewriteMap examplemap txt:/path/to/file/map.txt

You would then be able to use this map in a RewriteRule as follows:

RewriteRule ^/ex/(.*) ${examplemap:$1}

The following combinations for MapType and MapSource can be used:

  • Standard Plain Text
    MapType: txt, MapSource: Unix filesystem path to valid regular file

    This is the standard rewriting map feature where the MapSource is a plain ASCII file containing either blank lines, comment lines (starting with a '#' character) or pairs like the following - one per line.

    MatchingKey SubstValue

    Example

    ##
##  map.txt -- rewriting map
##

Ralf.S.Engelschall    rse   # Bastard Operator From Hell
Mr.Joe.Average        joe   # Mr. Average

    RewriteMap real-to-user txt:/path/to/file/map.txt

  • Randomized Plain Text
    MapType: rnd, MapSource: Unix filesystem path to valid regular file

    This is identical to the Standard Plain Text variant above but with a special post-processing feature: After looking up a value it is parsed according to contained ``|'' characters which have the meaning of ``or''. In other words they indicate a set of alternatives from which the actual returned value is chosen randomly. For example, you might use the following map file and directives to provide a random load balancing between several back-end server, via a reverse-proxy. Images are sent to one of the servers in the 'static' pool, while everything else is sent to one of the 'dynamic' pool.

    Example:

    Rewrite map file

    ##
##  map.txt -- rewriting map
##

static   www1|www2|www3|www4
dynamic  www5|www6

    Configuration directives

    RewriteMap servers rnd:/path/to/file/map.txt

    RewriteRule ^/(.*\.(png|gif|jpg)) http://${servers:static}/$1 [NC,P,L]
    RewriteRule ^/(.*) http://${servers:dynamic}/$1 [P,L]

  • Hash File
    MapType: dbm[=type], MapSource: Unix filesystem path to valid regular file

    Here the source is a binary format DBM file containing the same contents as a Plain Text format file, but in a special representation which is optimized for really fast lookups. The type can be sdbm, gdbm, ndbm, or db depending on compile-time settings. If the type is omitted, the compile-time default will be chosen.

    To create a dbm file from a source text file, use the httxt2dbm utility.

    $ httxt2dbm -i mapfile.txt -o mapfile.map

  • Internal Function
    MapType: int, MapSource: Internal Apache function

    Here, the source is an internal Apache function. Currently you cannot create your own, but the following functions already exist:

    • toupper:
      Converts the key to all upper case.
    • tolower:
      Converts the key to all lower case.
    • escape:
      Translates special characters in the key to hex-encodings.
    • unescape:
      Translates hex-encodings in the key back to special characters.
  • External Rewriting Program
    MapType: prg, MapSource: Unix filesystem path to valid regular file

    Here the source is a program, not a map file. To create it you can use a language of your choice, but the result has to be an executable program (either object-code or a script with the magic cookie trick '#!/path/to/interpreter' as the first line).

    This program is started once, when the Apache server is started, and then communicates with the rewriting engine via its stdin and stdout file-handles. For each map-function lookup it will receive the key to lookup as a newline-terminated string on stdin. It then has to give back the looked-up value as a newline-terminated string on stdout or the four-character string ``NULL'' if it fails (i.e., there is no corresponding value for the given key). A trivial program which will implement a 1:1 map (i.e., key == value) could be:

    External rewriting programs are not started if they're defined in a context that does not have RewriteEngine set to on

    . 
    #!/usr/bin/perl
$| = 1;
while (<STDIN>) {
    # ...put here any transformations or lookups...
    print $_;
}

    But be very careful:

    1. ``Keep it simple, stupid'' (KISS). If this program hangs, it will cause Apache to hang when trying to use the relevant rewrite rule.
    2. A common mistake is to use buffered I/O on stdout. Avoid this, as it will cause a deadloop! ``$|=1'' is used above, to prevent this.
    3. The RewriteLock directive can be used to define a lockfile which mod_rewrite can use to synchronize communication with the mapping program. By default no such synchronization takes place.

The RewriteMap directive can occur more than once. For each mapping-function use one RewriteMap directive to declare its rewriting mapfile. While you cannot declare a map in per-directory context it is of course possible to use this map in per-directory context.

Note

For plain text and DBM format files the looked-up keys are cached in-core until the mtime of the mapfile changes or the server does a restart. This way you can have map-functions in rules which are used for every request. This is no problem, because the external lookup only happens once!
top

RewriteOptions Directive

Description:Sets some special options for the rewrite engine
Syntax:RewriteOptions Options
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite
Compatibility:MaxRedirects is no longer available in version 2.1 and later

The RewriteOptions directive sets some special options for the current per-server or per-directory configuration. The Option string can currently only be one of the following:

inherit
This forces the current configuration to inherit the configuration of the parent. In per-virtual-server context, this means that the maps, conditions and rules of the main server are inherited. In per-directory context this means that conditions and rules of the parent directory's .htaccess configuration are inherited.
top

RewriteRule Directive

Description:Defines rules for the rewriting engine
Syntax:RewriteRule Pattern Substitution [flags]
Context:server config, virtual host, directory, .htaccess
Override:FileInfo
Status:Extension
Module:mod_rewrite

The RewriteRule directive is the real rewriting workhorse. The directive can occur more than once, with each instance defining a single rewrite rule. The order in which these rules are defined is important - this is the order in which they will be applied at run-time.

Pattern is a perl compatible regular expression. On the first RewriteRule it is applied to the URL-path of the request; subsequent patterns are applied to the output of the last matched RewriteRule.

What is matched?

The Pattern will initially be matched against the part of the URL after the hostname and port, and before the query string. If you wish to match against the hostname, port, or query string, use a RewriteCond with the %{HTTP_HOST}, %{SERVER_PORT}, or %{QUERY_STRING} variables respectively.

For some hints on regular expressions, see the mod_rewrite Introduction.

In mod_rewrite, the NOT character ('!') is also available as a possible pattern prefix. This enables you to negate a pattern; to say, for instance: ``if the current URL does NOT match this pattern''. This can be used for exceptional cases, where it is easier to match the negative pattern, or as a last default rule.

Note

When using the NOT character to negate a pattern, you cannot include grouped wildcard parts in that pattern. This is because, when the pattern does NOT match (ie, the negation matches), there are no contents for the groups. Thus, if negated patterns are used, you cannot use $N in the substitution string!

The Substitution of a rewrite rule is the string that replaces the original URL-path that was matched by Pattern. The Substitution may be a:

file-system path
Designates the location on the file-system of the resource to be delivered to the client.
URL-path
A DocumentRoot-relative path to the resource to be served. Note that mod_rewrite tries to guess whether you have specified a file-system path or a URL-path by checking to see if the first segment of the path exists at the root of the file-system. For example, if you specify a Substitution string of /www/file.html, then this will be treated as a URL-path unless a directory named www exists at the root or your file-system, in which case it will be treated as a file-system path. If you wish other URL-mapping directives (such as Alias) to be applied to the resulting URL-path, use the [PT] flag as described below.
Absolute URL
If an absolute URL is specified, mod_rewrite checks to see whether the hostname matches the current host. If it does, the scheme and hostname are stripped out and the resulting path is treated as a URL-path. Otherwise, an external redirect is performed for the given URL. To force an external redirect back to the current host, see the [R] flag below.
- (dash)
A dash indicates that no substitution should be performed (the existing path is passed through untouched). This is used when a flag (see below) needs to be applied without changing the path.

In addition to plain text, the Substition string can include

  1. back-references ($N) to the RewriteRule pattern
  2. back-references (%N) to the last matched RewriteCond pattern
  3. server-variables as in rule condition test-strings (%{VARNAME})
  4. mapping-function calls (${mapname:key|default})

Back-references are identifiers of the form $N (N=0..9), which will be replaced by the contents of the Nth group of the matched Pattern. The server-variables are the same as for the TestString of a RewriteCond directive. The mapping-functions come from the RewriteMap directive and are explained there. These three types of variables are expanded in the order above.

As already mentioned, all rewrite rules are applied to the Substitution (in the order in which they are defined in the config file). The URL is completely replaced by the Substitution and the rewriting process continues until all rules have been applied, or it is explicitly terminated by a L flag.

Modifying the Query String

By default, the query string is passed through unchanged. You can, however, create URLs in the substitution string containing a query string part. Simply use a question mark inside the substitution string to indicate that the following text should be re-injected into the query string. When you want to erase an existing query string, end the substitution string with just a question mark. To combine new and old query strings, use the [QSA] flag.

Additionally you can set special actions to be performed by appending [flags] as the third argument to the RewriteRule directive. Flags is a comma-separated list, surround by square brackets, of any of the following flags:

'B' (escape backreferences)

Apache has to unescape URLs before mapping them, so backreferences will be unescaped at the time they are applied. Using the B flag, non-alphanumeric characters in backreferences will be escaped. For example, consider the rule:

 RewriteRule ^(.*)$ index.php?show=$1

This will map /C++ to index.php?show=/C++. But it will also map /C%2b%2b to index.php?show=/C++, because the %2b has been unescaped. With the B flag, it will instead map to index.php?show=/C%2b%2b.

This escaping is particularly necessary in a proxy situation, when the backend may break if presented with an unescaped URL.

'chain|C' (chained with next rule)
This flag chains the current rule with the next rule (which itself can be chained with the following rule, and so on). This has the following effect: if a rule matches, then processing continues as usual - the flag has no effect. If the rule does not match, then all following chained rules are skipped. For instance, it can be used to remove the ``.www'' part, inside a per-directory rule set, when you let an external redirect happen (where the ``.www'' part should not occur!).
'cookie|CO=NAME:VAL:domain[:lifetime[:path[:secure[:httponly]]]]' (set cookie)
This sets a cookie in the client's browser. The cookie's name is specified by NAME and the value is VAL. The domain field is the domain of the cookie, such as '.apache.org', the optional lifetime is the lifetime of the cookie in minutes, and the optional path is the path of the cookie. If secure is set to 'secure', 'true' or '1', the cookie is only transmitted via secured connections. If httponly is set to 'HttpOnly', 'true' or '1', the HttpOnly flag is used, making the cookie not accessible to JavaScript code on browsers that support this feature.
'discardpathinfo|DPI' (discard PATH_INFO)

In per-directory context, the URI each RewriteRule compares against is the concatenation of the current values of the URI and PATH_INFO.

The current URI can be the initial URI as requested by the client, the result of a previous round of mod_rewrite processing, or the result of a prior rule in the current round of mod_rewrite processing.

In contrast, the PATH_INFO that is appended to the URI before each rule reflects only the value of PATH_INFO before this round of mod_rewrite processing. As a consequence, if large portions of the URI are matched and copied into a substitution in multiple RewriteRule directives, without regard for which parts of the URI came from the current PATH_INFO, the final URI may have multiple copies of PATH_INFO appended to it.

Use this flag on any substitution where the PATH_INFO that resulted from the previous mapping of this request to the filesystem is not of interest. This flag permanently forgets the PATH_INFO established before this round of mod_rewrite processing began. PATH_INFO will not be recalculated until the current round of mod_rewrite processing completes. Subsequent rules during this round of processing will see only the direct result of substitutions, without any PATH_INFO appended.

'env|E=VAR:VAL' (set environment variable)
This forces an environment variable named VAR to be set to the value VAL, where VAL can contain regexp backreferences ($N and %N) which will be expanded. You can use this flag more than once, to set more than one variable. The variables can later be dereferenced in many situations, most commonly from within XSSI (via <!--#echo var="VAR"-->) or CGI ($ENV{'VAR'}). You can also dereference the variable in a later RewriteCond pattern, using %{ENV:VAR}. Use this to strip information from URLs, while maintaining a record of that information.
'forbidden|F' (force URL to be forbidden)
This forces the current URL to be forbidden - it immediately sends back a HTTP response of 403 (FORBIDDEN). Use this flag in conjunction with appropriate RewriteConds to conditionally block some URLs.
'gone|G' (force URL to be gone)
This forces the current URL to be gone - it immediately sends back a HTTP response of 410 (GONE). Use this flag to mark pages which no longer exist as gone.
'handler|H=Content-handler' (force Content handler)
Force the Content-handler of the target file to be Content-handler. For instance, this can be used to simulate the mod_alias directive ScriptAlias, which internally forces all files inside the mapped directory to have a handler of ``cgi-script''.
'last|L' (last rule)
Stop the rewriting process here and don't apply any more rewrite rules. This corresponds to the Perl last command or the break command in C. Use this flag to prevent the currently rewritten URL from being rewritten further by following rules. Remember, however, that if the RewriteRule generates an internal redirect (which frequently occurs when rewriting in a per-directory context), this will reinject the request and will cause processing to be repeated starting from the first RewriteRule.
'next|N' (next round)
Re-run the rewriting process (starting again with the first rewriting rule). This time, the URL to match is no longer the original URL, but rather the URL returned by the last rewriting rule. This corresponds to the Perl next command or the continue command in C. Use this flag to restart the rewriting process - to immediately go to the top of the loop. Be careful not to create an infinite loop!
'nocase|NC' (no case)
This makes the Pattern case-insensitive, ignoring difference between 'A-Z' and 'a-z' when Pattern is matched against the current URL.
'noescape|NE' (no URI escaping of output)
This flag prevents mod_rewrite from applying the usual URI escaping rules to the result of a rewrite. Ordinarily, special characters (such as '%', '$', ';', and so on) will be escaped into their hexcode equivalents ('%25', '%24', and '%3B', respectively); this flag prevents this from happening. This allows percent symbols to appear in the output, as in

RewriteRule /foo/(.*) /bar?arg=P1\%3d$1 [R,NE]

which would turn '/foo/zed' into a safe request for '/bar?arg=P1=zed'.
'nosubreq|NS' (not for internal sub-requests)

This flag forces the rewriting engine to skip a rewriting rule if the current request is an internal sub-request. For instance, sub-requests occur internally in Apache when mod_include tries to find out information about possible directory default files (index.xxx files). On sub-requests it is not always useful, and can even cause errors, if the complete set of rules are applied. Use this flag to exclude some rules.

To decide whether or not to use this rule: if you prefix URLs with CGI-scripts, to force them to be processed by the CGI-script, it's likely that you will run into problems (or significant overhead) on sub-requests. In these cases, use this flag.

'proxy|P' (force proxy)
This flag forces the substitution part to be internally sent as a proxy request and immediately (rewrite processing stops here) put through the proxy module. You must make sure that the substitution string is a valid URI (typically starting with http://hostname) which can be handled by the Apache proxy module. If not, you will get an error from the proxy module. Use this flag to achieve a more powerful implementation of the ProxyPass directive, to map remote content into the namespace of the local server.

Note: mod_proxy must be enabled in order to use this flag.

'passthrough|PT' (pass through to next handler)
This flag forces the rewrite engine to set the uri field of the internal request_rec structure to the value of the filename field. This flag is just a hack to enable post-processing of the output of RewriteRule directives, using Alias, ScriptAlias, Redirect, and other directives from various URI-to-filename translators. For example, to rewrite /abc to /def using mod_rewrite, and then /def to /ghi using mod_alias:

RewriteRule ^/abc(.*) /def$1 [PT]
Alias /def /ghi

If you omit the PT flag, mod_rewrite will rewrite uri=/abc/... to filename=/def/... as a full API-compliant URI-to-filename translator should do. Then mod_alias will try to do a URI-to-filename transition, which will fail.

Note: You must use this flag if you want to mix directives from different modules which allow URL-to-filename translators. The typical example is the use of mod_alias and mod_rewrite.

The PT flag implies the L flag: rewriting will be stopped in order to pass the request to the next phase of processing.

'qsappend|QSA' (query string append)
This flag forces the rewrite engine to append a query string part of the substitution string to the existing string, instead of replacing it. Use this when you want to add more data to the query string via a rewrite rule.
'redirect|R [=code]' (force redirect)

Prefix Substitution with http://thishost[:thisport]/ (which makes the new URL a URI) to force a external redirection. If no code is given, a HTTP response of 302 (MOVED TEMPORARILY) will be returned. If you want to use other response codes, simply specify the appropriate number or use one of the following symbolic names: temp (default), permanent, seeother. Use this for rules to canonicalize the URL and return it to the client - to translate ``/~'' into ``/u/'', or to always append a slash to /u/user, etc.
Note: When you use this flag, make sure that the substitution field is a valid URL! Otherwise, you will be redirecting to an invalid location. Remember that this flag on its own will only prepend http://thishost[:thisport]/ to the URL, and rewriting will continue. Usually, you will want to stop rewriting at this point, and redirect immediately. To stop rewriting, you should add the 'L' flag.

While this is typically used for redirects, any valid status code can be given here. If the status code is outside the redirect range (300-399), then the Substitution string is dropped and rewriting is stopped as if the L flag was used.

'skip|S=num' (skip next rule(s))
This flag forces the rewriting engine to skip the next num rules in sequence, if the current rule matches. Use this to make pseudo if-then-else constructs: The last rule of the then-clause becomes skip=N, where N is the number of rules in the else-clause. (This is not the same as the 'chain|C' flag!)
'type|T=MIME-type' (force MIME type)
Force the MIME-type of the target file to be MIME-type. This can be used to set up the content-type based on some conditions. For example, the following snippet allows .php files to be displayed by mod_php if they are called with the .phps extension:

RewriteRule ^(.+\.php)s$ $1 [T=application/x-httpd-php-source]

Home directory expansion

When the substitution string begins with a string resembling "/~user" (via explicit text or backreferences), mod_rewrite performs home directory expansion independent of the presence or configuration of mod_userdir.

This expansion does not occur when the PT flag is used on the RewriteRule directive.

Per-directory Rewrites

The rewrite engine may be used in .htaccess files. To enable the rewrite engine for these files you need to set "RewriteEngine On" and "Options FollowSymLinks" must be enabled. If your administrator has disabled override of FollowSymLinks for a user's directory, then you cannot use the rewrite engine. This restriction is required for security reasons.

When using the rewrite engine in .htaccess files the per-directory prefix (which always is the same for a specific directory) is automatically removed for the pattern matching and automatically added after the substitution has been done. This feature is essential for many sorts of rewriting; without this, you would always have to match the parent directory, which is not always possible. There is one exception: If a substitution string starts with http://, then the directory prefix will not be added, and an external redirect (or proxy throughput, if using flag P) is forced. See the RewriteBase directive for more information.

The rewrite engine may also be used in <Directory> sections with the same prefix-matching rules as would be applied to .htaccess files. It is usually simpler, however, to avoid the prefix substitution complication by putting the rewrite rules in the main server or virtual host context, rather than in a <Directory> section.

Although rewrite rules are syntactically permitted in <Location> sections, this should never be necessary and is unsupported.

Here are all possible substitution combinations and their meanings:

Inside per-server configuration (httpd.conf)
for request ``GET /somepath/pathinfo'':

Given Rule                                      Resulting Substitution
----------------------------------------------  ----------------------------------
^/somepath(.*) otherpath$1                      invalid, not supported

^/somepath(.*) otherpath$1  [R]                 invalid, not supported

^/somepath(.*) otherpath$1  [P]                 invalid, not supported
----------------------------------------------  ----------------------------------
^/somepath(.*) /otherpath$1                     /otherpath/pathinfo

^/somepath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
                                                via external redirection

^/somepath(.*) /otherpath$1 [P]                 doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^/somepath(.*) http://thishost/otherpath$1      /otherpath/pathinfo

^/somepath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
                                                via external redirection

^/somepath(.*) http://thishost/otherpath$1 [P]  doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^/somepath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
                                                via external redirection

^/somepath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
                                                via external redirection
                                                (the [R] flag is redundant)

^/somepath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
                                                via internal proxy

Inside per-directory configuration for /somepath
(/physical/path/to/somepath/.htacccess, with RewriteBase /somepath)
for request ``GET /somepath/localpath/pathinfo'':

Given Rule                                      Resulting Substitution
----------------------------------------------  ----------------------------------
^localpath(.*) otherpath$1                      /somepath/otherpath/pathinfo

^localpath(.*) otherpath$1  [R]                 http://thishost/somepath/otherpath/pathinfo
                                                via external redirection

^localpath(.*) otherpath$1  [P]                 doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^localpath(.*) /otherpath$1                     /otherpath/pathinfo

^localpath(.*) /otherpath$1 [R]                 http://thishost/otherpath/pathinfo
                                                via external redirection

^localpath(.*) /otherpath$1 [P]                 doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^localpath(.*) http://thishost/otherpath$1      /otherpath/pathinfo

^localpath(.*) http://thishost/otherpath$1 [R]  http://thishost/otherpath/pathinfo
                                                via external redirection

^localpath(.*) http://thishost/otherpath$1 [P]  doesn't make sense, not supported
----------------------------------------------  ----------------------------------
^localpath(.*) http://otherhost/otherpath$1     http://otherhost/otherpath/pathinfo
                                                via external redirection

^localpath(.*) http://otherhost/otherpath$1 [R] http://otherhost/otherpath/pathinfo
                                                via external redirection
                                                (the [R] flag is redundant)

^localpath(.*) http://otherhost/otherpath$1 [P] http://otherhost/otherpath/pathinfo
                                                via internal proxy
mod/mod_setenvif.html100644 0 0 31362 11237400533 12357 0ustar 0 0 mod_setenvif - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_setenvif

ֽ ƴմϴ. ֱٿ ϼ.
:û ݿ ȯ溯 Ѵ
:Base
:setenvif_module
ҽ:mod_setenvif.c

mod_setenvif û ǥĿ شϴ η ȯ溯 Ѵ. ٸ κ ൿ Ҷ ȯ溯 ִ.

Ͽ þ óѴ. ׷ MSIE ƴ϶ mozilla netscape ϴ Ʒ þ Բ ִ.

BrowserMatch ^Mozilla netscape
BrowserMatch MSIE !netscape

top

BrowserMatch þ

:HTTP User-Agent ȯ溯 Ѵ
:BrowserMatch regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif

BrowserMatch SetEnvIf þ Ư , HTTP û User-Agent ȯ溯 Ѵ. :

BrowserMatchNoCase Robot is_a_robot
SetEnvIfNoCase User-Agent Robot is_a_robot

߰ :

BrowserMatch ^Mozilla forms jpeg=yes browser=netscape
BrowserMatch "^Mozilla/[2-3]" tables agif frames javascript
BrowserMatch MSIE !javascript

top

BrowserMatchNoCase þ

:ҹڸ ʰ User-Agent ȯ溯 Ѵ
:BrowserMatchNoCase regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif
:ġ 1.2 ̻ (ġ 1.2 þ mod_browser ⿡ ־)

BrowserMatchNoCase þ BrowserMatch þ ǹ̻ . ׷ þ ҹڸ ʴ´. :

BrowserMatchNoCase mac platform=macintosh
BrowserMatchNoCase win platform=windows

BrowserMatch BrowserMatchNoCase þ SetEnvIf SetEnvIfNoCase þ Ư . :

BrowserMatchNoCase Robot is_a_robot
SetEnvIfNoCase User-Agent Robot is_a_robot

top

SetEnvIf þ

:û ȯ溯 Ѵ
:SetEnvIf attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif

SetEnvIf þ û ȯ溯 Ѵ. ù° ƱԸƮ attribute ϳ:

  1. HTTP û ( ڼ RFC2616 ); : Host, User-Agent, Referer, Accept-Language. ǥ Ͽ û Ī ִ.
  2. û ϳ:
    • Remote_Host - (ִٸ) ûϴ Ŭ̾Ʈ ȣƮ
    • Remote_Addr - ûϴ Ŭ̾Ʈ IP ּ
    • Server_Addr - û ޴ IP ּ (2.0.43 Ŀ)
    • Request_Method - ޽ ̸ (GET, POST, )
    • Request_Protocol - û ̸ ( , "HTTP/0.9", "HTTP/1.1", .)
    • Request_URI - HTTP û û ڿ -- Ϲ URL ǹڿ Ŵ(scheme) ȣƮ κ
  3. û ȯ溯 ̸. ׷ SetEnvIf þ þ ˻ ִ. SetEnvIf[NoCase] þ ȯ溯 ˻ ִ. ''̶ ( ) Ȥ þ Ѵ. û ƴϰ ǥ ƴ attribute ȯ溯 Ѵ.

ι° ƱԸƮ (regex) Perl ȣȯ ǥ̴. ̴ POSIX.2 egrep ǥİ ϴ. regex attribute ϸ ƱԸƮ óѴ.

ƱԸƮ () ̴. ̴

  1. varname, Ȥ
  2. !varname, Ȥ
  3. varname=value

ù° ´ "1" Ѵ. ι° ´ ̹ ǵ ϰ, ° value Ѵ. ġ 2.0.51 value ִ $1..$9 regex ȣģ ǥ üѴ.

:

SetEnvIf Request_URI "\.gif$" object_is_image=gif
SetEnvIf Request_URI "\.jpg$" object_is_image=jpg
SetEnvIf Request_URI "\.xbm$" object_is_image=xbm
:
SetEnvIf Referer www\.mydomain\.com intra_site_referral
:
SetEnvIf object_is_image xbm XBIT_PROCESSING=1
:
SetEnvIf ^TS* ^[a-z].* HAVE_TS

ó ̹ û ȯ溯 object_is_image Ѵ. ׹° www.mydomain.com Ʈ intra_site_referral Ѵ.

û ̸ "TS" ϰ [a-z] ϳ ϴ ִ ȯ溯 HAVE_TS Ѵ.

top

SetEnvIfNoCase þ

:ҹڸ ʰ û ȯ溯 Ѵ
:SetEnvIfNoCase attribute regex [!]env-variable[=value] [[!]env-variable[=value]] ...
:ּ, ȣƮ, directory, .htaccess
Override ɼ:FileInfo
:Base
:mod_setenvif
:ġ 1.3

SetEnvIfNoCase ǹ̻ SetEnvIf þ , ҹڸ ʰ ǥ ã´. :

SetEnvIfNoCase Host Apache\.Org site=apache

HTTP û Host: Apache.Org, apache.org ϸ site ȯ溯 "apache" Ѵ.

mod/mod_so.html100644 0 0 20512 11237400533 11150 0ustar 0 0 mod_so - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_so

:Ҷ Ȥ Ҷ డ ڵ оδ
:Extension
:so_module
ҽ:mod_so.c
: (׻ ϴ) Base ̴.

ü ġ ü (DSO) Ͽ ٽ ʰ ߿ о ִ.

о ڵ, н (.so Ȯڸ ) Ϲ ṵ̈,  .so Ȥ .dll Ȯڸ .

ġ 1.3 ġ 2.0 . ġ 2.0 о̰ų ġ Ϸ ؾ Ѵ.

top

 о

ġ 1.3.15 2.0 Ǿ. mod_foo.so̴.

mod_so ApacheModuleFoo.dll о , ο ̸ Ģ ȣѴ. 2.0 ° Ѵٸ ̸ 2.0 Ģ ˸° ġ ٶ.

ġ API н ̰ų ̰ų . API  н ϱ⶧ , н Ǵ Ȥ Ͽ  ִ.

ΰ ߰ ִ. н ִ. ġ н ޸ Configure α׷ ⶧ ҽ ApacheCore Ʈ Ͽ ߰ϰ, ɺ os\win32\modules.c Ͽ ߰ؾ Ѵ.

ι° LoadModule þ Ͽ Ҷ о ִ ̺귯 DLL ̴. DLL ϸ ʰ  ġ ִ.

DLL ؼ ҽ ؾ Ѵ. DLL module record exportؾ Ѵ. (Ʒ ) ̸ module record ǿ (ġ Ͽ ǵ) AP_MODULE_DECLARE_DATA ߰Ѵ. , ִٸ:

module foo_module;

Ѵ:

module AP_MODULE_DECLARE_DATA foo_module;

κ  ϱ⶧ Ͽ н ҽ ״ ִ. , .DEF Ͽ ͼϴٸ Ͽ module record export ִ.

DLL . ̸ ̺귯 libhttpd.dll Ҷ libhttpd.lib export ̺귯 ũѴ. ġ ùٷ ã Ϸ ؾ 𸥴. modules 丮 ̺귯 ã ִ. ȯ ùٷ ϱ .dsp ų .dsp Ϸ/Ŀ ɼ ϴ .

DLL . ̰ modules 丮 ΰ, LoadModule þ Ͽ оδ.

top

LoadFile þ

: ̳ ̺귯 оδ
:LoadFile filename [filename] ...
:ּ
:Extension
:mod_so

LoadFile þ ϰų Ҷ ̳ ̺귯 оδ(link in). þ  ϱ ʿ ڵ带 ߰ о϶ Ѵ. Filename ̰ų ServerRoot ̴.

:

LoadFile libexec/libxmlparse.so

top

LoadModule þ

:̳ ̺귯 о̰, 밡 Ͽ ߰Ѵ
:LoadModule module filename
:ּ
:Extension
:mod_so

LoadModule þ Ȥ ̺귯 filename о̰, 밡 Ͽ module̶ ü ߰Ѵ. Module module ڷ ܺκ̸, ´. :

LoadModule status_module modules/mod_status.so

ServerRoot modules 丮 оδ.

mod/mod_speling.html100644 0 0 13210 11237400533 12165 0ustar 0 0 mod_speling - Apache HTTP Server

| þ | FAQ | | Ʈ

Apache HTTP Server Version 2.2

<-

ġ mod_speling

ֽ ƴմϴ. ֱٿ ϼ.
:ڰ ҹڸ ߸ ϰų Ʋ ѹ Ͽ ߸ URL ġ õѴ
:Extension
:speling_module
ҽ:mod_speling.c

Ʋų ҹڸ ߸ Ͽ ġ û 찡 ִ. ٸ û شϴ ã´. û 丮 ȿ ִ û ̸ ҹ ( ÷ / / ü Ȥ ߸ ) ѹ Ʋ ָ Ѵ. ̷ .

丮 캻 Ŀ,

  • ãϸ, ġ Ϲ "document not found ( ã )" ȯѴ.
  • û "" ġϴ ϳ ã , ̷ Ѵ.
  • ã , Ŭ̾Ʈ ùٸ ֵ .
top

CheckSpelling þ

: Ѵ
:CheckSpelling on|off
⺻:CheckSpelling Off
:ּ, ȣƮ, directory, .htaccess
Override ɼ:Options
:Extension
:mod_speling
:ġ 1.1 CheckSpelling Ͽ, ҹڰ ٸ 츸 ó ־. ġ 1.3 ġ Ϻΰ Ǿ. ġ 1.3.2 CheckSpelling þ "ּ" "ȣƮ" ҿ ־.

þ 뿩θ Ѵ. Ѵٸ ϶

  • 丮 캸 ۾ ÿ ɿ ش.
  • ߿ "" 쿬 ִ й Ѵ.
  • ϸ 丮 , (http://my.host/~apahce/ ) Ʋ ڸ Ѵ.
  • ϴ Ͽ ȴ. ׷ <Location /status> û ģ "/stats.html" Ϸ ִ.

DAV ϴ 丮 mod_speling ϸ ȵȴ. εϷ doc43.html ϰ doc34.html Ϸ ̷Ʈϴ , DAV ҽ ϸ " " õϱ ̴.

mod/mod_ssl.html100644 0 0 342430 11237400533 11356 0ustar 0 0 mod_ssl - Apache HTTP Server

Modules | Directives | FAQ | Glossary | Sitemap

Apache HTTP Server Version 2.2

<-

Apache Module mod_ssl

Description:Strong cryptography using the Secure Sockets Layer (SSL