|
Apache HTTP Server Version 1.3
These configuration parameters control the core Apache features, and are always available.
AccessConfig directive
Syntax: AccessConfig filename
Default: AccessConfig conf/access.conf
Context: server config, virtual host
Status: core
The server will read this file for more directives after reading the ResourceConfig file. Filename is relative to the ServerRoot. This feature can be disabled using:
AccessConfig /dev/null
Historically, this file only contained <Directory> sections; in fact it can now contain any server directive allowed in the server config context.
AccessFileName directive
Syntax: AccessFileName filename filename ...
Default:AccessFileName .htaccess
Context: server config, virtual host
Status: core
Compatibility: AccessFileName can accept more than one filename only in Apache 1.3 and later
When returning a document to the client the server looks for the first existing access control file from this list of names in every directory of the path to the document, if access control files are enabled for that directory. For example:
AccessFileName .acl
AllowOverride None
</Directory>
AddModule directive
Syntax: AddModule module module ...
Context: server config
Status: core
Compatibility:
The server can have modules compiled in which are not actively in use. This directive can be used to enable the use of those modules. The server comes with a pre-loaded list of active modules; this list can be cleared with the ClearModuleList directive.
AllowOverride directive
Syntax: AllowOverride override override ...
Default: AllowOverride All
Context: directory
Status: core
When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier access information.
Override can be set to None, in which case the server will not read the file, All in which case the server will allow all the directives, or one or more of the following:
AuthConfig
Allow use of the authorization directives ( AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, require, etc.).
FileInfo
Allow use of the directives controlling document types ( AddEncoding, AddLanguage, AddType, DefaultType, ErrorDocument, LanguagePriority, etc.).
Indexes
Allow use of the directives controlling directory indexing ( AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndexFancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName, etc.).
Limit
Allow use of the directives controlling host access (allow, deny and order).
Allow use of the directives controlling specific directory features ( and XBitHack).
AuthName directive
Syntax: AuthName auth-domain
Context: directory, .htaccess
Override:
Status:
takes a single argument; if the realm name contains spaces, it must be enclosed in quotation marks. It must be accompanied by and require directives, and directives such as AuthUserFile and AuthGroupFile to work.
AuthType directive
Syntax: AuthType type
Context: directory, .htaccess
Override:
Status: core
This directive selects the type of user authentication for a directory. Only Basic and Digest are currently implemented. It must be accompanied by AuthName and require directives, and directives such as AuthUserFile and AuthGroupFile to work.
BindAddress directive
Syntax: BindAddress saddr
Default: BindAddress *
Context: server config
Status: core
A Unix® http server can either listen for connections to every IP address of the server machine, or just one IP address of the server machine. Saddr can be
*
A fully-qualified Internet domain name
If the value is *, then the server will listen for connections on every IP address, otherwise it will only listen on the IP address specified.
Only one BindAddress directive can be used. For more control over which address and ports Apache listens to, use the Listen directive instead of BindAddress.
BindAddress can be used as an alternative method for supporting virtual hosts using multiple independent servers, instead of using <VirtualHost> sections.
See Also: DNS Issues
See Also: Setting which addresses and ports Apache uses
Syntax: BS2000Account account
none
Context: server config
Status: core
Compatibility: BS2000Account is only available for BS2000 machines, as of Apache 1.3 and later.
The BS2000Account directive is available for BS2000 hosts only. It must be used to define the account number for the non-privileged apache server user (which was configured using the User directive). This is required by the BS2000 POSIX subsystem (to change the underlying BS2000 task environment by performing a sub-LOGON) to prevent CGI scripts from accessing resources of the privileged account which started the server, usually SYSROOT
Only one BS2000Account directive can be used.
See Also: Apache EBCDIC port
ClearModuleList directive
Syntax:
Context: server config
Status: core
ClearModuleList is only available in Apache 1.2 and later
The server comes with a built-in list of active modules. This directive clears the list. It is assumed that the list will then be re-populated using the AddModule directive.
ContentDigest directive
Syntax: ContentDigest on|off
Default: ContentDigest off
Context: server config, virtual host, directory, .htaccess
Override: Options
Status: experimental
Compatibility: ContentDigest is only available in Apache 1.1 and later
This directive enables the generation of Content-MD5 headers as defined in RFC1864 respectively RFC2068.
MD5 is an algorithm for computing a "message digest" (sometimes called "fingerprint") of arbitrary-length data, with a high degree of confidence that any alterations in the data will be reflected in alterations in the message digest.
The Content-MD5 header provides an end-to-end message integrity check (MIC) of the entity-body. A proxy or client may check this header for detecting accidental modification of the entity-body in transit. Example header:
Content-MD5: AuLb7Dp1rqtRtxz2m9kRpA==
Note that this can cause performance problems on your server since the message digest is computed on every request (the values are not cached).
is only sent for documents served by the core, and not by any module. For example, SSI documents, output from CGI scripts, and byte range responses do not have this header.
CoreDumpDirectory directive
Syntax: CoreDumpDirectory directory
Default: the same location as ServerRoot
Context: server config
Status: core
This controls the directory to which Apache attempts to switch before dumping core. The default is in the ServerRoot directory, however since this should not be writable by the user the server runs as, core dumps won't normally get written. If you want a core dump for debugging, you can use this directive to place it in a different location.
DefaultType directive
Syntax: DefaultType MIME-type
Default:DefaultType text/html
Context: server config, virtual host, directory, .htaccess
Override: FileInfo
Status: core
There will be times when the server is asked to provide a document whose type cannot be determined by its MIME types mappings.
The server must inform the client of the content-type of the document, so in the event of an unknown type it uses the DefaultType. For example:
DefaultType image/gif
would be appropriate for a directory which contained many gif images with filenames missing the .gif extension.
<
Directory> directive
Syntax: <Directory > ... </Directory>
Context: server config, virtual host
Status: Core.
<Directory> and </Directory> are used to enclose a group of directives which will apply only to the named directory and sub-directories of that directory. Any directive which is allowed in a directory context may be used. Directory is either the full path to a directory, or a wild-card string. In a wild-card string, `?' matches any single character, and `*' matches any sequences of characters. As of Apache 1.3, you may also use `[]' character ranges like in the shell. Also as of Apache 1.3 none of the wildcards match a `/' character, which more closely mimics the behaviour of Unix shells. Example:
Options Indexes FollowSymLinks
</Directory>
Apache 1.2 and above: Extended regular expressions can also be used, with the addition of the ~ character. For example:
<Directory ~ "^/www/.*/[0-9]{3}">
would match directories in /www/ that consisted of three numbers.
If multiple (non-regular expression) directory sections match the directory (or its parents) containing a document, then the directives are applied in the order of shortest match first, interspersed with the directives from the .htaccess files. For example, with
<Directory />
AllowOverride None
</Directory>
AllowOverride FileInfo
</Directory>
for access to the document /home/web/dir/doc.html the steps are:
Apply directive AllowOverride None (disabling .htaccess files).
Apply directive AllowOverride FileInfo (for directory /home/web).
Apply any FileInfo directives in /home/web/.htaccess
Regular expression directory sections are handled slightly differently by Apache 1.2 and 1.3. In Apache 1.2 they are interspersed with the normal directory sections and applied in the order they appear in the configuration file. They are applied only once, and apply when the shortest match possible occurs. In Apache 1.3 regular expressions are not considered until after all of the normal sections have been applied. Then all of the regular expressions are tested in the order they appeared in the configuration file. For example, with
<Directory ~ abc$>
... directives here ...
</Directory>
Suppose that the filename being accessed is /home/abc/public_html/abc/index.html. The server considers each of /, /home, /home/abc, /home/abc/public_html, and /home/abc/public_html/abc in that order. In Apache 1.2, when /home/abc.htaccess files have been applied. Then the regular expression will match on /home/abc/public_html/abc and be applied.
Allow from All. This means that Apache will serve any file mapped from an URL. It is recommended that you change this with a block such as
<Directory />
Order Deny,Allow
Deny from All
</Directory>
and then override this for directories you want accessible. See the Security Tips page for more details.
The directory sections typically occur in the access.conf file, but they may appear in any configuration file. <Directory> directives cannot nest, and cannot appear in a <Limit><LimitExcept> section.
See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received
<
DirectoryMatch>
Syntax: <DirectoryMatch regex> ... </DirectoryMatch>
Context: server config, virtual host
Status: Core.
Compatibility: Available in Apache 1.3 and later
<Directory>. However, it takes as an argument a regular expression. For example:
<DirectoryMatch "^/www/.*/[0-9]{3}">
would match directories in /www/ that consisted of three numbers.
See Also: <Directory> for a description of how regular expressions are mixed in with normal <Directory>s.
See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received
DocumentRoot directive
Syntax: DocumentRoot directory-filename
Default: DocumentRoot /usr/local/apache/htdocs
Context: server config, virtual host
Status: core
This directive sets the directory from which httpd will serve files. Unless matched by a directive like Alias, the server appends the path from the requested URL to the document root to make the path to the document. Example:
DocumentRoot /usr/web
then an access to http://www.my.host.com/index.html refers to /usr/web/index.html.
There appears to be a bug in mod_dir which causes problems when the DocumentRoot has a trailing slash (i.e., "DocumentRoot /usr/web/") so please avoid that.
ErrorDocument directive
Syntax:error-code document
Context: server config, virtual host, directory, .htaccess
Status: core
Override: FileInfo
Compatibility: The directory and .htaccess contexts are only available in Apache 1.1 and later.
In the event of a problem or error, Apache can be configured to do one of four things,
| 1. | output a simple hardcoded error message |
| 2. | output a customized message |
| 3. | redirect to a local URL to handle the problem/error |
| 4. | redirect to an external URL to handle the problem/error |
The first option is the default, while options 2-4 are configured using the ErrorDocument directive, which is followed by the HTTP response code and a message or URL.
Messages in this context begin with a single quote ("), which does not form part of the message itself. Apache will sometimes offer additional information regarding the problem/error.
URLs can begin with a slash (/) for local URLs, or be a full URL which the client can resolve. Examples:
ErrorDocument 500 http://foo.example.com/cgi-bin/tester
ErrorDocument 404 /cgi-bin/bad_urls.pl
ErrorDocument 401 /subscription_info.html
ErrorDocument 403 "Sorry can't allow you access today
Note that when you specify an ErrorDocument that points to a remote url(ie. anything with a method such as "http" in front of it) Apache will send a redirect to the client to tell it where to find the document, even if the document ends up being on the same server.. This has several implications, the most important being that if you use an "ErrorDocument 401" directive then it must refer to a local document. This results from the nature of the HTTP basic authentication scheme.
See Also: documentation of customizable responses.
ErrorLog directive
Syntax: ErrorLog |syslog[:facility]
Default: ErrorLog logs/error_log (Unix)
Default: ErrorLog logs/error.log (Windows and OS/2)
Context: server config, virtual host
Status: core
The error log directive sets the name of the file to which the server will log any errors it encounters. If the filename does not begin with a slash (/) then it is assumed to be relative to the ServerRoot. If the filename begins with a pipe (|) then it is assumed to be a command to spawn to handle the error log.
Using syslog instead of a filename enables logging via syslogd(8) if the system supports it. The default is to use syslog facility local7, but you can override this by using the syslog:facility syntax where facility can be one of the names usually documented in syslog(1).
SECURITY: See the security tips document for details on why your security could be compromised if the directory where logfiles are stored is writable by anyone other than the user that starts the server.
LogLevel
<
Syntax: <Files filename> ... </Files>
Context: server config, virtual host, .htaccess
Status: core
Compatibility: only available in Apache 1.2 and above.
The <Files> directive provides for access control by filename. It is comparable to the <Directory> directive and <Location> directives. It should be matched with a </Files> directive. The directives given within this section will be applied to any object with a basename (last component of filename) matching the specified filename. <Files> sections are processed in the order they appear in the configuration file, after the <Directory> sections and files are read, but before <Location> sections. Note that <Files> can be nested inside <Directory> sections to restrict the portion of the filesystem they apply to.
The filename argument should include a filename, or a wild-card string, where `?' matches any single character, and `*' matches any sequences of characters. Extended regular expressions can also be used, with the addition of the ~ character. For example:
<Files ~ "\.(gif|jpe?g|png)$">
would match most common Internet graphics formats. In Apache 1.3 and later, <FilesMatch>
Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside .htaccess files. This allows users to control access to their own files, at a file-by-file level.
See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received
<
FilesMatch>
Syntax: <FilesMatch regex> ... </FilesMatch>
Context: server config, virtual host, .htaccess
Status: core
Compatibility: only available in Apache 1.3 and above.
The <FilesMatch> directive provides for access control by filename, just as the <Files> directive does. However, it accepts a regular expression. For example:
<FilesMatch "\.(gif|jpe?g|png)$">
would match most common Internet graphics formats.
See also: How Directory, Location and Files sections work for an explanation of how these different sections are combined when a request is received
Group directive
Syntax: Group unix-group
Default: Group #-1
Context: server config, virtual host
Status: core
The Group directive sets the group under which the server will answer requests. In order to use this directive, the stand-alone server must be run initially as root. Unix-group is one of:
A group name
Refers to the given group by name.
# followed by a group number.
Refers to a group by its number.
It is recommended that you set up a new group specifically for running the server. Some admins use user nobody, but this is not always possible or desirable.
Note: if you start the server as a non-root user, it will fail to change to the specified group, and will instead continue to run as the group of the original user.
Special note: Use of this directive in <VirtualHost> requires a properly configured suEXEC wrapper. When used inside a <VirtualHost> in this manner, only the group that CGIs are run as is affected. Non-CGI requests are still processed as the group specified in the main Group directive.
SECURITY: See User for a discussion of the security considerations.
HostNameLookups directive
Syntax: HostNameLookups on | off | double
Default: HostNameLookups off
Context: server config, virtual host, directory
Status: core
Compatibility:double available only in Apache 1.3 and above.
Compatibility: Default was on prior to Apache 1.3.
This directive enables DNS lookups so that host names can be logged (and passed to CGIs/SSIs in REMOTE_HOST). The value double refers to doing double-reverse DNS. That is, after a reverse lookup is performed, a forward lookup is then performed on that result. At least one of the ip addresses in the forward lookup must match the original address. (In "tcpwrappers" terminology this is called .)
Regardless of the setting, when mod_accessHostnameLookups double. For example, if only HostnameLookups on and a request is made to an object that is protected by hostname restrictions, regardless of whether the double-reverse fails or not, CGIs will still be passed the single-reverse result in | 
