brigade should have no side effects (such as changing any state
private to the filter).</p>
- <div class="example"><h3>How to handle an empty brigade</h3><p><code>
- <pre class="prettyprint lang-c">
+ <div class="example"><h3>How to handle an empty brigade</h3><pre class="prettyprint lang-c">
apr_status_t dummy_filter(ap_filter_t *f, apr_bucket_brigade *bb)<br />
{
if (APR_BRIGADE_EMPTY(bb)) {
}
....
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<p>Taking an example which loops through the entire brigade as
follows:</p>
- <div class="example"><h3>Bad output filter -- do not imitate!</h3><p><code>
- <pre class="prettyprint lang-c">
+ <div class="example"><h3>Bad output filter -- do not imitate!</h3><pre class="prettyprint lang-c">
apr_bucket *e = APR_BRIGADE_FIRST(bb);
const char *data;
apr_size_t len;
return ap_pass_brigade(bb);
</pre>
-
- </code></p></div>
+</div>
<p>The above implementation would consume memory proportional to
content size. If passed a <code>FILE</code> bucket, for example,
amount of memory to filter any brigade; a temporary brigade is
needed and must be allocated only once per response, see the <a href="#state">Maintaining state</a> section.</p>
- <div class="example"><h3>Better output filter</h3><p><code>
-<pre class="prettyprint lang-c">
+ <div class="example"><h3>Better output filter</h3><pre class="prettyprint lang-c">
apr_bucket *e;
const char *data;
apr_size_t len;
apr_brigade_cleanup(tmpbb);
}
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
temporary brigade in such a structure, to avoid having to allocate
a new brigade per invocation as described in the <a href="#brigade">Brigade structure</a> section.</p>
- <div class="example"><h3>Example code to maintain filter state</h3><p><code>
- <pre class="prettyprint lang-c">
+ <div class="example"><h3>Example code to maintain filter state</h3><pre class="prettyprint lang-c">
struct dummy_state {
apr_bucket_brigade *tmpbb;
int filter_state;
}
...
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
script; reading from such a bucket will block when waiting for the
CGI script to produce more output.</p>
- <div class="example"><h3>Example code using non-blocking bucket reads</h3><p><code>
-
- <pre class="prettyprint lang-c">
+ <div class="example"><h3>Example code using non-blocking bucket reads</h3><pre class="prettyprint lang-c">
apr_bucket *e;
apr_read_type_e mode = APR_NONBLOCK_READ;
...
}
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<p><code>.htaccess</code> file in <code>/www/htdocs/example</code>:</p>
<div class="example"><h3>Contents of .htaccess file in
- <code>/www/htdocs/example</code></h3><p><code>
- <pre class="prettyprint lang-config">AddType text/example .exm</pre>
-
- </code></p></div>
+ <code>/www/htdocs/example</code></h3><pre class="prettyprint lang-config">AddType text/example .exm</pre>
+</div>
<div class="example"><h3>Section from your <code>httpd.conf</code>
- file</h3><p><code>
- <pre class="prettyprint lang-config">
+ file</h3><pre class="prettyprint lang-config">
<Directory /www/htdocs/example><br />
AddType text/example .exm<br />
</Directory>
</pre>
-
- </code></p></div>
+</div>
<p>However, putting this configuration in your server configuration
file will result in less of a performance hit, as the configuration is
environment variables. The handler used for the particular request
is passed using the <code>REDIRECT_HANDLER</code> variable.</p>
- <div class="example"><h3>Example: MIME type</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example: MIME type</h3><pre class="prettyprint lang-config">
# Requests for files of a particular MIME content type:
Action image/gif /cgi-bin/images.cgi
</pre>
-
- </code></p></div>
+</div>
<p>In this example, requests for files with a MIME content
type of <code>image/gif</code> will be handled by the
specified cgi script <code>/cgi-bin/images.cgi</code>.</p>
- <div class="example"><h3>Example: File extension</h3><p><code>
-
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example: File extension</h3><pre class="prettyprint lang-config">
# Files of a particular file extension
AddHandler my-file-type .xyz
Action my-file-type /cgi-bin/program.cgi
</pre>
-
- </code></p></div>
+</div>
<p>In this example, requests for files with a file extension of
<code>.xyz</code> are handled by the specified cgi script
<code>/cgi-bin/program.cgi</code>.</p>
The default <code>file</code> provider is implemented
by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure
that the chosen provider module is present in the server.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Location /secure>
AuthType basic
AuthName "private area"
Require valid-user
</Location>
</pre>
-
- </code></p></div>
+</div>
<p> Providers are queried in order until a provider finds a match
for the requested username, at which point this sole provider will
attempt to check the password. A failure to verify the password does
<p>Appropriate user (text) files can be created using the
<code class="program"><a href="../programs/htdigest.html">htdigest</a></code> tool.</p>
- <div class="example"><h3>Example:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">
<Location /private/>
AuthType Digest
AuthName "private area"
Require valid-user
</Location>
</pre>
-
- </code></p></div>
+</div>
<div class="note"><h3>Note</h3>
<p>Digest authentication is more secure than Basic authentication,
remove the query string from the digest comparison. Using this
method would look similar to the following.</p>
- <div class="example"><h3>Using Digest Authentication with MSIE:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Using Digest Authentication with MSIE:</h3><pre class="prettyprint lang-config">
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
</pre>
-
- </code></p></div>
+</div>
<p>This workaround is not necessary for MSIE 7, though enabling it does
not cause any compatibility issues or significant overhead.</p>
a file using <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>. If authentication is unsuccessful,
the user will be redirected to the form login page.</p>
- <div class="example"><h3>Basic example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Basic example</h3><pre class="prettyprint lang-config">
AuthFormProvider file
AuthUserFile conf/passwd
AuthType form
SessionCookieName session path=/
SessionCryptoPassphrase secret
</pre>
-
- </code></p></div>
+</div>
<p>The directive <code class="directive"><a href="../mod/mod_authn_core.html#authtype">AuthType</a></code> will enable
the <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> authentication when set to the value <var>form</var>.
The action of the form should point at this handler, which is configured within
Apache httpd as follows:</p>
- <div class="example"><h3>Form login handler example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Form login handler example</h3><pre class="prettyprint lang-config">
<Location /dologin.html>
SetHandler form-login-handler
AuthFormLoginRequiredLocation http://example.com/login.html
SessionCryptoPassphrase secret
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>The URLs specified by the
<code class="directive"><a href="#authformloginrequiredlocation">AuthFormLoginRequiredLocation</a></code> directive will typically
returned by the <var>HTTP_UNAUTHORIZED</var> status code with a custom error document
containing the login form, as follows:</p>
- <div class="example"><h3>Basic inline example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Basic inline example</h3><pre class="prettyprint lang-config">
AuthFormProvider file
ErrorDocument 401 /login.shtml
AuthUserFile conf/passwd
SessionCookieName session path=/
SessionCryptoPassphrase secret
</pre>
-
- </code></p></div>
+</div>
<p>The error document page should contain a login form with an empty action property,
as per the example below. This has the effect of submitting the form to
<p>Another option is to render the login form using a CGI script or other dynamic
technology.</p>
- <div class="example"><h3>CGI example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>CGI example</h3><pre class="prettyprint lang-config">
AuthFormProvider file
<strong>ErrorDocument 401 /cgi-bin/login.cgi</strong>
...
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
logout. This URL might explain to the user that they have been logged out, and
give the user the option to log in again.</p>
- <div class="example"><h3>Basic logout example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Basic logout example</h3><pre class="prettyprint lang-config">
SetHandler form-logout-handler
AuthName realm
AuthFormLogoutLocation http://example.com/loggedout.html
SessionCookieName session path=/
SessionCryptoPassphrase secret
</pre>
-
- </code></p></div>
+</div>
<p>Note that logging a user out does not delete the session; it merely removes
the username and password from the session. If this results in an empty session,
value, like 1 (setting the directive to zero would mean no session age limit).
</p>
- <div class="example"><h3>Basic session expiry example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Basic session expiry example</h3><pre class="prettyprint lang-config">
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<p>When a URI is accessed that is served by the handler <code>form-logout-handler</code>,
the page specified by this directive will be shown to the end user. For example:</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Location /logout>
SetHandler form-logout-handler
AuthFormLogoutLocation http://example.com/loggedout.html
#...
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>An attempt to access the URI <var>/logout/</var> will result in the user being logged
out, and the page <var>/loggedout.html</var> will be displayed. Make sure that the page
by the <code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code> module. Make sure
that the chosen provider module is present in the server.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Location /secure>
AuthType form
AuthName "private area"
#...
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>Providers are implemented by <code class="module"><a href="../mod/mod_authn_dbm.html">mod_authn_dbm</a></code>,
<code class="module"><a href="../mod/mod_authn_file.html">mod_authn_file</a></code>, <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>,
(<code class="directive"><a href="#anonymous_logemail">Anonymous_LogEmail</a></code>)</li>
</ul>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Directory /var/www/html/private>
AuthName "Use 'anonymous' & Email address for guest entry"
AuthType Basic
Require valid-user
</Directory>
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="Anonymous" id="Anonymous">Anonymous</a> <a name="anonymous" id="anonymous">Directive</a></h2>
'<code>anonymous</code>' is always one of the allowed
userIDs.</p>
- <div class="example"><h3>Example:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">
Anonymous anonymous "Not Registered" "I don't know"
</pre>
-
- </code></p></div>
+</div>
<p>This would allow the user to enter without password
verification by using the userIDs "anonymous",
<p>This example checks for passwords in two different text
files.</p>
- <div class="example"><h3>Checking multiple text password files</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Checking multiple text password files</h3><pre class="prettyprint lang-config">
# Check here first
<AuthnProviderAlias file file1>
AuthUserFile /www/conf/passwords1
Require valid-user
</Directory>
</pre>
-
- </code></p></div>
+</div>
<p>The example below creates two different ldap authentication
provider aliases based on the ldap provider. This allows
a single authenticated location to be serviced by multiple ldap
hosts:</p>
- <div class="example"><h3>Checking multiple LDAP servers</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Checking multiple LDAP servers</h3><pre class="prettyprint lang-config">
<AuthnProviderAlias ldap ldap-alias1>
AuthLDAPBindDN cn=youruser,o=ctx
AuthLDAPBindPassword yourpassword
Require valid-user
</Directory>
</pre>
-
- </code></p></div>
+</div>
</div>
<code class="directive"><a href="../mod/mod_mime.html#addoutputfilter">AddOutputFilter</a></code> or
<code class="directive"><a href="../mod/mod_filter.html#addoutputfilterbytype">AddOutputFilterByType</a></code> directives.</p>
- <div class="example"><h3>Using buffer with mod_include</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Using buffer with mod_include</h3><pre class="prettyprint lang-config">
AddOutputFilterByType INCLUDES;BUFFER text/html
</pre>
-
- </code></p></div>
+</div>
<div class="warning">The buffer filters read the request/response into
RAM and then repack the request/response into the fewest memory
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="sampleconf" id="sampleconf">Sample Configuration</a></h2>
- <div class="example"><h3>Sample httpd.conf</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Sample httpd.conf</h3><pre class="prettyprint lang-config">
#
# Sample Cache Configuration
#
CacheDisable http://security.update.server/update-list/
</IfModule>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="thunderingherd" id="thunderingherd">Avoiding the Thundering Herd</a></h2>
<h3>Example configuration</h3>
- <div class="example"><h3>Enabling the cache lock</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Enabling the cache lock</h3><pre class="prettyprint lang-config">
#
# Enable the cache lock
#
CacheLockMaxAge 5
</IfModule>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code> to <em>not</em> cache urls at or below
<var>url-string</var>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
CacheDisable /local_files
</pre>
-
- </code></p></div>
+</div>
<p>If used in a <code class="directive"><Location></code> directive,
the path needs to be specified below the Location, or if the word "on"
is used, caching for the whole location will be disabled.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Location /foo>
CacheDisable on
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>The <code>no-cache</code> environment variable can be set to
disable caching on a finer grained set of resources in versions
behaviour), <code class="directive">CacheIgnoreHeaders</code> can be set to
<code>None</code>.</p>
- <div class="example"><h3>Example 1</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example 1</h3><pre class="prettyprint lang-config">
CacheIgnoreHeaders Set-Cookie
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Example 2</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example 2</h3><pre class="prettyprint lang-config">
CacheIgnoreHeaders None
</pre>
-
- </code></p></div>
+</div>
<div class="warning"><h3>Warning:</h3>
If headers like <code>Expires</code> which are needed for proper cache
<p><code>CacheIgnoreURLSessionIdentifiers None</code> clears the list of ignored
identifiers. Otherwise, each identifier is added to the list.</p>
- <div class="example"><h3>Example 1</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example 1</h3><pre class="prettyprint lang-config">
CacheIgnoreURLSessionIdentifiers jsessionid
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Example 2</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example 2</h3><pre class="prettyprint lang-config">
CacheIgnoreURLSessionIdentifiers None
</pre>
-
- </code></p></div>
+</div>
</div>
taken relative to the <code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.
</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ScriptLog logs/cgi_log
</pre>
-
- </code></p></div>
+</div>
<p>This log will be opened as the user the child processes run
as, <em>i.e.</em> the user specified in the main <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive. This means that
scripts, it is important that no other user has permission to
write in the directory where the socket is located.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ScriptSock /var/run/cgid.sock
</pre>
-
- </code></p></div>
+</div>
</div>
<a class="glossarylink" href="../glossary.html#apr" title="see glossary">APR</a>. Generally, this means that it must be
supported by iconv.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Directory /export/home/trawick/apacheinst/htdocs/convert>
CharsetSourceEnc UTF-16BE
CharsetDefault ISO-8859-1
</Directory>
</pre>
-
- </code></p></div>
+</div>
<div class="note">
Specifying the same charset for both <code class="directive"><a href="#charsetsourceenc">CharsetSourceEnc</a></code>
<a class="glossarylink" href="../glossary.html#apr" title="see glossary">APR</a>. Generally, this means that it must be
supported by iconv.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Directory /export/home/trawick/apacheinst/htdocs/convert>
CharsetSourceEnc UTF-16BE
CharsetDefault ISO-8859-1
</Directory>
</pre>
-
- </code></p></div>
+</div>
<p>The character set names in this example work with the iconv
translation support in Solaris 8.</p>
or any of the directives supported by the <code class="module"><a href="../mod/mod_filter.html">mod_filter</a></code>
module.</p>
- <div class="example"><h3>Configuring the filter</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Configuring the filter</h3><pre class="prettyprint lang-config">
<Location /data/images>
SetOutputFilter DATA
</Location>
</pre>
-
- </code></p></div>
+</div>
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
directive. The "normal" <code class="directive"><a href="../mod/core.html#limitrequestbody">LimitRequestBody</a></code> directive has no effect on DAV
requests.</p>
- <div class="example"><h3>Full Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Full Example</h3><pre class="prettyprint lang-config">
DavLockDB /usr/local/apache2/var/DavLock
<Directory /usr/local/apache2/htdocs/foo>
</LimitExcept>
</Directory>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
(like 600 seconds) to reduce the chance of the client losing
the lock due to network latency.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Location /MSWord>
DavMinTimeout 600
</Location>
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
will be invoked by using the <code class="directive"><a href="../mod/mod_dav.html#dav">Dav</a></code>
directive:</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
Dav filesystem
</pre>
-
- </code></p></div>
+</div>
<p>Since <code>filesystem</code> is the default provider for
<code class="module"><a href="../mod/mod_dav.html">mod_dav</a></code>, you may simply use the value
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DavLockDB var/DavLock
</pre>
-
- </code></p></div>
+</div>
<p>The directory containing the lock database file must be
writable by the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code>
<code class="module"><a href="../mod/mod_dav_lock.html">mod_dav_lock</a></code> uses a SDBM database to track user
locks.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DavGenericLockDB var/DavLock
</pre>
-
- </code></p></div>
+</div>
<p>The directory containing the lock database file must be
writable by the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code>
<h2><a name="recommended" id="recommended">Sample Configurations</a></h2>
<p>This is a simple sample configuration for the impatient.</p>
- <div class="example"><h3>Compress only a few types</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Compress only a few types</h3><pre class="prettyprint lang-config">
AddOutputFilterByType DEFLATE text/html text/plain text/xml
</pre>
-
- </code></p></div>
+</div>
<p>The following configuration, while resulting in more compressed content,
is also much more complicated. Do not use this unless you fully understand
all the configuration details.</p>
- <div class="example"><h3>Compress everything except images</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Compress everything except images</h3><pre class="prettyprint lang-config">
<Location />
# Insert filter
SetOutputFilter DEFLATE
Header append Vary User-Agent env=!dont-vary
</Location>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<code>Vary</code> header to the value <code>*</code>. This prevents
compliant proxies from caching entirely.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
Header set Vary *
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="DeflateBufferSize" id="DeflateBufferSize">DeflateBufferSize</a> <a name="deflatebuffersize" id="deflatebuffersize">Directive</a></h2>
the directive. You can use that note for statistical purposes by
adding the value to your <a href="../logs.html#accesslog">access log</a>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DeflateFilterNote ratio
LogFormat '"%r" %b (%{ratio}n) "%{User-agent}i"' deflate
CustomLog logs/deflate_log deflate
</pre>
-
- </code></p></div>
+</div>
<p>If you want to extract more accurate values from your logs, you
can use the <var>type</var> argument to specify the type of data
<p>Thus you may log it this way:</p>
- <div class="example"><h3>Accurate Logging</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Accurate Logging</h3><pre class="prettyprint lang-config">
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate
CustomLog logs/deflate_log deflate
</pre>
-
- </code></p></div>
+</div>
<h3>See also</h3>
<ul>
set, the server will generate its own listing of the
directory.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DirectoryIndex index.html
</pre>
-
- </code></p></div>
+</div>
<p>then a request for <code>http://example.com/docs/</code> would
return <code>http://example.com/docs/index.html</code> if it
and returned transparently to the client. <code class="directive">DirectoryIndexRedirect</code> causes an external redirect
to instead be issued.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DirectoryIndexRedirect on
</pre>
-
- </code></p></div>
+</div>
<p>A request for <code>http://example.com/docs/</code> would
return a temporary redirect to <code>http://example.com/docs/index.html</code>
</table>
<p>Enable dumping of all input.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DumpIOInput On
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
</table>
<p>Enable dumping of all output.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DumpIOOutput On
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
<p>The <code class="directive">ProtocolEcho</code> directive enables or
disables the echo server.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProtocolEcho On
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
native OS environment of the shell which invoked the
<code class="program"><a href="../programs/httpd.html">httpd</a></code> process.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
PassEnv LD_LIBRARY_PATH
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p>Sets an internal environment variable, which is then available to Apache
HTTP Server modules, and passed on to CGI scripts and SSI pages.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SetEnv SPECIAL_PATH /foo/bin
</pre>
-
- </code></p></div>
+</div>
<div class="note"><p>The internal environment variables set by this directive are set
<em>after</em> most early request processing directives are run, such as access
<p>Removes one or more internal environment variables from those passed
on to CGI scripts and SSI pages.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
UnsetEnv LD_LIBRARY_PATH
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
the same images (<em>i.e.</em>, the images will be accessed
repeatedly within a relatively short timespan).</p>
- <div class="example"><h3>Example:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example:</h3><pre class="prettyprint lang-config">
# enable expirations
ExpiresActive On
# expire GIF images after a month in the client's cache
# time they were changed
ExpiresByType text/html M604800
</pre>
-
- </code></p></div>
+</div>
<p>Note that this directive only has effect if
<code>ExpiresActive On</code> has been specified. It overrides,
</pre>
- <div class="example"><h3>Here is the filter which traces the data:</h3><p><code>
- <pre class="prettyprint lang-perl">
+ <div class="example"><h3>Here is the filter which traces the data:</h3><pre class="prettyprint lang-perl">
#!/usr/local/bin/perl -w
use strict;
close(SAVE);
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
with filenames rewritten by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> or
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
CacheFile /usr/local/apache/htdocs/index.html
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
with filenames rewritten by <code class="module"><a href="../mod/mod_alias.html">mod_alias</a></code> or
<code class="module"><a href="../mod/mod_rewrite.html">mod_rewrite</a></code>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
MMapFile /usr/local/apache/htdocs/index.html
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
requests will be captured within the same connection if keepalive is
present.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
FirehoseConnectionInput connection-input.firehose
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Multiple requests will be captured within the same connection if
keepalive is present.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
FirehoseConnectionOutput connection-output.firehose
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
</table>
<p>Capture traffic being received by mod_proxy.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
FirehoseProxyConnectionInput proxy-input.firehose
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
</table>
<p>Capture traffic being sent out by mod_proxy.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
FirehoseProxyConnectionOutput proxy-output.firehose
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p>Capture traffic coming into the server on each request. Requests
will be captured separately, regardless of the presence of keepalive.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
FirehoseRequestInput request-input.firehose
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p>Capture traffic going out of the server on each request. Requests
will be captured separately, regardless of the presence of keepalive.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
FirehoseRequestOutput request-output.firehose
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
<p>You will probably want to use <code class="module"><a href="../mod/mod_authz_host.html">mod_authz_host</a></code>
to limit access to your server configuration information.</p>
- <div class="example"><h3>Access control</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Access control</h3><pre class="prettyprint lang-config">
<Location /server-info>
SetHandler server-info
Order allow,deny
Allow from 192.168.1.17
</Location>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="queries" id="queries">Selecting the information shown</a></h2>
to define another nickname. Note that the nickname should not contain
percent signs (<code>%</code>).</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
</pre>
-
- </code></p></div>
+</div>
</div>
which does not define a nickname. Common Log Format is used if no
other format has been specified.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\""
TransferLog logs/access_log
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
<p>In general stat or forever is good for production, and stat or never
for development.</p>
- <div class="example"><h3>Examples:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Examples:</h3><pre class="prettyprint lang-config">
LuaCodeCache stat
LuaCodeCache forever
LuaCodeCache never
</pre>
-
- </code></p></div>
+</div>
</div>
match groups into both the file path and the function name
be careful writing your regular expressions to avoid security
issues.</p>
- <div class="example"><h3>Examples:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Examples:</h3><pre class="prettyprint lang-config">
LuaMapHandler /(\w+)/(/w+) /scripts/$1.lua handle_$2
</pre>
-
- </code></p></div>
+</div>
<p>This would match uri's such as /photos/show?id=9
to the file /scripts/photos.lua and invoke the
handler function handle_show on the lua vm after
conventions as lua. This just munges the package.path in the
lua vms.</p>
- <div class="example"><h3>Examples:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Examples:</h3><pre class="prettyprint lang-config">
LuaPackagePath /scripts/lib/?.lua
LuaPackagePath /scripts/lib/?/init.lua
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
script, but not the file <code>bar.cgi.html</code>, then instead
of using <code>AddHandler cgi-script .cgi</code>, use</p>
- <div class="example"><h3>Configure handler based on final extension only</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Configure handler based on final extension only</h3><pre class="prettyprint lang-config">
<FilesMatch \.cgi$>
SetHandler cgi-script
</FilesMatch>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
overriding any mappings that already exist for the same
<var>extension</var>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
AddLanguage ja .ja
AddCharset EUC-JP .euc
AddCharset ISO-2022-JP .jis
AddCharset SHIFT_JIS .sjis
</pre>
-
- </code></p></div>
+</div>
<p>Then the document <code>xxxx.ja.jis</code> will be treated
as being a Japanese document whose charset is <code>ISO-2022-JP</code>
overriding any mappings that already exist for the same
<var>extension</var>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
AddEncoding x-gzip .gz
AddEncoding x-compress .Z
</pre>
-
- </code></p></div>
+</div>
<p>This will cause filenames containing the <code>.gz</code> extension
to be marked as encoded using the <code>x-gzip</code> encoding, and
This directive overrides any mappings that already exist for the same
<var>extension</var>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
AddEncoding x-compress .Z
AddLanguage en .en
AddLanguage fr .fr
</pre>
-
- </code></p></div>
+</div>
<p>Then the document <code>xxxx.en.Z</code> will be treated as
being a compressed English document (as will the document
<code class="directive"><a href="#typesconfig">TypesConfig</a></code> file.
</div>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
AddType image/gif .gif
</pre>
-
- </code></p></div>
+</div>
<p>Or, to specify multiple file extensions in one directive:</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
AddType image/jpeg jpeg jpg jpe
</pre>
-
- </code></p></div>
+</div>
<p>The <var>extension</var> argument is case-insensitive and can
be specified with or without a leading dot. Filenames may have <a href="#multipleext">multiple extensions</a> and the
can be achieved by qualifying a <var>media-type</var> with
<code>qs</code>:</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
AddType application/rss+xml;qs=0.8 .xml
</pre>
-
- </code></p></div>
+</div>
<p>This is useful in situations, <em>e.g.</em> when a client
requesting <code>Accept: */*</code> can not actually processes
by <code class="directive"><a href="#addlanguage">AddLanguage</a></code>, then no
Content-Language header field will be generated.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
DefaultLanguage en
</pre>
-
- </code></p></div>
+</div>
<h3>See also</h3>
<ul>
<p>This directive is recommended when you have a virtual filesystem.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ModMimeUsePathInfo On
</pre>
-
- </code></p></div>
+</div>
<p>If you have a request for <code>/index.php/foo.shtml</code>
<code class="module"><a href="../mod/mod_mime.html">mod_mime</a></code> will now treat the
<p>The <var>extension</var> argument is case-insensitive and can
be specified with or without a leading dot.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
RemoveCharset .html .shtml
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
any associations inherited from parent directories or the
server config files. An example of its use might be:</p>
- <div class="example"><h3>/foo/.htaccess:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>/foo/.htaccess:</h3><pre class="prettyprint lang-config">
AddEncoding x-gzip .gz
AddType text/plain .asc
<Files *.gz.asc>
RemoveEncoding .gz
</Files>
</pre>
-
- </code></p></div>
+</div>
<p>This will cause <code>foo.gz</code> to be marked as being
encoded with the gzip method, but <code>foo.gz.asc</code> as an
associations inherited from parent directories or the server
config files. An example of its use might be:</p>
- <div class="example"><h3>/foo/.htaccess:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>/foo/.htaccess:</h3><pre class="prettyprint lang-config">
AddHandler server-parsed .html
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>/foo/bar/.htaccess:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>/foo/bar/.htaccess:</h3><pre class="prettyprint lang-config">
RemoveHandler .html
</pre>
-
- </code></p></div>
+</div>
<p>This has the effect of returning <code>.html</code> files in
the <code>/foo/bar</code> directory to being treated as normal
<p>The <var>extension</var> argument is case-insensitive and can
be specified with or without a leading dot.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
RemoveOutputFilter shtml
</pre>
-
- </code></p></div>
+</div>
<h3>See also</h3>
<ul>
directories or the server config files. An example of its use
might be:</p>
- <div class="example"><h3>/foo/.htaccess:</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>/foo/.htaccess:</h3><pre class="prettyprint lang-config">
RemoveType .cgi
</pre>
-
- </code></p></div>
+</div>
<p>This will remove any special handling of <code>.cgi</code>
files in the <code>/foo/</code> directory and any beneath it,
used, in which case the more specific setting overrides the main
server's file.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
MimeMagicFile conf/magic
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
<p>When logged or enforced, a response that should have been conditional
but wasn't will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# non-functional conditional responses should be rejected
PolicyConditional enforce
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
variable is present and equal to the ignore-value, all policies will
be ignored.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# downgrade if POLICY_CONTROL was present
PolicyEnvironment POLICY_CONTROL log ignore
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
</table>
<p>Master switch to enable or disable policies for a given URL space.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# enabled by default
<Location />
PolicyFilter on
PolicyFilter off
</Location>
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<code>Content-Length</code> header and a <code>Transfer-Encoding</code>
of <code>chunked</code> will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# missing Content-Length or Transfer-Encoding should be rejected
PolicyKeepalive enforce
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p>When logged or enforced, a response that lacks an explicit
<code>Content-Length</code> header will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# missing Content-Length header should be rejected
PolicyLength enforce
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<code>Expires</code> header, or where the explicit freshness lifetime is
smaller than the given value, will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# reject responses with a freshness lifetime shorter than a day
PolicyMaxage enforce 86400
</pre>
-
- </code></p></div>
+</div>
</div>
using the <code>Cache-Control</code> or <code>Pragma</code> headers will
be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# Cache-Control: no-cache will be rejected
PolicyNocache enforce
</pre>
-
- </code></p></div>
+</div>
</div>
header, where the <code>Content-Type</code> header is malformed, or where the
header does not match the given pattern or patterns will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# enforce json or XML
PolicyType enforce application/json text/xml
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# malformed content type should be rejected
PolicyType enforce */*
</pre>
-
- </code></p></div>
+</div>
</div>
<code>ETag</code> header or a <code>Last-Modified</code> header, or where
either header is syntactically incorrect, will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# no ETag or Last-Modified will be rejected
PolicyValidation enforce
</pre>
-
- </code></p></div>
+</div>
</div>
header which in turn contains one of the headers listed, will be
rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# reject reponses with "User-Agent" listed in the Vary header
PolicyVary enforce User-Agent
</pre>
-
- </code></p></div>
+</div>
</div>
<p>When logged or enforced, a request with a version lower than specified
will be rejected.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# reject requests with an HTTP version older than HTTP/1.1
PolicyVersion enforce HTTP/1.1
</pre>
-
- </code></p></div>
+</div>
</div>
<p>In addition, if you wish to have caching enabled, consult
the documentation from <code class="module"><a href="../mod/mod_cache.html">mod_cache</a></code>.</p>
- <div class="example"><h3>Reverse Proxy</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Reverse Proxy</h3><pre class="prettyprint lang-config">
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Forward Proxy</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Forward Proxy</h3><pre class="prettyprint lang-config">
ProxyRequests On
ProxyVia On
Require host internal.example.com
</Proxy>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="workers" id="workers">Workers</a></h2>
always served directly, without forwarding to the configured
<code class="directive"><a href="#proxyremote">ProxyRemote</a></code> proxy server(s).</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxyRemote * http://firewall.example.com:81
NoProxy .example.com 192.168.112.0/21
</pre>
-
- </code></p></div>
+</div>
<p>The <var>host</var> arguments to the <code class="directive">NoProxy</code>
directive are one of the following type list:</p>
may be hostnames during startup, and cache them for match test as
well. That may slow down the startup time of the server.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxyBlock news.example.com auctions.example.com friends.example.com
</pre>
-
- </code></p></div>
+</div>
<p>Note that <code>example</code> would also be sufficient to match any
of these sites.</p>
response to the same host with the configured <var>Domain</var> appended
will be generated.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxyRemote * http://firewall.example.com:81<br />
NoProxy .example.com 192.168.112.0/21<br />
ProxyDomain .example.com
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<code>Max-Forwards</code> header supplied with the request. This may
be set to prevent infinite proxy loops, or a DoS attack.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxyMaxForwards 15
</pre>
-
- </code></p></div>
+</div>
<p>Note that setting <code class="directive">ProxyMaxForwards</code> is a
violation of the HTTP/1.1 protocol (RFC2616), which forbids a Proxy
to <code>0</code> to indicate that the system's default buffer size should
be used.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxyReceiveBufferSize 2048
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
are supported by this module. When using <code>https</code>, the requests
are forwarded through the remote proxy using the HTTP CONNECT method.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxyRemote http://goodguys.example.com/ http://mirrorguys.example.com:8000
ProxyRemote * http://cleverproxy.localdomain
ProxyRemote ftp http://ftpproxy.mydomain:8080
</pre>
-
- </code></p></div>
+</div>
<p>In the last example, the proxy will forward FTP requests, encapsulated
as yet another HTTP proxy request, to another proxy which can handle
<code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> instead of a
<code class="directive"><a href="#proxypass">ProxyPass</a></code> directive.</p>
- <div class="example"><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><pre class="prettyprint lang-config">
<Proxy balancer://hotcluster>
BalancerMember http://www2.example.com:8080 loadfactor=1
BalancerMember http://www3.example.com:8080 loadfactor=2
ProxySet lbmethod=bytraffic
</Proxy>
</pre>
-
- </code></p></div>
+</div>
<pre class="prettyprint lang-config">
<Proxy http://backend>
(e.g. Apache Tomcat) using the AJP13 protocol. The usage is similar to
an HTTP reverse proxy, but uses the <code>ajp://</code> prefix:</p>
- <div class="example"><h3>Simple Reverse Proxy</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Simple Reverse Proxy</h3><pre class="prettyprint lang-config">
ProxyPass /app ajp://backend.example.com:8009/app
</pre>
-
- </code></p></div>
+</div>
<p>Balancers may also be used:</p>
- <div class="example"><h3>Balancer Reverse Proxy</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Balancer Reverse Proxy</h3><pre class="prettyprint lang-config">
<Proxy balancer://cluster>
BalancerMember ajp://app1.example.com:8009 loadfactor=1
BalancerMember ajp://app2.example.com:8009 loadfactor=2
</Proxy>
ProxyPass /app balancer://cluster/app
</pre>
-
- </code></p></div>
+</div>
<p>Note that usually no
<code class="directive"><a href="../mod/mod_proxy.html#proxypassreverse">ProxyPassReverse</a></code>
backend. In this case, a redirect header can be rewritten relative to the
original host URL (not the backend <code>ajp://</code> URL), for
example:</p>
- <div class="example"><h3>Rewriting Proxied Path</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Rewriting Proxied Path</h3><pre class="prettyprint lang-config">
ProxyPass /apps/foo ajp://backend.example.com:8009/foo
ProxyPassReverse /apps/foo http://www.example.com/foo
</pre>
-
- </code></p></div>
+</div>
<p>However, it is usually better to deploy the application on the backend
server at the same path as the proxy rather than to take this approach.
</p>
<p>Remember, in order to make the following examples work, you have to
enable <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="../mod/mod_proxy_fcgi.html">mod_proxy_fcgi</a></code>.</p>
- <div class="example"><h3>Single application instance</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Single application instance</h3><pre class="prettyprint lang-config">
ProxyPass /myapp/ fcgi://localhost:4000/
</pre>
-
- </code></p></div>
+</div>
<p>This application should be able to handle multiple concurrent
connections. <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> enables connection reuse by
reuse on the <code class="directive">ProxyPass</code> directive, as shown in
the following example:</p>
- <div class="example"><h3>Single application instance, no connection reuse</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Single application instance, no connection reuse</h3><pre class="prettyprint lang-config">
ProxyPass /myapp/ fcgi://localhost:4000/ disablereuse=on
</pre>
-
- </code></p></div>
+</div>
<p>The balanced gateway needs <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> and
at least one load balancer algorithm module, such as
modules listed above. <code class="module"><a href="../mod/mod_lbmethod_byrequests.html">mod_lbmethod_byrequests</a></code> is the
default, and will be used for this example configuration.</p>
- <div class="example"><h3>Balanced gateway to multiple application instances</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Balanced gateway to multiple application instances</h3><pre class="prettyprint lang-config">
ProxyPass /myapp/ balancer://myappcluster/
<Proxy balancer://myappcluster/>
BalancerMember fcgi://localhost:4000/
BalancerMember fcgi://localhost:4001/
</Proxy>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="env" id="env">Environment Variables</a></h2>
<div class="example"><pre>application/octet-stream bin dms lha lzh exe class tgz taz</pre></div>
<p>Alternatively you may prefer to default everything to binary:</p>
- <div class="example"><p><code>
- <pre class="prettyprint lang-config">ForceType application/octet-stream</pre>
-
- </code></p></div>
+ <div class="example"><pre class="prettyprint lang-config">ForceType application/octet-stream</pre>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="type" id="type">How can I force an FTP ASCII download of
<p>Remember, in order to make the following examples work, you have to
enable <code class="module"><a href="../mod/mod_proxy.html">mod_proxy</a></code> and <code class="module"><a href="../mod/mod_proxy_scgi.html">mod_proxy_scgi</a></code>.</p>
- <div class="example"><h3>Simple gateway</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Simple gateway</h3><pre class="prettyprint lang-config">
ProxyPass /scgi-bin/ scgi://localhost:4000/
</pre>
-
- </code></p></div>
+</div>
<p>The balanced gateway needs <code class="module"><a href="../mod/mod_proxy_balancer.html">mod_proxy_balancer</a></code> and
at least one load balancer algorithm module, such as
modules listed above. <code class="module"><a href="../mod/mod_lbmethod_byrequests.html">mod_lbmethod_byrequests</a></code> is the
default, and will be used for this example configuration.</p>
- <div class="example"><h3>Balanced gateway</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Balanced gateway</h3><pre class="prettyprint lang-config">
ProxyPass /scgi-bin/ balancer://somecluster/
<Proxy balancer://somecluster/>
BalancerMember scgi://localhost:4000/
BalancerMember scgi://localhost:4001/
</Proxy>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="env" id="env">Environment Variables</a></h2>
<code class="module"><a href="../mod/mod_cgi.html">mod_cgi</a></code> in this regard, except that you can turn off the
feature.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ProxySCGIInternalRedirect Off
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
the argument is applied as header name.</dd>
</dl>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# Use the default header (X-Sendfile)
ProxySCGISendfile On
# Use a different header
ProxySCGISendfile X-Send-Static
</pre>
-
- </code></p></div>
+</div>
</div>
</div>
The connection speed to be simulated is specified, in KiB/s, using the environment
variable <code>rate-limit</code>.</p>
-<div class="example"><h3>Example Configuration</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example Configuration</h3><pre class="prettyprint lang-config">
<Location /downloads>
SetOutputFilter RATE_LIMIT
SetEnv rate-limit 400
</Location>
</pre>
-
-</code></p></div>
+</div>
</div>
<div id="quickview"><h3 class="directives">Directives</h3>
other directives are used, <code class="module"><a href="../mod/mod_remoteip.html">mod_remoteip</a></code> will trust all
hosts presenting a <code class="directive">RemoteIPHeader</code> IP value.</p>
- <div class="example"><h3>Internal (Load Balancer) Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config">
RemoteIPHeader X-Client-IP
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Proxy Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Proxy Example</h3><pre class="prettyprint lang-config">
RemoteIPHeader X-Forwarded-For
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
presented in this header, including private intranet addresses, are
trusted when passed from these proxies.</p>
- <div class="example"><h3>Internal (Load Balancer) Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Internal (Load Balancer) Example</h3><pre class="prettyprint lang-config">
RemoteIPHeader X-Client-IP
RemoteIPTrustedProxy 10.0.2.0/24
RemoteIPTrustedProxy gateway.localdomain
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
this header, while any intermediate
<code class="directive">RemoteIPInternalProxy</code> addresses are discarded.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
RemoteIPHeader X-Forwarded-For
RemoteIPProxiesHeader X-Forwarded-By
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
2000::/3 block) are not trusted as the useragent IP, and are left in the
<code class="directive">RemoteIPHeader</code> header's value.</p>
- <div class="example"><h3>Trusted (Load Balancer) Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Trusted (Load Balancer) Example</h3><pre class="prettyprint lang-config">
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 10.0.2.16/28
RemoteIPTrustedProxy proxy.example.com
</pre>
-
- </code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
each whitespace or newline separated entry is processed identically to
the <code class="directive">RemoteIPTrustedProxy</code> directive.</p>
- <div class="example"><h3>Trusted (Load Balancer) Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Trusted (Load Balancer) Example</h3><pre class="prettyprint lang-config">
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxyList conf/trusted-proxies.lst
</pre>
-
- </code></p></div>
+</div>
<div class="example"><h3>conf/trusted-proxies.lst contents</h3><p><code>
# Identified external proxies;<br />
level higher than <code>trace2</code> only for debugging!
</div>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
LogLevel alert rewrite:trace3
</pre>
-
- </code></p></div>
+</div>
<div class="note"><h3>RewriteLog</h3>
<p>Those familiar with earlier versions of
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="sampleconf" id="sampleconf">Sample Configuration</a></h2>
- <div class="example"><h3>Adding an output filter </h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Adding an output filter </h3><pre class="prettyprint lang-config">
# In the following example, the sed filter will change the string
# "monday" to "MON" and the string "sunday" to SUN in html documents
# before sending to the client.
OutputSed "s/sunday/SUN/g"
</Directory>
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Adding an input filter </h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Adding an input filter </h3><pre class="prettyprint lang-config">
# In the following example, the sed filter will change the string
# "monday" to "MON" and the string "sunday" to SUN in the POST data
# sent to PHP.
InputSed "s/sunday/SUN/g"
</Directory>
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="sed_commands" id="sed_commands">Sed Commands</a></h2>
where the session will be stored. In this example, the session will be
stored on the browser, in a cookie called <code>session</code>.</p>
- <div class="example"><h3>Browser based session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Browser based session</h3><pre class="prettyprint lang-config">
Session On
SessionCookieName session path=/
</pre>
-
- </code></p></div>
+</div>
<p>The session is not useful unless it can be written to or read from. The
following example shows how values can be injected into the session through
the use of a predetermined HTTP response header called
<code>X-Replace-Session</code>.</p>
- <div class="example"><h3>Writing to a session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Writing to a session</h3><pre class="prettyprint lang-config">
Session On
SessionCookieName session path=/
SessionHeader X-Replace-Session
</pre>
-
- </code></p></div>
+</div>
<p>The header should contain name value pairs expressed in the same format
as a query string in a URL, as in the example below. Setting a key to the
empty string has the effect of removing that key from the session.</p>
- <div class="example"><h3>CGI to write to a session</h3><p><code>
- <pre class="prettyprint lang-sh">
+ <div class="example"><h3>CGI to write to a session</h3><pre class="prettyprint lang-sh">
#!/bin/bash
echo "Content-Type: text/plain"
echo "X-Replace-Session: key1=foo&key2=&key3=bar"
echo
env
</pre>
-
- </code></p></div>
+</div>
<p>If configured, the session can be read back from the HTTP_SESSION
environment variable. By default, the session is kept private, so this
has to be explicitly turned on with the
<code class="directive"><a href="#sessionenv">SessionEnv</a></code> directive.</p>
- <div class="example"><h3>Read from a session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Read from a session</h3><pre class="prettyprint lang-config">
Session On
SessionEnv On
SessionCookieName session path=/
SessionHeader X-Replace-Session
</pre>
-
- </code></p></div>
+</div>
<p>Once read, the CGI variable <code>HTTP_SESSION</code> should contain
the value <code>key1=foo&key3=bar</code>.</p>
placed on the browser using the <code class="module"><a href="../mod/mod_session_crypto.html">mod_session_crypto</a></code>
module.</p>
- <div class="example"><h3>Browser based encrypted session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Browser based encrypted session</h3><pre class="prettyprint lang-config">
Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/
</pre>
-
- </code></p></div>
+</div>
<p>The session will be automatically decrypted on load, and encrypted on
save by Apache, the underlying application using the session need have
<p>Standard cookie parameters can be specified after the name of the cookie,
as in the example below.</p>
- <div class="example"><h3>Setting cookie parameters</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Setting cookie parameters</h3><pre class="prettyprint lang-config">
Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/private;domain=example.com;httponly;secure;
</pre>
-
- </code></p></div>
+</div>
<p>In cases where the Apache server forms the frontend for backend origin servers,
it is possible to have the session cookies removed from the incoming HTTP headers using
<code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> saves the user's login name and password within
the session.</p>
- <div class="example"><h3>Form based authentication</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Form based authentication</h3><pre class="prettyprint lang-config">
Session On
SessionCryptoPassphrase secret
SessionCookieName session path=/
AuthName realm
#...
</pre>
-
- </code></p></div>
+</div>
<p>See the <code class="module"><a href="../mod/mod_auth_form.html">mod_auth_form</a></code> module for documentation and complete
examples.</p>
<p>To create a simple session and store it in a cookie called
<var>session</var>, configure the session as follows:</p>
- <div class="example"><h3>Browser based session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Browser based session</h3><pre class="prettyprint lang-config">
Session On
SessionCookieName session path=/
</pre>
-
- </code></p></div>
+</div>
<p>For more examples on how the session can be configured to be read
from and written to by a CGI application, see the
Apache. Ensure that your attributes are defined correctly as per the cookie specification.
</p>
- <div class="example"><h3>Cookie with attributes</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Cookie with attributes</h3><pre class="prettyprint lang-config">
Session On
SessionCookieName session path=/private;domain=example.com;httponly;secure;version=1;
</pre>
-
- </code></p></div>
+</div>
</div>
Apache. Ensure that your attributes are defined correctly as per the cookie specification.
</p>
- <div class="example"><h3>Cookie2 with attributes</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Cookie2 with attributes</h3><pre class="prettyprint lang-config">
Session On
SessionCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
</pre>
-
- </code></p></div>
+</div>
</div>
<p>To create a simple encrypted session and store it in a cookie called
<var>session</var>, configure the session as follows:</p>
- <div class="example"><h3>Browser based encrypted session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Browser based encrypted session</h3><pre class="prettyprint lang-config">
Session On
SessionCookieName session path=/
SessionCryptoPassphrase secret
</pre>
-
- </code></p></div>
+</div>
<p>The session will be encrypted with the given key. Different servers can
be configured to share sessions by ensuring the same encryption key is used
<p>The <var>NSS</var> crypto driver requires some parameters for configuration,
which are specified as parameters with optional values after the driver name.</p>
- <div class="example"><h3>NSS without a certificate database</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>NSS without a certificate database</h3><pre class="prettyprint lang-config">
SessionCryptoDriver nss
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>NSS with certificate database</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>NSS with certificate database</h3><pre class="prettyprint lang-config">
SessionCryptoDriver nss dir=certs
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>NSS with certificate database and parameters</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>NSS with certificate database and parameters</h3><pre class="prettyprint lang-config">
SessionCryptoDriver nss dir=certs key3=key3.db cert7=cert7.db secmod=secmod
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>NSS with paths containing spaces</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>NSS with paths containing spaces</h3><pre class="prettyprint lang-config">
SessionCryptoDriver nss "dir=My Certs" key3=key3.db cert7=cert7.db secmod=secmod
</pre>
-
- </code></p></div>
+</div>
<p>The <var>NSS</var> crypto driver might have already been configured by another
part of the server, for example from <code class="module"><a href="../mod/mod_nss.html">mod_nss</a></code> or
a warning will be logged, and the existing configuration will have taken affect.
To avoid this warning, use the noinit parameter as follows.</p>
- <div class="example"><h3>NSS with certificate database</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>NSS with certificate database</h3><pre class="prettyprint lang-config">
SessionCryptoDriver nss noinit
</pre>
-
- </code></p></div>
+</div>
<p>To prevent confusion, ensure that all modules requiring NSS are configured with
identical parameters.</p>
<p>The <var>openssl</var> crypto driver supports an optional parameter to specify
the engine to be used for encryption.</p>
- <div class="example"><h3>OpenSSL with engine support</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>OpenSSL with engine support</h3><pre class="prettyprint lang-config">
SessionCryptoDriver openssl engine=name
</pre>
-
- </code></p></div>
+</div>
</div>
to update an existing session, to insert a new session, and to delete an expired or empty
session. These queries are configured as per the example below.</p>
- <div class="example"><h3>Sample DBD configuration</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Sample DBD configuration</h3><pre class="prettyprint lang-config">
DBDriver pgsql
DBDParams "dbname=apachesession user=apache password=xxxxx host=localhost"
DBDPrepareSQL "delete from session where key = %s" deletesession
DBDPrepareSQL "select value from session where key = %s and (expiry = 0 or expiry > %lld)" selectsession
DBDPrepareSQL "delete from session where expiry != 0 and expiry < %lld" cleansession
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
table called <var>apachesession</var>, and save the session ID in a cookie
called <var>session</var>, configure the session as follows:</p>
- <div class="example"><h3>SQL based anonymous session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>SQL based anonymous session</h3><pre class="prettyprint lang-config">
Session On
SessionDBDCookieName session path=/
</pre>
-
- </code></p></div>
+</div>
<p>For more examples on how the session can be configured to be read
from and written to by a CGI application, see the
table called <var>apachesession</var>, and with the session keyed to the
userid, configure the session as follows:</p>
- <div class="example"><h3>SQL based per user session</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>SQL based per user session</h3><pre class="prettyprint lang-config">
Session On
SessionDBDPerUser On
</pre>
-
- </code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
Apache. Ensure that your attributes are defined correctly as per the cookie specification.
</p>
- <div class="example"><h3>Cookie with attributes</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Cookie with attributes</h3><pre class="prettyprint lang-config">
Session On
SessionDBDCookieName session path=/private;domain=example.com;httponly;secure;version=1;
</pre>
-
- </code></p></div>
+</div>
</div>
Apache. Ensure that your attributes are defined correctly as per the cookie specification.
</p>
- <div class="example"><h3>Cookie2 with attributes</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Cookie2 with attributes</h3><pre class="prettyprint lang-config">
Session On
SessionDBDCookieName2 session path=/private;domain=example.com;httponly;secure;version=1;
</pre>
-
- </code></p></div>
+</div>
</div>
For backward compatibility there is additionally a special
``<code>%{</code><em>name</em><code>}c</code>'' cryptography format function
provided. Information about this function is provided in the <a href="../ssl/ssl_compat.html">Compatibility</a> chapter.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</pre>
-
-</code></p></div>
+</div>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="notes" id="notes">Request Notes</a></h2>
concatenation of the various PEM-encoded Certificate files, in order of
preference. This can be used alternatively and/or additionally to
<code class="directive"><a href="#sslcacertificatepath">SSLCACertificatePath</a></code>.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-client.crt
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
there: you also have to create symbolic links named
<em>hash-value</em><code>.N</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCACertificatePath /usr/local/apache2/conf/ssl.crt/
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
specify an <em>all-in-one</em> file containing a concatenation of
PEM-encoded CA certificates.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCADNRequestFile /usr/local/apache2/conf/ca-names.crt
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Certificate files there: you also have to create symbolic links named
<em>hash-value</em><code>.N</code>. And you should always make sure
this directory contains the appropriate symbolic links.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCADNRequestPath /usr/local/apache2/conf/ca-names.crt/
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<code>"unable to get certificate CRL"</code> error.
</p>
</div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCARevocationCheck chain
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
for Client Authentication. Such a file is simply the concatenation of
the various PEM-encoded CRL files, in order of preference. This can be
used alternatively and/or additionally to <code class="directive"><a href="#sslcarevocationpath">SSLCARevocationPath</a></code>.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-client.crl
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Additionally you have to create symbolic links named
<em>hash-value</em><code>.rN</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCARevocationPath /usr/local/apache2/conf/ssl.crl/
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
using a coupled RSA+DSA certificate pair, this will work only if actually both
certificates use the <em>same</em> certificate chain. Else the browsers will be
confused in this situation.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCertificateChainFile /usr/local/apache2/conf/ssl.crt/ca.crt
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Pass Phrase dialog is forced at startup time. This directive can be used up to
two times (referencing different filenames) when both a RSA and a DSA based
server certificate is used in parallel.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
at startup time. This directive can be used up to two times
(referencing different filenames) when both a RSA and a DSA based
private key is used in parallel.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
KRB5-RC4-SHA SSLv3 Kx=KRB5 Au=KRB5 Enc=RC4(128) Mac=SHA1
</pre></div>
<p>The complete list of particular RSA & DH ciphers for SSL is given in <a href="#table2">Table 2</a>.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLCipherSuite RSA:!EXP:!NULL:+HIGH:+MEDIUM:-LOW
</pre>
-
-</code></p></div>
+</div>
<table class="bordered">
<tr><th><a name="table2">Cipher-Tag</a></th> <th>Protocol</th> <th>Key Ex.</th> <th>Auth.</th> <th>Enc.</th> <th>MAC</th> <th>Type</th> </tr>
<p>To discover which engine names are supported, run the command
"<code>openssl engine</code>".</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
# For a Broadcom accelerator:
SSLCryptoDevice ubsec
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
is should be used inside a <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section to enable SSL/TLS for a
that virtual host. By default the SSL/TLS Protocol Engine is
disabled for both the main server and all configured virtual hosts.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<VirtualHost _default_:443>
SSLEngine on
#...
</VirtualHost>
</pre>
-
-</code></p></div>
+</div>
<p>In Apache 2.1 and later, <code class="directive">SSLEngine</code> can be set to
<code>optional</code>. This enables support for
<a href="http://www.ietf.org/rfc/rfc2817.txt">RFC 2817</a>, Upgrading to TLS
<p>When choosing a cipher during an SSLv3 or TLSv1 handshake, normally
the client's preference is used. If this directive is enabled, the
server's preference will be used instead.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLHonorCipherOrder on
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
in <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2009-3555">CVE-2009-3555</a>.</p>
</div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLInsecureRenegotiation on
</pre>
-
-</code></p></div>
+</div>
<p>The <code>SSL_SECURE_RENEG</code> environment variable can be used
from an SSI or CGI script to determine whether secure renegotiation is
<code class="directive"><a href="#sslocspoverrideresponder">SSLOCSPOverrideResponder</a></code>
directives.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLVerifyClient on
SSLOCSPEnable on
SSLOCSPDefaultResponder http://responder.example.com:8888/responder
SSLOCSPOverrideResponder on
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
</p>
</li>
</ul>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLOptions +FakeBasicAuth -StrictRequire
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars -ExportCertData
<Files>
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
The reuse-algorithm above is used here, too. In other words: The external
program is called only once per unique Pass Phrase.</p></li>
</ul>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
- when using OpenSSL 1.0.1 and later -
``<code>+SSLv3 +TLSv1 +TLSv1.1 +TLSv1.2</code>, respectively.</p></li>
</ul>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProtocol TLSv1
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
concatenation of the various PEM-encoded Certificate files, in order of
preference. This can be used alternatively and/or additionally to
<code class="directive"><a href="#sslproxycacertificatepath">SSLProxyCACertificatePath</a></code>.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCACertificateFile /usr/local/apache2/conf/ssl.crt/ca-bundle-remote-server.crt
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
there: you also have to create symbolic links named
<em>hash-value</em><code>.N</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCACertificatePath /usr/local/apache2/conf/ssl.crt/
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<code>"unable to get certificate CRL"</code> error.
</p>
</div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCARevocationCheck chain
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
for Remote Server Authentication. Such a file is simply the concatenation of
the various PEM-encoded CRL files, in order of preference. This can be
used alternatively and/or additionally to <code class="directive"><a href="#sslproxycarevocationpath">SSLProxyCARevocationPath</a></code>.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCARevocationFile /usr/local/apache2/conf/ssl.crl/ca-bundle-remote-server.crl
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
Additionally you have to create symbolic links named
<em>hash-value</em><code>.rN</code>. And you should always make sure this directory
contains the appropriate symbolic links.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCARevocationPath /usr/local/apache2/conf/ssl.crl/
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
compared against the hostname of the request URL. If both are not equal
a 502 status code (Bad Gateway) is sent.
</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCheckPeerCN on
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
is expired or not. If the check fails a 502 status code (Bad Gateway) is
sent.
</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyCheckPeerExpire on
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
is usually used inside a <code class="directive"><a href="../mod/core.html#virtualhost"><VirtualHost></a></code> section to enable SSL/TLS for proxy
usage in a particular virtual host. By default the SSL/TLS Protocol Engine is
disabled for proxy image both for the main server and all configured virtual hosts.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<VirtualHost _default_:443>
SSLProxyEngine on
#...
</VirtualHost>
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
trusted as if they were also in <code class="directive"><a href="# sslproxycacertificatefile">
SSLProxyCACertificateFile</a></code>.</p>
</div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyMachineCertificateChainFile /usr/local/apache2/conf/ssl.crt/proxyCA.pem
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="warning">
<p>Currently there is no support for encrypted private keys</p>
</div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyMachineCertificateFile /usr/local/apache2/conf/ssl.crt/proxy.pem
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="warning">
<p>Currently there is no support for encrypted private keys</p>
</div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyMachineCertificatePath /usr/local/apache2/conf/proxy.crt/
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<strong>optional</strong> doesn't work with all servers and level
<strong>optional_no_ca</strong> is actually against the idea of
authentication (but can be used to establish SSL test pages, etc.)</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyVerify require
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
the remote server certificate can be self-signed or has to be signed by a CA
which is directly known to the server (i.e. the CA's certificate is under
<code class="directive"><a href="#sslproxycacertificatepath">SSLProxyCACertificatePath</a></code>), etc.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLProxyVerifyDepth 10
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
/crypto/</a>) to seed the PRNG. Use this if no random device exists
on your platform.</p></li>
</ul>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/random
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/random
SSLRandomSeed connect file:/dev/urandom 1024
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
memory must be considered when changing this configuration setting.
</p></div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLRenegBufferSize 262144
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
both parsed and executed each time the .htaccess file is encountered during
request processing.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
</pre>
-
-</code></p></div>
+</div>
<p>The <code>PeerExtList(<em>object-ID</em>)</code> function expects
to find zero or more instances of the X.509 certificate extension
(If multiple extensions with the same OID are present, at least one
extension must match).</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLRequire "foobar" in PeerExtList("1.2.3.4.5.6")
</pre>
-
-</code></p></div>
+</div>
<div class="note"><h3>Notes on the PeerExtList function</h3>
host or directories for defending against configuration errors that expose
stuff that should be protected. When this directive is present all requests
are denied which are not using SSL.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLRequireSSL
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
</ul>
-<div class="example"><h3>Examples</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Examples</h3><pre class="prettyprint lang-config">
SSLSessionCache dbm:/usr/local/apache/logs/ssl_gcache_data
SSLSessionCache shmcb:/usr/local/apache/logs/ssl_gcache_data(512000)
</pre>
-
-</code></p></div>
+</div>
<p>The <code>ssl-cache</code> mutex is used to serialize access to
the session cache to prevent corruption. This mutex can be configured
global/inter-process SSL Session Cache and the OpenSSL internal memory cache.
It can be set as low as 15 for testing, but should be set to higher
values like 300 in real life.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLSessionCacheTimeout 600
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
version of OpenSSL.
</p></div>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLStrictSNIVHostCheck on
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<p>Note that this directive has no effect if the
<code>FakeBasicAuth</code> option is used (see <a href="#ssloptions">SSLOptions</a>).</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLUserName SSL_CLIENT_S_DN_CN
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<strong>optional</strong> doesn't work with all browsers and level
<strong>optional_no_ca</strong> is actually against the idea of
authentication (but can be used to establish SSL test pages, etc.)</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLVerifyClient require
</pre>
-
-</code></p></div>
+</div>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
certificate can be self-signed or has to be signed by a CA which is directly
known to the server (i.e. the CA's certificate is under
<code class="directive"><a href="#sslcacertificatepath">SSLCACertificatePath</a></code>), etc.</p>
-<div class="example"><h3>Example</h3><p><code>
-<pre class="prettyprint lang-config">
+<div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SSLVerifyDepth 10
</pre>
-
-</code></p></div>
+</div>
</div>
</div>
or regex of a subsequent one.</dd>
</dl>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<Location />
AddOutputFilterByType SUBSTITUTE text/html
Substitute s/foo/bar/ni
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>If either the pattern or the substitution contain a slash
character then an alternative delimiter should be used:</p>
- <div class="example"><h3>Example of using an alternate delimiter</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example of using an alternate delimiter</h3><pre class="prettyprint lang-config">
<Location />
AddOutputFilterByType SUBSTITUTE text/html
Substitute "s|<BR */?>|<br />|i"
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>Backreferences can be used in the comparison and in the substitution,
when regular expressions are used, as illustrated in the following example: </p>
- <div class="example"><h3>Example of using backreferences and captures</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example of using backreferences and captures</h3><pre class="prettyprint lang-config">
<Location />
AddOutputFilterByType SUBSTITUTE text/html
# "foo=k,bar=k" -> "foo/bar=k"
Substitute "s|foo=(\w+),bar=\1|foo/bar=$1"
</Location>
</pre>
-
- </code></p></div>
+</div>
<p>A common use scenario for <code>mod_substitute</code> is the
situation in which a front-end server proxies requests to a back-end
<p>In this case, <code>mod_substutite</code> can be used to rewrite
those URLs into something that will work from the front end:</p>
- <div class="example"><h3>Rewriting URLs embedded in proxied content</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Rewriting URLs embedded in proxied content</h3><pre class="prettyprint lang-config">
ProxyPass /blog/ http://internal.blog.example.com
ProxyPassReverse /blog/ http://internal.blog.example.com/
Substitute "s|http://internal.blog.example.com/|http://www.example.com/blog/|i"
</pre>
-
- </code></p></div>
+</div>
<p><code class="directive"><a href="../mod/mod_proxy.html#proxypassreverse">ProxyPassReverse</a></code>
modifies any <code>Location</code> (redirect) headers that are sent
to specify a user and group for CGI programs to run as. Non-CGI
requests are still processed with the user specified in the <code class="directive"><a href="../mod/mod_unixd.html#user">User</a></code> directive.</p>
- <div class="example"><h3>Example</h3><p><code>
-
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
SuexecUserGroup nobody nogroup
</pre>
-
- </code></p></div>
+</div>
<p>In Apache httpd 2.3.9 and later, startup will fail if this
directive is specified but the suEXEC feature is disabled.</p>
<dd>Refers to a group by its number.</dd>
</dl>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
Group www-group
</pre>
-
- </code></p></div>
+</div>
<p>It is recommended that you set up a new group specifically for
running the server. Some admins use user <code>nobody</code>,
allows a flexible version checking including numeric comparisons and
regular expressions.</p>
- <div class="example"><h3>Examples</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Examples</h3><pre class="prettyprint lang-config">
<IfVersion 2.4.2>
# current httpd version is exactly 2.4.2
</IfVersion>
# use really new features :-)
</IfVersion>
</pre>
-
- </code></p></div>
+</div>
<p>See below for further possibilities.</p>
</div>
<td>httpd version is less or equal</td></tr>
</table>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<IfVersion >= 2.3>
# this happens only in versions greater or
# equal 2.3.0.
</IfVersion>
</pre>
-
- </code></p></div>
+</div>
<p>Besides the numerical comparison it is possible to match a
<a class="glossarylink" href="../glossary.html#regex" title="see glossary">regular expression</a>
<code><var>regex</var></code></td></tr>
</table>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
<IfVersion = /^2.4.[01234]$/>
# e.g. workaround for buggy versions
</IfVersion>
</pre>
-
- </code></p></div>
+</div>
<p>In order to reverse the meaning, all operators can be preceded by an
exclamation mark (<code>!</code>):</p>
filename is not absolute then it is assumed to be relative to the
<code class="directive"><a href="../mod/core.html#serverroot">ServerRoot</a></code>.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
PidFile /var/run/apache.pid
</pre>
-
- </code></p></div>
+</div>
<p>It is often useful to be able to send the server a signal,
so that it closes and then re-opens its <code class="directive"><a href="../mod/core.html#errorlog">ErrorLog</a></code> and <code class="directive"><a href="../mod/mod_log_config.html#transferlog">TransferLog</a></code>, and
disk (using file-based shared memory). Specifying this directive causes
Apache httpd to always create the file on the disk.</p>
- <div class="example"><h3>Example</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example</h3><pre class="prettyprint lang-config">
ScoreBoardFile /var/run/apache_status
</pre>
-
- </code></p></div>
+</div>
<p>File-based shared memory is useful for third-party applications
that require direct access to the scoreboard.</p>
(Arcane and error prone procedures may work around the restriction
on mapped drive letters, but this is not recommended.)</p>
- <div class="example"><h3>Example DocumentRoot with UNC path</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example DocumentRoot with UNC path</h3><pre class="prettyprint lang-config">
DocumentRoot //dochost/www/html/
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Example DocumentRoot with IP address in UNC path</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example DocumentRoot with IP address in UNC path</h3><pre class="prettyprint lang-config">
DocumentRoot //192.168.1.50/docs/
</pre>
+</div>
- </code></p></div>
-
- <div class="example"><h3>Example Alias and corresponding Directory with UNC path</h3><p><code>
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>Example Alias and corresponding Directory with UNC path</h3><pre class="prettyprint lang-config">
Alias /images/ //imagehost/www/images/
<Directory //imagehost/www/images/>
#...
<Directory>
</pre>
-
- </code></p></div>
+</div>
<p>When running Apache httpd as a service, you must create a
separate account in order to access network resources, as described
<code>Alias</code> is the preferred method, for reasons of simplicity
and performance.</p>
-<div class="example"><h3>Using Alias</h3><p><code>
-<pre class="prettyprint lang-config">Alias /cats /var/www/virtualhosts/felines/htdocs</pre>
-
-</code></p></div>
+<div class="example"><h3>Using Alias</h3><pre class="prettyprint lang-config">Alias /cats /var/www/virtualhosts/felines/htdocs</pre>
+</div>
<p>
The use of <code>mod_rewrite</code> to perform this mapping may be
access control.</p>
<p>In this example, all requests are denied.</p>
- <div class="example"><h3>2.2 configuration:</h3><p><code>
-
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">
Order deny,allow
Deny from all
</pre>
-
- </code></p></div>
- <div class="example"><h3>2.4 configuration:</h3><p><code>
-
- <pre class="prettyprint lang-config">
+</div>
+ <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">
Require all denied
</pre>
-
- </code></p></div>
+</div>
<p>In this example, all requests are allowed.</p>
- <div class="example"><h3>2.2 configuration:</h3><p><code>
-
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">
Order allow,deny
Allow from all
</pre>
-
- </code></p></div>
- <div class="example"><h3>2.4 configuration:</h3><p><code>
-
- <pre class="prettyprint lang-config">
+</div>
+ <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">
Require all granted
</pre>
-
- </code></p></div>
+</div>
<p>In the following example, all hosts in the example.org domain
are allowed access; all other hosts are denied access.</p>
- <div class="example"><h3>2.2 configuration:</h3><p><code>
-
- <pre class="prettyprint lang-config">
+ <div class="example"><h3>2.2 configuration:</h3><pre class="prettyprint lang-config">
Order Deny,Allow
Deny from all
Allow from example.org
</pre>
-
- </code></p></div>
- <div class="example"><h3>2.4 configuration:</h3><p><code>
-
- <pre class="prettyprint lang-config">
+</div>
+ <div class="example"><h3>2.4 configuration:</h3><pre class="prettyprint lang-config">
Require host example.org
</pre>
-
- </code></p></div>
+</div>
projects / thirdparty / apache / httpd.git / commitdiff
